iPod Hacking via Modem

It’s the coolest hack in years – The Sound of iPod:

I got an iPod for Christmas. The ipodlinux project was one of the main reasons for my choice and so I started exploring the iPod as far as I was able to. I patched the bootloader and got some basic code to run but there was no way to access any hardware other than the two CPUs yet. To get the LCD, Clickwheel and the harddisk working we needed to reverse engineer the bootloader in the flashrom. But to do that we first had to find a way to get that code. Seems quite impossible without any knowledge about the IO-Hardware but I found a solution...

His solution? To output the BIOS using sound, old-school modem style! Vitanuova elaborates:

Thanks to Mako, I heard about a remarkable piece of reverse engineering. A reverse engineer (Nils Schneider) wanted to study the firmware of the Apple iPod in order to figure out how to write software that runs on iPods. But he experienced a chicken-and-egg problem: after learning how to write simple programs to run on an iPod, he found that he couldn’t figure out how to use the iPod’s I/O hardware (in order to extract a copy of the firmwire) without studying the firmwire first to see how Apple does I/O. At the same time, he couldn’t study the firmware without first extracting a copy of it.

His ingenious solution was to use someone else’s technique for making the iPod squawk and squeak, in order to write a program that output the firmware as a series of sounds (which could then be recorded using a microphone, and analyzed using software on a PC in order to convert them back into a digital representation of the firmware). In effect, he turned the iPod and microphone system into an acoustic modem, and wrote his own modulation scheme for representing data as sound. He wasn’t using the iPod’s headphone jack; he was making the iPod itself squeak and squawk, using a 
piezoelectric element somewhere inside the iPod. To protect against background noise, he had to put the iPod and the microphone together inside a padded box, and let them sit for eight hours.

Totally badass. The last hack this clever was the incredible trojan switcheroo the DirecTV guys pulled on the card hackers in 2001:

Last Sunday night, at 8:30 pm est, DirecTV fired their new gun. One week before the Super Bowl, DirecTV launched a series of attacks against the hackers of their product. DirecTV sent programmatic code in the stream, using their new dynamic code ally, that hunted down hacked smart cards and destroyed them. The IRC DirecTV channels overflowed with thousands of people who had lost the ability to watch their stolen TV. The hacking community by and large lost not only their ability to watch TV, but the cards themselves were likely permanently destroyed. Some estimate that in one evening, 100,000 smart cards were destroyed, removing 98% of the hacking communities’ ability to steal their signal. To add a little pizzazz to the operation, DirecTV personally “signed” the anti-hacker attack. The first 8 computer bytes of all hacked cards were rewritten to read “GAME OVER.”

Truly funny, and masterfully done. A great read.

Related posts

Complaint-Driven Development

If I haven't blogged much in the last year, it's because we've been busy building that civilized discourse construction kit thing I talked about. (Yes, that's actually the name of the company. This is what happens when you put me in charge

By Jeff Atwood ·
Comments

The Rule of Three

Every programmer ever born thinks whatever idea just popped out of their head into their editor is the most generalized, most flexible, most one-size-fits all solution that has ever been conceived. We think we've built software that is a general purpose solution to some set of problems, but

By Jeff Atwood ·
Comments

Today is Goof Off at Work Day

When you're hired at Google, you only have to do the job you were hired for 80% of the time. The other 20% of the time, you can work on whatever you like – provided it advances Google in some way. At least, that's the theory. Google&

By Jeff Atwood ·
Comments

Coding Horror: The Book

If I had to make a list of the top 10 things I've done in my life that I regret, "writing a book" would definitely be on it. I took on the book project mostly because it was an opportunity to work with a few friends

By Jeff Atwood ·
Comments

Recent Posts

Stay Gold, America

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

By Jeff Atwood ·
Comments
The Great Filter Comes For Us All

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven’t any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don’t stop there – read the Story of Your Life novella it was based on for so much

By Jeff Atwood ·
Comments
I Fight For The Users

I Fight For The Users

If you haven’t been able to keep up with my blistering pace of one blog post per year, I don’t blame you. There’s a lot going on right now. It’s a busy time. But let’s pause and take a moment to celebrate that Elon Musk

By Jeff Atwood ·
Comments
The 2030 Self-Driving Car Bet

The 2030 Self-Driving Car Bet

It’s my honor to announce that John Carmack and I have initiated a friendly bet of $10,000* to the 501(c)(3) charity of the winner’s choice: By January 1st, 2030, completely autonomous self-driving cars meeting SAE J3016 level 5 will be commercially available for passenger use

By Jeff Atwood ·
Comments