Wednesday, October 03, 2007

iPhone 1.1.1 and the iBrick

This blog just got mentioned by a Wired News posting about the iPhone. Other than some random spellings of my name I think it picked up on my points quite well.

I haven't hacked my iPhone, and it upgraded to 1.1.1 cleanly. The new features and upgrades are welcome, but the upgrade process didn't clear out the ever increasing amount of "Other Memory". I had resorted to removing videos from my iPhone to make space and avoid out of memory errors. You can see 1.6GB in the display below.



I went through the settings, cleared out deleted mail and safari history and it made no difference. I deleted all the content and it made no difference, so I re-loaded the iPhone from scratch, and it dropped to 14MB after I had put my content back.



There are some posts on the iPhone support forums about this problem, but no mention of an official fix from Apple. One user claims that it could be related to Google Maps, which I use quite often. I'm going to watch this "other memory" usage to try to figure out which apps are increasing it.

I haven't seen a clear explanation of what is going on inside the iPhone that makes hacking applications very different from hacking the carrier, and from my experience building myPhone I can hopefully clarify this issue.

There are two CPUs inside just about all phones of any type. One is part of a GSM modem module that interfaces to the phone network, the other is the application CPU that runs the user interface (e.g. OSX on the iPhone). For the Gumstix Goliath a Siemens MC75 module interfaces to the SIM card, and the GSM antenna directly, and has USB, serial and audio interfaces. The way all these GSM modems are managed is by sending it command sequences that would be familiar to any old-timers, its a derivative of the Hayes AT command set. Inside the iPhone is a similar module. The GSM modem has a low speed low power CPU with its own flash memory. The service providers don't like having people mess with this firmware, because it controls the wireless signaling, power levels and cellular communication protocol directly, and they have to be certified for connection to the GSM network. For our homebrew phones we buy Telit or Siemens modules off the shelf and don't mess with their internals, and they just work. Thats why we can build usable homebrew phones.

Since this firmware interfaces directly with the SIM card, it can contain code that locks the phone to a particular service provider. The iPhone's GSM modem firmware is locked to AT&T. In order to modify this firmware the unlock applications such as iPhoneSIMFree had to take advantage of a debug feature or security flaw to load modified firmware into the GSM modem. Since the GSM modem is a standard component, hackers were probably able to find out its supplier and part number and get hold of a lot of documentation on how it works.

With the 1.1.1 release it appears that Apple closed off some security holes that were being used to hack into the iPhone, but also digitally signed the code inside the phone. This means that any attempt to modify OSX or the GSM firmware breaks the signature, and since the CPUs have hardware support for digital signatures, its extremely difficult to get around this form of protection. Its now several weeks since 1.1.1 was released on the iPhone and iPod Touch and it hasn't been broken into yet. The hackers have to find and exploit a completely new security flaw to get into the application CPU first, then find a way into the GSM modem. It is then easy for Apple to figure out how they are getting in, and fix it in their next release. With Apple releasing monthly updates, there isn't a viable business proposition based on hacking iPhones.

I still think Apple has a lot of unreleased iPhone software in the pipeline and will open up to developers when it has pushed out a few more updates. I think the ideal audience for an iPhone developer launch is MacWorld San Francisco in January. The highest density of startups and developers is in the Bay Area, and its the anniversary of the iPhone launch. Thats as near as I'm getting to a prediction....

In the meantime, the developers who want something to do could join the OpenMoko project, help build applications for it and maybe even port the Linux based OpenMoko to the iPhone hardware. Thats what I will be working on when I get myPhone up and running....

3 comments:

  1. Great blog. I really like your writing, and I think you're absolutely right on the iPhone.

    Visit my blog at:
    http://www.boldinvestors.com

    ReplyDelete
  2. Since I've "upgraded" to 1.1.1 too, and can't jailbreak any more to check, I can't be sure, but I suspect it's almost certainly the contents of the OSX "~/Library" folder which is growing. Probably browser cache is a big part of it, which probably includes Safari, Maps, and YouTube caching. It's definitely unfortunate that apple doesn't have a "flush caches" button on the iTunes phone syncing UI to free that space up. Actually, maybe it's just automatic. Can you try adding some large file(s) which wouldn't fit in the "free" space, but would fit in "free+other"? Maybe it'll just cleverly delete your cache files from the phone in that situation, like Tivo does when it's full of recordings it thought you might like, but you tell it to explicitly record something.

    ReplyDelete
  3. This worked for me, maybe it will work for others. ssh into the iphone and check out the size of /var/root/MediaBackup. The timestamp indicates the files were updated around the time I upgraded and haven't been accessed since. I deleted the whole directory and resynched to iTunes to find that the other category was down to 84 mb. Hope this helps someone else!

    ReplyDelete

Note: Only a member of this blog may post a comment.