The Great iPhone Serial Port Hack
While the majority of the iPhone's easter eggs and secrets have over time been discovered, pulled apart and analysed to the umpteenth degree, the smartphone continues to have one, little-known trick up its sleeve: A hidden serial port. The inherent possibilities are endless: Network engineers have talked of even bringing their phone into server rooms, rather than having to use a laptop or remote terminal.
According to Chris Pollock at io Networks, "The real benefit in all of this is that there are so many console packages for iPhone in Cydia now that you can have a fully functional computer, as useful as a linux box, but without carrying around a laptop".
One company has already tried to jump on that boat but even though its purpose-built accessories were announced in February, they are yet to hit store shelves. The solution: Build it yourself.
Pollock compiled a step-by-step guide to do exactly that, thanks to his own handiwork and the diagrams at pinouts.ru. We reproduced it here with his permission.
I discovered that the iPhone serial port is in fact a TTL device - super low voltage. I looked at what I'd need for the dock connector too, and quickly realised that I'd have to be a LOT better at soldering than I am. Not wanting to spend time learning, instead I bought a breakout board. I'd been meaning to buy one of these for a long time for the purposes of building a line-in from a mixing desk, but eventually bought one for this project.
This particular dock connector breakout cost $35USD because it was fully labelled, but you can buy cheaper ones. They also get cheaper if you don't want them pre-soldered. The connector board lets you easily access all the pins on the bottom of an iPhone.
To operate the serial port, we need to run an RS232 to TTL converter. Fortunately, there's a 3.3v output on the bottom of the phone that'll power our unit. Not useful if you want to get into the phone's serial console, since it only provides power once booted.
The voltages in regular RS232 serial would fry a TTL port quick smart, so I needed something to convert between the two. Maxim makes a chip called a MAX3232 that will do the job. You can buy one of these pre-soldered to a DB9 connector and PCB, or you can buy the raw chip and wire it up yourself. The raw chip is cheaper but again, more work. You'll need five 0.1uF capacitors and the knowledge of how to wire them up. This information is pretty readily available, but the datasheet for the MAX3232 is confusing, so here's a schematic on what this raw wiring should look like. There are plenty of prebuilt ones on eBay, but they all have female DB9s, so I had to make up a custom headshell.
Now, this part got confusing because Cisco devices don't use standard RJ45 serial pins for communication, and all of these devices are labelled vaguely as to which direction the RX and TX are relative to. Pin 12 is the PHONE's RX. Pin 13 is the PHONE'S TX. Connect Pin 12 to the TX on the TTL converter, and Pin 13 to the RX. This saves you 30 minutes of pain right there. While you would assume that each device labels its RX/TX relative to itself, this assumption is pain-in-the-ass-fully wrong.
You'll also need to connect a 470kohm resistor between pin 1 (GND) and 21 (Accessory detect) to enable the UART.
Now grab a male DB9 head, and a rollover cable. Cut the head off the rollover, then solder it to the DB9. Wire Pin 3 of the RJ45 to Pin 2 of the DB9, Pin 6 of the RJ45 to pin 3 of the DB9, and Pins 4 and 5 of the RJ45 to Pin 5 of the DB9. Of course, this isn't necessary if you bought the correct gender DB9 in the first place, and you should just wire them up normally straight off the chip, then plug your regular rollover cable into it.
It's also super easy to make this an RJ45 port as this was earlier in the prototype process by doing the same in reverse with an RJ45 socket instead of the DB9. Again, Cisco rollover console is Pin 3 TX, Pin 6 RX, and Pins 4 & 5 are Ground.
Now that all this is wired up, you probably want to put it in a case to protect it. I got a basic project case for $5 from Jaycar.
Jailbreak your iPhone and install Terminal, OpenSSH server and Minicom. Change the root password using the passwd command (assuming your iOS is a version in which passwd works) before enabling the SSH server. The default password is alpine, and it's commonly known, so you really need to change it.
Once installed, open up Terminal or SSH in, start Minicom and change the settings - same as you would on a linux box. The device is /dev/tty.iap, speed 9600 8N1, no hardware or software flow control. Remove all the device initialisation, dialling and hangup strings, and save the new configuration as something, preferrably Cisco. Save and exit.
Restart Minicom with your new config by typing 'minicom cisco' and you're done. SSH into it from a windows machine on-site or via an iPad and you're set. 3G iPhones with smashed screens are cheap, you can just leave one in your bag with the serial port, and you never have to worry about being locked out of a device.
There you have it! All parts were acquired from eBay, Ridax and Jaycar. By the time I bought everything it probably cost around $80, but you can probably build it cheaper.
Pollock's other projects and mayhem can be found at Loss4Words.
[Editor's Note: The above story is reprinted from our friends at Computerworld Australia .]
Like this? you might also like...
- The LCD Portal Shirt: Quite Possibly the Nerdiest T-Shirt Ever
- iOS 4 Lock Screen Security Flaw Grants Access to Contacts
- Russian Hacker Builds 70 Terabyte Home Computer