IPhone 15 Gets Dual SIM Through FPC Patch

September 30, 2024 by Arya Voronova 11 Comments

It can often feel like modern devices are less hackable than their thicker and far less integrated predecessors, but perhaps it’s just that our techniques need to catch up. Here’s an outstanding hack that adds a dual SIM slot to a US-sold eSIM iPhone 15/15 Pro, while preserving its exclusive mmwave module. No doubt, making use of the boardview files and schematics, it shows us that smartphone modding isn’t dead — it could be that we need to acknowledge the new tools we now have at our disposal.

When different hardware features are region-locked, sometimes you want to get the best of both worlds. This mod lets you go the entire length seamlessly, no bodges. It uses a lovely looking flexible printed circuit (FPC) patch board to tap into a debug header with SIM slot signals, and provides a customized Li-ion pouch cell with a cutout for the SIM slot. There’s just the small matter of using a CNC mill to make a cutout in the case where the SIM slot will go, and you’ll need to cut a buried trace to disable the eSIM module. Hey, we mentioned our skills needed to catch up, right? From there, it appears that iOS recognizes the new two SIM slots seamlessly.

The video is impressive and absolutely worth a watch if modding is your passion, and if you have a suitable CNC and a soldering iron, you can likely install this mod for yourself. Of course, you lose some things, like waterproofing, the eSIM feature, and your warranty. However, nothing could detract from this being a fully functional modkit for a modern-day phone, an inspiration for us all. Now, perhaps one of us can take a look at building a mod helping us do parts transplants between phones, parts pairing be damned.

Continue reading “IPhone 15 Gets Dual SIM Through FPC Patch” →

Building A Stylish IPhone Standby Dock

September 2, 2024 by Lewin Day 6 Comments

[Scott Yu-Jan] is a big fan of the iPhone’s standby mode. Put the phone on charge horizontally, and it looks all stylish, with sleek widgets and clocks and stuff showing you information you presumably care about. [Scott] enjoyed this so much, in fact, he whipped up a custom charging dock to make the most of it.

The design was a collaboration with artist [Overwork], who mentioned the DN 40 alarm clock created by legendary designer [Dieter Rams]. [Overwork] sent [Scott] a draft inspired by that product, and he printed one up. It featured an integrated MagSafe charger to juice up the iPhone, and pressing into one side of the phone would pop it free. It was cool, but a little clumsy to use.

[Scott] liked the basic concept, but shows us how he iterated upon it to make it even nicer. He added in a wireless charger for AirPods in the back, gave the device adhesive feet, and a big chunky eject button to release the phone when desired.

You can also grab the files to print your own if you so desire! We’ve seen [Scott’s] work before, too, like his neat 3D scanner build. Video after the break.

Continue reading “Building A Stylish IPhone Standby Dock” →

The FPC adapter shown soldered between the BGA chip and the phone's mainboard, with the phone shown to have successfully booted, displaying an unlock prompt on the screen

IPhone 6S NVMe Chip Tapped Using A Flexible PCB

March 3, 2024 by Arya Voronova 3 Comments

Psst! Hey kid! Want to reverse-engineer some iPhones? Well, did you know that modern iPhones use PCIe, and specifically, NVMe for their storage chips? And if so, have you ever wondered about sniffing those communications? Wonder no more, as this research team shows us how they tapped them with a flexible printed circuit (FPC) BGA interposer on an iPhone 6S, the first iPhone to use NVMe-based storage.

The research was done by [Mohamed Amine Khelif], [Jordane Lorandel], and [Olivier Romain], and it shows us all the nitty-gritty of getting at the NVMe chip — provided you’re comfortable with BGA soldering and perhaps got an X-ray machine handy to check for mistakes. As research progressed, they’ve successfully removed the memory chip dealing with underfill and BGA soldering nuances, and added an 1:1 interposer FR4 board for the first test, that proved to be successful. Then, they made an FPC interposer that also taps into the signal and data pins, soldered the flash chip on top of it, successfully booted the iPhone 6S, and scoped the data lines for us to see.

This is looking like the beginnings of a fun platform for iOS or iPhone hardware reverse-engineering, and we’re waiting for further results with bated breath! This team of researchers in particular is prolific, having already been poking at things like MITM attacks on I2C and PCIe, as well as IoT device and smartphone security research. We haven’t seen any Eagle CAD files for the interposers published, but thankfully, most of the know-how is about the soldering technique, and the paper describes plenty. Want to learn more about these chips? We’ve covered a different hacker taking a stab at reusing them before. Or perhaps, would you like to know NVMe in more depth? If so, we’ve got just the article for you.

We thank [FedX] for sharing this with us on the Hackaday Discord server!

Hackaday Links: February 25, 2024

February 25, 2024 by Dan Maloney 15 Comments

When all else fails, blame it on the cloud? It seems like that’s the script for just about every outage that makes the news lately, like the Wyze camera outage this week that kept people from seeing feeds from their cameras for several hours. The outage went so far that some users’ cameras weren’t even showing up in the Wyze app, and there were even reports that some people were seeing thumbnails for cameras they don’t own. That’s troubling, of course, and Wyze seems to have taken action on that quickly by disabling a tab on the app that would potentially have let people tap into camera feeds they had no business seeing. Still, it looks like curiosity got the better of some users, with 1,500 tapping through when notified of motion events and seeing other people walking around inside unknown houses. The problem was resolved quickly, with blame laid on an “AWS partner” even though there were no known AWS issues at the time of the outage. We’ve said it before and we’ll say it again: security cameras, especially mission-critical ones, have no business being connected with anything but Ethernet or coax, and exposing them to the cloud is a really, really bad idea.

Continue reading “Hackaday Links: February 25, 2024” →

Open Source Tracker Keeps An Eye On Furry Friends

September 19, 2023 by Richard Baguley 49 Comments

Most of the time, you’ll know where your cats are — asleep on the bed about 23.5 hours a day and eating or pooping the rest of the time. But some cats are more active than others, so there’s commercial options for those who want to keep tabs on their pet. Unfortunately, [Sahas Chitlange] didn’t like any of them, so he designed and built his own open source version: FindMyCat.io.

The system is in two parts: a module that fits onto a cat collar, and a home station that, well, stays at home. It offers a variety of tracking modes. In home mode, the home station signals the collar every 10 seconds, which stays in a deep sleep most of the time. If the collar doesn’t get a signal from the home station, it switches to ping mode, where it will wait for a signal from the FindMyCat over the LTE-M connection and report its location.

Finally, the app can set the collar to Lost Kitteh mode, where the collar will send a location to the app every seven minutes or thirty seconds. The collar also supports a direction-finding feature, using the ultra wideband (UWB) feature of recent Apple iPhones to point you in the direction and distance of the tracked cat.

The collar is built around a Nordic Semiconductor NRF-9160, a System in a Package (SiP) that does most of the heavy lifting as it includes GPS, an LTE-M modem, and an ARM processor. One interesting feature here: [Sahas] doesn’t make his antennas on the PCB, but instead uses an Ignion NN03-310, an off-the-shelf antenna that is already qualified for LTE-M use. That means this system can be connected to almost any LTE-M network without getting yelled at for using unqualified hardware and making the local cell towers explode.

The collar also includes a DWM3001CDK ultrawideband (UWB) module used for the locator feature. The accompanying app uses this and Apple’s UWB support to show the user which direction the cat is in, and how far away it is. The app isn’t in the Apple App Store yet, so you’ll need to sign up for an Apple Developer account to use it. We’d love to hear from anyone who takes it for a test drive with their own pet.

Continue reading “Open Source Tracker Keeps An Eye On Furry Friends” →

Hackaday Links: September 17, 2023

September 17, 2023 by Dan Maloney 4 Comments

OK, it’s official — everyone hates San Francisco’s self-driving taxi fleet. Or at least so it seems, if this video of someone vandalizing a Cruise robotaxi is an accurate reflection of the public’s sentiment. We’ve been covering the increasingly fraught relationship between Cruise and San Franciscans for a while now — between their cabs crashing into semis and being used for — ahem — non-transportation purposes, then crashing into fire trucks and eventually having their test fleet cut in half by regulators, Cruise really seems to be taking it on the chin.

And now this video, which shows a wannabe Ninja going ham on a Cruise taxi stopped somewhere on the streets of San Francisco. It has to be said that the vandal doesn’t appear to be doing much damage with what looks like a mason’s hammer; except for the windshield and side glass and the driver-side mirror — superfluous for a self-driving car, one would think — the rest of the roof-mounted lidars and cameras seem to get off lightly. Either Cruise’s mechanical engineering is better than their software engineering, or the neo-Luddite lacks the upper body strength to do any serious damage. Or maybe both.

Continue reading “Hackaday Links: September 17, 2023” →

Hackaday Links: September 10, 2023

September 10, 2023 by Dan Maloney 17 Comments

Most of us probably have a vision of how “The Robots” will eventually rise up and deal humanity out of the game. We’ve all seen that movie, of course, and know exactly what will happen when SkyNet becomes self-aware. But for those of you thinking we’ll get off relatively easy with a quick nuclear armageddon, we’re sorry to bear the news that AI seems to have other plans for us, at least if this report of dodgy AI-generated mushroom foraging manuals is any indication. It seems that Amazon is filled with publications these days that do a pretty good job of looking like they’re written by human subject matter experts, but are actually written by ChatGPT or similar tools. That may not be such a big deal when the subject matter concerns stamp collecting or needlepoint, but when it concerns differentiating edible fungi from toxic ones, that’s a different matter. The classic example is the Death Cap mushroom (Amanita phalloides) which varies quite a bit in identifying characteristics like color and size, enough so that it’s often tough for expert mycologists to tell it apart from its edible cousins. Trouble is, when half a Death Cap contains enough toxin to kill an adult human, the margin for error is much narrower than what AI is likely to include in a foraging manual. So maybe that’s AI’s grand plan for humanity — just give us all really bad advice and let Darwin take care of the rest.

Continue reading “Hackaday Links: September 10, 2023” →