The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 85 | |
| Author | ||
| Contributors | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/62254 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
DEF CON 3021 / 85
24
28
29
47
51
53
59
60
62
70
72
75
80
84
85
00:00
Normal (geometry)Link (knot theory)Web pageRevision controlEvent horizonOnline helpRule of inferenceRandom numberReading (process)Source codeView (database)ExtremwertstatistikPrototypeDigital photographySoftwareDebuggerType theoryComputer hardwareContent (media)Category of beingControl flowComputer hardwareComputer virusBus (computing)Standard deviationSerial portWordHacker (term)MereologyNumberImplementationComputer configurationBuffer overflowBootingAuthenticationCore dumpMicrocontrollerGreatest elementCommunications protocolBefehlsprozessorVideo game consoleField programmable gate arrayElectronic program guideDirection (geometry)Personal identification numberFinite-state machineLambda calculusoutputControl flowPower (physics)InformationHexagonOrientation (vector space)Information securityUniverse (mathematics)Pulse (signal processing)Revision control1 (number)YouTubeTwitterSingle-precision floating-point formatOpen sourceCausalityZoom lensWaveLevel (video gaming)Set (mathematics)Position operatorSpeech synthesisNegative number
08:00
Extension (kinesiology)MetreGamma functionGreen's functionEmoticonManufacturing execution systemHill differential equationOnline chatLattice (order)Configuration spaceExtension (kinesiology)HookingLogikanalysatorProduct (business)Numbering schemeBootingGraph coloringCausalityMultiplication signPersonal identification numberConfiguration spaceBefehlsprozessorCodeDefault (computer science)NumberHexagonPhysical systemState of matterDependent and independent variablesInformationGreatest elementPlanningConnected spaceDescriptive statisticsNetwork topologySerial portCyclic redundancy check
13:42
Open setComputer configurationGamma functionContinuum hypothesisStack (abstract data type)LogikanalysatorMereologyBranch (computer science)CodeBitOpen sourceDefault (computer science)Serial portMultiplication signBefehlsprozessorCommunications protocolComputer hardwareLogicCausalityPower (physics)Point (geometry)Core dumpVolume (thermodynamics)Latent heatWaveHookingTwitterSoftware frameworkFirmwareConnected spaceDependent and independent variablesAsynchronous Transfer ModePlug-in (computing)SynchronizationTap (transformer)GEDCOMException handling
19:15
FirmwareProduct (business)Different (Kate Ryan album)LogicSoftware repositoryTwitterException handlingOpen sourceComputer animation
Transcript: English(auto-generated)
00:00
All right, coming up next, we have a talk on the iPhone. It's called The Hitchhiker's Guide to iPhone Lightning and JTAG Hacking. So please help me welcome to the stage, Stack Smashing. Hello. Let's get started. This is gonna be a fast-paced talk.
00:21
So we got to a hurry. First off about me, my name is Thomas Roth. I'm probably better known as Stack Smashing on Twitter and YouTube. And yeah, I'm a security researcher. I do hardware, I do software, all kinds of stuff. And before we can get started with the actual talk, we have to say thank you to a couple of people. So first off, Carlo Maranio,
00:42
who is like my partner in crime on this talk, basically. We designed the hardware together, collaborated on this. Then Jiska Caro and Fabian, who just have been a great support, answered a ton of questions, listened to my rumbling about debugging SWD issues and so on.
01:01
Then Lily, AKA Bendy Cactus, who just gave me a lot of hints and tips when I was stuck and just contributed some great information. Then John, AKA Nyan Satan, who basically documented a lot of the stuff you're about to see and a lot of the information that I used in this talk is based on his research.
01:21
And also Lambda Concept, who are the vendors of the Bonobo cable. They published a lot of things as open source that have been really, really helpful for this talk. Now, Lightning. What's so special about Lightning? Lightning is this proprietary connector by Apple that you can find on iPhones and it's reversible, so it has eight contacts on both sides.
01:42
However, if we look on the device side, it really only has contacts on the bottom, so it's just eight signals. If you look at the connector with the contacts on the bottom we count them like this, one to eight. And Lightning normally is used for audio charging, data transfer, all that kind of stuff. So for me, it's not really interesting.
02:02
However, if you take a look at some of the less common iPhone accessories, you can find that there are actually a couple of interesting things going on. So for example, you can get something called a DCSD, or Alex cable, which basically you plug it into the iPhone and it gives you a serial console onto the iPhone.
02:22
And so if you plug it in, you boot your iPhone, you get the boot lock and so on, especially on a J broken iPhone. So that's pretty interesting. And there's also something really cool called the Kansi cable. The Kansi cable gives you JTAG on the iPhone, so it allows you to debug the actual iPhone. Now the Kansi cable is an Apple internal device. You can sometimes get them on the gray and black market.
02:44
So it's not really an option if you want to do, let's say, legit security research, because you can't start off with a stolen device. But luckily for us, Lambda Concept built a commercial version of this called the Bonobo cable. It's apparently really great. I unfortunately never had one.
03:01
The issue is it's been out of stock for the past few years. And so I have friends who work at universities and do iPhone security research, and they cannot do JTAG research simply because they can't get the hardware. Now I'm a hardware hacker, and after visiting those friends and a couple of drinks in, the mission was clear, we have to build our own.
03:23
To do that, we have to first understand lightning itself. If we look at the lightning connector, we have the pins, we have obviously a ground signal, we have power for charging and so on, and then we have two differential pairs. So we have L0 positive and negative, and L1 positive and negative. And these two differential pairs can be configured
03:42
to different protocols. So for example, if you have a USB cable, they will be configured to USB. If you have a DCSD cable, they will do UART and so on and so forth. And we also have two ID pins. And now normally we only use one of these. They are basically used by the cable to tell the iPhone what it should do.
04:00
And the reason we have two is that the lightning cable is actually not symmetric when you turn it around, but the ID pin on the actual plug is on a different pin depending on the orientation you plug it in. And so when you plug in the lightning connector, the iPhone can actually tell which way you plugged it in. Now, lightning cables are always active. Like even if you have a lightning to USB cable,
04:21
it actually, in the plug itself, contains a small microcontroller that talks to the iPhone and tells it, hey, I'm a lightning cable, and it even sends over its serial number to authenticate itself. So it's pretty fancy. I'm not sure if it's necessary, but it's there. And the way this authentication is done is via a protocol called SDQ or ID bus.
04:42
Just two words for the same bus. And inside the iPhone, there's basically directly connected to the lightning connector a small chip called TriStar or Hydra on your devices. And this TriStar chip is on the bottom connected directly to lightning. And then internally connected to the internal serial buses
05:01
to USB to JTAG, and on engineering iPhones, it's even connected to the baseband UART. And so it's pretty interesting. And when you plug in the lightning cable, the iPhone will basically ask the cable, hey, what do you want? And then the USB cable will say, hey, please speak USB. Or, you know, please speak, I don't know, serial, JTAG, whatever.
05:22
And if the cable says please speak USB, then the iPhone will basically change, for example, the differential pair to be USB, or to be UART, and so on and so forth. Now, SDQ is pretty well known. Like, it's not really secret. It's been known for years. It's based on the OneWire standard. Even I released like an analyzer for it in 2018.
05:44
And overall, it's pretty well documented. So I'm not gonna go too deep into the physical details. But all you have to know is that it's a simple OneWire protocol. So basically, you only have one wire that connects both accessories. You don't have like TX and RX. It's really just one wire. And the data looks somewhat like this.
06:01
If we zoom in on a single byte here, basically we encode ones as a short low pulse and a long high pulse, and we encode zeros as a long low pulse and a short high pulse. And data is transmitted least significant bit first, and so this would encode to hex zero F. Now, if we wanna talk to, let's say, the lightning cable,
06:22
the iPhone would then, for example, send hex zero F. Then it would send a break. Then there's a short delay for the inputs to switch over for the direction. And then the lightning cable would answer on exactly the same data line. And now a lot of people implement this on FPGAs and so on.
06:41
But if you know me, I like to go very cheap on my stuff. And so there's only one option for me, the Raspberry Pi Pico. It's just $4, not $20 or $100. And it's super, super well-suited for this because it runs at 3.3 volts, which is exactly the voltage we need. And it has something called programmable IO,
07:01
which is this feature that lets you very easily implement protocols directly in hardware. It's basically a small state machine CPU core that has its own instruction set, and you can just implement SDQ in hardware on this thing. And the best part is you can actually buy it because it's not actually affected by the chip shortage.
07:21
So yeah, it's pretty good. The issue is that we need a lightning connector. And as said, you can't just cut off a USB to lightning cable because there's a chip in the plug itself. And so you can't simply abuse that. But there are these nice breakouts who, by the way, Jill's over there sent to me this one.
07:42
Unfortunately, if you count the number of signals, it's just five signals. But lightning actually has eight signals. And so those are nice for some basic experimentation. And we basically did our first steps, let's say, with a similar one. In this case, we were sniffing a DCSD cable. But then Bendy Katus actually recommended to me
08:02
that the lightning extension cords you can get on Amazon contain all eight signals. And even better, if you cut one apart, all the cables are nicely colored, and the color scheme is identical to the default jumper wire color scheme. And so you can really easily build one of these, and then plug it into a breadboard or directly onto the Pico.
08:22
Here's the signal description. This is also on the GitHub, as you will see. So if you wanna experiment, this is the layout we found on most cables. Then you hook it all up, and then you have a device to explore lightning. You will notice that I marked the lightning connector, because as said, it's not symmetric. You actually have to decide for one side.
08:42
And then you hook it up to the Pico, and you wanna implement SDQ. And it turns out that implementing SDQ is super simple. You don't have to read this code. I just wanna show how relatively short it is. It's just like 40 instructions, and you are done. And then 20 lines of code to start talking SDQ.
09:00
To test all this and see whether we really can talk to the iPhone, our goal was to build a simple DCSD cable. As I've mentioned, DCSD is this iPhone to serial cable. And the basic idea is that we have our iPhone and we have our Pico, and the iPhone, when we plug in the lightning cable, will ask, hey, who's there? And it does so with a four byte request.
09:20
Seven four is the command. At the end, we have a CRC8. Doesn't really matter too much. And then we simply respond with this eight byte response, which just tells the iPhone, hey, please configure lightning to speak UART. And the tree start chip in the iPhone will do exactly that. It will take one of the differential pairs, and it will switch it to UART.
09:41
And then all we have to do, really, on the Pico is receive UART signals. And turns out, this is super simple. It takes like less than 50 lines of code to do this. And then you have a DCSD cable, and if we check this out, we plug in the iPhone, it boots up, and we have a five dollar DCSD cable without, you know, without having done too much.
10:02
This is pretty cool, but DCSD cables can be very easily bought on like AliExpress and so on. And it's not really what we're interested in. We are here for JTAG. Now, JTAG on the iPhone is actually not JTAG. It's SWD, which is a serial wire debug. It's basically like JTAG, but only uses two signals.
10:21
And the big issue is that production iPhones obviously have JTAG turned off, because they don't want you to debug the iPhone. But if you have a checkmateable iPhone, you can actually use a jailbreak to basically first compromise the iPhone, the boot ROM. And then we can do something called demotion, where we set an internal register to a different value,
10:41
and then suddenly JTAG is re-enabled. And this is all done by iPod DFU, and this has been known for years, by the way. This is nothing new, just want to clarify. But now we actually want to start talking JTAG to the iPhone, right? And so we need a plan. The plan is super simple. First, we set Lightning to JTAG via SDQ.
11:01
We just set it to UART, so we already know how to do this, basically. All we do is we respond to the who's there request with this time a different byte. And by the way, all these bytes for the responses are documented by Nyan Satan. And so you can find a lot of details about this online,
11:21
and we also have our own documentation on some more details. And then the iPhone, the tree start ship, will reconfigure all the pins on the iPhone, and then we actually have directly the SWD clock and IO signal exposed on the Lightning connector. And so all we have to do now is we just connect the debug probe with OpenOCD, right?
11:42
What could possibly go wrong? And even better, Lambda Concept, who are the vendors of the Bonobo cable, they actually published an OpenOCD fork that has special support for the iPhone and so on, and even better, they supply us with all the configuration files we need to actually talk to the chip.
12:00
Because if you want to debug a chip, there are all these definitions on where's which peripheral, and so on and so forth, and they provide us all of this. And so I decided to hook this up in the messiest way possible, because, yeah. Basically, what I did is I just connected my iPhone, brought the Lightning stuff out to a breadboard,
12:21
connected a logic analyzer so that I can actually see what's going on, connected the P code that will actually tell the iPhone to go into SWD mode, and then I used a ready-to-use debug probe just to see, just to get it working, basically. And so I hooked this all up, and so we are ready to go, and so it doesn't work.
12:42
It turns out that switching over to SWD is really easy, and if we actually connect with the debugger, we can even see that it finds the debug port, like the hex number on the bottom is basically, if you Google it, that's an iPhone, and so we do have some kind of debugging connection to the iPhone, but if we want to actually debug something,
13:03
this is a screenshot from OpenOCD, it doesn't work. Like, the state of all CPUs is unknown, and I have zero clue how to turn them on. And how do you debug this? Because my issue was, I have no clue about SWD. Like, I've used JTAG a million times,
13:21
I've used SWD probably even more, but how do you debug if you just, like, we didn't even have a working Kenzi or Bonobo cable, like, we didn't have a known working system that we could sniff. This is all basically partially reverse-engineered, partially combined from public information and so on,
13:40
so yeah, what do you do? You get a nice book for the evening called The SWD Specification. You read it twice, hope you understand at least a quarter of it, and then you start to logic analyze it, and you, you know, you see what bits are actually going over the wire, and so on.
14:01
Simple, right? So, I hooked up my logic analyzer, I debugged the signal, didn't make sense to me, turns out the logic analyzer is broken. The SWD plugin for the logic analyzer just simply was not great, and so first you get to fix the logic analyzer. Much fun. Then you see that OpenOCD doesn't handle
14:22
some SWD things correctly, and so basically when you send an SWD command to a chip, it can respond with acknowledgement or knock or wait, and it turns out OpenOCD by default doesn't support the wait response, and in the logic analyzer I could see I get a wait response, but my debug probe
14:41
just ignores it and keeps going. So obviously you implement SWD by hand, and so you again open the specification, and you write as a completely custom, partially custom SWD stack, and at this point it still didn't work. We handled the wait bits, we handled everything was looking perfect,
15:01
and it still didn't work, and now then you're at a point in time where you can potentially sync 200 hours without success, because you simply have no clue what's going on, and so I just started randomly trying everything I could find, randomly setting bits, clearing bits, and so on, and I basically built kind of a fuzzer
15:20
for some parts of the SWD protocol that tries to just flip bits until maybe we get successful, and it turns out a single bit that resets a certain peripheral was wrong. That was a tough day, because you spend so much time just wasted, completely wasted on a single bit.
15:43
But then you have a great moment, which is you hook up OpenOCD, you hook up your iPhone, you hit return, and it connects, no errors, everything is fine, it tells you yes, I'm listening for a GED connection, I'm listening for an OpenOCD connection, and so you hook up OpenOCD,
16:01
and you check what do our CPU cores do, and this time we can see CPU zero halted, CPU one power off, no more unknown states except for the SEP, which has a different reason. It's all working, and to prove that, we can hook up GDB, connect to it, and we can actually inspect the registers.
16:21
We actually built a $5 Kansi cable, so yes, that was a great moment. And now, at this point in time, it was all a bit complicated, because I had a big pile of code,
16:40
the branch was literally called clusterfuck. And so now it was time to clean up, and put everything together, make everything work nicely together, and in the end, we had this awesome firmware for the Raspberry Pi Pico that can be used as an SDQ bridge, self-contained in the Pico, a full SWD probe, for which we added support to OpenOCD for,
17:04
and it's fully open source. Now obviously, the cables that are used for debugging iPhones, they all have very awesome names based on monkeys, so you have the Kansi cable, the Bonobo, you have the Chimp cable, and the Kong cable. Luckily for us, they didn't select the coolest monkey,
17:22
which is the Tamarin monkey, and so our firmware is called the Tamarin cable, and you can find it as open source now online. It fully works, it's pretty simple to use. You plug it in, it will give you two, actually three USB devices, two serial ports. The first serial port just lets you select
17:43
between JTAG, DCSD mode. You can even reset the device, which is pretty cool, so it turns out that there are a couple of, basically secret SDQ commands that Bandy Katos found, and basically just randomly, I think, posted them on Twitter, and I was like, hey, how did you find those?
18:01
And so it turns out, by fuzzing lightning, you can actually find some undocumented commands, and this allows you to reset the device and go into DFU mode. If you've never Jbroken an iPhone before, you have to hold power and volume down, and at precisely eight seconds, you have to release the buttons,
18:21
and then Checkmate is not really a super stable exploit, so then you get to do it again, and again, and again, and again. With this, it's like a single tap. You just click reset and enter DFU, and it goes into DFU, and you can just try 100 times. So, honestly, this is the third best feature of this thing. Now, to make this all a bit nicer,
18:42
we also developed custom hardware that we call the Tamarin cable, which basically also exposes, it has a USB hub on there, so you can do both JTAG and also USB data at the same time, and just as we were ready to order 1,000 pieces of this, turns out there's this thing going on called the chip shortage.
19:01
You might have heard of it, and so all USB hubs we could think of were just out of stock, and so we had to build the chip shortage edition, which instead of a hub, simply adds two USB ports, and just makes it a bit cleaner, like you can make it a nice, short cable, plug it in, and so on, but this has zero advantages,
19:21
except it's less messy over the cable itself, so this is not a sales pitch, but this is coming up. If you're interested, we will probably do a production run. Follow me on Twitter, and you will get notified when it comes out. And with that, releases, there's a lot of different things that we've had to build for this. So, first off, the Tamarin cable firmware is now open source.
19:43
We've forked OpenOCD, added support for our Tamarin SWD probe, we've forked the SWD analyzer of the logic analyzer, and there's also the SDQ analyzer plug-in, and I think some of the repos are still private, but the Tamarin cable is open. As soon as I'm on a Wi-Fi that doesn't scare me,
20:01
I will change the GitHub visibility, and with that, thank you very much. That's all I have for you today.