The FPC adapter shown soldered between the BGA chip and the phone's mainboard, with the phone shown to have successfully booted, displaying an unlock prompt on the screen

IPhone 6S NVMe Chip Tapped Using A Flexible PCB

Psst! Hey kid! Want to reverse-engineer some iPhones? Well, did you know that modern iPhones use PCIe, and specifically, NVMe for their storage chips? And if so, have you ever wondered about sniffing those communications? Wonder no more, as this research team shows us how they tapped them with a flexible printed circuit (FPC) BGA interposer on an iPhone 6S, the first iPhone to use NVMe-based storage.

The research was done by [Mohamed Amine Khelif], [Jordane Lorandel], and [Olivier Romain], and it shows us all the nitty-gritty of getting at the NVMe chip — provided you’re comfortable with BGA soldering and perhaps got an X-ray machine handy to check for mistakes. As research progressed, they’ve successfully removed the memory chip dealing with underfill and BGA soldering nuances, and added an 1:1 interposer FR4 board for the first test, that proved to be successful. Then, they made an FPC interposer that also taps into the signal and data pins, soldered the flash chip on top of it, successfully booted the iPhone 6S, and scoped the data lines for us to see.

This is looking like the beginnings of a fun platform for iOS or iPhone hardware reverse-engineering, and we’re waiting for further results with bated breath! This team of researchers in particular is prolific, having already been poking at things like MITM attacks on I2C and PCIe, as well as IoT device and smartphone security research. We haven’t seen any Eagle CAD files for the interposers published, but thankfully, most of the know-how is about the soldering technique, and the paper describes plenty. Want to learn more about these chips? We’ve covered a different hacker taking a stab at reusing them before. Or perhaps, would you like to know NVMe in more depth? If so, we’ve got just the article for you.

We thank [FedX] for sharing this with us on the Hackaday Discord server!

Open Source Tracker Keeps An Eye On Furry Friends

Most of the time, you’ll know where your cats are — asleep on the bed about 23.5 hours a day and eating or pooping the rest of the time. But some cats are more active than others, so there’s commercial options for those who want to keep tabs on their pet. Unfortunately, [Sahas Chitlange] didn’t like any of them, so he designed and built his own open source version: FindMyCat.io.

The system is in two parts: a module that fits onto a cat collar, and a home station that, well, stays at home. It offers a variety of tracking modes. In home mode, the home station signals the collar every 10 seconds, which stays in a deep sleep most of the time. If the collar doesn’t get a signal from the home station, it switches to ping mode, where it will wait for a signal from the FindMyCat over the LTE-M connection and report its location.

Finally, the app can set the collar to Lost Kitteh mode, where the collar will send a location to the app every seven minutes or thirty seconds. The collar also supports a direction-finding feature, using the ultra wideband (UWB) feature of recent Apple iPhones to point you in the direction and distance of the tracked cat.

The collar is built around a Nordic Semiconductor NRF-9160, a System in a Package (SiP) that does most of the heavy lifting as it includes GPS, an LTE-M modem, and an ARM processor. One interesting feature here: [Sahas] doesn’t make his antennas on the PCB, but instead uses an Ignion NN03-310, an off-the-shelf antenna that is already qualified for LTE-M use. That means this system can be connected to almost any LTE-M network without getting yelled at for using unqualified hardware and making the local cell towers explode.

The collar also includes a DWM3001CDK ultrawideband (UWB) module used for the locator feature. The accompanying app uses this and Apple’s UWB support to show the user which direction the cat is in, and how far away it is. The app isn’t in the Apple App Store yet, so you’ll need to sign up for an Apple Developer account to use it. We’d love to hear from anyone who takes it for a test drive with their own pet.

Continue reading “Open Source Tracker Keeps An Eye On Furry Friends”

Hackaday Links Column Banner

Hackaday Links: September 17, 2023

OK, it’s official — everyone hates San Francisco’s self-driving taxi fleet. Or at least so it seems, if this video of someone vandalizing a Cruise robotaxi is an accurate reflection of the public’s sentiment. We’ve been covering the increasingly fraught relationship between Cruise and San Franciscans for a while now — between their cabs crashing into semis and being used for — ahem — non-transportation purposes, then crashing into fire trucks and eventually having their test fleet cut in half by regulators, Cruise really seems to be taking it on the chin.

And now this video, which shows a wannabe Ninja going ham on a Cruise taxi stopped somewhere on the streets of San Francisco. It has to be said that the vandal doesn’t appear to be doing much damage with what looks like a mason’s hammer; except for the windshield and side glass and the driver-side mirror — superfluous for a self-driving car, one would think — the rest of the roof-mounted lidars and cameras seem to get off lightly. Either Cruise’s mechanical engineering is better than their software engineering, or the neo-Luddite lacks the upper body strength to do any serious damage. Or maybe both.

Continue reading “Hackaday Links: September 17, 2023”

Hackaday Links Column Banner

Hackaday Links: September 10, 2023

Most of us probably have a vision of how “The Robots” will eventually rise up and deal humanity out of the game. We’ve all seen that movie, of course, and know exactly what will happen when SkyNet becomes self-aware. But for those of you thinking we’ll get off relatively easy with a quick nuclear armageddon, we’re sorry to bear the news that AI seems to have other plans for us, at least if this report of dodgy AI-generated mushroom foraging manuals is any indication. It seems that Amazon is filled with publications these days that do a pretty good job of looking like they’re written by human subject matter experts, but are actually written by ChatGPT or similar tools. That may not be such a big deal when the subject matter concerns stamp collecting or needlepoint, but when it concerns differentiating edible fungi from toxic ones, that’s a different matter. The classic example is the Death Cap mushroom (Amanita phalloides) which varies quite a bit in identifying characteristics like color and size, enough so that it’s often tough for expert mycologists to tell it apart from its edible cousins. Trouble is, when half a Death Cap contains enough toxin to kill an adult human, the margin for error is much narrower than what AI is likely to include in a foraging manual. So maybe that’s AI’s grand plan for humanity — just give us all really bad advice and let Darwin take care of the rest.

Continue reading “Hackaday Links: September 10, 2023”

Ski Season Sees Apple’s Crash Detection System Fire Deluge Of False Positives

Smartphone features used to come thick and fast. Cameras proliferated, navigation got added, and then Apple changed the game by finally making touch computing just work. Since then, truly new features have slowed to a trickle, but Apple’s innovative crash detection system has been a big deal where safety is concerned.

The problem? It’s got a penchant for throwing false positives when iPhone and Apple Watch users are in no real danger at all. We first covered this problem last year, but since then, the wintery season has brought yet more issues for already-strained emergency responders.

Continue reading “Ski Season Sees Apple’s Crash Detection System Fire Deluge Of False Positives”

Virtualizing IPhoneOS 1.0

Virtualizing computers is nothing new. However, Apple devices always present challenges. Just ask anyone who has built a Hackintosh. At least computer hardware is usually exposed, but on phones, the challenge is even harder due to mysterious devices. [Martijn] managed to reverse engineer the iPod Touch 1G enough to run iPhoneOS 1.0 on it and has several blog posts explaining how he did it.

The emulator is the ubiquitous QEMU. He has emulation for the critical hardware, including the cryptographic modules, the hardware clock, and the timer, along with memory and display and interface hardware. However, Wifi, some USB, audio, the light sensor, and some graphics hardware are still absent. That doesn’t stop the OS from booting, however.

Continue reading “Virtualizing IPhoneOS 1.0”