Author Topic: OSHW Apple Lightning Connector?  (Read 23541 times)

0 Members and 1 Guest are viewing this topic.

Offline amykTopic starter

  • Super Contributor
  • ***
  • Posts: 8240
OSHW Apple Lightning Connector?
« on: November 06, 2013, 11:55:37 am »
It seems like although the Chinese have RE'd the protocol, no one has yet published any detailed information.

Here's some info that points to it being possible without any custom ICs:
http://appleinsider.com/articles/12/10/31/functional-chinese-knock-off-of-apples-lightning-cable-disassembled
That's a C8051F300 (8051 shows up again!) and some other SMDs I can't identify.

http://www.chipworks.com/en/technical-competitive-analysis/resources/blog/systems-analysis-of-the-apple-lightning-to-usb-cable/

Something similar:
http://www.righto.com/2013/06/teardown-and-exploration-of-magsafe.html

It's a 1-wire protocol, wouldn't be hard to figure out. Possible OSHW project idea?
 

Offline amykTopic starter

  • Super Contributor
  • ***
  • Posts: 8240
Re: OSHW Apple Lightning Connector?
« Reply #1 on: November 07, 2013, 01:13:16 pm »
The official cable contains an EEPROM but the Chinese look to be emulating it with an 8051 - if they're not emulating all the aspects of that EEPROM, then they can find a difference, however if it behaves just like the real thing then Apple can't do anything (unless they break all their cables too).

I personally use Android (on Apple-shaped hardware ;)), just curious if there were any interested iDevice hackers here...
 

Offline cloudscapes

  • Regular Contributor
  • *
  • Posts: 198
Re: OSHW Apple Lightning Connector?
« Reply #2 on: November 07, 2013, 04:04:00 pm »
though in general I prefer Android, it isn't all rosy either.

my htc one has started forcing system update notifications down my throat. I want to hold back because I hear the update makes it drain battery life a bit more, and that the new features are of absolutelly no benifit to me. the notifications are pretty annoying, every 4 hours, full-screen with multiple clicks to get out of them (remind me later, in how much time, etc). it doesn't offer a way to turn it off, so I just unlocked my phone (big hassle costing me a couple hours of work, because the backup tool half-assed its job). I had read there was something you could do to stop update notifications after unlocking this phone, renaming a file in the system directory. it didn't actually work, though, and they started showing up all the time again.

/rant  :-X
just to say that Android is far from"truly" open. it's only "relatively"
 

Online kripton2035

  • Super Contributor
  • ***
  • Posts: 2572
  • Country: fr
    • kripton2035 schematics repository
Re: OSHW Apple Lightning Connector?
« Reply #3 on: November 07, 2013, 05:37:17 pm »
apple can update the software inside the lightning cable if they want. throught an itunes update for example...
so even if some chinese people reverse the thing, an update and hop ...

and sorry but for me android is fully open ... to malwares !
 

Offline cloudscapes

  • Regular Contributor
  • *
  • Posts: 198
Re: OSHW Apple Lightning Connector?
« Reply #4 on: November 07, 2013, 07:45:26 pm »
and sorry but for me android is fully open ... to malwares !

Only if you tell it to accept "unauthorized" apps in the developer settings.
 

Offline cloudscapes

  • Regular Contributor
  • *
  • Posts: 198
Re: OSHW Apple Lightning Connector?
« Reply #5 on: November 08, 2013, 10:48:19 pm »

That's more to do with HTC than Android. There is a port of Cyanogen for your phone, why not use that?

Maybe. Still, it's absurd that I have to jump through so many hoops just so that I can avoid installing something I don't need and that actually slightly hinders it (allegedly).
 

Offline amykTopic starter

  • Super Contributor
  • ***
  • Posts: 8240
Re: OSHW Apple Lightning Connector?
« Reply #6 on: November 09, 2013, 02:41:58 am »
apple can update the software inside the lightning cable if they want. throught an itunes update for example...
so even if some chinese people reverse the thing, an update and hop ...

and sorry but for me android is fully open ... to malwares !
AFAIK there's no actual software in the official cable, just an EEPROM...
 

Online kripton2035

  • Super Contributor
  • ***
  • Posts: 2572
  • Country: fr
    • kripton2035 schematics repository
Re: OSHW Apple Lightning Connector?
« Reply #7 on: November 09, 2013, 08:10:26 am »
there are 4 chips inside the connector, and two "big" ones from TI and NXP simply nobody knows what they do...
 

Offline amykTopic starter

  • Super Contributor
  • ***
  • Posts: 8240
Re: OSHW Apple Lightning Connector?
« Reply #8 on: August 29, 2014, 11:30:30 am »
Putting some more info in this thread since an Apple-only product may be wanted by others...

* BQ2025 has "2501" on the die and Maxim make a DS2501, both are 1-wire EEPROMs
* BQ2024/BQ2026 are also OTP EEPROMs with very similar interface, basically 1-wire compatible. Comparison of datasheets.

* NXP NX20P3 is a load switch, as evidenced by image found on Chinese site and NXP having NX3P/5P/18P series load switches. It wouldn't be much of a stretch to hypothesise that the NX20P3 is a 20V, 3A version.

keywords for future potential visitors: Apple lightning cable reverse engineering BQ2025 DS2501 EEPROM 1wire NX20P3 NX18P
 

Offline kwallen

  • Contributor
  • Posts: 26
  • Country: 00
Re: OSHW Apple Lightning Connector?
« Reply #9 on: August 31, 2014, 11:10:55 am »
The problem is Apple have a habit of starting out with a simple form of DRM, then incrementally hardening it with each OS update.

More incredible is their Lightning AV adapter, which seems to include a rather beefy ARM SoC inside it just to handle the 720p video coming over the wire. Every time you plug the device in it checks a remote server, and pushes whatever the latest binary is into the RAM of the device in order for it to boot. 



About the start of August they started pushing new protections for Lightning cables as well which broke almost all knockoff cables with clone authentication chips in them. I believe the update URL is used for normal cables as well as the media device, as I had some un-updated devices start rejecting clone cables I had lying around and only accepting legitimate ones. Just from using clone and legitimate cables, their protections are at least somewhat timing based. Often clones are able to work a portion of the time, sometimes failing out as illegitimate and other times authenticating properly.
« Last Edit: August 31, 2014, 11:16:47 am by kwallen »
 

Offline amykTopic starter

  • Super Contributor
  • ***
  • Posts: 8240
Re: OSHW Apple Lightning Connector?
« Reply #10 on: September 02, 2014, 05:38:09 am »
Yes some of their adapters require firmware but that's true of certain USB devices too - the first example that come to mind are all the logic analysers (Saleae and clones) and various other adapters based on the Cypress FX2/LP.

Quote
Just from using clone and legitimate cables, their protections are at least somewhat timing based. Often clones are able to work a portion of the time, sometimes failing out as illegitimate and other times authenticating properly.
This lends more evidence to the theory that the MCU they're using to emulate a 1-wire EEPROM might not be fast enough - it was fast enough to handle the timings that Apple originally used but they've reduced the margins in future updates. As I mentioned above, incomplete emulation of the protocol would be another cause; the Chinese attitude of "if it works, ship it" probably made them just record the data with a logic analyser, program an MCU to spit out same, and started selling the cables.

Another hint I found:
Quote
Previous to iOS 7 beta 3 (including iOS 6), I had this message if I connected the cable to phone first, then USB end to power, ...workaround was to plug in to power first, then phone, no message and it charged fine.
Plugging in the USB end first powers up the MCU so it can talk to the phone, whereas doing the opposite doesn't. A real 1-wire EEPROM doesn't require a separate power source. With a suitably low-power MCU, it should be possible to do that too.
 

Offline kwallen

  • Contributor
  • Posts: 26
  • Country: 00
Re: OSHW Apple Lightning Connector?
« Reply #11 on: September 24, 2014, 03:05:40 am »
Quote
Just from using clone and legitimate cables, their protections are at least somewhat timing based. Often clones are able to work a portion of the time, sometimes failing out as illegitimate and other times authenticating properly.
This lends more evidence to the theory that the MCU they're using to emulate a 1-wire EEPROM might not be fast enough - it was fast enough to handle the timings that Apple originally used but they've reduced the margins in future updates. As I mentioned above, incomplete emulation of the protocol would be another cause; the Chinese attitude of "if it works, ship it" probably made them just record the data with a logic analyser, program an MCU to spit out same, and started selling the cables.

Just by luck I came across one of these cables that was blacklisted and took it apart just to see what is going on. Inside there's only two devices on a tiny tiny PCB, no passives at all.



A1SHB - P-Channel MOSFET
SDL01 - must be some sort of microcontroller, but I can't find a data sheet or any other information
« Last Edit: September 24, 2014, 03:09:22 am by kwallen »
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 8973
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: OSHW Apple Lightning Connector?
« Reply #12 on: October 01, 2014, 03:05:30 pm »
There's apparently a jailbreak tweak to ignore the check. I personally just use Android, but some engineers like the challenge of hacking something that is purposely made difficult to hack...
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline fake-name

  • Regular Contributor
  • *
  • Posts: 75
Re: OSHW Apple Lightning Connector?
« Reply #13 on: October 13, 2014, 09:14:58 am »
The problem is that no matter what you do you can never be sure you fully emulated what Apple's hardware does, so there will always be a chance they can screw you with an OS update one day.

That is not true.

If you do a full reverse-engineer (e.g. decap the chips and fully understand their contents), it is possible to completely emulate them.

It's only black-box reverse-engineering that has issues, because you don't have access to the internal state of the device, so you're stuck making inferences.
 

Offline microbug

  • Frequent Contributor
  • **
  • Posts: 540
  • Country: gb
  • Electronics Enthusiast
Re: OSHW Apple Lightning Connector?
« Reply #14 on: November 02, 2014, 12:10:23 am »
It could work without full emulation if it were less portable/practical: a larger board with an ICSP header so that you could reprogram the MCU software when Apple updates theirs.
 

Offline ratdude747

  • Regular Contributor
  • *
  • Posts: 96
  • Country: us
Re: OSHW Apple Lightning Connector?
« Reply #15 on: January 15, 2015, 03:06:49 am »
And THIS is why even 3rd party cables are so bleeping expensive (having a finacee whose lost a couple of them, this crap gets old fast).

Never buying an iphone, ever, thanks to this. DRM in a cable??? Even just to charge? What has this world come to???  :--

And I thought my ATT S4 was a POS since it has a bleeping locked bootloader (and safestrap is a joke, please).

What's next, RFID enabled cell phone stands? C'mon sheeple, buy the new iStand and iHolster, with a built in iWallet that is almost useless since you burnt all your cash on our iTrash!
 

Offline Am0rph

  • Newbie
  • Posts: 3
  • Country: gb
Re: OSHW Apple Lightning Connector?
« Reply #16 on: June 06, 2018, 08:41:58 am »
Quote
Just from using clone and legitimate cables, their protections are at least somewhat timing based. Often clones are able to work a portion of the time, sometimes failing out as illegitimate and other times authenticating properly.
This lends more evidence to the theory that the MCU they're using to emulate a 1-wire EEPROM might not be fast enough - it was fast enough to handle the timings that Apple originally used but they've reduced the margins in future updates. As I mentioned above, incomplete emulation of the protocol would be another cause; the Chinese attitude of "if it works, ship it" probably made them just record the data with a logic analyser, program an MCU to spit out same, and started selling the cables.

Just by luck I came across one of these cables that was blacklisted and took it apart just to see what is going on. Inside there's only two devices on a tiny tiny PCB, no passives at all.



A1SHB - P-Channel MOSFET
SDL01 - must be some sort of microcontroller, but I can't find a data sheet or any other information

Hi,

Came across this post on Google when I was searching for a similar issue. I cracked open a Chinese Apple cable and just wanted to see what they are using on the connector. Found out a 3415 (BJT NPN 25V 500mA), 2 resistors 150 ohms each and a Ceramic Cap 2.2 uF. There is a chip (6 pins). So I had two cables and both have different chips - one has AD07 labeled on it and the other has 'SLH012 1736' labeled on it.

Could you find out what they actually were?

Thanks!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf