Slashdot Log In
Piezo-Acoustic iPod Hack
Posted by
michael
on Sat Jan 29, 2005 05:45 PM
from the piezo-acoustic dept.
from the piezo-acoustic dept.
jugander writes "nilss over at the iPodLinux Project (previously on /.) has performed one of the coolest and most bizzare hacks I've seen in a while. He was able to extract the bootloader from the 4G iPod by sounding out ticks with the iPod's squeaky piezo. With some tweaking and a makeshift recording studio, he was able to dump the 64 kb file at 5 bytes/sec. And yes, this means that 4G iPods can now boot linux!"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Its sweet but does it ahve a point? (Score:5, Insightful)
No iPod have been bricked, it's dual boot (Score:5, Interesting)
You can't see it now, but the iPod linunx site states clearly that, to their knowledge, no one has bricked an iPod due to installing iPodLinux on it -- even since the long-ago development days.
In fact, iPodLinux's installer sets it up so you can dual boot into Linux and the Apple firmware, and you can make one the default. I installed this on my 1G and the other day, and it indeed works very, very easily. It is one of the more underrated hacks going on today, IMO.
Its sweet but does it ahve a point?
To satisfy your slashdotty interests: imagine you and a friend have iPods, and imagine you connect them with a firewire cable. You both boot into linux, transfer files, and reboot (back in to the Apple firmware). The use is left as an exercise to the hacker.
Parent
why do you people only care about linux (Score:5, Funny)
Re:why do you people only care about linux (Score:5, Funny)
Now please wash your potty-mouth out with soap, detergent or caustic soda.
Parent
Wow, this hack is soooo cool.... (Score:5, Funny)
piezo? (Score:5, Interesting)
Short for piezoelectricity or piezoelectric effect. Piezoelectricity is an electric charge that occurs in some substances when they are squeezed or otherwise subjected to mechanical stress. It is also possible to cause these materials to vibrate when a voltage is applied to them. Quartz is one of the better known piezoelectric materials, and is commonly fabricated into small pieces, called "crystals" that are used for frequency standards. A crystal of specific size and shape will vibrate at a predictable and very stable rate when a voltage is applied. This makes them ideal for use in things like watches or clocks for digital audio equipment. Piezoelectric elements have also been used various types of transducers such as phonograph cartridges, microphones and loudspeakers. Piezo microphones can be quite small and still have relatively high output at a low cost; however, their less than ideal frequency response prohibits use in critical applications. Piezo loudspeakers usually come in the form of tweeters, or very high frequency elements. They generally have very low distortion in the 5 kHz and above range, but haven't widely been used in sound reinforcement due in part to their relatively low output levels. It takes dozens of the average piezo tweeter to equal the output of one medium-sized compression driver
I'm still confused (and I did RTFA) how the bits of the bootloader were translated to sound. Anyone care to explain?
Re:piezo? (Score:5, Informative)
His goal: extract the data from the ROM.
His problem: he didn't know very much about the hardware. Sending the data through the FireWire port was not an option, since he had no idea how to access that port.
His opportunity: someone showed him how to make the piezo make sounds.
So, he picked one sound to represent a 1 bit, and picked a different sound (more of a click) to represent a 0 bit. Then he wrote code to read data from the ROM, and bit by bit, look at each bit and play the appropriate sound. He recorded the sound. It took hours to dump the whole ROM this way.
Then it was a matter of sampling the recording with a desktop computer, and writing code to detect the two different sounds, turn them into data bits, and save the data bits on disk.
steveha
Parent
Re:piezo? (Score:5, Funny)
Parent
Google Cache (Score:5, Informative)
The Sound of iPod
I got an iPod for christmas. The ipodlinux project was one of the main reasons for my choice and so I started exploring the iPod as far as I was able to. I patched the bootloader and got some basic code to run but there was no way to access any hardware other than the two CPUs yet. To get the LCD, Clickwheel and the harddisk working we needed to reverse engineer the bootloader in the flashrom. But to do that we first had to find a way to get that code. Seems quite impossible without any knowlegde about the IO-Hardware but I found a solution...
The whole idea started last week when leachbj gave me a piece of code that caused the piezo in the iPod to make some *squeek*-sound. I played around with that code, changed some values and somehow was able to produce different sounds. Just for fun I came up with the idea of using this different sounds for transferring data. Some minutes later I dropped the idea because I thought that just won't work and I won't be able to write a decoder for that. Two days later I woke up and somehow just tried encoding a 32bit value into different beeps. It worked so made a loop around it to dump about 4kb of memory.
The problem with that idea was that I could only transfer 8bit/s. Anyway, I tried writing a decoder and it seemed to work. Well, it didn't really work but it decoded about the first 256 bits correctly. The decoder was some Perlscript that loaded the whole audio into RAM and used about 1GB RAM for a 20MB audio file. It worked ok with some tweaking but still the RAM usage was way to high because if I wanted to dump the whole 64kb I would have an 1200MB audio file or something.
Some ideas came to my mind after thinking about the problems I had. The first one was to use compression so the transfer won't take too long. It would have taken about 45hours with the code we had. With compression maybe only 22h. To solve the memory problem I decided to rewrite the decoder in C that only reads about 96bytes chunks of audio data and then decodes that. Davidc_ helped me with that.
This was the first time I thought I this could really work. Again I played with the piezo code and figured out, how the piezo really works. I was able to produce some more unique beeps. Later I made the beep for 0 (the last bleep you can see in the picture) much shorter so it sounded more like a click. I even managed to make the first bleep shorter so I got about 5byte/s.
When we thought we got the encoder in the iPod with zlib and the decoder working, I decided to try recording the whole dump at night. So I put the iPod in the "iPod Recording Studio" and went to sleep. The iPod is just a cardboard box in which Samsung send me my laptop back. It has foam in it so I thought it would be ideal for recording the bleeping of the iPod. (Move your mouse over the picture.)
The next day I woke up quite early. The first thing I did was looking at the recording. I heard the iPod stopped bleeping so I thought everything went fine. In fact nothing worked at all. I recorded 8 hours full of zeros. Furthermore, the iPod's battery became empty though it was plugged into the USB port of my laptop the firmware wasn't loaded so it didn't request power over USB. So what you can see in the picture is the harddrive spinning down, then the iPod goes off for some minutes and then reboots. The harddriver was spinning during the whole recording session because there was no way to turn it off.
After this I was really disappointed and I dropped the project for the rest of the day but in the evening I tried again with a better decoder. It worked quite well but we weren't able to decompress the file. I concluded that was caused by the malloc() hack and zlib would allocate the same memory twice or something like that. Anyway, I haven't had much sleep that weekend so I was tired and just went to bed and thought about dropping the whole
Does this mean? (Score:5, Funny)
Wow, just wow... (Score:5, Insightful)
If Apple / NASA / (et all) had any sense at all, they'd be beating down this guy's door to hire him into a think-tank.
Re:Wow, just wow... (Score:5, Insightful)
Clever, sure. But remember this is how 300 baud modems work, too. This is also how fluke multimeters are tested in the factory. They have no IO, so they chirp data back to a tester.
What is clever to one person is old hat to many others.
Parent
Now This, THIS is why (Score:5, Insightful)
All in favor?
Mod me down.
Yeah it's pointless.. (Score:5, Insightful)
Who cares if it's not that useful, it's lateral thinking for you...
Hehee. Just like loading off a Cassette tape :) (Score:5, Interesting)
Data transmission via acoustics is certainly nothing new, but getting something OUT thats not meant to be exposed on a MODERN device this way is just too cool.
Right now there are MANY P'o'd execs at Apple, and a bunch of engineers going crap (but quietly thinking man is this cool)
I wonder how many other things this can be applied to , for reverse engineering of bootloaders, roms, etc.
I would have fried a dozen gamecubes 2 years ago trying this method had I been given the idea then, (Yeah I know all the goofy bootloader stuff NOW in the last 6 months ) for GC is out,
KUDOS, now I might actually buy one.
Re:Hehee. Just like loading off a Cassette tape :) (Score:5, Insightful)
I don't know of any software or hardware engineer who would give a damn if one of their users coaxed something out of their product that they were told to try to hide. Most engineers understand the futility of trying to prevent users from accessing their code or data. I've never heard an engineer introduce the idea of encrypting their own data or code--the idea always comes from the bean counters or management.
Parent
Re:Hehee. Just like loading off a Cassette tape :) (Score:5, Funny)
Parent
using this hack for ages (Score:5, Funny)
Obligatory comment (Score:5, Funny)
Wait, umm....
Oh!
Imagine a Beowulf Cluster of these things!
Re:Hackaday, meet your new delayed mirror, Slashdo (Score:5, Funny)
Dude, he extracted the bootloader using the piezo! It's bloody brilliant.
I'm even looking forward to the dupes of this article which will probably be posted as soon as his server recovers!
Parent
Re:Yes But, (Score:5, Funny)
Only if you've been reduced to making nothing but clicking noises.
Parent
Re:why!? (Score:5, Insightful)
Then what the fuck are you doing here wasting time on slashdot? Get out there and cure cancer already.
Parent
Re:The iPod hardware is too weak for anything usef (Score:5, Insightful)
We know the ipod CPU power and abilities (in the 4G ones and up) is might higher then what apple is using it for. I would love to see an alternative music/playlist browser, as the one they have sucks when you have thousands of songs that all have different artists, albums, etc. All my songs are in mp3 (sorry ogg) so I'm not really concerned about playback of other formats. I know the ipod linux team has a long way to go, but you think with so many hundreds of thousands (millions?) of ipods, at least a few people would be interested in hacking it to do more then what apple wants.
Look at the TI calculators. They might be intended for mathematics functions but people have written thouands of programs that do a ton of different things. Some are pretty stupid, true, but some do some helpfully tasks. And if you bought the hardware, why should you not use it to its fullest extent?
Parent
Re:The iPod hardware is too weak for anything usef (Score:5, Insightful)
It's about hacking.
It's like when an artist draws something on a napkin. Creative energy expands in every direction.
Parent
Re:looking forward to an iPod emulator (Score:5, Funny)
Parent