Working in a semiconductor company myself, it’s really nice to see how much effort you put in this with literally 0 official documentation available with you. Please do a follow up as well on your progress.
@@bassyey Did the same. Worked in embedded a couple years and switched to software. Didn't do it for the money, although I did immediately get a six figure salary.
@@shueibdahir I'd argue sysadmin does not pay nearly as well as software on average. I think you'd need to be a senior sysadmin to make what an entry level software engr can make.
Interesting stuff. It's always so cool to me to see folks who have specialized knowledge in the areas where hardware and software meet. Even just reading those notes from the documentation (From the Texas team, if I understood correctly?) about the 206 maybe being SWD is so cool to see: Playing around with hardware and probing it for signs of how it might work. Very cool.
its actually pretty diverse depending on what you want to hack, so its difficult to make a generalised tutorial for hardware hacking and most people just learn it themselves
Excellent work. I was curious how long it would be, since the Macbooks and iPads are M1/etc rather than A-series chips. Quite interesting all the same!
Well done! 🥳 It's so cool to see the community succeed together. Also I know that today is a holiday. I expect a breakthrough later tonight. :D Cheers ausm Pott! :)
its not uncommon ( for my line of work) to see a jtag locked physically. maybe this is the case right here. some pull up resistor to some pads might be needed.
Tim Cook is filthy rich and needs no breaks! This needs to happen for research and repair purposes! To the people! Bless you for your hard work! I thank you 🙏
I heard initial rumours (months before apple confirmed the USB C port), that they were going to REMOVE the charging port entirely. I rolled my eyes at that - am I correct in assuming some physical port is always required for JTAG or whatever diagnostics apple uses? For device security, it seems like you’d always want that to be a physical connection-right?
I think on some of the newer Apple Watches they use some very high-frequency communication instead of contacts - so potentially they can get rid of it. But it would kill low-latency audio, high-speed storage etc
On one hand you have this guy breaking things to there essence with zero to no documents to speak of and and on the other hand you got me, an aspiring programmer struggling to learn rust despite being provided with everything, docs, 2 books(official ones: "Rust book" and "Rust by examples" by brown university), rustlings and not to forget stack overflow.
This is so awesome. I would really like to be able to use hardware hacking as a business? So if you can get JTAG to iPhone 15, does that mean that the boot loader can be reverse engineered and the iPhone could essentially run non-apple or customised firmware?
@@sol_xzthis is not how it works. You need Windows drivers and a lot of patches to make everything run, even if you can load an custom EFI boot. It's insane amount of work and don't worth it, because, in the end, it's cheaper and faster to buy an Windows tablet that probably supports also Linux.
I see you've done this with the iPhone 15, but I'm curious if JTAG can be found a similar way on Samsung Galaxy devices and if one could possibly access the KNOX e-fuse data store on a galaxy device? So essentially if the Knox bit has been tripped; that section in the boot loader can be reversed? This is currently the only thing stopping me from going to GraphineOS and being able to support encryption and have as much support with the boot loader security as say a supported Pixel device?
I don't remember much about it and doubt it's relevant anymore, but I remember being able to not trip knox on my s6 edge. I'm sure whatever exploit was there has been fixed though.
@@trevorgray3681 I would like to reverse the boot loader and how it trips the Knox because it's an implementation that's still in practice today? I've built ROMs and custom firmware for Android and have bucket loads of tools for just about any kind i of hacking and reversing software known? I've also got experiencing dumping binaries by direct chip reading and FlashROM using raspberry Pi SPI interface + voltage changer and read from diagnostic ports on MacBooks etc. Then Hex hacking the dumped binary and then writing my own stuff back on it to unblock a forgotten password? I can find out the voltages etc but if I could possibly talk between his created device and using USB-C then I can certainly attempt to play around? Have a little snoop & sniff and see what's up yo? See it could mean I could possibly make any Samsung a private phone like the Google Pixel with GrapheneOS. I can already rebuild and change the GrapheneOS to work on my Samsung or any Samsung even if the firmware doesn't support it? I know what partitions to write to, I can build a custom recovery. I can impart binaries etc etc and get what ever I need working? It's the being able to support encryption from recovery that is the most important? So it's worth sniffing even if not for Knox? It's just more enticing to offer should anyone be interested in using their Samsung as a private phone without needing to purchase a Pixel to so? In Australia Pixels are for fanatics and people who purchased it outright with money and not on a plan? That's a very very tiny slice of the Australian market unfortunately? Sorry but I figured I may as well spew my thoughts all over the TH-cam comments cause I'm Autistic as fuck and have narcolepsy and you've got me on a medication is working don't know where to stop moment? So sucks to you if you've read this far 😛
I know you said it’s not a exploit but I realized once they switched to USB C I assumed it might make it easier for someone to find a exploit that way and since you can connect to more devices than with a lightning cable ( not saying I know anything or claiming to be a expert)
What do you need to study to learn all this stuff? The automotive field is heavy on this type technology and I want to get be able to heavily study these systems but there isn’t enough info online?? Some pls respond
well done, great job it is possible to write a program to test the CPU(AP) in iPhone is dead or not ?? for repair purpose for example i connect iPhone xx to laptop and get SWD response to found CPU is dead or not
Amazing work. I’d like to see if youre able to jtag the new iPad with usb c. It offers more features with the usb port than the iPhone so you just might get a different result
Good to know that you didnt finish the work , i have to know that checkm8 didnt work on the “newer“ iphones But i thought for the Usb-c “problem“ on the TamarinCable FW where only changing the cables and changing some code .. ok Its Not so easy But on iPhone 15 swd is Open i think thats a good Start ..
Please hack into iPhone 15 (non-pro) display and try overclocking it to higher refresh rate. I am curious to find out if apple have limited display refresh rates via software
I don't know what it is but everyone I phone have asked me to jailbreak their iPhone are they actually that bad O/S the only I phone I use is a 12 and it's makes a great doorstop 🤷🏻♂️
Do you have a cheap way to read and Write Bricked android, it has 11 UFS debug pins but no public layout, it is surface duo with an SDR855 and there is no public EDl loaders available
Have you ever heard of J137 / banana cable for T2 Macs / EDWIN course of T2 repair which was clearly done before T2 macbooks were even released? i have one and maybe it would be interesting information to share.
It's not possible, the firmware of the chip which manages this stuff can't be flashed in an OS update. Additionally, this is more or less intended functionality.
That's why it's called "hardware" hacking. No matter what they do with the software it gives you a means to always go around it. You've got direct access? You can write directly to the chip and potentially change any parameters from outside of the OS? That means no matter what blocks they put in place software wise, you can plug in directly and change those blocks so that aren't there anymore by writing your own data to the chip, effectively circumventing any block. That's why with a bus pirate or raspberry pi flashrom and chip reader or diagnostic port interface reader; you can dump the entire chip data to a binary and use hex editor and some skills to flip bits or remove data or checks or even insert data into the dump binary? You can flash that modified dump binary straight back to the chip (even with the device entirely powered down) and this is essentially how someone can "uncloudlock" an apple device (potentially) as an example?
@@stacksmashing No, you're doing it right. (At least, to an American who's heard a hell of a lot of accents and pronunciations.) No clue what he's on about.
Working in a semiconductor company myself, it’s really nice to see how much effort you put in this with literally 0 official documentation available with you. Please do a follow up as well on your progress.
@@shueibdahir Pay is better in software lol. I left embedded field myself.
I mean, I was about to say the same to him.
@@bassyey How about hardware? Like sysadmin or some sort of it engineer? Do they pay aswell as software?
@@bassyey Did the same. Worked in embedded a couple years and switched to software. Didn't do it for the money, although I did immediately get a six figure salary.
@@shueibdahir I'd argue sysadmin does not pay nearly as well as software on average. I think you'd need to be a senior sysadmin to make what an entry level software engr can make.
It's not even been 2 weeks, give poor Tim Cook a break lmao. Very cool work!
Ah yes, Tim Cook is poor!
Mr Tim Apple is merely an expendable pawn partaking in techno-feudalism to please his anti-capitalist shareholder lords.
@@DJProPlusMax It's a figure of speech...
*Tim Apple
@@Corei14 lol you beat me too it!
Amazing! Kudos to Asahi project as well for their dedication. Have a happy and productive hacking time!
can you speak regular people language
@@realcartoongirlThat is regular people language.
Why are you here? @@realcartoongirl
Fascinating work, well done getting this far. Can’t wait to see how far you can go. Good luck
Thank you! :)
@@stacksmashingI feel a visit to DigiKey is imminent 😂
Interesting stuff. It's always so cool to me to see folks who have specialized knowledge in the areas where hardware and software meet. Even just reading those notes from the documentation (From the Texas team, if I understood correctly?) about the 206 maybe being SWD is so cool to see: Playing around with hardware and probing it for signs of how it might work. Very cool.
There seems to be virtually zero courses on hardware hacking and reversing. I really hope your hextree project changes this :)
We hope so too! :)
its actually pretty diverse depending on what you want to hack, so its difficult to make a generalised tutorial for hardware hacking and most people just learn it themselves
Yes I agree. I think that's the highlight of this video actually, not the iPhone 15 hacking itself (which is still awesome)
yes
There are entire university degrees dedicated to embedded engineering lol
Man, you brought me back memories of JTAG on the PS2 and X360, cool video though!
Now I want a new iPhone, just to be able to use JTAG via USB-C. No clue what to do with it, though.
But maaaam!😢 It's for the homework!
It's for getting some of the Android features without having to wait for Apple to announce the same features as great improvements on iPhone 17.
idk im noob too no idea what hes talking, but "jailbreak" control hardware and overclocking chips or smth I GUESS..
@@alfaxgobased
Very well put video, straight to the point and no music. +1 sub.
u are doing amazing work with so little documentation, literally a tech detective.
Excellent work. I was curious how long it would be, since the Macbooks and iPads are M1/etc rather than A-series chips. Quite interesting all the same!
Well done! 🥳 It's so cool to see the community succeed together.
Also I know that today is a holiday. I expect a breakthrough later tonight. :D
Cheers ausm Pott! :)
so facinated by you guys. its my dream to do something like this someday. but i lack so much in everything...
Love the zappa reference👌🏼
Which Zappa reference? 😅 you are the second person mentioning it
@@stacksmashing “The Central Scrutinizer”
Ahhhhh thank you
i barely understand this stuff but im forever interested and grateful for the work you put in discovering these things.
its not uncommon ( for my line of work) to see a jtag locked physically. maybe this is the case right here. some pull up resistor to some pads might be needed.
Ah in this case it's a bit more complicated - you can read up on the demotion of the iPhone X using checkm8 :)
Tim Cook is filthy rich and needs no breaks! This needs to happen for research and repair purposes! To the people! Bless you for your hard work! I thank you 🙏
omg i never think usb c so complex like this 😮 thanks mate for the video
LOL lot of comments which seem to have the "oh iphone owned" vibe... great work as Always
When they added usb c and controller embedded into cpu i had feeling they are already worried about security.
I heard initial rumours (months before apple confirmed the USB C port), that they were going to REMOVE the charging port entirely. I rolled my eyes at that - am I correct in assuming some physical port is always required for JTAG or whatever diagnostics apple uses?
For device security, it seems like you’d always want that to be a physical connection-right?
I think on some of the newer Apple Watches they use some very high-frequency communication instead of contacts - so potentially they can get rid of it. But it would kill low-latency audio, high-speed storage etc
I think at least the pro models will have USB-C for a long time, as they can now record video to external SSDs.
It's certainly possible but it'd suck. Plus they could have contact pins on the phone I guess?
But I highly doubt it'll happen on the pro models
@@ameliabuns4058 As long as the contact pins are inside a USB-C socket, I'm happy. :)
@@stacksmashing oh
On one hand you have this guy breaking things to there essence with zero to no documents to speak of and and on the other hand you got me, an aspiring programmer struggling to learn rust despite being provided with everything, docs, 2 books(official ones: "Rust book" and "Rust by examples" by brown university), rustlings and not to forget stack overflow.
This is so awesome. I would really like to be able to use hardware hacking as a business?
So if you can get JTAG to iPhone 15, does that mean that the boot loader can be reverse engineered and the iPhone could essentially run non-apple or customised firmware?
imagine this on ipad with windows for arm
@@sol_xzthis is not how it works. You need Windows drivers and a lot of patches to make everything run, even if you can load an custom EFI boot.
It's insane amount of work and don't worth it, because, in the end, it's cheaper and faster to buy an Windows tablet that probably supports also Linux.
Awesome work you guys are doing.
I see you've done this with the iPhone 15, but I'm curious if JTAG can be found a similar way on Samsung Galaxy devices and if one could possibly access the KNOX e-fuse data store on a galaxy device? So essentially if the Knox bit has been tripped; that section in the boot loader can be reversed?
This is currently the only thing stopping me from going to GraphineOS and being able to support encryption and have as much support with the boot loader security as say a supported Pixel device?
I don't remember much about it and doubt it's relevant anymore, but I remember being able to not trip knox on my s6 edge. I'm sure whatever exploit was there has been fixed though.
@@trevorgray3681 I would like to reverse the boot loader and how it trips the Knox because it's an implementation that's still in practice today? I've built ROMs and custom firmware for Android and have bucket loads of tools for just about any kind i of hacking and reversing software known? I've also got experiencing dumping binaries by direct chip reading and FlashROM using raspberry Pi SPI interface + voltage changer and read from diagnostic ports on MacBooks etc. Then Hex hacking the dumped binary and then writing my own stuff back on it to unblock a forgotten password? I can find out the voltages etc but if I could possibly talk between his created device and using USB-C then I can certainly attempt to play around? Have a little snoop & sniff and see what's up yo? See it could mean I could possibly make any Samsung a private phone like the Google Pixel with GrapheneOS. I can already rebuild and change the GrapheneOS to work on my Samsung or any Samsung even if the firmware doesn't support it? I know what partitions to write to, I can build a custom recovery. I can impart binaries etc etc and get what ever I need working? It's the being able to support encryption from recovery that is the most important? So it's worth sniffing even if not for Knox? It's just more enticing to offer should anyone be interested in using their Samsung as a private phone without needing to purchase a Pixel to so?
In Australia Pixels are for fanatics and people who purchased it outright with money and not on a plan? That's a very very tiny slice of the Australian market unfortunately?
Sorry but I figured I may as well spew my thoughts all over the TH-cam comments cause I'm Autistic as fuck and have narcolepsy and you've got me on a medication is working don't know where to stop moment? So sucks to you if you've read this far 😛
Insane stuff man! I wonder how one can know so much!
This is brilliant work!! Bravoo
I know you said it’s not a exploit but I realized once they switched to USB C I assumed it might make it easier for someone to find a exploit that way and since you can connect to more devices than with a lightning cable ( not saying I know anything or claiming to be a expert)
What do you need to study to learn all this stuff? The automotive field is heavy on this type technology and I want to get be able to heavily study these systems but there isn’t enough info online?? Some pls respond
It's a secretive field
dude that was awesome. cant wait for another videos!
well done, great job
it is possible to write a program to test the CPU(AP) in iPhone is dead or not ?? for repair purpose
for example i connect iPhone xx to laptop and get SWD response to found CPU is dead or not
Wow you are seriously talented, very interesting man!
Hi, where can I find the target configuration file you used to run openocd? Because I can find one only for iphone until iphone 11..
Amazing work. I’d like to see if youre able to jtag the new iPad with usb c. It offers more features with the usb port than the iPhone so you just might get a different result
I have no idea what the hell you are doing but it was interesting to watch.
Just joined the channel. Can't wait to see what you have been up to!
What do you recommend for beginners to start learning electronics?
Good to know that you didnt finish the work , i have to know that checkm8 didnt work on the “newer“ iphones
But i thought for the Usb-c “problem“ on the TamarinCable FW where only changing the cables and changing some code .. ok Its Not so easy
But on iPhone 15 swd is Open i think thats a good Start ..
Good luck exploring the possibilities hidden inside the fruits of this corporation!
so how you know
I am very interested in these kinds of videos.
Is he tree available for sign up?
Hey could you please explain more about debugging and exploiting.
I jtaged my xbox off youtube tuttorials so this is extremely interesting and I hope you get the Jtag!
I understood absolutely nothing but looked interesting, cool video
Please hack into iPhone 15 (non-pro) display and try overclocking it to higher refresh rate. I am curious to find out if apple have limited display refresh rates via software
they prolly dont as it usually takes more expensive components for higher refresh screens but who knows it wouldn’t hurt to try and find out
@@LUCKIPUP exactly. Can you name any youtuber who do this type of shenanigans? I would like to mail them this idea to try.
How and where do we learn hardware hacking and all these things?? please tell me.
Yes! What a video! Thanks for this!!
I have a Short question , i Hope for an answer .
The iPhone15 has 5g Right?
Can i use this for sniffing 5g packets like osmocombb for gsm??
What does this allow you to do ? I only know the word jtag from the 360 days.
will this let me get a mod menu for Black Ops 2?
Will 0xT have a free trial?
I don't know what it is but everyone I phone have asked me to jailbreak their iPhone are they actually that bad O/S the only I phone I use is a 12 and it's makes a great doorstop 🤷🏻♂️
thats huge, the central scrutinizer. that pcbs purpose is to enforce all the laws that havent been passed yet
Is it possible to send data from an app to the JTAG with this?
I love your channel. Keep up the good work
Great video, thank you 🙏
Make videos for best sideload method
Love the Zappa reference!
Which one? 😅
fantastic work.
Ok can I host 10th prestige challenge lobbies on my iPhone now?
Already knew it! but may brick after flash Jtag
so whats possible with JTAG? is it similar to jailbreak?
Hardware hacking is so fun! I have never done things that complex but even small hacks are fun!
Nice didn't think it was possible
What logic analyzer software is on 5:45?
Saleae :)
Do you have a cheap way to read and Write Bricked android, it has 11 UFS debug pins but no public layout, it is surface duo with an SDR855 and there is no public EDl loaders available
man's voice evolved around 6:48 lmao
QQ: Is this Computer Science or Computer Engineering?
What logic analyzer are you using?
Saleae Logic 16 Pro
You have to put the lightning port back
FINALLY, a new video!!!!
Can you teach how to jailbreak iOS 17? Thank you
do you have an a11 or under ipad? if so you can. if you are not on one of those ipads then prepare to wait a few years
Good work!
is this a way to retrieve a lost password/iCloud ? asking for a friend
you stole an iphone
very in-depth video! get new subscriber 🎉
The way you say macbook is the same as the "city people" episode in south park 😂😂😂
Bahahaha 🤣
Have you ever heard of J137 / banana cable for T2 Macs / EDWIN course of T2 repair which was clearly done before T2 macbooks were even released?
i have one and maybe it would be interesting information to share.
I have not! :) To be honest I have not looked a lot at the hardware side of MacBooks before this!
Sounds interesting!
@@stacksmashing sent you an email to the addresse listed in YT
Hmmm… is there a risk that Apple removes this access with a future iOS update?
It's not possible, the firmware of the chip which manages this stuff can't be flashed in an OS update.
Additionally, this is more or less intended functionality.
That's why it's called "hardware" hacking. No matter what they do with the software it gives you a means to always go around it. You've got direct access? You can write directly to the chip and potentially change any parameters from outside of the OS? That means no matter what blocks they put in place software wise, you can plug in directly and change those blocks so that aren't there anymore by writing your own data to the chip, effectively circumventing any block.
That's why with a bus pirate or raspberry pi flashrom and chip reader or diagnostic port interface reader; you can dump the entire chip data to a binary and use hex editor and some skills to flip bits or remove data or checks or even insert data into the dump binary? You can flash that modified dump binary straight back to the chip (even with the device entirely powered down) and this is essentially how someone can "uncloudlock" an apple device (potentially) as an example?
Oh wow, that was nice!
Very exciting! I'd be interested to know what is possible with JTAG.
JTAG generally: You get direct control of the CPU, so your imagination is the limit... Specifically here: Who knows how open/crippled it is yet ;)
if/when you can achieve JTAG, what can you do with it?
Why did I watch the whole video without understanding anything?
This is really intresting to see. Do you think you can do TMSC For JTAG?
SWD doesn't need TMSC - or what do you mean?
@@stacksmashing I thought the reduced JTAG wire uses a wire for TMSC?
@@zackariaNah, just clock and IO :)
@@stacksmashing Oh alright
@@stacksmashing Dang it i just realized that too
bro where is the video about lighting part 2
Topic aside the presentation is good but I had to turn on subtitles
Thank you - was the voice not clear enough for you? Too fast? Happy to learn what I can improve!
@@stacksmashing Too fast, slow down by ~10%.
Pretty neat stuff!
Cool keep grinding lad
iPhone 15 lightning cable mod when>?
Awesome man!
Amazing work done!
Maybe a new full jailbreak after this?
no
I love how he says “Central Scrutinizer” 😅
Am I mispronouncing it? :D
@@stacksmashing No, you're doing it right. (At least, to an American who's heard a hell of a lot of accents and pronunciations.) No clue what he's on about.
Links to all sources please.
Which ones are you missing?
sehr interessantes video!
You are quick!
Great stuff
That's interesting.
But why would you need UART or JTAG on the iphone unless you're apple dev?
it could be handy if you're developing homebrew, or developing a major security exploit / jailbreak
Seen this video before it was cool. ;)
Huh... Interesting.
6min ago 242 views for me.
could this mean jailbreaking is possible?
no