How to Put Apple TV 3 (2012-2013), Apple TV HD (2015) and Apple TV 4K (2017) into DFU
2022-10-31 20:9:50 Author: blog.elcomsoft.com(查看原文) 阅读量:40 收藏

The title says it all. In this article we’ll explain the steps required to put the listed Apple TV models into DFU mode. These Apple TV models are based on the A5, A8, and A10X chips that are susceptible to the checkm8 exploit and checkm8-based extraction with iOS Forensic Toolkit 8, and DFU mode is the required initial step of the process.

Why DFU?

Mobile forensics is not limited to phones and tablets. Many types of devices including wearables and IoT devices contain valuable evidence. Some Apple TV models are compatible with the familiar checkm8 exploit and the same low-level extraction method we use for extracting data from the iPhone. The initial step for applying the checkm8 exploit requires placing the device in DFU mode, which is exactly what we are writing about.

Note: there are two additional Apple TV 4K models released in 2021 (A12 Bionic) and 2022 (A15 Bionic). These models are no longer compatible with the checkm8 exploit.

Apple TV 3 (2012 and 2013)

There are two different Apple TV 3 models with slightly different A5 chips. The A1427 (2012) is based on the dual-core version of the A5 chip with one core disabled, while the updated 2013 model A1469 is based on a different A5 chip that only has a single physical core. Aside of the slightly lower power consumption of the newer chip, both models are otherwise identical. The Apple TV 3 is no longer sold by Apple. Both models are compatible with the checkm8 exploit and the extraction method used in iOS Forensic Toolkit 8.

The two models also share the same DFU process. To place an Apple TV 3 into DFU, you will only need its remote control unit. Unlike in newer models, there is no need to pair the remote to a particular device. The steps are:

  1. Make sure the device is connected to power and is turned on
  2. Make sure the device is connected to the computer using a micro-USB cable
  3. Press and hold Down (1) and Menu (2) button until the LED starts flashing very quickly (6 seconds)
  4. Release both buttons
  5. Quickly press and hold Play (3) and Menu (2) button until the LED starts flashing very quickly (6 seconds)
  6. Release both buttons

Note: It is important to actually release both buttons. It will not work if you just keep holding the Menu button without releasing it!

The Down, Menu and Play buttons are marked as (1), (2) and (3) respectively.

If you have done it correctly, the Apple TV should now be in DFU mode.

Important: applying the checkm8 exploit on the first-generation Apple TV 3 (A1427) requires a Raspberry Pi Pico board. The workflow is similar to the iPhone 4s. The newer Apple TV 3 (2013) does not require an external microcontroller.

Apple TV HD (4th Generation)

The original Apple TV 4 was released back in 2017, featuring the new Siri remote. In 2021, it was updated with a redesigned Siri remote control and renamed to Apple TV HD. The main unit remained largely unchanged; it is still based on the Apple A8 chip and still having the bootloader vulnerability unpatched. The Apple TV HD with new Siri remote is still present in Apple’s product range.

The remote control will be used to place the device into DFU. We tested both the original and new Siri remotes, and the steps are identical among the two. Please note that the Siri remote must be paired to the Apple TV device as it is no longer communicating with the box via the IR channel, even though the IR transmitter and receiver are still there. The Apple TV 4 and Apple TV HD feature a USB-C port that can be used to connect the device to the computer, which means you will need a Type-C cable to connect the device in addition to the remote control.

To place the Apple TV 4 or Apple TV HD into DFU, follow these steps.

  1. Make sure the device is connected to power and is turned on
  2. Connect the device to the computer using a USB-C cable
  3. Press and hold the Menu and Play buttons until the LED starts flashing rapidly (6 seconds)
  4. Release both buttons

The Menu and Play buttons are marked for Siri Remote 1 and Siri Remote 2 respectively.

Apple TV 4K (2017)

Released back in 2017, the first-generation Apple TV 4K was based in the A10X chip. The device is susceptible to the checkm8 exploit, and is supported by iOS Forensic Toolkit. Unlike previous models, the Apple TV 4K does not have a built-in USB port to connect the device to the computer. For this reason, you will need additional hardware to place the device into DFU and to connect it to the computer for the purpose of data extraction.

A hidden port was discovered under the Ethernet (RJ45) socket. A special connector is now available, the GoldenEye (or Foxlink X892), which is available for around 40€. With this adapter, you can connect your Apple TV 4K using a standard Lightning cable and perform logical acquisition. However, this adapter alone is not enough to perform the checkm8 extraction.

In order to apply the checkm8 exploit, the device must first be placed into DFU mode. The Apple TV 4 (Apple TV HD) and older models can be placed into DFU using the remote control with a special combination of buttons. This is not the case for the Apple TV 4K. While you can place the 4K model into DFU with a special breakout cable, its installation is difficult and requires soldering skills. Instead, we recommend a much easier solution that used the DCSD cable (The Mysterious Apple DCSD Cable Demystified). The adapter is easily available at around 20€.

To place the Apple TV 4K into DFU, use the following steps.

  1. Disconnect the device from the power source
  2. Connect the DCSD cable to the computer’s USB port
  3. Connect the GoldenEye adapter to the DCSD cable (using Lightning)
  4. Connect the GoldenEye to the Apple TV 4K
  5. Connect the Apple TV 4K to the power source

After that, the Apple TV 4K is automatically boots into DFU:

Conclusion

Placing the three generations of Apple TV into DFU requires different steps. The Apple TV 3 can be placed into DFU with a matching IR remote, while the Apple TV 4 and Apple TV HD require a paired Siri remote. The first-generation Apple TV 4K requires additional adapters to place the device into DFU and connect it to the computer, but simply connecting the adapter to the box is enough to make it boot into DFU.


REFERENCES:

Elcomsoft iOS Forensic Toolkit

Extract critical evidence from Apple iOS devices in real time. Gain access to phone secrets including passwords and encryption keys, and decrypt the file system image with or without the original passcode. Physical and logical acquisition options for all 64-bit devices running all versions of iOS.

Elcomsoft iOS Forensic Toolkit official web page & downloads »


文章来源: https://blog.elcomsoft.com/2022/10/how-to-put-apple-tv-3-2012-2013-apple-tv-hd-2015-and-apple-tv-4k-2017-into-dfu/
如有侵权请联系:admin#unsafe.sh