DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking – YouTube (using Raspberry Pi Zero and hand modified lightning extension cable)
Posted by jpluimers on 2025/04/16
From a few years back when Lightning debugging cables were either expensive, hard or not to get at all: [Wayback/Archive] DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking – YouTube.
Basically it is a Raspberry Pi Zero with adapted firmware connected to half a lightning extension cable.
A textual description (I wish it was linked from the above video) is at [Wayback/Archive] stacksmashing – The hitchhacker’s guide to iPhone Lightning & JTAG hacking – DEF CON Forums, which in turn refers to:
- [Wayback/Archive] Apple Lightning has a deceptively short title, but is a brain dump by [Wayback/Archive] john (@nyan_satan) about all their knowledge on this versatile cable: very much essential reading.
my little article about (almost) everything I know about Apple Lightning and related technologies: Tristar, Hydra, HiFive, SDQ, IDBUS and etc.
- [Wayback/Archive] Debugging an iPhone using our Bonobo cable with OpenOCD | LambdaConcept Blog (which still is out of stock)
- [Wayback/Archive] axi0mX/ipwndfu: open-source jailbreaking tool for many iOS devices
- [Wayback/Archive] Giulio Zompetti on Twitter: “@axi0mX’s #checkm8 is out and let’s you debug your device (up to A11). But how is this done? Here is a little thread on dumping the bootrom (SecureROM) on demoted devices with Apple’s official tools. 1/ connect the cable using the correct lighting orientation and launch astris ….” is the start of a long (10 message) thread threaded at [Wayback/Archive] Thread by @1nsane_dev: “@axi0mX’s is out and let’s you debug your device (up to A11). But how is this done? Here is a little thread on dumping the bootrom […]” #checkm8
- [Wayback/Archive] nezza/SDQAnalyzer: A Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.
- It is part of many other interesting repositories at [Wayback/Archive] github: nezza (Thomas Roth)
Similarly, there is [Wayback/Archive] stacksmashing (@ghidraninja), the blog [Wayback/Archive] stacksmashing and [Wayback/Archive] github: stacksmashing having interesting repositories like for instance:
- [Wayback/Archive] stacksmashing/tamarin-firmware.
- [Wayback/Archive] stacksmashing/pico-serprog: Flashrom/serprog compatible firmware for the Raspberry Pi Pico
- [Wayback/Archive] stacksmashing/openocd
OpenOCD provides on-chip programming and debugging support with alayered architecture of JTAG interface and TAP support
- [Wayback/Archive] stacksmashing/swd-analyzer: Saleae ARM Serial Wire Debug (SWD) Analyzer
- [Wayback/Archive] stacksmashing/pdnd-serprog: flashrom compatible serprog firmware for the Pico Debug’n’Dump
Via [Wayback/Archive] Jilles.com on Twitter: “Love how @ghidraninja did it again. Listen to this awesome @defcon talk about how Apple cables are true chameleon and can turn into anything: … Another shiny @ghidraninja gadget appears.”
--jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment