IPhone 15 Gets Dual SIM Through FPC Patch

It can often feel like modern devices are less hackable than their thicker and far less integrated predecessors, but perhaps it’s just that our techniques need to catch up. Here’s an outstanding hack that adds a dual SIM slot to a US-sold eSIM iPhone 15/15 Pro, while preserving its exclusive mmwave module. No doubt, making use of the boardview files and schematics, it shows us that smartphone modding isn’t dead — it could be that we need to acknowledge the new tools we now have at our disposal.

When different hardware features are region-locked, sometimes you want to get the best of both worlds. This mod lets you go the entire length seamlessly, no bodges. It uses a lovely looking flexible printed circuit (FPC) patch board to tap into a debug header with SIM slot signals, and provides a customized Li-ion pouch cell with a cutout for the SIM slot. There’s just the small matter of using a CNC mill to make a cutout in the case where the SIM slot will go, and you’ll need to cut a buried trace to disable the eSIM module. Hey, we mentioned our skills needed to catch up, right? From there, it appears that iOS recognizes the new two SIM slots seamlessly.

The video is impressive and absolutely worth a watch if modding is your passion, and if you have a suitable CNC and a soldering iron, you can likely install this mod for yourself. Of course, you lose some things, like waterproofing, the eSIM feature, and your warranty. However, nothing could detract from this being a fully functional modkit for a modern-day phone, an inspiration for us all. Now, perhaps one of us can take a look at building a mod helping us do parts transplants between phones, parts pairing be damned.

Continue reading “IPhone 15 Gets Dual SIM Through FPC Patch”

A Modchip For A Fridge

An annoying fridge that beeps incessantly when the door is open too long should be an easy enough thing to fix by disconnecting the speaker, but when as with [kennedn]’s model it’s plumbed in and the speaker is inaccessible, what’s to be done? The answer: create a mod chip for a fridge.

While the fridge electronics themselves couldn’t be reached, there was full access to a daughterboard with the fridge controls. It should be easy enough to use them to turn off the alarm, but first a little reverse engineering was required. It used a serial communication with an old-school set of shift registers rather than a microcontroller, but it soon became apparent that the job could be done by simply pulling the buttons down. In a move that should gladden the heart of all Hackaday readers then, the modchip in question didn’t even have to be a processor, instead it could be the venerable 555 timer. Our lives are complete, and the fridge is no longer annoying.

The 555 is unashamedly a Hackaday cliche, but even after five decades it still bears some understanding.

Showing the modchip installed into a powered up Xbox, most of the board space taken up by a small Pi Pico board. A wire taps into the motherboard, and a blue LED on the modchip is lit up.

An Open XBOX Modchip Enters The Scene

If you’ve ever bought a modchip that adds features to your game console, you might have noticed sanded-off IC markings, epoxy blobs, or just obscure chips with unknown source code. It’s ironic – these modchips are a shining example of hacking, and yet they don’t represent hacking culture one bit. Usually, they are more of a black box than the console they’re tapping into. This problem has plagued the original XBOX hacking community, having them rely on inconsistent suppliers of obscure boards that would regularly fall off the radar as each crucial part went to end of life. Now, a group of hackers have come up with a solution, and [Macho Nacho Productions] on YouTube tells us its story – it’s an open-source modchip with an open firmware, ModXO.

Like many modern modchips and adapters, ModXO is based on an RP2040, and it’s got a lot of potential – it already works for feeding a BIOS to your console, it’s quite easy to install, and it’s only going to get better. [Macho Nacho Productions] shows us the modchip install process in the video, tells us about the hackers involved, and gives us a sneak peek at the upcoming features, including, possibly, support for the Prometheos project that equips your Xbox with an entire service menu. Plus, with open-source firmware and hardware, you can add tons more flashy and useful stuff, like small LCD/OLED screens for status display and LED strips of all sorts!

If you’re looking to add a modchip to your OG XBOX, it looks like the proprietary options aren’t much worth considering anymore. XBOX hacking has a strong community behind it for historical reasons and has spawned entire projects like XBMC that outgrew the community. There’s even an amazing book about how its security got hacked. If you would like to read it, it’s free and worth your time. As for open-source modchips, they rule, and it’s not the first one we see [Macho Nacho Productions] tell us about – here’s an open GameCube modchip that shook the scene, also with a RP2040!

Continue reading “An Open XBOX Modchip Enters The Scene”

side by side, showing hardware experiments with capacitor gating through FETs, an initial revision of the modchip board with some fixes, and a newer, final, clean revision.

A Modchip To Root Starlink User Terminals Through Voltage Glitching

A modchip is a small PCB that mounts directly on a larger board, tapping into points on that board to make it do something it wasn’t meant to do. We’ve typically seen modchips used with gaming consoles of yore, bypassing DRM protections in a way that a software hacks couldn’t quite do. As software complexity and therefore attack surface increased on newer consoles, software hacks have taken the stage. However, on more integrated pieces of hardware, we’ll still want to return to the old methods – and that’s what this modchip-based hack of a Starlink terminal brings us.

[Lennert Wouters]’ team has been poking and prodding at the Starlink User Terminal, trying to get root access, and needed to bypass the ARM Trusted Firmware boot-time integrity checks. The terminal’s PCB is satellite-dish-sized, so things like laser fault injection are hard to set up – hence, they went the voltage injection route. Much poking and prodding later, they developed a way to reliably glitch the CPU into verifying a faulty firmware, and got to a root shell – the journey described in a BlackHat talk embedded below. Continue reading “A Modchip To Root Starlink User Terminals Through Voltage Glitching”

Arduboy FX Mod-Chip: Now You’re Playing With Power

Traditionally, a forum full of technical users trying integrate their own hardware into a game system for the purposes of gaining unfettered access to its entire software library was the kind of thing that would keep engineers at Sony and Nintendo up at night. The development and proliferation of so called “mod chips” were an existential threat to companies that made their money selling video games, and as such, sniffing out these console hackers and keeping their findings from going public for as long as possible was a top priority.

But the Arduboy is no traditional game system. Its games are distributed for free, so a chip that allows users to cram hundreds of them onto the handheld at once isn’t some shady attempt to pull a fast one on the developers, it’s a substantial usability improvement over the stock hardware. So when Arduboy creator Kevin Bates found out about the grassroots effort to expand the system’s internal storage on the official forums, he didn’t try to put a stop to it. Instead, he asked how he could help make it a reality for as many Arduboy owners as possible.

Now, a little less than three years after forum member Mr.Blinky posted his initial concept for hanging an external SPI flash chip on the system’s test pads, the official Arduboy FX Mod-Chip has arrived. Whether you go the DIY route and build your own version or buy the ready-to-go module, one thing is for sure: it’s a must-have upgrade for the Arduboy that will completely change how you use the diminutive handheld.

Continue reading “Arduboy FX Mod-Chip: Now You’re Playing With Power”

Burning Your Own PS1 Modchip Is Easy

The original Sony PlayStation came out just in time for CD piracy to really start taking off. Aware of this threat to sales, Sony engineers included a copy protection and region locking mechanism that placated executives and annoyed end-users alike. [MattKC] explores how this copy protection worked, and how you can burn your own modchip at home for just a few dollars.

Sony’s method of copy protection relied on steps taken during the manufacturing process, pressing a special groove into the game media that regular CD burners couldn’t replicate, a topic our own [Drew Littrell] has covered in depth. This groove contained a four letter code that could be read by the console, corresponding to the region in which the game was sold. The console would read this groove on startup, and check that the code in the game matched the code in the console before booting. Modchips circumvent this by injecting a spoof code into the console that matches the local region, regardless of what is read off the disc. This has the effect of both allowing users to run bootleg CD-Rs, homebrew code, as well as games from other regions.

Today, we’re blessed with the Internet and cheap hardware. As [MattKC] demonstrates, it’s no longer necessary to mail-order a chip from a dodgy ad in the back of a games magazine; instead, one can download source code and flash it to a commodity PIC microcontroller for just a few bucks. With the chip soldered in to the relevant points of the PS1’s motherboard, you’re good to go.

As far as console modding goes, the PS1 is a great platform to start with — simple to work on, and also the best selling console of all time, so the stakes are low if you mess up. Video after the break. Continue reading “Burning Your Own PS1 Modchip Is Easy”

An Open Source Hardware Modchip

OSHW XenoGC Clone

Many Hackaday readers might remember the days of buying modchips from somewhat questionable sources. These little devices connect to a gaming system to circumvent security measures, allowing you to run homebrew games (and pirated games, but lets not focus on that). [Guillermo] built an open source hardware Gamecube modchip based on the XenoGC.

The XenoGC was a popular modchip back in the Gamecube days, and its source was released in a forum post. A Wiki page explains how to build a clone of the device based on an ATtiny2313.  Most modchips were closed source, but this project lets you look at how they work. You can browse the XenoGC source on Google Code to learn more about the exploit itself. You’ll find the AVR code, which manipulates the DVD drive over a serial interface, in the XenoAT folder.

[Guillermo]’s hardware is available from OSHPark, so you can easily order boards. He’s also hosted the design files on Github. With one in hand, you can start building homebrew for the Gamecube, which can probably be picked up for around $25 nowadays.