The Mysterious Apple DCSD Cable Demystified

June 19th, 2020 by James Duffy
Category: «General», «Hardware», «Mobile», «Tips & Tricks»
  • 9
  • 24
  •  
  •  
  •  
  •  
  •  
  •  
    33
    Shares

A lot of people have asked me over the past couple of months – “What’s that cable on your desk, James?”. Today I’ll tell you all about it. Every accessory that connects to your iPhone via lightning is ‘flashed’ with an Accessory ID. The Accessory ID essentially identifies the device connected to the iPhone as a specific type. For example, a Lightning-To-Ethernet adapter will identify itself with it’s assigned Accessory ID so the iPhone knows how to treat the device and interact with it. It’s sort of like directing the iPhone to use a specific driver to interact with said device.

If we think about this concept from a general computing perspective, you wouldn’t interact with a USB Keyboard using a Printer Driver as neither the Keyboard or computer would interpret these instructions correctly.

The Apple DCSD is flashed with a specific Accessory ID that allows it to enable ‘Serial’ access to the iPhone via the iPhone ‘Tristar Chip’.

There is limited information available about how exactly the Tristar Chip operates, but is commonly associated with device charging issues as it directly controls the charging functionality of the iPhone.

In this specific case, the Tristar Chip grants us access to interface with the device over Serial because of the Accessory ID the DCSD is flashed with.

That’s a bit of a mouthful, really. But i’m doing my best here, I promise!

What is Serial? Why can’t we flash a normal lightning cable with this Accessory ID?

Serial is an analogue connection protocol, which means it transmits using analogue signals in contrast to modern digital transmissions.

The ‘box’ located on the DCSD cable listens for these analogue signals coming from the iPhone, ‘converts’ these signals to their digital representation, and forwards it to the Mac.

The same principle works in reverse, where the Mac will transmit to the iPhone over serial using modern digital data, and the DCSD ‘box’ will convert it to the analogue signals where it’s interpreted by the device.

I’ve put together a little diagram to show exactly how the DCSD is working in the background… (My art skills are not so advanced, apologies!)

 

A ‘baud’ rate will also have to be set to begin transmitting. I won’t dig into the technicalities of this (It’s not the most exhilarating topic). The baud rate defines the rate of data transmission. For example, a baud rate of 9600 means that 9600 bits can be transmitted per second.

The iPhone will transmit using a baud rate of 115200.

Okay so now I know what Serial Connections, Accessory IDs & Baud Rates are and i’m not feeling too engaged. WAIT! The fun stuff arriving!

Why does Apple use these cables?

These ‘DCSD’ cables are used by Apple in factories during the production process in order to set ‘hardcoded’ device values that persist through the device restore process, such as the MAC address of the WiFi and Bluetooth modules, the Device Serial Number and much much more. The specific factory software is used to control a massive set of device hardware configuration values and is extremely granular. I had the chance to experiment with this software and it’s incredibly interesting.

I want one!! Wait… What can I even do with it?

With a DCSD cable and this software, you can make these changes yourself! It could prove very useful for enthusiasts interested in tweaking very low-level values on their device which isn’t otherwise possible.

A question I’ve received is ‘Can we modify the IMEI’. The simple answer is no. This value is stored on the baseband and is actually hardcoded (to my knowledge).

What can WE do with this? absolutely much more that can be covered in one article. To put together a short list:

Ever seen a screenshot like this on Twitter? This is an example of serial output you can reproduce on even the latest iOS devices to quickly grab quick values!

  • Granular access to device hardware, modifying values such as the display serial number to enable True Tone on non-legitimate displays!
  • Serial Number modifications
  • Debugging the iOS Kernel using GDB.
  • Opening Shell Access to the device using built-in iOS daemons (Very useful if you bootloop as this can help you to recover your device! – https://twitter.com/qwertyoruiopz/status/711455055401099264 ) (For clarity, daemons are essentially ‘background services’)

I’m going to continue this article very soon as I don’t like my articles to be too extended. I feel that I learn better when reading shorter articles!

Best wishes,
James


  • 9
  • 24
  •  
  •  
  •  
  •  
  •  
  •  
    33
    Shares