Slashdot Mirror
Piezo-Acoustic iPod Hack
jugander writes "nilss over at the iPodLinux Project (previously on /.) has performed one of the coolest and most bizzare hacks I've seen in a while. He was able to extract the bootloader from the 4G iPod by sounding out ticks with the iPod's squeaky piezo. With some tweaking and a makeshift recording studio, he was able to dump the 64 kb file at 5 bytes/sec. And yes, this means that 4G iPods can now boot linux!"
I thought the sound output trick was highly clever, bravo. I'm looking forward to having Linux on my mini.
/.ed already?
i know its cool to have a penguin on bootup, and play ogg vorbis, but is it worth 400$ and the possiblity of bricking it to get a less that ipod quality mp3 player?
does the motherfucker run *bsd?
that your tongue sticks to it!
According to an article, the iPod processor is too weak to run ogg. What is the point of running Linux on the iPod (besides saying that "we did it") if you one is unable to run a Linux application on it? Would not it be better to focus resources somewhere else?
I was curious was a piezo is. I found this explanation:
Short for piezoelectricity or piezoelectric effect. Piezoelectricity is an electric charge that occurs in some substances when they are squeezed or otherwise subjected to mechanical stress. It is also possible to cause these materials to vibrate when a voltage is applied to them. Quartz is one of the better known piezoelectric materials, and is commonly fabricated into small pieces, called "crystals" that are used for frequency standards. A crystal of specific size and shape will vibrate at a predictable and very stable rate when a voltage is applied. This makes them ideal for use in things like watches or clocks for digital audio equipment. Piezoelectric elements have also been used various types of transducers such as phonograph cartridges, microphones and loudspeakers. Piezo microphones can be quite small and still have relatively high output at a low cost; however, their less than ideal frequency response prohibits use in critical applications. Piezo loudspeakers usually come in the form of tweeters, or very high frequency elements. They generally have very low distortion in the 5 kHz and above range, but haven't widely been used in sound reinforcement due in part to their relatively low output levels. It takes dozens of the average piezo tweeter to equal the output of one medium-sized compression driver
I'm still confused (and I did RTFA) how the bits of the bootloader were translated to sound. Anyone care to explain?
Google Cache
The Sound of iPod
I got an iPod for christmas. The ipodlinux project was one of the main reasons for my choice and so I started exploring the iPod as far as I was able to. I patched the bootloader and got some basic code to run but there was no way to access any hardware other than the two CPUs yet. To get the LCD, Clickwheel and the harddisk working we needed to reverse engineer the bootloader in the flashrom. But to do that we first had to find a way to get that code. Seems quite impossible without any knowlegde about the IO-Hardware but I found a solution...
The whole idea started last week when leachbj gave me a piece of code that caused the piezo in the iPod to make some *squeek*-sound. I played around with that code, changed some values and somehow was able to produce different sounds. Just for fun I came up with the idea of using this different sounds for transferring data. Some minutes later I dropped the idea because I thought that just won't work and I won't be able to write a decoder for that. Two days later I woke up and somehow just tried encoding a 32bit value into different beeps. It worked so made a loop around it to dump about 4kb of memory.
The problem with that idea was that I could only transfer 8bit/s. Anyway, I tried writing a decoder and it seemed to work. Well, it didn't really work but it decoded about the first 256 bits correctly. The decoder was some Perlscript that loaded the whole audio into RAM and used about 1GB RAM for a 20MB audio file. It worked ok with some tweaking but still the RAM usage was way to high because if I wanted to dump the whole 64kb I would have an 1200MB audio file or something.
Some ideas came to my mind after thinking about the problems I had. The first one was to use compression so the transfer won't take too long. It would have taken about 45hours with the code we had. With compression maybe only 22h. To solve the memory problem I decided to rewrite the decoder in C that only reads about 96bytes chunks of audio data and then decodes that. Davidc_ helped me with that.
This was the first time I thought I this could really work. Again I played with the piezo code and figured out, how the piezo really works. I was able to produce some more unique beeps. Later I made the beep for 0 (the last bleep you can see in the picture) much shorter so it sounded more like a click. I even managed to make the first bleep shorter so I got about 5byte/s.
When we thought we got the encoder in the iPod with zlib and the decoder working, I decided to try recording the whole dump at night. So I put the iPod in the "iPod Recording Studio" and went to sleep. The iPod is just a cardboard box in which Samsung send me my laptop back. It has foam in it so I thought it would be ideal for recording the bleeping of the iPod. (Move your mouse over the picture.)
The next day I woke up quite early. The first thing I did was looking at the recording. I heard the iPod stopped bleeping so I thought everything went fine. In fact nothing worked at all. I recorded 8 hours full of zeros. Furthermore, the iPod's battery became empty though it was plugged into the USB port of my laptop the firmware wasn't loaded so it didn't request power over USB. So what you can see in the picture is the harddrive spinning down, then the iPod goes off for some minutes and then reboots. The harddriver was spinning during the whole recording session because there was no way to turn it off.
After this I was really disappointed and I dropped the project for the rest of the day but in the evening I tried again with a better decoder. It worked quite well but we weren't able to decompress the file. I concluded that was caused by the malloc() hack and zlib would allocate the same memory twice or something like that. Anyway, I haven't had much sleep that weekend so I was tired and just went to bed and thought about dropping the whole
UID 1000000 is just around the corner.
This is a truely clever hack, I'm glad I donated money to these guys for a new 4G ipod.. now my ipod can run linux !
Sweetness !
Does this mean the ipod will support ogg-vorbis now? And they said it would never happen.
Dude, he extracted the bootloader using the piezo! It's bloody brilliant.
I'm even looking forward to the dupes of this article which will probably be posted as soon as his server recovers!
When things get complex, multiply by the complex conjugate.
Could you please stop being silly and instead try and do something worth while.
/. submission on charity.
O, bollocks - we could all do 'better' things with our time. Including stopping posting on this infernal website. You could have donated the time you spent reading this
Some people have fun doing things like this. Sounds useless to me as well, I'll grant, but I'm sure a lot of stuff that we all do seems useless/stupid to others. Like watching Star Trek re-runs.
"There's no success like failure, and failure's no success at all."
- Bob Dylan
The sheer creativity and resourcefulness of some Hackers is just mind-boggling.
If Apple / NASA / (et all) had any sense at all, they'd be beating down this guy's door to hire him into a think-tank.
...Also, I didn't know Buggalo could fly.
THIS is why I read slashdot. News for Nerds Stuff that matters.
All in favor?
Mod me down.
.sig
The irony of insulting the ipod with a free ipod link as the sig...
oh.. wait a sec.. isnt my... crap.
P.S. The ipods, at least the 4G's have TWO cpus.
I don't know about you, but I'm gonna run the Apollo emulator on it and have it land on the Moon. I'm already there.
Could you please stop being silly and instead try and do something worth while. We're still looking for a cancer cure, aids cure and countless other things we need today.
Fuck You.
He doesn't work for you.
If you care about those things, get off your lazy ass and do something about it yourself, or pay someone else to do it for you. Don't expect any of us to give a rat's ass about your agenda when we're working for free, on our own time.
But of course, I doubt you're one tenth as capable, or creative, as this guy is.
The Future of Human Evolution: Autonomy
Only if you've been reduced to making nothing but clicking noises.
http://www.rootstrikers.org/
We're still looking for a cancer cure...
Then what the fuck are you doing here wasting time on slashdot? Get out there and cure cancer already.
but I remember seeing a Google application form somewhere with "What's the coolest hack you've ever done?" on it. Can you imagine putting "Dumping an 64k firmware chip through a piezo sounder" on that?
Who cares if it's not that useful, it's lateral thinking for you...
This is slick, everything old is new again ? Reminds me of loading Adventure on my Apple II
Data transmission via acoustics is certainly nothing new, but getting something OUT thats not meant to be exposed on a MODERN device this way is just too cool.
Right now there are MANY P'o'd execs at Apple, and a bunch of engineers going crap (but quietly thinking man is this cool)
I wonder how many other things this can be applied to , for reverse engineering of bootloaders, roms, etc.
I would have fried a dozen gamecubes 2 years ago trying this method had I been given the idea then, (Yeah I know all the goofy bootloader stuff NOW in the last 6 months ) for GC is out,
KUDOS, now I might actually buy one.
I have fiddled a little bit with similar stuff.. Transmitting data via sound.
Basically I made a program that analyzes(FFT-ish) whatever comes in through the mic.
The sent data was beeps at 375Hz(zero) and 1500Hz(one). I was able to recieve data from a range of ~5m at around 50bps. In real-time no less.
As an added bonus it annoyed the hell out of my roommates(beepbeepboopboopbeep..)
Couple of the coolest things so far:
Tetris
viP (text editing)
In the pipeline:
Doom
GameBoy Emulator
If you have any problems with the apple firmware, linux-on-ipod is the place for fixing that.
Also, another aim is to encourage people to look into their 'closed platforms'.
isn't this what we usually call a modem ?
http://ipodlinux.org.nyud.net:8090/stories/piezo/
Honestly, I can think of a hundred valid reasons to run Linux on an iPod. I plan on doing it soon, now that this very creative hack has been accomplished.
We know the ipod CPU power and abilities (in the 4G ones and up) is might higher then what apple is using it for. I would love to see an alternative music/playlist browser, as the one they have sucks when you have thousands of songs that all have different artists, albums, etc. All my songs are in mp3 (sorry ogg) so I'm not really concerned about playback of other formats. I know the ipod linux team has a long way to go, but you think with so many hundreds of thousands (millions?) of ipods, at least a few people would be interested in hacking it to do more then what apple wants.
Look at the TI calculators. They might be intended for mathematics functions but people have written thouands of programs that do a ton of different things. Some are pretty stupid, true, but some do some helpfully tasks. And if you bought the hardware, why should you not use it to its fullest extent?
I read the Googlecached story, karmawhored into this thread. It seems he kept the Apple bootloader, but rewrote the iPod "OS" with Linux. Then wrote a program to cat the stored bootloader to the piezo speaker, recorded that, then decoded the audio back to its bits - revealing the bootloader bit image.
Clever, but necessary? Does iPod Linux not give HW access for sending data over the iPod Firewire? If he can strobe the speaker, can't he strobe the headphone jack, for better fidelity and bandwidth? I understand the esthetics of this goofy, clever hack - worth doing even if just for the sake of weirdness. But was it necessary?
--
make install -not war
Sure but can it run linux?
Wait, umm....
Oh!
Imagine a Beowulf Cluster of these things!
The preceding message was based on actual events. Only the names, locations and events have been changed.
An emulator would probably only be useful for iPod developers. I think right now, the iPodlinux guys are the only non-Apple iPod developers, since there's no published way to run extra code on the Retail OS (native iPod OS.)
Unlike a GBA emulator, for example, there's no content for an iPod emulator to play that you can't already just play in your native desktop OS.
Yes, my colon is legal.
But I bought my kidney very hush-hush from the back of a gray van.
Combining this story with the previous one:2 9/1815242&tid=217&tid=14
http://science.slashdot.org/article.pl?sid=05/01/
and I for one welcome our new iPod overlords.
All your Sybase are belong to us.
I read the Google cache, and Google should hire him. If he doesn't already work there. This type of thinking is what Google is all about. I think. I'm not smart enough to be sure.
There are 01 types of people in this world. Those that understand binary, and me.
Then you could play music from you desktop instead of you iPod, and play the iPod version of solitaire.
It's not about Linux, music, or the iPod.
It's about hacking.
It's like when an artist draws something on a napkin. Creative energy expands in every direction.
Tetris - I have a tiny dedicated Tetris keychain that cost me $15 eight years ago.
Text Editor - WORSE than cellphone keypad text entry.
DOOM - Ya, like that's gonna go. The iPod occasionally gets choppy sliding levels of the menu.
Gameboy Emulator - One button + scrollwheel does not a GB emu make. Also, go scrounge up an original Gameboy for $10 at a flea market or something.
Does it make you happy you're so strange?
I'm sure plenty of users here have used WinAmp over the years. You've probably also used any number of different "plugins" for it. Some of my favorites are the ones that do "AGC" (Automatic Gain Control) on the playback audio. The better ones have settings for attack/release, min/max gain, etc. This process works to keep the playback volume relatively constant: Quiet passages are brought up, loud ones reduced.
It would be cool if the iPod/Linux software could incorporate such functionality, along with some of the other features of WinAmp, like the M3U playlists, etc. Imagine dumping your entire MP3 library AND WinAmp playlist(s) into the thing, then calling up the WinAmp emulator in Linux, and enjoying the crossfaded,random,volume-equalized music until the batteries croak.
Willie...
is it worth 400$ and the possiblity of bricking it to get a less that ipod quality mp3 player?
You can't see it now, but the iPod linunx site states clearly that, to their knowledge, no one has bricked an iPod due to installing iPodLinux on it -- even since the long-ago development days.
In fact, iPodLinux's installer sets it up so you can dual boot into Linux and the Apple firmware, and you can make one the default. I installed this on my 1G and the other day, and it indeed works very, very easily. It is one of the more underrated hacks going on today, IMO.
Its sweet but does it ahve a point?
To satisfy your slashdotty interests: imagine you and a friend have iPods, and imagine you connect them with a firewire cable. You both boot into linux, transfer files, and reboot (back in to the Apple firmware). The use is left as an exercise to the hacker.
Meh, not really because he isn't doing any modulation or demodulation. He is simply playing one sound if the bit is on, and another sound if the bit is off. This is very slow, but in this case it was the "The right tool for the job".
A true modem encodes data somewhat differently.
http://www.wikipedia.org/wiki/Modem
— darco
That free iPod in your sig, is it free as in beer or free as in running Linux?
There's no 'on' position on the Slacker switch!
Get your iPOd Boot Loader here!
This is reminiscent of certain payphones and CC Whistles.... Kudos for thinking outside the box - I am honestly more impressed with this than just about any hack I'v seen in recent months. And as for functionality - Who cares? Doing it for the sake of doing it - thats where things like Linux and the whole open source movement are founded.
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
I'll have that young whippersnapper know that those of us who loaded up our home computers from cassette tape recorders could tell by the volume whether we would get a good load and even learn to tell when the load was about done for specific programs.
The hardware should always do exactly what the Hacker wants it to do, so long as it's physically possible.
Are you new here??
"What's the frequency Kenneth?"
The head of a pin is not pointless...
Yes it is, Bunky. It's the other end that is not pointless.
Infuriate left and right
how can you blast someone that's obviously creative and doing some tinkering in their spare time. why not go after 99% of the globe that sits on their ass drinking beer watching sports on TV. maybe if some of them had some motivation the world would be a better place.
don't pick on someone that has a hobby that exercises their mind. go after all the people wasting their brains.... or the ones that take financial aid to go to college just to drink and fuck off for 4 years and end up doing some worthless job shuffling papers.
Well, you can already do that...
Maybe you should spend your next hour on the train to read the manual ?
On an old computer 15 years ago (it was not really a PC yet), I had no sound output and wanted to experiment with sound processing. so I used the 5" floppy drive's LED which I could blink up to about 100 kHz, in front of which I put a photodiode connected to my amplifier's input. I had to turn of the lights to remove the 50 Hz background noise, but then I could hear the sounds really well. I even played using a PWM code to be able to output analogue levels.
It was funny to do all this when computers were not as equipped as they are today. Now we're just users and nothing more.
I assume someone's going to try this with the iPod shuffles.
I guess they'll have to use the LED lights to blink the signal out. Hell, they'll probably have to use the LEDs to blink the interface out too.
I rarely criticize things I don't care about.
That's amazing! Does that mean that any ROM on any device can be read this way?
This was not a hack for reading data from the ROM. Apparently, he already had the code for that, so this was not a problem.
What he was missing was a way of transmitting the data to another device. The piezo hack solved this problem.
This hack will consequently only be useful for other devices if you:
- have already found a way of reading the data from the ROM.
- have not found an easier way of transmitting these data to another device.
- have an option of creating a sound output from the device through software.
I don't know how frequently this scenario will occur. My guess is "very rarely".