Chipworks has performed a systems analysis of Apple’s Lightning to USB cable and how it communicates when it is inserted into the iPhone 5. They first document the four die found within the Lightning cable:
- NXP SP3D2
- STMicroelectronics USB2A
- Texas Instruments BQ2025
- Unknown manufacturer with markings identified as 4S (functionality is known)
Back in October, Chipworks confirmed the TI BQ2025 component within the Lightning cable and suspected it was used for security for the proprietary cable. Their current analysis notes the following:
Considering some of the speculation on the web, we initially considered that the mystery chip could contain some security, so to test this theory, we investigated the TI BQ2025 by looking at the initial handshake. From this we see no evidence of any form of security at this stage of communication.
To determine this conclusion, Chipworks soldered wires to the 8 pins on the Lightning cable, where the TI BQ2025 is connected to pins on both sides of the cable. Here’s how they explain their test:
The phone itself only monitors the bottom row of pins. If the user has inserted the cable right-side-up, the phone needs to use the pin, which is fifth from the left, to communicate with the BQ2025. That’s where the black signal is. Furthermore, if the user has inserted the cable upside-down (or is it right-side-up?), the phone needs to use the left-most pin.
With two pins available for to communicate with the cable, the iPhone 5 tries both pins to establish communication when you insert it into the phone:
The figure below shows a signal capture taken when the Lightning cable is plugged into an iPhone 5. The phone first attempts to communicate with the cable on Pin 5, but receives no response. The phone attempts to communicate with the cable on Pin 1. This time, it receives a response. The phone now knows which way the cable was inserted.
Now you know how the Lightning to USB cable communicates with the iPhone 5 no matter which orientation the cable is inserted.
As for the data signals transmitted between the Lightning to USB cable and the iPhone 5, Chipworks performed a test where they captured the data transmitted between a few cables. They conclude the cable does most of the communicating with the iPhone 5 and there is no evidence of any sort of authentication sequences taking place at all:
When we compare the captures for two different (but same model) Lightning USB cables, we noticed that the content of the last three data exchanges is different (i.e., the rightmost three black blobs in the figure above). In the first of those three exchanges, the cable returns 8 bytes of binary data. In the second and third exchanges, the cable returns a few binary bytes and a 16 character ASCII string. There doesn’t appear to be a key exchange, session establishment, or authentication. There doesn’t even appear to be a challenge-response sequence. The phone sends only a handful of bytes to the cable. The cable does most of the talking.
Many have suspected Apple’s Lightning to USB cable to contain security features but according to Chipworks these initial sequences of communication with the iPhone 5 do not convey this to be the case. We would suspect the way the cable communicates with the iPhone 5 is similar to how it works with the latest iPod touch, 4th gen iPad and iPad mini as well. Third party manufacturers have been quick to fill the void of offering replacement Lightning to USB cables, as Apple appears to be tightly controlling official Lightning connectors .