Getting JTAG on the iPhone 15
HTML-код
- Опубликовано: 30 сен 2023
- In this video we explore how to get access to the JTAG interface on the new iPhone 15!
Special thanks to aunali1 & h0m3us3r, the Asahi Linux Project and Marc Zyngier!
Sign-up to the hextree.io waiting list here: hextree.io/
Links:
- Twitter: / ghidraninja
- Patreon: / stacksmashing
- Modified Chip Scrutinizer Firmware: github.com/stacksmashing/cs-s...
- macvdmtool patched for the iPhone 15: github.com/stacksmashing/macv...
- My DEF CON talk on Tamarin Cable: • DEF CON 30 - stacksmas...
- The secrets of Apple Lightning: • The secrets of Apple L...
- Central Scrutinizer Hardware: git.kernel.org/pub/scm/linux/...
- Central Scrutinizer on Tindie (does not work with iPhone 15 without modifications): www.tindie.com/products/aaafn... Наука
Working in a semiconductor company myself, it’s really nice to see how much effort you put in this with literally 0 official documentation available with you. Please do a follow up as well on your progress.
@@shueibdahir Pay is better in software lol. I left embedded field myself.
I mean, I was about to say the same to him.
@@bassyey How about hardware? Like sysadmin or some sort of it engineer? Do they pay aswell as software?
@@bassyey Did the same. Worked in embedded a couple years and switched to software. Didn't do it for the money, although I did immediately get a six figure salary.
@@shueibdahir I'd argue sysadmin does not pay nearly as well as software on average. I think you'd need to be a senior sysadmin to make what an entry level software engr can make.
It's not even been 2 weeks, give poor Tim Cook a break lmao. Very cool work!
Ah yes, Tim Cook is poor!
Mr Tim Apple is merely an expendable pawn partaking in techno-feudalism to please his anti-capitalist shareholder lords.
@@djispro4272 It's a figure of speech...
*Tim Apple
@@Corei14 lol you beat me too it!
Amazing! Kudos to Asahi project as well for their dedication. Have a happy and productive hacking time!
can you speak regular people language
Interesting stuff. It's always so cool to me to see folks who have specialized knowledge in the areas where hardware and software meet. Even just reading those notes from the documentation (From the Texas team, if I understood correctly?) about the 206 maybe being SWD is so cool to see: Playing around with hardware and probing it for signs of how it might work. Very cool.
Very well put video, straight to the point and no music. +1 sub.
Well done! 🥳 It's so cool to see the community succeed together.
Also I know that today is a holiday. I expect a breakthrough later tonight. :D
Cheers ausm Pott! :)
Fascinating work, well done getting this far. Can’t wait to see how far you can go. Good luck
Thank you! :)
@@stacksmashingI feel a visit to DigiKey is imminent 😂
u are doing amazing work with so little documentation, literally a tech detective.
Man, you brought me back memories of JTAG on the PS2 and X360, cool video though!
Now I want a new iPhone, just to be able to use JTAG via USB-C. No clue what to do with it, though.
But maaaam!😢 It's for the homework!
It's for getting some of the Android features without having to wait for Apple to announce the same features as great improvements on iPhone 17.
idk im noob too no idea what hes talking, but "jailbreak" control hardware and overclocking chips or smth I GUESS..
Excellent work. I was curious how long it would be, since the Macbooks and iPads are M1/etc rather than A-series chips. Quite interesting all the same!
so facinated by you guys. its my dream to do something like this someday. but i lack so much in everything...
omg i never think usb c so complex like this 😮 thanks mate for the video
There seems to be virtually zero courses on hardware hacking and reversing. I really hope your hextree project changes this :)
We hope so too! :)
its actually pretty diverse depending on what you want to hack, so its difficult to make a generalised tutorial for hardware hacking and most people just learn it themselves
Yes I agree. I think that's the highlight of this video actually, not the iPhone 15 hacking itself (which is still awesome)
yes
There are entire university degrees dedicated to embedded engineering lol
Awesome work you guys are doing.
dude that was awesome. cant wait for another videos!
LOL lot of comments which seem to have the "oh iphone owned" vibe... great work as Always
Just joined the channel. Can't wait to see what you have been up to!
Insane stuff man! I wonder how one can know so much!
i barely understand this stuff but im forever interested and grateful for the work you put in discovering these things.
This is brilliant work!! Bravoo
I love your channel. Keep up the good work
Wow you are seriously talented, very interesting man!
I jtaged my xbox off youtube tuttorials so this is extremely interesting and I hope you get the Jtag!
Yes! What a video! Thanks for this!!
fantastic work.
I am very interested in these kinds of videos.
Great video, thank you 🙏
FINALLY, a new video!!!!
Tim Cook is filthy rich and needs no breaks! This needs to happen for research and repair purposes! To the people! Bless you for your hard work! I thank you 🙏
Love the Zappa reference!
Which one? 😅
Pretty neat stuff!
Love the zappa reference👌🏼
Which Zappa reference? 😅 you are the second person mentioning it
@@stacksmashing “The Central Scrutinizer”
Ahhhhh thank you
Hardware hacking is so fun! I have never done things that complex but even small hacks are fun!
I understood absolutely nothing but looked interesting, cool video
Good work!
very in-depth video! get new subscriber 🎉
Oh wow, that was nice!
Awesome man!
Amazing work. I’d like to see if youre able to jtag the new iPad with usb c. It offers more features with the usb port than the iPhone so you just might get a different result
Nice didn't think it was possible
Amazing work done!
stacksmashing the best!!!
sehr interessantes video!
Good luck exploring the possibilities hidden inside the fruits of this corporation!
You are quick!
Great stuff
Cool keep grinding lad
Hey could you please explain more about debugging and exploiting.
What do you recommend for beginners to start learning electronics?
I have no idea what the hell you are doing but it was interesting to watch.
this is awesome.
Already knew it! but may brick after flash Jtag
really cool!
Very exciting! I'd be interested to know what is possible with JTAG.
JTAG generally: You get direct control of the CPU, so your imagination is the limit... Specifically here: Who knows how open/crippled it is yet ;)
YOOOO NEW VIDEO
Amazing!
Good to know that you didnt finish the work , i have to know that checkm8 didnt work on the “newer“ iphones
But i thought for the Usb-c “problem“ on the TamarinCable FW where only changing the cables and changing some code .. ok Its Not so easy
But on iPhone 15 swd is Open i think thats a good Start ..
Nice, keep going
Cool stuff
Make videos for best sideload method
Amazing
My dream iphone😊
Excellent
Excellent ✅✅
This is so awesome. I would really like to be able to use hardware hacking as a business?
So if you can get JTAG to iPhone 15, does that mean that the boot loader can be reverse engineered and the iPhone could essentially run non-apple or customised firmware?
imagine this on ipad with windows for arm
@@sol_xzthis is not how it works. You need Windows drivers and a lot of patches to make everything run, even if you can load an custom EFI boot.
It's insane amount of work and don't worth it, because, in the end, it's cheaper and faster to buy an Windows tablet that probably supports also Linux.
amazing work
When they added usb c and controller embedded into cpu i had feeling they are already worried about security.
I know you said it’s not a exploit but I realized once they switched to USB C I assumed it might make it easier for someone to find a exploit that way and since you can connect to more devices than with a lightning cable ( not saying I know anything or claiming to be a expert)
its not uncommon ( for my line of work) to see a jtag locked physically. maybe this is the case right here. some pull up resistor to some pads might be needed.
Ah in this case it's a bit more complicated - you can read up on the demotion of the iPhone X using checkm8 :)
Can you teach how to jailbreak iOS 17? Thank you
I see you've done this with the iPhone 15, but I'm curious if JTAG can be found a similar way on Samsung Galaxy devices and if one could possibly access the KNOX e-fuse data store on a galaxy device? So essentially if the Knox bit has been tripped; that section in the boot loader can be reversed?
This is currently the only thing stopping me from going to GraphineOS and being able to support encryption and have as much support with the boot loader security as say a supported Pixel device?
I don't remember much about it and doubt it's relevant anymore, but I remember being able to not trip knox on my s6 edge. I'm sure whatever exploit was there has been fixed though.
@@trevorgray3681 I would like to reverse the boot loader and how it trips the Knox because it's an implementation that's still in practice today? I've built ROMs and custom firmware for Android and have bucket loads of tools for just about any kind i of hacking and reversing software known? I've also got experiencing dumping binaries by direct chip reading and FlashROM using raspberry Pi SPI interface + voltage changer and read from diagnostic ports on MacBooks etc. Then Hex hacking the dumped binary and then writing my own stuff back on it to unblock a forgotten password? I can find out the voltages etc but if I could possibly talk between his created device and using USB-C then I can certainly attempt to play around? Have a little snoop & sniff and see what's up yo? See it could mean I could possibly make any Samsung a private phone like the Google Pixel with GrapheneOS. I can already rebuild and change the GrapheneOS to work on my Samsung or any Samsung even if the firmware doesn't support it? I know what partitions to write to, I can build a custom recovery. I can impart binaries etc etc and get what ever I need working? It's the being able to support encryption from recovery that is the most important? So it's worth sniffing even if not for Knox? It's just more enticing to offer should anyone be interested in using their Samsung as a private phone without needing to purchase a Pixel to so?
In Australia Pixels are for fanatics and people who purchased it outright with money and not on a plan? That's a very very tiny slice of the Australian market unfortunately?
Sorry but I figured I may as well spew my thoughts all over the RUclips comments cause I'm Autistic as fuck and have narcolepsy and you've got me on a medication is working don't know where to stop moment? So sucks to you if you've read this far 😛
Zappa would be proud 😂
I have a Short question , i Hope for an answer .
The iPhone15 has 5g Right?
Can i use this for sniffing 5g packets like osmocombb for gsm??
Nice. ❤😮
What do you need to study to learn all this stuff? The automotive field is heavy on this type technology and I want to get be able to heavily study these systems but there isn’t enough info online?? Some pls respond
It's a secretive field
Very cool
man's voice evolved around 6:48 lmao
thats huge, the central scrutinizer. that pcbs purpose is to enforce all the laws that havent been passed yet
It’s so simple I’m completely able to follow this with 5 years of experience
Jk
This stuff seems really complicated but interesting, as someone getting into cyber security, you definitely got me more interested in the hardware side of it all, I learned alot from this video!
How and where do we learn hardware hacking and all these things?? please tell me.
Upload more videos!!!
You have to put the lightning port back
Will 0xT have a free trial?
Seen this video before it was cool. ;)
Huh... Interesting.
6min ago 242 views for me.
Topic aside the presentation is good but I had to turn on subtitles
Thank you - was the voice not clear enough for you? Too fast? Happy to learn what I can improve!
@@stacksmashing Too fast, slow down by ~10%.
I love how he says “Central Scrutinizer” 😅
Am I mispronouncing it? :D
@@stacksmashing No, you're doing it right. (At least, to an American who's heard a hell of a lot of accents and pronunciations.) No clue what he's on about.
Is he tree available for sign up?
Is it possible to send data from an app to the JTAG with this?
Maybe a new full jailbreak after this?
The way you say macbook is the same as the "city people" episode in south park 😂😂😂
Bahahaha 🤣
is this a way to retrieve a lost password/iCloud ? asking for a friend
You’re awesome
Do you have a cheap way to read and Write Bricked android, it has 11 UFS debug pins but no public layout, it is surface duo with an SDR855 and there is no public EDl loaders available
so whats possible with JTAG? is it similar to jailbreak?
Sweet
will this let me get a mod menu for Black Ops 2?
iPhone 15 lightning cable mod when>?
insane
Cool!