Forgot your password?
typodupeerror
Australia Hardware Hacking IOS Apple Build

Guide To Building a Cable That Improves iOS Exploits 184

Posted by timothy
from the slurping-assistant dept.
mask.of.sanity writes "An Aussie network engineer has published a guide to building a serial cable connector that allows access to a secret kernel debugger hidden within Apple iOS. The debugger was a dormant iOS feature carried over from Apple OS, and seems to serves no function other than to allow hackers to build better exploits. The cable needs an external power source and a jailbroken device to access the debugger." We've mentioned Pollock's serial adapter kit before, modulo the kernel debugging abilities.
This discussion has been archived. No new comments can be posted.

Guide To Building a Cable That Improves iOS Exploits

Comments Filter:
  • Chicken and Egg? (Score:4, Insightful)

    by Anonymous Coward on Monday August 08, 2011 @05:19AM (#37020112)

    Wait... so in order to use the cable to find exploits, you need a jailbroken device. But in order to jailbreak your device, you need to first find an exploit.

    * Yes, I do know that there are other ways to find exploits...

  • It's amazing that Apple and Jobs in it are so shortsighted that they don't provide official tools that people want. Of-course they have contracts with AT&T and who knows what else, that's most likely why they don't want to let people use these devices as general purpose computers, so that normal apps could be executed (and then you can use Skype or whatever to go around long distance phone charges obviously). But still, this is just so screwed up that a company would not see that it is in its best inte

    • Re: (Score:2, Interesting)

      by dakameleon (1126377)

      Yes, because the alternative is... no, wait, Android devices don't let you access root so easily either. Hang on, I'll come up with something...

      • by bhtooefr (649901)

        The alternative is Windows Mobile 6.5.

        Which doesn't support any permissions other than root.

        Enjoy!

        Oh, you don't like that? Well, I'm sure there's an old Centro running Palm OS 5.4.9 lying around...

        (Actually, on a serious note, HPalm hands out the password necessary to get the USB debug interface going, and from there you can easily get root and install whatever you want. Also, if you get a Nexus phone, you can get root without hacking the thing, using an adb, IIRC, and you get an OS that actually has softwa

      • by tepples (727027)

        Android devices don't let you access root so easily either

        Android-powered devices don't require root access just to install non-Market applications.

      • no, wait, Android devices don't let you access root so easily either.

        The Nexus One, Nexus S, Xoom, and Altrix among others beg to differ. By the end of the month the Sensation and Evo 3D will have joined the crowd.

      • WebOs has built in root access, jsut type in "upupdowndownleftrightleftrightbastart" to unlock dev mode.
    • Re: (Score:2, Insightful)

      I'm sure having record year over year profits is so short sighted. :) Even over a year after the iPhone 4 came out, it's still outselling individual phones from the likes of HTC and Samsung.

      People want products they can use now, not products they might be able to get to work with some hacking.

      I'm amazed geeks DO NOT GET IT.

      At all.

      • by Haedrian (1676506) on Monday August 08, 2011 @06:36AM (#37020308)

        Even over a year after the iPhone 4 came out, it's still outselling individual phones from the likes of HTC and Samsung.

        Its not such a good comparison. Here's why. You use a smartphone to run certain programs on it (or to look good or whatever).

        If you want an Android phone, you have tons of choice. Most of them will run the same software, and so you just choose your price range or whatever.

        If you want an iOS phone you basically either buy second hand, or buy the current iPhone.

        So the iPhone isn't better than 'individual' phones, its just the only choice you have if you want iOS

        • by Wingsy (761354)
          "If you want an Android phone, you have tons of choice. Most of them will run the same software, and so you just choose your price range or whatever."

          It's the whatever that non-geeks (and many geeks) don't care for, and they have no clue what whatever is anyway. Probably the reason why customer satisfaction is off the charts for iPhones, and not so stellar for Android. When you buy an Android phone you may get x, y or z (yes, they're all Android, but futzed with in different ways by different carriers).
        • by Wovel (964431)

          And IOs is the choice for App developers because those Android phones don't in fact all run the same software.

          • This is a big misconception. Unlike iOS where there have been plenty of API breaking changes, Android has been more stable. You can write for 1.6 and it will work on pretty much any device out there. Or if you want the new fancy UI stuff there is a package that will let it work on older devices provided by Google themselves.
        • by s73v3r (963317)

          Its not such a good comparison.

          It's not a good comparison to compare one manufacturer's product against another manufacturer's product?

          So the iPhone isn't better than 'individual' phones, its just the only choice you have if you want iOS

          Yeah, no. You're just trying to make excuses here. "People keep choosing iOS! But that doesn't mean that they don't like it more! They don't have a choice!"

      • Re: (Score:2, Insightful)

        by bjourne (1034822)
        No, people want status symbols. Overpriced phones from Apple are perfect status symbols for people with to much money to spend. We geeks get it 100%, it is just that we despise it because it disguists us.
        • by Richard_at_work (517087) <richardprice.gmail@com> on Monday August 08, 2011 @07:18AM (#37020454)

          What is it that "we geeks" get?

          I had both an iPhone and an iPhone 3G, before getting pissed off with iOS 4 on the 3G enough to decide to try out the Android side of the story.

          I acquired a new HTC Desire in February, and merrily set about using it as my main phone. Today is the 8th of August, so I have been using my HTC for around 6 months as my main phone - and the conclusion I have come to is that I absolutely hate it.

          I have to dig around in subscreens to get to the apps I want - on the iPhone I just scroll left or right on the home screen, but on Android I only have six homescreen slots for apps, the other home screens are taken up with applets, mail and other shite, so I have to open the apps screen specifically, and then dig around in there.

          The back button on the HTC is unbelievably broken - it entirely depends on what you were doing before as to what action it has. Does it return you to the home screen or to the previous page in the app? It depends! For example, I get a text message while my phone is locked - I unlock the phone and the message is displayed. I now want to refer to another message I have received previously, and since I am in the SMS app (as that is what is loaded), I click the back button to get to the message list. And I get dumped to the phones home screen instead. If I open the SMS app myself, the back button works as expected! Lots of examples such as that.

          The Android Market Place is a terribly poor user experience, I utterly hate using it - its hard to find apps, its hard to search, its hard to preview apps. The AppStore just seems so much better put together, especially when browsing from the device itself!

          I have had far far more interface issues with the HTC than I did with either of my iPhones - for example, the other day I was on the phone to a colleague, and the call dropped - but the HTC wouldn't let me hang up! It was sat there on the call screen, with the "End Call" button active but nothing on the line - and each time I clicked "End Call" it would briefly blank everything and then the call screen would reappear. This has happened to me several times.

          The screen locking is poor - I cant count the numerous number of times I have taken my HTC out of my pocket to find my penis or keys had randomly dialled someone, or started to write an email. And yes, I am sure the phone was locked (prime example of this happened to me earlier today - I ended a call, locked the phone, put the phone in my pocket - 5 minutes later, I take the phone out to make another call and the phone is unlocked and halfway through a gibberish email).

          The HTCs touch sensitivity seems to wildly vary depending on what you are doing, and buttons can be hard to actually get a press confirmed on - plus the onscreen keypad isn't anywhere near as good as the iOS one.

          Thats just some of the issues I, as a "geek", have with my Android phone - I desperately want to go back to an iPhone...

          • The back button on the HTC is unbelievably broken

            Back on an Android-powered device always closes the frontmost window. It's not unlike Alt+F4 on a PC running Windows. Maybe you haven't picked up on it because web pages are treated as windows in the back stack.

            • by s73v3r (963317)

              Yes, but would you say it's not unreasonable to expect the Back button to take you to the Message List from the Conversation View in an SMS app? Especially given the fact that almost none of them have a way to get back to the Message List from the Conversation View because they all expect you to use the Back button?

          • by bjourne (1034822)
            Nice read. Guess someone who likes HTC phones could offer some counter points to at least some of your issues. But you know as well as I do that none of the above is the reason why 99% of iphone consumers chose that phone. Of course, in reality most smart phones are underutilized status symbols. It's just that the iphone is the most egregious example since marketing, combined with the herd mentality of the status seekers has made it the dominant one.
            • by jo_ham (604554)

              Marketing only works to a point. If your product is garbage, you might get some early sales due to marketing, but eventually you will be found out and word of mouth will spread, along with reviews and so on.

              What happens with the iPhone is that *people actually like using it*, and people who don't have one who use one (either a friend's phone or by trying one out in the store) like it too - it does what they want it to do, and is easy and intuitive to use.

              For someone who wants a smartphone, just using an iPh

            • by s73v3r (963317)

              Blah Blah, I'm jealous of smartphone owners, and I can't see why anyone would have a different opinion than me, so it must all be marketing. Never mind the fact that it actually is a good, solid product that was light years ahead of anything else on the market at the time it came out, especially in terms of usability. It's just marketing.

          • by s73v3r (963317)

            The back button on the HTC is unbelievably broken - it entirely depends on what you were doing before as to what action it has.

            This isn't a problem with any phone manufacturer; this is a problem with whoever developed the app you're using at any given time. Many developers implement back button functionality poorly, or they give it some other weird functionality that isn't consistent with the App Developer Guidelines. Many of these apps also would have been rejected on iOS if they tried anything like this, and told to fuck off until they fixed it. Not necessarily a bad thing.

            Does it return you to the home screen or to the previous page in the app? It depends! For example, I get a text message while my phone is locked - I unlock the phone and the message is displayed. I now want to refer to another message I have received previously, and since I am in the SMS app (as that is what is loaded), I click the back button to get to the message list. And I get dumped to the phones home screen instead. If I open the SMS app myself, the back button works as expected! Lots of examples such as that.

            This actually has to do with they way things are structur

        • I'm sure (no, I know) that there is a subset that wants the status symbol, whether its the iFoo for the metrosexual, or the Nexus Foo for the geek crowd - it's the same thing. Most of us just want a device that will do what we need to function, and do it with a minimum of fussing. Apple provides mediocre products that fill 95% of the average users needs and require near zero setup and maintenance - QED.

          In the horrible parlance of automotive analogies, I don't need a vehicle that can do 0-60 in under 6 seco

          • And unless I'm refilling the wiper fluid, I never want to open the hood.

            To continue the analogy, some companies' products don't even let you do that. You have to use the company's own brand of fluid, or the reservoir won't refill.

        • by Wovel (964431)

          You have never owned an iPone. You are simply spouting BS you have read on Internet forums. Stopping referring to yourself as a geek. You have neither the technical nor analytical ability to claim that title.

        • by s73v3r (963317)

          This is the most retarded, and geek-hipster statement I've ever read. Congratulations, you've made everyone realize that you think you're better than everyone else.

      • by roman_mir (125474)

        To continue my line of thinking [slashdot.org] - I wouldn't at all be surprised if at some point it came out that Apple is actively involved in providing ability to quickly jail break the iPhones and other devices that Apple sells on their own to the community through proxy.

        Would you be surprised to find out that they did that? To me it seems that the only logical explanation as to why Apple is even locking the phones at all would be 2 fold:
        1. Some government regulation.
        2. Some private contract with a phone company, like

        • by Rennt (582550)
          If there was a secret jail break button combo or something (up, up, down, down, left, ...) that unlocked your phone, I'd say you might be on to something - but the methods used are usually security exploits that can also be used by remote attackers to compromise your phone - I really don't think Apple are doing it on purpose. Security is just hard.
        • by Wovel (964431)

          Why do people keep referring to these long distance profit paranoia when Skypemand countless other VOIP programs have been in the Appmstore for years and Apple went outofmtheir way to make them work better in iOS 4.

          Really would not kill you morons to do a 5 second google search. Of course, that would shatter your paranoid fantasy world.

        • by Sancho (17056) *

          Apple wants to control the experience of the end-user. It's that simple. They've learned that providing a great experience to most people is better than providing a good experience to everyone. There will be companies who do certain things better than you, and people who want those things to the exclusion of others. There will be people who don't want to buy your product because they don't like your style, or don't want other people to think that they've embraced your culture. Or they think that your p

    • Having two thirds of the entire mobile phone industry's profits despite selling just 2 phones would seem to suggest Apple knows what's in its best interests.

      Of course that doesnt stop the waves of people willing to offer them free advice on how they should be doing this properly.
      • by mwvdlee (775178)

        I must admit have ~67% of market profits is rather impressive considering they only have ~16% of the market (http://en.wikipedia.org/wiki/Smartphone).
        It means they make about 168x more profit per phone compared to the others.
        Wow!

        • by Wovel (964431)

          It does offer a glimpse into the reality behind Android market share. 2 of the 4 largest manufacturers, at least for US users, lost money last quarter.

    • by Wovel (964431)

      What's truly amazing is that you would make such a wild proclomatiom without any basis in reality...

      Skype? Really? This is our example? Skype and other VoIP programs have run on iOS for years. In 4.0 Apple added special hooks to the OS just for VoIP calls to run I'm the background so you can use those free calls while doing other stuff. Clearly preventing Skype is what this is all about.

      Did you even bother to try and have an informed opinion?

  • by Zapotek (1032314) <tasos.laskos@[ ]il.com ['gma' in gap]> on Monday August 08, 2011 @05:43AM (#37020182) Homepage
    ...exists in pretty much all phones (amongst other devices) although most would require some soldering on the PCBs, they are also used for forensic investigations -- or have completely separate circuits used just for forensics.
    I don't remember much to be honest (like protocols etc) but I remember it from a forensics class I took.

    The only surprising thing here is that they allow access to that circuitry via the normal device ports.
    • by Graff (532189)

      The only surprising thing here is that they allow access to that circuitry via the normal device ports.

      This is not debugging circuitry. This is a normal serial interface that has been known about for a good long time and is even talked about in Apple's documentation. You do need to have a breakout cable to access the serial lines but once you have that it works just like any other serial port does under Darwin.

      • by TeknoHog (164938)

        The only surprising thing here is that they allow access to that circuitry via the normal device ports.

        This is not debugging circuitry.

        A lot of devices have TTL level serial ports hidden somewhere, so I would presume they are there for debugging purposes. Most computers haven't had serial ports in years, but new devices keep popping up with these TTL ports, so I guess the idea is to reserve it for professional uses. One nice thing about this discrepancy is, when all of your serial ports are TTL level, you don't need level converters.

        • by drinkypoo (153816)

          Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works. A crapload of small devices have ~3.3 volt serial ports on them for debugging (e.g. Dockstar) and you need to shift the levels before even a particularly tolerant serial port will work.

          • Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works.

            IIRC most logic level serial is inverted compared to RS-232 (because most RS-232 level shifters are inverting) sometimes you can reconfigure the logic polarity but if your device doesn't allow that then you would need to add an inverter (at which point you may as well add a level shift chip and do it properly IMO).

            Also note that while TTL ran off 5V the logic levels it used were closer to 3.3V cmos than to 5V cmos. Indeed it is pretty common to use 5V cmos devices with "TTL compatible inputs" to convert a s

            • by drinkypoo (153816)

              Well, virtually anybody around here knows more about electronics than I do. I took a couple classes back in high school as a mere froshling but it didn't really stick. And I'm bad at math. I get some of the basic concepts but I can't rattle off anything but a vulgar resistor color code mnemonic. I did manage to get myself a nice little electrician's handbook at a yard sale for a quarter recently, though, so hopefully that will up my game ;)

            • by TeknoHog (164938)

              Most serial ports these days will accept a 5V signal, so if it's actually TTL then it works.

              IIRC most logic level serial is inverted compared to RS-232 (because most RS-232 level shifters are inverting) sometimes you can reconfigure the logic polarity but if your device doesn't allow that then you would need to add an inverter (at which point you may as well add a level shift chip and do it properly IMO).

              True. I've done a fair amout of hacking on these, and the original article seemed rather ignorant. Of course, the way we speak of "voltage levels" is rather misleading, as there is a lot more to it.

              To be precise, a mere logical inverter won't work, because RS232 uses both negative and positive levels. Logical high is negative, low is positive, and zero is undefined. This is for the data lines, the control lines (CTS/RTS) are the other way around.

    • by gl4ss (559668)

      not on all phones. it's common to leave easy jtag out of devices sold to consumers and even to go to extra lengths to remove such access(or to build some security controls on it). for control, trusted computing and all that shit. because, you know, what good is a carrier lock you can get removed at china town? forensics guys don't do more than they do at ct.

      leaving the connectors connected - or even just exposed - is just asking for hacking. Nintendo learned that stuff the hard way with wii..

    • by reub2000 (705806)

      My atrix allows debugging over the usb port. To enable it just check a box in the settings. Find some script written by a teenager in his mom's basement, and you have an unlocked phone.

  • by psergiu (67614) on Monday August 08, 2011 @06:47AM (#37020352)

    We want the schematics for the "hacker cable".
    The schematic from the link in the TFA, ( http://www.ionetworks.com.au/files/serial_port.pdf [ionetworks.com.au] ) using pins 12 & 13 of the dock connector is for a "accessory connection" cable and can be used from a jailbroken iPhone with /dev/tty.iap but the bootloader won't send anything on those pins at startup.

  • Perhaps I don't understand the context, but it appears to me TFA uses the word "modulo" where it means "minus".

    • by Tacvek (948259)

      To quote wikipedia:

      In the mathematical community, the word modulo is often used informally. Generally, to say "A is the same as B modulo C" means, more-or-less, "A and B are the same except for differences accounted for or explained by C".

      With that in mind, the summary is saying this article and and the previous one cover the same topic except for differences accounted for by "kernel debugging abilities".

      In this case that does mean pretty much the same thing as the word minus would have, and the word minus would probably be have a better choice.

  • Hm, what am I missing here?

    It requires an already jailbroken device. So you need to be root already. What additional functions does this allow you to access that you don't already can?

  • Back when Slashdot had "news for nerds" instead of a bunch of fanboys living in their basement, people would be excited about hacks like this. Instead, we get a back and forth by who haven't written a line of code in their life and know absolutely nothing about security. I don't know why I still read this crap.

Pause for storage relocation.

Working...