User Tools

Site Tools


products:bonobo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
products:bonobo [2019/04/24 15:52]
po
products:bonobo [2019/09/06 13:15] (current)
po [Use case]
Line 1: Line 1:
-====== Bonobo Cable ======+====== Bonobo ​Debug Cable ====== 
 + 
 +iPhone debugging requires proper tools. 
 + 
 +The Bonobo cable connects to your target through Lightning and allows CPU debugging using OpenOCD + AArch64 GDB. Among others, you can: access CPU registers, single step, put hardware breakpoints,​ dump memory, etc... 
 + 
 +The target serial console can be accessed on the control PC through Minicom (iBoot prompt), as well as Lightning USB (For DFU, USB exploitation,​ etc.) 
 + 
 +<​html>​ 
 +<span style="​color:​red;​ font-weight:​ bold;">​Note:​ To be able to use this cable, the target system (iPhone) must be defused and allow SWD.</​span>​ 
 +</​html>​ 
 + 
 +=== Demonstration:​ === 
 + 
 +<​html><​iframe width="​560"​ height="​315"​ src="​https://​www.youtube.com/​embed/​wpQNxKMn2tw"​ frameborder="​0"​ allow="​accelerometer;​ autoplay; encrypted-media;​ gyroscope; picture-in-picture"​ allowfullscreen></​iframe></​html>​ 
 +===== Buy ===== 
 + 
 +  * Buy it on our shop: [[http://​shop.lambdaconcept.com/​home/​37-bonobo-debug-cable.html|Buy Bonobo Cable]]
  
 ===== Description ===== ===== Description =====
  
-==== Hardware ​features ​====+==== Specifications ==== 
 + 
 +  * **FPGA Chipset**: Xilinx Spartan6 XC6SLX16 
 +  * **Microcontroller:​** STM32F723 
 +  * **USB HighSpeed Hub** 
 +  * **Serial + JTAG interfaces**:​ Hi-Speed Quad USB UART FTDI FT4232H 
 +  * **Lightning connector** 
 +  * **User Interfaces:​** 2x RBG LEDs 
 + 
 +==== Features ==== 
 + 
 +=== On the target side (through the Lightning tip): === 
 + 
 +  * Lightning SWD on ACC_ID/​ACC_PWR wires. 
 +  * Lightning Serial (For iBoot console, etc.). 
 +  * Lightning USB (For DFU, ...). 
 +  * Lightning ACC_ID sequence (As debug accessory). 
 +  * Lightning Power (For charging or if the target does not have a battery) 
 + 
 +=== On the control side (through USB connector): === 
 + 
 +  * **OpenOCD** (With Open Source Bonobo driver patch) 
 +    * ARMv8 / ADIv5 
 +    * Support SWD commands queue 
 +    * Support target board reset 
 + 
 +  * **GDB** (AArch64) 
 +    * Connects to OpenOCD 
 +    * For Registers access, ​Hardware ​breakpoints,​ Instruction stepping, R/W memory, etc. 
 + 
 +===== Use case ===== 
 + 
 +  * iPhone debugging: [[products:​bonobo:​iphone_bootrom_debug|iPhone BootROM Debug/SWD cable]] 
 + 
 +=== Supported versions: === 
 +  * iPhone 7 / A10 
 +  * iPhone 8 / A11 
 +  * iPhone X / A12 
 +===== Hardware Architecture ===== 
 + 
 +{{:​products:​bonobo:​bonobo_cable.png?​400|}} 
 + 
 +===== Gateware & Firmware ===== 
 + 
 +The FPGA and STM32 come pre-flashed with a custom Gateware and Firmware, ready to be used with our open-source OpenOCD driver. 
 + 
 + 
 +===== Quick Start ===== 
 + 
 + 
 +==== 1. Get OpenOCD + Bonobo patch ==== 
 + 
 +[[products:​bonobo:​iphone_bootrom_debug#​openocd_build_instructions|See instructions]] 
 + 
 +==== 2. Get GDB Aarch64 ==== 
 + 
 +Get aarch64-linux-gnu-gdb from your distribution package manager. 
 + 
 +==== 3. Get iPhone configuration files ==== 
 + 
 +[[products:​bonobo:​iphone_bootrom_debug#​iphone_configuration_files|Get files]]
  
-  * FPGA: Spartan6 XC6SLX16 +==== 4. Run OpenOCD ====
-  * Microcontroller:​ STM32F723 +
-  * FT4232H USB UART +
-  * USB HighSpeed Hub +
-  * Lightning connector +
-  * 2 RBG LEDs+
  
-==== Some use cases ====+Plug the phone and run:
  
-  * iPhone Serial Number Reader (SNR) +<​code>​ 
-  * iPhone Debug/SWD cable+$ openocd -f openocd-iphone-7.cfg 
 +</​code>​ 
 +or 
 +<​code>​ 
 +$ openocd -f openocd-iphone-x.cfg 
 +</code>
  
-==== Architecture ====+[[products:​bonobo:​iphone_bootrom_debug#​running_openocd|More details]]
  
-==== Gateware ​====+==== 5. Attach with GDB ====
  
-==== Firmware ====+<​code>​ 
 +$ aarch64-linux-gnu-gdb
  
-==== Software ====+(gdb) target remote :3333 
 +0x0000000100000508 in ?? () 
 +</​code>​
  
 +[[products:​bonobo:​iphone_bootrom_debug#​debugging_iphone_with_gdb|More details]]
products/bonobo.1556113942.txt.gz · Last modified: 2019/04/24 15:52 by po