The iPhone Serial Port Hack

An anonymous reader writes "The iPhone's little known secret, a hidden serial port, is revealed. 'The real benefit in all of this is that there are so many console packages for iPhone in Cydia now that you can have a fully functional computer, as useful as a Linux box, but without carrying around a laptop.'"

Most embedded devices have a serial port

[FranTaylor]

I'm reminded of Linksys WRT-54G routers and such.

You might need to do some surface mount soldering to get to the required connections.

Very handy for booting up a Sun server.

Re:Most embedded devices have a serial port

[Miamicanes]

The Samsung Galaxy S family appears to have (among other things) a UART hidden on its USB port via the Fairchild FSA9480 chip.

This thread at xda-developers ( http://forum.xda-developers.com/showthread.php?p=8834946 ) suggests that if you put a 150k resistor (1% tolerance) between pins 4 and 5 and power up the phone, the two pins normally used for USB data will be repurposed as a serial console for the bootloader.

You can also explicitly toggle the FSA9480's mode via software (though not necessarily without root and your own kernel extensions).

Note that it's not using USB as serial... it's acting as an electronic crossbar, disconnecting the D+ and D- pins from the USB circuit, and connecting them to pins elsewhere that are a real UART. Think: old-fashioned telephone switchboard with patch cables and jacks that dynamically establish and tear down circuits as needed so a few physical pins can be put to occasional niche uses that wouldn't merit full-time pins of their own.

Personally, I suspect two pins on the headphone jack can be nudged into acting as a UART as well. Sigh. What the mod community really needs is for someone to raise the cash to pay a company that does intelligence reports for consumer electronic devices to tear down the Epic4G (or some other variant) and draw up a schematic showing which externally-accessible pins are connected to what (and how) inside the phone. There's a lot of good stuff inside of these phones that's undocumented publicly or via the official kernel source. Lots 'o happy bitbanging ahead! :-)

Not a secret

[m2pc]

This isn't a "secret"... it's been in the iPhone (and iPod for that matter) for quite a long time. This same serial port is how 3rd party docks and cables control the device from the outside: http://www.adriangame.co.uk/ipod-acc-pro.html

Re:Not a secret

[unts]

THANK YOU!

This is so far from a secret it's not even funny. Imagine if we'd only just discovered what those two pins on the connector did?

Hell, even the breakout board the guy (who's original, non full page ad-encumbered article can be found here) bought has the bloody serial pins labelled.

It's not remotely surprising that an embedded device has a UART on it. It's even less surprising that a device designed to interface with very simple dock devices has a UART exposed via its peripheral connector.

What is surprising is that the combination of breakout board and RS232 line driver somehow managed to be bigger than the phone.

If You'd Rather Read the Article

[kat_skan]

If you'd like to read the article instead of Computer World's stupid-ass slide show, it's at http://resolvehax.blogspot.com/2010/10/iphone-serial-port.html

Re:If You'd Rather Read the Article

[kat_skan]

Looking at it a little closer, CW just plagiarized the entire thing photos and all, and added a paragraph here and there to make it look like the article was about how they built one using his design. Classy.

Re:If You'd Rather Read the Article

[mask.of.sanity]

OR http://www.zdnet.com.au/aussie-makes-apple-imod-for-datacentres-339306909.htm

Cease and Desist

[BabyDuckHat]

Please don't use the hardware you purchased and is now yours for non-Apple authorized activities. Apple reserves the right to REMOVE and/or RESTRICT functionality in order to support our business model as we see fit.

Apple

Re:Or

[Pojut]

And yes, I'm aware you have to root the phone to install a custom ROM...but you can still install apps from anywhere without having to void your warranty or hacking the phone.

Re:obviously meant for low-level debugging

[idontgno]

Alas, this hack won't do it:

To operate the serial port, we need to run an RS232 to TTL converter. Fortunately, there's a 3.3v output on the bottom of the phone that'll power our unit. Not useful if you want to get into the phone's serial console, since it only provides power once booted.

In other words, this design is powered with a power source that isn't even available until the iPhone/iPod is booted up.

I guess you could fix that with an appropriate external power supply; a little wall-wart and some appropriate voltage regulation.

Re:ipad

[AndrewNeo]

That's because it's exposed as a PTP (Picture Transfer Protocol) device over USB. All iPhone/iPod Touch/iPads do this.

I may be missing something, but...

[quarkoid]

...given that you can buy ipod breakout boards on ebay with the serial connectors clearly marked, it doesn't seem to be a particularly well kept secret.

See http://cgi.ebay.co.uk/Enhanced-Breakout-Board-Ipod-Iphone-Ipad-/370447835814?pt=UK_CE_MP3Access_RL&hash=item56406962a6 for an example.

Re:I may be missing something, but...

[BitZtream]

Yea, its rather well documented on Apple's website actually. Its how third party vendors can control the iPod/iPhone.

When you plug you iPod/iPhone into a car and start using your radio or steering wheel controls to change songs or whatever ... thats done through the serial port.

Its all documented on Apples website for registered developers, including the control protocol. You can also find the information elsewhere on the web by those people who reverse engineered it to avoid being bound to Apples rules.

Old News

[stokessd]

This serial port has been around forever. All those cars with iPod integration use it for control and data. I've controlled the iPod functionality on every iPod I've had (since 3rd gen) as well as three iPhones using an Atmega controller. I year or so I shared some controller code for Arduino based atmega microconrollers.

Here's how you control your iPhone or iPod music with an Arduino, easy peasy:

Sheldon

* /* Control iPod/iPhones from Arduino
Sheldon Stokes
Jan 3, 2009

Standing on the shoulders of ipodLinux.org
http://ipodlinux.org/wiki/Apple_Accessory_Protocol

This send comands to the iPod as though it were a remote.
These are the simple 2 byte commands that should work on all
Apple iPods and iPhones starting with the 3rd Generation iPod

*********** Commands (array index, command value, command description) **************
0 0x00 Button Release
1 0x01 Play/Pause
2 0x02 Vol+
3 0x04 Vol-
4 0x08 Skip >
5 0x10 Skip
6 0x20 Next Album
7 0x40 Prev Album
8 0x80 Stop
*/

int commandBytes[]={0x00,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80};
int checkSum;

int playPin = 2;
int stopPin = 3;
int fwdPin = 4;
int backPin = 5;

int playVal, stopVal, fwdVal, backVal;

void setup()
{
Serial.begin(19200);

pinMode(playPin, INPUT);
pinMode(stopPin, INPUT);
pinMode(fwdPin, INPUT);
pinMode(backPin, INPUT);

}

void loop()
{

playVal = digitalRead(playPin); // read play button
stopVal = digitalRead(stopPin); // read stop button
fwdVal = digitalRead(fwdPin); // read fwd button
backVal = digitalRead(backPin); // read back button

if (playVal == LOW)
{
sendRequest(commandBytes[1]); // send play command
sendRequest(commandBytes[0]); // send button release
}
else if (stopVal == LOW)
{
sendRequest(commandBytes[8]); // send stop command
sendRequest(commandBytes[0]); // send button release
}
else if (fwdVal == LOW)
{
sendRequest(commandBytes[4]); // send stop command
sendRequest(commandBytes[0]); // send button release
}
else if (backVal == LOW)
{
sendRequest(commandBytes[5]); // send stop command
sendRequest(commandBytes[0]); // send button release
}

delay(100);
}

void sendRequest(int val) {
checkSum = 0x100 - ((0x03 + 0x02 + val + 0) & 0xFF);
int request[] = {0xFF, 0x55, 0x03, 0x02, 0x00, val, checkSum};

Next they'll discover the JTAG port

[Animats]

Yeah, it's got a serial port, with TTL levels, at its external connector. Big deal.

It's also possible to attach USB devices, which is somewhat more useful today. For example, you can plug a real keyboard into an iPad.

Re:Next they'll discover the JTAG port

[Animats]

Seriously, a whole lot of embedded devices - sensors, microcontrollers, machinery, vehicles, booths - use RS232 (as simple, universal and VASTLY easier to program than USB)

Yes, when you do embedded work, you often find yourself going back 20 years in technology. There's progress, though. The trend in the embedded world is to put sensors and controllers on 10baseT. The traditional alternatives were either huge numbers of serial ports, or nonstandard proprietary networks. Both suck. 10baseT is quite robust electrically; it's noise-immune, balanced, and AC-coupled. This matters when you have heavy machinery around.

USB is making some headway in the embedded world, but there's a problem - the standard USB connector has no retention mechanism. Ethernet cables latch in place, but USB connectors do not. There are now "high retention" USB connectors (they're orange) for industrial use, and at least three incompatible latching mechanisms. This is not happy-making for embedded system designers, who would like to use USB more, but can't tolerate plugs falling out.

That's Apple's fault!

That's because APPLE had AT&T disable it, so that Droid wouldn't compete against iPhone.
Anticompetitive bullshit, they should be hearing from the DOJ.

Be careful which Android phone you get

[rsborg]

More recent ones have anti-tamper (Droid X) or auto-reflash (G2), making it a pain to root.

I honestly think Google is very disingenuous to say Android is open when many currently-selling actual devices are locked tighter than the iPhone.

Perhaps Google is just happy that Android is "open to the carriers".

You want a sure bet for an open system, go with the N900.

Re:No, thank you

[mcgrew]

Did you see the masthead? "News for nerds". This is what we do. This is our recreation. I personally found the article fascinating, even though I don't have an iPhone.

You say your time is worth too much to play with hidden features, but I'll bet it isn't worth too much time to watch a NASCAR race or a football game or a movie, now is it?

Re:Or

[mlts]

Rooting != jailbreaking.

Without root, I can run most apps I desire. I want to FTP out? Just fine. I want to compile zsh and slap it on the memory card, it will work. I want to run a P2P client? Frostwire and others are easily downloadable.

Rooting also doesn't modify the phone much. After I rooted my Droid X, the only files that are different are a su executable and an .apk for the UI frontend to always allow with a curtsy, allow, deny, or always tell an app to get fisted if it wants root. A jailbreak to be usable adds a complete userland, from a shell, to basic UNIX commands, to Debian's packaging mechanism, to gpg, to a graphical front end (Cydia). This is major brain surgery compared to just having a "#" prompt available.

What are the advantages of rooting? Tethering comes to mind first thing, although PDANet is an acceptable substitute in a number of cases. Custom ROMs are another reason. Backups using nandroid for a complete restorable image are good. Backing up apps completely with Titanium Backup is another. Finally, DroidWall is excellent making sure that apps that don't need to phone home do not phone home, especially "crapware" installed on a device.

Jailbreaking is needed if a person wants more than what is available in the App Store. Want an app just for playing Russian Roulette? Have to jailbreak. Want another browser? JB time. Want to see more than just a clock on the lock screen? Fire up Greenpois0n.

So, because so much functionality is gained by jailbreaking compared to "just" a "#" sign when rooting Android, the two processes are quite different.

N900 purchase links

[rsborg]

Dude, it's selling right now from major retailers. Ships today.
I got this after 5 seconds of googling:
Google Shopping

Amazon

Re:More interesting if iPad also has it ...

TouchTerm Pro does all that. But terminal work on a touch screen generally? Meh

Re:Or

[cbhacking]

Meh... or you could get a N900 that comes with those tools *ALREADY INCLUDED* in the base OS.

Package manager? Maemo is a modified Debian, and uses Apt.
Shell? Default is Busybox, but the full system is in the repos.
Build toolchain, including GCC? In the repos.
OpenSSH and sshd? In the repos (also dropbear, if you prefer).
Anything that's available as source and compiles on ARM? Go to town. You can even pull directly to the device using Subversion and other mackage managers.

Seriously, arguing over whether iOS or Android is more open is like arguing over whether a Prius or a sports car is better for off-road driving. You're both doing it wrong. Get the right tool for the job.