The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "IBUS"
m (Fixed capitalization of proper noun ("Apple")) |
m (small edits) |
||
Line 1: | Line 1: | ||
− | The |
+ | The iBUS adapter is a smaller dongle that takes advantage of the diagnostics port hidden behind a small plate in the slot where the band for your watch would normally slide into. |
− | These adapters are sold by |
+ | These adapters are sold by MFC and appear to be clones of Apple's own proprietary hardware; When plugged into a Mac via lightning-to-USB, the Apple Watch appears in Finder in the same way that other apple devices do when plugged in. It is also recognized by libimobiledevice, Xcode, and Console.app, although no logs are displayed in the latter. |
Not much information about these adapters has been released, by MFC or otherwise. |
Not much information about these adapters has been released, by MFC or otherwise. |
Latest revision as of 12:59, 14 March 2021
The iBUS adapter is a smaller dongle that takes advantage of the diagnostics port hidden behind a small plate in the slot where the band for your watch would normally slide into.
These adapters are sold by MFC and appear to be clones of Apple's own proprietary hardware; When plugged into a Mac via lightning-to-USB, the Apple Watch appears in Finder in the same way that other apple devices do when plugged in. It is also recognized by libimobiledevice, Xcode, and Console.app, although no logs are displayed in the latter.
Not much information about these adapters has been released, by MFC or otherwise.
Adapters for the S4 and S5 have been announced as "upcoming"
Contents
Usage for Research
While the adapters are marketed for their ability to "restore" devices, the signed firmware required to do so is not readily available. However, the adapter does allow exploitation of the S1, S2, and S3 Watches using checkm8
"Pwning" the watch and dumping the bootrom
Entering DFU
Once you've connected your Apple watch via a standard USB Lightning cable and the iBUS adapter:
- Hold the crown and power button down
- Immediately after the screen goes black, count to 3
- After 3 seconds, release the power button, but continue to hold the crown.
Finder should now show an "Apple Watch" in DFU mode, and will allow you to install signed firmware if you have any.
Exploiting with ipwndfu
Reliability of checkm8 on the watch can vary.
After cloning [1], `cd` into the directory and run `./ipwndfu -p`
If the exploit fails, you may need to run it again. It can take anywhere from one to several hundred attempts.
From here, you can run `./ipwndfu --dump-rom` to dump the SecureRom. More information is available in the ipwndfu readme and on ipwndfu.
Do note the `--boot` flag currently only works for the iPhone X.
You can use `./ipwndfu --hex-dump=0x0,0x10000000000` to crash out of DFU and force a reboot.
Tips for usage
- As the metal rod that ships with the adapter often fits loosely, consider using rubber bands to firmly press the adapter into the port.
- A hairband is exceptional at this, and perfectly fits into the top of the watch.