Over Apple’s decades-long history, they have been quick to adapt to new processor technology when they see an opportunity. Their switch from PowerPC to Intel in the early 2000s made Apple machines more accessible to the wider PC world who was already accustomed to using x86 processors, and a decade earlier they moved from Motorola 68000 processors to take advantage of the scalability, power-per-watt, and performance of the PowerPC platform. They’ve recently made the switch to their own in-house silicon, but this wasn’t the first time they attempted to design their own chips from the ground up rather than using chips from other companies like Motorola or Intel.
In the mid 1980s, Apple was already looking to move away from the Motorola 68000 for performance reasons, and part of the reason it took so long to make the switch is that in the intervening years they launched Project Aquarius to attempt to design their own silicon. As the article linked above explains, they needed a large amount of computing power to get this done and purchased a Cray X-MP/48 supercomputer to help, as well as assigning a large number of engineers and designers to see the project through to the finish. A critical error was made, though, when they decided to build their design around a stack architecture rather than a RISC. Eventually they switched to a RISC design, though, but the project still had struggled to ever get a prototype working. Eventually the entire project was scrapped and the company eventually moved on to PowerPC, but not without a tremendous loss of time and money.
Interestingly enough, another team were designing their own architecture at about the same time and ended up creating what would eventually become the modern day ARM architecture, which Apple was involved with and currently licenses to build their M1 and M2 chips as well as their mobile processors. It was only by accident that Apple didn’t decide on a RISC design in time for their personal computers. The computing world might look a lot different today if Apple hadn’t languished in the early 00s as the ultimate result of their failure to develop a competitive system in the mid 80s. Apple’s distance from PowerPC now doesn’t mean that architecture has been completely abandoned, though.
Thanks to [Stephen] for the tip!
A frequent contributor to the hacker community, [stacksmashing] has prepared an excellent instructional video on reverse engineering Apple’s Lighting connector proprietary protocol. The video begins by showing how to gain physical access to the signals and hooking them up to a logic analyzer. He then notes that the handshaking uses only a single signal and proposes that Apple isn’t going to re-invent the wheel (perhaps a risky assumption). Using a ChatGPT search, obligatory these days, we learn that Dallas Semiconductor / Microchip 1-wire is probably the protocol employed.
Which embedded single-wire busses exist that encode bits with different lengths of low and high signals?
At the basic level, 1-wire and protocols like Texas Instruments SDQ operate in a similar manner. It turns out that [stacksmashing] already wrote a SDQ analyzer module for the Saleae logic analyzer. Aided by this tool, he digs deeper and learns more about the kinds of messages and their contents. For example, upon being plugged in, the host system queries the accessory’s serial number, manufacturer, model number, and product description. Finally, he introduces the CRC reverse engineering tool reveng to determine which CRC polynomial and algorithm the protocol uses to frame each packet.
Even if you have no interest in Lightning cables, this video is a great tutorial on the types of things you need to do in order to make sense of an unknown communications protocol. Gather what information you can, make some educated guesses, observe the signals, revise your guesses, and repeat. In part two, [stacksmashing] will show how to build a homemade iPhone JTAG cable.
We wrote in more detail about cracking the Lightning interface back in 2015. The Lightning interface may have been a good solution in its day, foreshadowing some of the features we now have in USB-C. But its proprietary and closed nature meant it wasn’t used outside of the Apple ecosystem. With the proliferation and capabilities of USB-C, not to mention various legislative edicts, Lightning’s days seem numbered. Is the industry finally settling on one interface? Let us know your thoughts in the comments below.
Continue reading “Reverse Engineering The Apple Lightning Connector” →
Apple is often lauded for its design chops, but function is often sacrificed at the altar of form, particularly when repair is involved. [Ken Pillonel] has made it easier for everyone to replace the batteries or lightning port in the AirPods Pro case. (YouTube)
With such notable hacks as adding USB C to the iPhone already under his belt, [Pillonel] has turned his attention to fixing the notoriously poor repairability of AirPods and AirPods Pro, starting with the cases. While the batteries for these devices are available, replacement Lightning ports are not, and taking the housing apart for the case is an exercise in patience where the results can’t be guaranteed.
He designed a USB C replacement port for broken Lightning ports that is a perfect fit if you happen to get the case apart in one piece. If you’re less successful, he has you covered there too with a 3D printable enclosure replacement.
We sure miss the days of schematic proliferation here at Hackaday, but we know you don’t let glued enclosures or unobtainium parts stand in the way of repairs.
Continue reading “Making The AirPods Pro Case Repairable” →
Smartphone features used to come thick and fast. Cameras proliferated, navigation got added, and then Apple changed the game by finally making touch computing just work. Since then, truly new features have slowed to a trickle, but Apple’s innovative crash detection system has been a big deal where safety is concerned.
The problem? It’s got a penchant for throwing false positives when iPhone and Apple Watch users are in no real danger at all. We first covered this problem last year, but since then, the wintery season has brought yet more issues for already-strained emergency responders.
Continue reading “Ski Season Sees Apple’s Crash Detection System Fire Deluge Of False Positives” →
With the proliferation of biometric access to mobile devices, entering a password on your desktop can feel so passé. [Snazzy Labs] decided to fix this problem for his Mac by liberating the Touch ID from a new Apple keyboard.
When Apple introduced its own silicon for its desktops, it also revealed desktop keyboards that included their Touch ID fingerprint reader system. Fingerprint access to your computer is handy, but not everyone is a fan of the typing experience on Apple keyboards. Wanting to avoid taping a keyboard under his desk, [Snazzy Labs] pulled the logic board from the keyboard and designed a new 3D printed enclosure for the Touch ID button and logic board so that the fingerprint reader could reside close to where the users hands actually are.
One interesting detail discovered was the significantly different logic boards between the standard and numpad-containing variants. The final enclosure designs feature both wireless and wired versions for both the standard and numpad logic boards if you should choose to build one of your own. We’re interested to see if someone can take this the next step and use the logic board to wire up a custom mechanical keyboard with Touch ID.
If [Snazzy Labs] seems familiar, you may recognize him from their Mac Mini Mini. If you’re more in the mood to take your security to the extreme, check out this Four Factor Biometric Lockbox that includes its own fingerprint reader.
Continue reading “Standalone Touch ID For Your Desktop Mac” →
The Apple II is one of the most iconic microcomputers, and [James Lewis] decided to use the Mega-II “Apple IIe on a chip” from an Apple IIgs to build a tiny Apple IIe.
While there was an Apple II compatibility card using the related Gemini chip, it was initially unclear whether the Mega-II could even work outside of an Apple IIgs given the lack of documentation for either Apple II SOC. [Lewis] did finally get the Mega-II to boot after a great deal of effort in debugging and design. The system is built with three boards: the Mega-II and RAM board, a CPU board with a 65C02, and a video out board.
To simplify routing, the boards are all four layer PCBs. Unfortunately, the chips needed to make this system, especially the Mega-II, aren’t available on their own and must be harvested from an existing IIgs. [Lewis] took care to make sure any desoldering or other part removal was done in a way that it could be reversed. If you want to see all the nitty gritty details, check out his GitHub for the project.
If you want another 6502-based computer in a tiny package, why not try this one built on Perf+ boards?
Continue reading “An (Almost) Single-Chip Apple IIe” →
Ever wonder what makes a cellphone’s operating system secure, or what that app you just installed is saying about you behind your back? In a brand new video series, [Jiska] gives us a peek into different topics in smartphone software reverse engineering.
For instance, her latest video, embedded below takes us through some steps to poke at Apple’s RTKit OS, which is the realtime OS that runs inside most of their peripheral devices, including AirPods, but also on their bigger devices too. We don’t know much about RTKit OS, but [Jiska]’s trick in this video is to get a foothold by looking through two different RTKit OS versions and noting which symbols are common — these are probably OS function names. Now you’ve got something to look for.
Each of the videos is short, to the point, and contains nice tips for perhaps the intermediate-to-advanced reverser who is looking to get into phones. Heck, even if you’re not, her demonstrations of the Frida dynamic tracing tool are worth your time.
And if you want a longer introduction into the internals of cellphones, we heartily recommend her talk, “All Wireless Stacks Are Broken“.
Continue reading ““Reversing Shorts” Demystify Phone Security” →