This sounds like a ton of persistence.

Stacksmashing is so skilled holy

hey stacksmashing

So multidisciplinary, super thorough 😍😍😍🤤🤤🤤 this was super entertaining to be taken through

i think i saw something about this controller already somewhere

So i wonder does this ACE3 ship now have all the fun stuff like UART etc? Or what dods he hope to unlock when he fully understands the firmware?

No, they aren't "good at engineering", but they are competent at reacting. (read: every mistake one finds and _publishes_ will get fixed.) Apple is very good at hiding shit, but "security through obscurity" will always fail. And no, it's "not just a USB controller", which is the very reason it's a hacking target.

this guy has focus )

this is so badass

*Ace Up the Sleeve: Hacking into Apple's New USBC Controller* * *0:00:38** Introduction:* Thomas Roth, a security researcher, details his journey into reverse-engineering Apple's new USBC controller, the Ace 3, found in the iPhone 15 and M3 MacBook Pro. * *0:02:07** Background:* Previous work on accessing debug interfaces (JTAG, UART, SDQ) on older iPhones via the Lightning connector was rendered obsolete with the introduction of USB-C on the iPhone 15. * *0:03:27** Tamarind C:* Roth's team developed Tamarind C, a PCB to access the USB-C bus on the iPhone 15 and reconfigure pins for debugging and other internal buses. * *0:04:39** The Ace 3:* The Ace 3 chip, larger and more complex than its predecessor (Ace 2), handles power delivery, vendor-defined messages (VDM), and potentially more secret functions. * *0:07:16** Port DFUI:* The Ace 3 has a "port dfu" mode, a full USB stack running on the charging controller, which could be exploited for persistence. * *0:08:12** Ace 2 Analysis:* Due to the lack of information on the Ace 3, Roth analyzed the Ace 2, found in older MacBooks, which has a publicly available datasheet and documented debug ports. * *0:10:02** Ace Tool:* A tool developed to communicate with Ace chips via the Apple HPM bus, allowing researchers to send commands and read status registers. * *0:12:04** External Flash:* The Ace 2's external flash contains patches for the read-only memory, making reversing difficult due to complex function call mapping. * *0:13:24** Firmware Updates:* Ace 2 firmware updates are protected by RSA-3072, but signatures are only checked during updates, not during runtime. * *0:14:32** Software Debug Access:* Roth developed a method to bitbang SWD through the kernel using GPIOs, enabling software-based debugging of the Ace 2. * *0:16:24** Taming Kernel:* An open-source OpenOCD driver to bitbang SWD on Apple SoCs to all GPIOs. * *0:17:18** Persistent Backdoor:* Patching a specific function in the external flash allows for persistent backdooring of the Ace 2. * *0:17:36** Ace 3 Challenges:* The Ace 3 is a complete black box with no public information, different firmware for each port, and per-chip personalization. * *0:19:28** Brute-Force GPIO:* Attempting to identify GPIOs connected to the Ace 3's debug port by toggling them randomly (unsuccessful). * *0:20:39** Physical Debug Port:* Debug ports were found on the MacBook Pro's logic board, but the debug port on the Ace 3 was disabled. * *0:21:10** Flash Dump:* Successfully dumping the Ace 3's flash contents revealed patches and high-entropy regions, suggesting encryption or other protections. * *0:24:15** Fault Injection:* Using electromagnetic fault injection (EMFI) to potentially skip instructions and modify the chip's behavior. * *0:26:09** Side-Channel Analysis:* Using an SDR and EMFI coil to measure the electromagnetic radiation of the chip during boot to determine glitch timing. * *0:27:49** Triggering:* Using the flash chip select signal as a trigger for the SDR to align recordings. * *0:29:15** Firmware Comparison:* Comparing SDR recordings of the original and modified firmware to identify differences and determine optimal glitch timing. * *0:30:28** Chip Whisperer:* Using the Chip Whisperer for triggering and EMFI, along with a large coil to inject glitches. * *0:31:50** Glitching Success:* Successfully changing the version number on the Ace 3 by glitching it. * *0:33:44** Payload Development:* Using a known function from the Ace 2 (memory read) as a payload for the Ace 3 exploit. * *0:35:49** Successful Exploit:* Successfully reading memory from the Ace 3 by patching the USB W command handler. * *0:36:56** Dumping RAM and ROM:* Dumping the Ace 3's RAM and ROM, revealing the chip's inner workings. * *0:37:36** Chip Shouter PicoEMP:* Porting the exploit to the cheaper Chip Shouter PicoEMP for accessibility. * *0:38:03** Conclusion:* Successfully dumping and gaining code execution on unknown silicon, opening the door for further research on the Ace 3. I used gemini-1.5-pro-exp-0827 on rocketrecap dot com to summarize the transcript. Cost (if I didn't use the free tier): $0.07 Input tokens: 49152 Output tokens: 1086

Jetzt mal eine fast ernsthafte Frage, bei den meistens Vortragenden sieht man Mac Books, aber OSX und Windows ist doch so verpönt bei den Hackern, haben die alle Linux auf das Apfelding geladen, oder warum dann kein "normalen" Lappi.

Almost thought it was defcon for a second

yayyy stacksmashingg :3

I feel stupid

👍🏻👍🏾👍🏽

n'abend

Holy shit

hilarious