From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller
Stacksmashing
DEF CON 32 Main Stage · Day 1 · Main Stage
This talk, "Ace of the Sleeve: Hacking into Apple's New USB-C Controller," presented by Thomas Roth, also known as Stacksmashing, delves into the intricate process of re-establishing low-level debug access on Apple's latest devices, specifically the iPhone 15 and modern MacBooks. With Apple's transition from its proprietary Lightning connector to the industry-standard USB-C, the established methods for hardware and firmware debugging were rendered obsolete. Stacksmashing's research focuses on uncovering and exploiting Apple's custom implementations of the **USB Power Delivery (USB-PD)** protocol within their **Apple Type-C port controllers**, collectively referred to as "Ace."
AI review
Stacksmashing's work on regaining low-level debug access to the iPhone 15 and modern MacBooks via Apple's custom USB-C controllers (Ace) is a masterclass in hardware reverse engineering. By dissecting Apple's proprietary USB-PD Vendor Defined Messages and building open-source hardware, he's not only re-established critical debug channels like JTAG and serial consoles but also exposed a potent, untraceable attack surface in the Ace controller itself. This research provides invaluable tools and insights for anyone serious about understanding and securing Apple's closed ecosystem.