 All right. Coming up next, we have a talk on the iPhone. It's called the hitchhiker's guide to iPhone lightning and JTAG hacking. So please help me welcome to the stage, stack smashing. Hello. Let's get started. This is going to be fast paced talk. So we got to hurry. First off about me, my name is Thomas Roth. I'm probably better known as stack smashing on Twitter and YouTube. And yeah, I'm a security researcher. I do hardware. I do software. All kinds of stuff. And before we can get started with the actual talk, we have to say thank you to a couple of people. So first off, Carlo Moranio, who is like my partner in crime on this talk, basically, we designed the hardware together, collaborated on this. Then Yiska Karo and Fabian, who just have been a great support, answered a ton of questions, listened to my rumbling about debugging SWD issues and so on. Then Lily, aka Bendy Cactus, who just gave me a lot of hints and tips when I was stuck and just contributed some great information. Then John, aka Nyan Satan, who basically documented a lot of the stuff you're about to see. And a lot of the information that I used in this talk is based on his research. And also, Lambda Concept, who are the vendors of the Bonobo cable, they published a lot of things as open source that have been really, really helpful for this talk. Now, lightning. What's so special about lightning? Lightning is this proprietary connector by Apple that you can find on iPhones. And it's reversible, so it has eight contacts on both sides. However, if we look on the device side, it really only has contacts on the bottom. So it's just eight signals. If you look at the connector with the contacts on the bottom, we count them like this, one to eight. And lightning normally is used for audio, charging, data transfer, all that kind of stuff. So for me, it's not really interesting. However, if you take a look at some of the less common iPhone accessories, you can find that there are actually a couple of interesting things going on. So for example, you can get something called a DCSD or Alex cable, which basically you plug it into the iPhone and it gives you a serial console on to the iPhone. And so if you plug it in, you put your iPhone, you get the boot lock and so on, especially on a J-Broken iPhone. So that's pretty interesting. And there's also something really cool called the Kansy cable. The Kansy cable gives you J-Tec on the iPhone. So it allows you to debug the actual iPhone. Now, the Kansy cable is an Apple internal device. You can sometimes get them on the gray and black market. So it's not really an option if you want to do, like, let's say, legit security research, because you can't start off with a stolen device. But luckily for us, Lambda Concept built a commercial version of this called the Bonobo cable. It's apparently really great. I unfortunately never had one. The issue is it's been out of stock for the past few years. And so I have friends who work at universities and do iPhone security research and they cannot do J-Tec research simply because they can't get the hardware. Now, I'm a hardware hacker and after visiting those friends and a couple of drinks in, the mission was clear. We have to build our own. To do that, we have to first understand lightning itself. If we look at the lightning connector, we have the pins. We have obviously a ground signal. We have power for charging and so on. And then we have two differential pairs. So we have L0 positive and negative and L1 positive and negative. And these two differential pairs can be configured to different protocols. So for example, if you have a USB cable, they will be configured to USB. If you have a DCSD cable, they will do UART and so on and so forth. And we also have two ID pins. Now normally we only use one of these. They are basically used by the cable to tell the iPhone what it should do. And the reason we have two is that the lightning cable is actually not symmetric when you turn it around, but the ID pin on the actual plug is on a different pin depending on the orientation you plug it in. And so when you plug in the lightning connector, the iPhone can actually tell which way you plugged it in. Now, lightning cables are always active. Like even if you have a lightning to USB cable, it actually in the plug itself contains a small microcontroller that talks to the iPhone and tells it, hey, I'm a lightning cable and it even sends over its serial number to authenticate itself. So it's pretty fancy. I'm not sure if it's necessary, but it's there. And the way this authentication is done is via a protocol called SDQ or ID bus. Just two words for the same bus. And inside the iPhone, there's basically directly connected to the lightning connector, a small chip called TreeStar or Hydra on your devices. And this TriStar chip is on the bottom connected directly to lightning and then internally connected to the internal serial buses to USB to JTAG. And on engineering iPhones, it's even connected to the baseband you are. And so it's pretty interesting. And when you plug in a lightning cable, the iPhone will basically ask the cable, hey, what do you want? And then the USB cable will say, hey, please speak USB or, you know, please speak, I don't know, serial, JTAG, whatever. And if the cable says please speak USB, then the iPhone will basically change, for example, the differential pair to be USB or to be UART and so on and so forth. Now, SDQ is pretty well known. Like it's not really a secret. It's been known for years. It's based on the OneWire standard. Even I released like an analyzer for it in 2018. And overall, it's pretty well documented. So I'm not going to go too deep into the physical details. But all you have to know is that it's a simple OneWire protocol. So basically, you only have one wire that connects both accessories. You don't have like TX and RX. It's really just OneWire. And the data looks somewhat like this. If we zoom in on a single byte here, basically, we encode once as a short low pulse and a long high pulse. And we encode zeros as a long low pulse and a short high pulse. And data is transmitted least significant bit first. And so this would encode to hex zero F. Now, if we want to talk to, let's say, the lightning cable, the iPhone would then, for example, send hex zero F. Then it would send a break. Then there's a short delay for the inputs to switch over for the direction. And then the lightning cable would answer on exactly the same data line. And now a lot of people implement this on FPGAs and so on. But if you know me, I like to go very cheap on my stuff. And so there's only one option for me, the Raspberry Pi Pico. It's just $4, not $20 or $100. And it's super, super well suited for this because it runs at 3.3 volts, which is exactly the voltage we need. And it has something called programmable IO, which is this feature that lets you very easily implement protocols directly in hardware. It's basically a small state machine CPU core that has its own instruction set. And you can just implement sdq in hardware on this thing. And the best part is you can actually buy it because it's not actually affected by the chip shortage. So yeah, it's pretty good. The issue is that we need a lightning connector. And as said, you can't just cut off a USB to lightning cable because there's a chip in the plug itself. And so you can't simply, you know, abuse that. But there are these nice breakouts who, by the way, Jill's over there sent to me this one. Unfortunately, if you count the number of signals, it's just five signals, but lightning actually has eight signals. And so those are nice for some basic experimentation. And we basically did our first steps, let's say, with with a similar one. In this case, we were sniffing a DCSD cable. But then bendy cut us actually recommended to me that the lightning extension quotes you can get on Amazon contain all eight signals. And even better, if you cut one apart, all the cables are nicely colored. And the color scheme is identical to the default jumper wire color scheme. And so you can really easily build one of these. And then, you know, plug it into a breadboard or directly onto the Pico. Here's the signal description. This is also on the GitHub, as you will see. So if you want to experiment, this is the the layout we found on most cables. Then you hook it all up. And then you have a device to explore lightning. You will notice that I marked the lightning connector because as said, it's not symmetric. You actually have to decide for one side. And then you hook it up to the Pico. And you want to implement sdq. And it turns out that implementing sdq is super simple. You don't have to read this code. I just want to show how relatively short it is. It's just like 40 instructions and you are done. And then, you know, 20 lines of code to start talking sdq. To test all this and see whether we really can talk to the iPhone. Our goal was to build a simple DCSD cable. As I've mentioned, DCSD is this iPhone to serial cable. And the basic idea is that we have our iPhone and we have our Pico. And the iPhone, when we plug in the lightning cable, will ask, hey, who's there? And it does so with a four byte request. Seven four is the command. At the end, we have a CRC8. Doesn't really matter too much. And then we simply respond with this eight byte response, which just tells the iPhone, hey, please configure lightning to speak your art. And the tree start ship in the iPhone will do exactly that. It will take one of the differential pairs. And it will switch it to your art. And then all we have to do really on the Pico is receive your art signals. And turns out this is super simple. It takes like less than 50 lines of code to do this. And then you have a DCSD cable. And we check this out. We plug in the iPhone. It boots up. And we have a $5 DCSD cable without, you know, without having done too much. This is pretty cool. But DCSD cables can be very easily bought on AliExpress and so on. And it's not really what we're interested in. We are here for JTAG. Now JTAG on the iPhone is actually not JTAG. It's SWD, which is serial wire debug. It's basically like JTAG but only uses two signals. And the big issue is that production iPhones obviously have JTAG turned off because they don't want you to debug the iPhone. But if you have a checkmateable iPhone, you can actually use a jailbreak to basically first compromise the iPhone, the bootrom. And then we can do something called demotion where we set an internal register to a different value. And then suddenly JTAG is re-enabled. And this is all done by IPON, DFU. And this has been known for years, by the way. Like, this is nothing new. Just want to clarify. But now we actually want to start talking JTAG to the iPhone, right? And so we need a plan. The plan is super simple. First, we set lightning to JTAG via SDQ. We just set it to UART. So we already know how to do this, basically. All we do is we respond to the who's there request with this time a different byte. And by the way, all these bytes for the responses are documented by NyanSatan. And so you can find a lot of details about this online. And we also have our own documentation on some more details. And then the iPhone, the tree start ship will reconfigure all the key pins on the iPhone. And then we actually have directly the SWD clock and IO signal exposed on the lightning connector. And so all we have to do now is we just connect the debug probe with open OCD, right? What could possibly go wrong? And even better, Lambda concept, who are the vendors of the Bonobo cable, they actually published an open OCD fork that supports, has like special support for the iPhone and so on. And even better, they supply us with all the configuration files we need to actually talk to the chip. Because if you want a debugger chip, there are all these definitions on which peripheral and so on and so forth. And they provide us all of this. And so I decided to hook this up in the messiest way possible because basically what I did is I just connected my iPhone, brought the lightning stuff out to a breadboard, connected a logic analyzer so that I can actually see what's going on, connected the Pico that will actually tell the iPhone to go into SWD mode. And then I used a ready to use debug probe just to see, just to get it working basically. And so I hooked this all up. And so we are ready to go. And so it doesn't work. It turns out that switching over to SWD is really easy. And if we actually connect with the debugger, we can even see that it finds the debug port, like the hex number on the bottom is basically, if you Google it, that's an iPhone. And so we do have some kind of debugging connection to the iPhone. But if we want to actually debug something, this is a screenshot from OpenMode CD, it doesn't work. Like the state of all CPUs is unknown and I have zero clue how to turn them on. And how do you debug this? Because my issue was I have no clue about SWD. Like I've used JTAG a million times. I've used SWD probably even more. But how do you debug if you just, like, we didn't even have a working Kenzie or Bonobo cable. Like we didn't have a known working system that we could sniff. This is all basically partially reverse engineered, partially combined from public information and so on. And so yeah, what do you do? You get a nice book for the evening called the SWD specification. You read it twice. I hope you understand at least a quarter of it. And then you start to logic analyze it. And you see what bits are actually going over the wire and so on. Simple, right? So I hooked up my logic analyzer, I debug the signal. Didn't make sense to me. Turns out the logic analyzer is broken. The SWD plug-in for the logic analyzer just simply was not great. And so first you get to fix the logic analyzer. Much fun. Then you see that OpenOCD doesn't handle some SWD things correctly. And so basically when you send an SWD command to a chip, it can respond with acknowledgement or knock or wait. And it turns out OpenOCD with by default doesn't support the weight response. And in the logic analyzer, I could see I get a weight response, but my debug probe just ignores it and keeps going. So obviously you implement SWD by hand. And so you again open the specification and you write as a partially custom SWD stack. And at this point it still didn't work. We handled the weight bits, we handled everything was looking perfect and it still didn't work. And now then you're at a point in time where you can potentially sink 200 hours without success because you simply have no clue what's going on. And so I just started randomly trying everything I could find, randomly setting bits, clearing bits and so on. I basically built kind of a fuzzer for some parts of the SWD protocol that tries to just flip bits until maybe we get successful. And it turns out a single bit that resets a certain peripheral was wrong. That was a tough day because you spent so much time just wasted, completely wasted on a single bit. But then you have a great moment, which is you hook up open OCD, you hook up your iPhone, you hit return and it connects no errors. Everything is fine. It tells you, yes, I'm listening for a GDB connection. I'm listening for an open OCD connection. And so you hook up open OCD and you check what do our CPU cores do. And this time we can see CPU zero halted CPU one power off, no more unknown states except for the SCP, which has a different reason. It's all working. And to prove that we can hook up GDB, connect to it and we can actually inspect the registers. We actually built a five dollar cancer cable. So yes, that was a great moment. And now at this point in time it was all a bit complicated because, you know, I had a big pile of code. The branch was literally called clusterfuck. And so now it was time to clean up and, you know, put everything together, make everything work nicely together. And in the end we had this awesome firmware for the Raspberry Pi Pico that can be used as an SDQ bridge, self-contains in the Pico, a full SWD probe for which we added support to open OCD for. And it's fully open source. Now obviously the cables that are used for debugging iPhones, they all have very awesome names based on monkeys. So you have the Kansi cable, the Bonobo, you have the Chimp cable and the Con cable. Luckily for us they didn't select the coolest monkey, which is the Tamarin monkey. And so our firmware is called the Tamarin cable. And you can find it as open source now online. It's fully works. It's pretty simple to use. You plug it in. It will give you two, actually three USB devices, two serial ports. The first serial port just lets you, you know, do a select between JTAG, DCSD mode. You can even reset the device, which is pretty cool. So it turns out that there are a couple of basically secret SDQ commands that Bandicatos found. And basically just randomly I think posted them on Twitter and I was like, hey, how did you find those? And so it turns out by fuzzing lightning you can actually find some undocumented commands. And this allows you to reset the device and go into DFU mode. If you've never, you know, j broken an iPhone before, you have to like hold power and volume down and at precisely eight seconds you have to release the buttons and then Checkmate is not really a super stable exploit. So then you get to do it again and again and again and again. With this it's like a single tap. You just click reset and enter DFU and it goes into DFU and you can just try a hundred times. So honestly this is the third best feature of this thing. Now to make this all a bit nicer we also developed custom hardware we call the tamering cable which basically also exposes it has a USB hub on there so you can do, you know, both JTAG and also USB data at the same time. And just as we were ready to order, you know, a thousand pieces of this, turns out there's this thing going on called the chip shortage. You might have heard of it. And so all USB hubs we could think of were just out of stock and so we had to build the chip shortage edition which instead of a hub simply adds two USB ports and just makes it a bit cleaner like you can make it nice short cable, plug it in and so on. But this has zero advantages except it's less messy over the cable itself. So this is not a sales pitch but this is coming up if you're interested we will probably do a production run, follow me on Twitter and you will get notified when it comes out. And with that releases there's a lot of different things that we've had to build for this. So first off the Tamarin cable firmware is now open source. We forked OpenOCD added support for our Tamarin SWD probe. We forked the SWD analyzer of the logic analyzer and there's also the SDQ analyzer plug-in. And I think some of the repos are still private but the Tamarin cable is open. As soon as I'm on a Wi-Fi that doesn't scare me I will change the guitar visibility. And with that thank you very much. That's all I have for you today.