Hardware & Making
Breathing Life into Legacy: An Open-Source Emulator of Legacy Apple Devices
A Dive into Reverse Engineering and Understanding the iPod Touch
This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.
During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.
This talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.
The talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.
The final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.
This talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.
Additional information
| Live Stream | https://streaming.media.ccc.de/37c3/granville |
|---|---|
| Type | lecture |
| Language | English |
More sessions
| 12/27/23 |
After a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.
|
| 12/27/23 |
This lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.
|
| 12/27/23 |
Ein Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.
|
| 12/27/23 |
In an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to ...
|
| 12/27/23 |
Embark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.
|
| 12/27/23 |
I am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every ...
|
| 12/27/23 |
The Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.
|
