Announcement

Collapse
No announcement yet.

stacksmashing - The hitchhacker’s guide to iPhone Lightning & JTAG hacking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • stacksmashing - The hitchhacker’s guide to iPhone Lightning & JTAG hacking

    stacksmashing - The hitchhacker’s guide to iPhone Lightning & JTAG hacking



    stacksmashing, Hacker, He/him
    Presentation Title: The hitchhacker’s guide to iPhone Lightning & JTAG hacking
    Length of presentation: 20 minutes
    Demo, Tool

    Apple’s Lightning connector was introduced almost 10 years ago - and
    under the hood it can be used for much more than just charging an
    iPhone: Using a proprietary protocol it can also be configured to give
    access to a serial-console and even expose the JTAG pins of the
    application processor! So far these hidden debugging features have not
    been very accessible, and could only be accessed using expensive and
    difficult to acquire "Kanzi" and "Bonobo" cables. In this talk we
    introduce the cheap and open-source "Tamarin Cable", bringing
    Lightning exploration to the masses!

    In this talk we are diving deep into the weeds of Apple Lightning:
    What’s “Tristar”, “Hydra” and “HiFive”? What’s SDQ and IDBUS? And how
    does it all fit together?

    We show how you can analyze Lightning communications, what different
    types of cables (such as DCSD, Kanzi & co) communicate with the
    iPhone, and how everything works on the hardware level.

    We then show how we developed the “Tamarin Cable”: An open-source,
    super cheap (~$5 and a sacrificed cable) Lightning explorer that
    supports sending custom IDBUS & SDQ commands, can access the iPhone’s
    serial-console, and even provides a full JTAG/SWD probe able to debug
    iPhones.

    We also show how we fuzzed Lightning to uncover new commands, and
    reverse engineer some Lightning details hidden in iOS itself.


    stacksmashing is a security researcher with a focus on embedded
    devices: From hacking payment terminals, crypto-wallets, secure
    processors or Apple AirTags, he loves to explore embedded & IoT
    security. On his YouTube channel he attempts to make
    reverse-engineering & hardware hacking more accessible. He is known
    for trying to hack everything for under $5, which is probably related
    to him living in the stingiest part of Germany.

    https://youtube.com/stacksmashing
    https://twitter.com/ghidraninja

    REFERENCES:
    - Nyansatan’s Lightning Post: https://nyansatan.github.io/lightning/
    - Lambda Concept’s Bonobo Cable:
    http://blog.lambdaconcept.com/post/2...bootrom-debug/
    - Ipwndfu: https://github.com/axi0mX/ipwndfu
    - Kanzi Cable Thread:
    https://mobile.twitter.com/1nsane_de...56941139337216
    - stacksmashing’s SDQAnalyzer: https://github.com/nezza/SDQAnalyzer


    []

Working...
X