Apple HomeKit Accessory Development Kit Gets More Accessible

Every tech monopoly has their own proprietary smart home standard; how better to lock in your customers than to literally build a particular solution into their homes? Among the these players Apple is traditionally regarded as the most secretive, a title it has earned with decades of closed standards and proprietary solutions. This reputation is becoming progressively less deserved when it comes to HomeKit, their smart home gadget connectivity solution. In 2017 they took a big step forward and removed the need for a separate authentication chip in order to interact with HomeKit. Last week they took another and released a big chunk of their HomeKit Accessory Development Kit (ADK) as well. If you’re surprised not to have heard sooner, that might be because it was combined the the even bigger news about Apple, Amazon, the Zigbee Alliance, and more working together on more open, interoperable home IoT standards. Check back in 2030 to see how that is shaping up.

“The HomeKit ADK implements key components of the HomeKit Accessory Protocol (HAP), which embodies the core principles Apple brings to smart home technology: security, privacy, and reliability.”
– A descriptive gem from the README

Apple’s previous loosening-of-restrictions allowed people to begin building devices which could interact natively with their iOS devices without requiring a specific Apple-sold “auth chip” to authenticate them. This meant existing commercial devices could become HomeKit enabled with an OTA, and hobbyists could interact in sanctioned, non-hacky ways. Part of this was a release of the (non-commercial) HomeKit specification itself, which is available here (with Apple developer sign in, and license agreement).

Despite many breathless mentions in the press release it’s hard to tell what the ADK actually is. The README and documentation directory are devoid of answers, but spelunking through the rest of the GitHub repo gives us an idea. It consists of two primary parts, the HomeKit Accessory Protocol itself and the Platform Abstraction Layer. Together the HAP implements HomeKit itself, and the PAL is the wrapper that lets you plug it into a new system. It’s quite a meaty piece of software; the HAP’s main header is a grueling 4500 lines long, and it doesn’t take much searching to find some fear-inspiring 50 line preprocessor macros. This is a great start, but frankly we think it will take significantly more documentation to make the ADK accessible to all.

If it wasn’t obvious, most of the tools above are carefully licensed by Apple and intended for non-commercial use. While we absolutely appreciate the chance to get our hands on interfaces like this, we’re sure many will quibble over if this really counts as “open source” or not (it’s licensed as Apache 2.0). We’ll leave that for you in the comments.

from iphone hacks – Hackaday

Google Creates Debuggable iPhone

Apple is known for a lot of things, but opening up their platforms to the world isn’t one of those things. According to a recent Google post by [Brandon Azad], there do exist special iPhones that are made for development with JTAG ports and other magic capabilities. The port is in all iPhones (though unpopulated), but is locked down by default. We don’t know what it takes to get a magic iPhone, but we are guessing Google can’t send in the box tops to three Macbook Pros to get on the waiting list. But what is locked can be unlocked, and [Brandon] set out to build a debuggable iPhone.

Exploiting some debug registers, it is possible to debug the A11 CPU at any point in its execution. [Brandon’s] tool single steps the system reset and makes some modifications to the CPU after key instructions to prevent the lockdown of kernel memory. After that, the world’s your oyster. KTRW is a tool built using this technique that can debug an iPhone with a standard cable.

The name is a play on KTRR which is the Kernel Text Readonly Region. The work follows the example of some earlier exploits that did similar things. Those methods, though, didn’t have the flexibility that KTRW offers.

Honestly, we don’t really care about debugging the iPhone but the cat and mouse story of how to work around all the Apple protection is a pretty good read. Of course, it really is cat and mouse. KTRW doesn’t work on A12 devices. Curiously, [Brandon] thinks other people already knew this or similar methods to compromise the phone, but didn’t publish it to discourage Apple closing the door that lets them in.

Apple phones have a reputation as being safe, but they do get hacked. And if you want to just disable some of them, you only need a kid’s balloon.

from iphone hacks – Hackaday

Apple Lightning Video Adaptors Run iOS, Dynamically Loaded

Apple has for a very long time been a company that ploughs its own furrow when it comes to peripherals, with expensive proprietary hardware being the order of the day over successive generations of its products. One of its current line of proprietary interfaces is the Lightning connector, best thought of as an Apple-only take on the same ideas that the rest of the world knows as USB-C. There are a whole host of white dangly peripherals that can be hung from your iDevice’s Lightning port, including a pair of display adaptors that allow them to drive an HDMI or VGA monitor.  [Lisa Braun] has subjected one that had failed to a teardown, and her analysis gives some insight into the way Apple creates its peripherals.

Where you might expect these to contain mostly the equivalent of a graphics card, in fact they have a fully-fledged SoC of their own that runs its own OS with the same Darwin kernel as its host. Unexpectedly this is not held upon the adapter itself, instead it is shipped with iOS and loaded dynamically. Thus the file containing it can be retrieved from iOS and unpacked, leading to some interesting analysis. In a fascinating twist for those of us unused to Lightning’s internals, it’s revealed that the device can be driven from a USB port with the appropriate cobbled-together adapter, allowing a full-size MacOS device to interrogate it. This many not be news to readers with a long memory though, we’ve told you in the past about reverse engineering the Lightning connector.

from iphone hacks – Hackaday

Open Source Computer Controlled Loom Knits Pikachu for You

The origin story of software takes us back past punch card computers and Babbage’s Difference Engine to a French weaver called Joseph Marie Jacquard. Jacquard created a way to automate mechanical looms, giving weavers the ability to change a loom’s pattern by simply switching punch cards. This invention not only made it possible to produce detailed fabrics in a vastly simplified way, it was an extremely important conceptual step in the development of computer programming, influencing Babbage’s development of the Analytical Engine amongst many other things.

So, when [Kurt] saw his son’s enthusiasm for weaving on a simple loom, he started thinking about how he could pay homage to the roots of software by designing and building an open source computer controlled loom. He knew this was going to be difficult: looms are complex machines with hundreds of small parts. [Kurt] wrestled with wonky carriage movements, cam jams, hook size disasters and plenty of magic smoke from motor control boards. After a year and a half of loom hacking he succeeded in making a 60 thread computer controlled loom, driven by an iPhone app using Bluetooth.

As well as writing up the story of this build on his blog, linked above, [Kurt] has also has made all of his design files, PCB layouts, firmware and code available on GitLab.

We’ve featured a few weaving hacks over the years, including this cheap, simple 3D printable loom and a Jacquard inspired bitmap display.

Fun, informative build video after the cut.

Thanks to [watsaig] for the tip.

from iphone hacks – Hackaday