iPod 'squeaks' betray software secrets (2005)

That was me.<p>The iPod 4G was very similar to its predecessors. The software was stored on the internal drive, kind of like the MBR of a PC. In addition, the iPod had a mode where it would act as a regular USB storage device (or firewire). That firmware was stored in a flash. Even with a blank drive the USB storage mode was always accessible. This made this whole hack somewhat safe.<p>With custom code put at the correct offset with some magic numbers in the right places the iPod would start executing code from the first sectors of its drive. This was just a dd if=mycode.bin of=&#x2F;dev&#x2F;sdb, so no exploit or anything special was needed. A few people on the #ipodlinux channel helped me with C and creating position-independent binaries without any external libraries. I had some experience writing a toy OS in assembler on x86 which came in handy.<p>The piezo was controlled by writing to some memory addresses. Someone else already figured that out. I toyed around with various values until I had two distinct noises, one for 0 and the other for 1. Then I write code for loop over a memory region one bit at a time while the piezo played either of those noises. I had audacity (an audio recorder) open on my computer and just started recording using a cheap dynamic microphone. The decoding software was embarrassingly stupid but I had no clue about signal analysis in 2005. It would have been possible to use a modulation method to speed up the process quite a lot. I opted for a compression algorithm instead.<p>I think I tried different memory regions until I found one that started with data that looked like ARM opcodes. When I found that region the final dump took a few hours over night.<p>After sending the extracted binary over to the other devs we had a kernel running not much later.<p>This project taught me a lot: ARM assembler, C, SDL (for visualization), sox (audio processing tools) and patching&#x2F;porting the linux kernel for new hardware. It also got me job offers from a few big companies but I did not take any of them as I had different plans already. I kept on hacking and contributing to various open-source projects over the years, spent way too much time on hyper-optimizing crypto mining algorithms, and eventually got back to hacking more meaningful code again. Basically, my career after this hack has been almost exclusively open-source projects.

Fascinating! In case anyone missed it there was a similar article a few days ago dumping a Pokemon ROM through the loudspeaker.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39037104">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39037104</a>

I remember installing iPod Linux on my first gen iPod nano. One of my biggest regrets is trading it in for a brand new iPod nano when they had the battery replacement program. The memories were worth much more than a free iPod.

Nice acoustic hack. It&#x27;s also amazing what you can do with a simple FM&#x2F;AM radio to perform short range tempest sniffs. No doubt some amazingly clever tricks can be done with SDR. If it runs code, it leaks EMR.

Am I understanding right that he essentially printed part of memory to the piezoelectric circuit in binary? How did he get his code to run to do so, or was there some other technique in play? Really interesting stuff.

I get a lot of spam calls that sound like they were intended for a fax but yesterday the phone transcribed the message as “Siri…”.<p>I wound up deleting that one but I have another one I want to put through some kind of transcriber, curious what if any data is being transmitted.

“Topics: Computer Crime”<p>Hackers just can’t catch a break. Linux is not illegal, free the bootloaders!

Sure skipped over a lot of details. Like how did they reprogram the iPod code to play the boot rom as Audio? Why not just desolder the flash chip and read it out with a programmer?<p>EDIT: I missed the fact that there was already a &quot;Linux on iPod&quot; distro to build upon.

The part I love and shows how journalists have no clues is the topic of the article at the bottom &quot;Computer crimes&quot;

highly related <a href="https:&#x2F;&#x2F;arstechnica.com&#x2F;gaming&#x2F;2024&#x2F;01&#x2F;modder-recreates-game-boy-advance-games-using-the-audio-from-crash-sounds&#x2F;" rel="nofollow">https:&#x2F;&#x2F;arstechnica.com&#x2F;gaming&#x2F;2024&#x2F;01&#x2F;modder-recreates-game...</a>

&gt; Bernard Leach, a UK software engineer who helped set up the so-called iPod Linux project, had already worked out how to control the piezoelectric component within the iPod that produces the click.<p>Was this a hardware mod? Is there information online about this process?