Oh sweet! I've used little tabletop ones at work, and ended up building myself one using the housing of some scrapped microwave equipment (it got hit by lightning so the circuits were junk, but the RF-gasketed housing was in great shape.) It worked but I never built many passthroughs for it.
The trouble with the tabletop ones is that it's such a pain to set up all the I/O passthroughs and stuff, often it's just not justifiable to go through the hassle, and it just doesn't get used.
Being able to walk in and just use your own hands to manipulate the DUT is huge. If you're not dealing with high power, it's plenty safe, and it just saves a ton of time.
Yeah, Apple sometimes checks MCC/MNC on the cellular network as well, for some reason they chose not to lock it down that way here.
However, if they did lock it to require an iPhone, the way we would activate would be by using our Faraday cage to spoof GPS inside it, and maybe a spoofed base station.
That's exactly what we did in the end—used a commercial VPN and provided internet to the device over the USB cable. Could have probably used a Tailscale on a VPS somewhere too.
Probably would work, however I suspect the changes would not be as sticky.
Apple has some slightly more complex checks that they have used in the past to georestrict stuff like ECG, by using MCC/MNC codes from your mobile network. I suspect that the alt stores would be region locked and stop working outside the EU—but that remains to be tested, and seems like a fun thing to experiment with.
I'm thinking of making it easy to "teleport" to any location within the cage
Imagine typing in coordinates or picking a location on a map, and then suddenly your phone or any other device is at that location inside the cage, by a combination of GPS, cellular and WiFi spoofing
Thank you for reading and the kind words! We're almost looking forward to this loophole being shut down to really make things a tad bit more challenging haha
We've got some ideas for the Faraday cage—a whole bunch of networks research and hacking that we can do without messing up live systems! It's also really nice to be able to test a device in isolation, without worrying about whether it's phoning back home in some way.
> We're almost looking forward to this loophole being shut down to really make things a tad bit more challenging haha
This is a great attitude in the face of a pretty sad 2024 reality: that the manufacturer of a device is expected to intentionally go out of its way to remotely stop users from using the device they bought in the way they want to use it.
I'm a bit perplexed about region handling, maybe you could shed some light on it. I have an iPhone from Canada, with a Canadian Apple account (Canadian CC/billing address, set location to Canada in App Store), but live in Spain for the last few years. I am still fully "Canadian" according to Apple. I don't get any of the 3rd party App Store stuff that's region locked to the EU, and have access to Apple Intelligence and other features not available in the EU.
I can't give the hearing aid feature a test because it's not available in either Canada or Spain, but I am wondering what the difference is (if any) between the hearing aid region lock and other geo-locked/geo-enabled features Apple has.
You can login with a second account that is an EU account, my wife went this route. You get the best of both worlds.
I ended up transferring my account to an EU account (pro-tip, you may be on the phone with Apple support for 6+ hours if the automation fails). I still have access to both US-specific features (like Apple Cash in USD and the feature in this article) and EU-specific features (like the new app store stuff).
I'm surprised that this worked for you, my main Apple ID is a German one, with active CC/subscriptions/etc; but I am physically in Japan and definitely don't get to play Fortnite on my phone.
Yes, I'm physically in the EU. I'd be curious if you set your computer up as an access point and connected to a VPN (so the phone won't know if it is on a VPN) and then use an exit point in the EU. You could even go so far as spoofing GPS in your house using SDN to even make it think it is in the EU. (just don't forget to make the testing room a faraday cage to prevent any airplanes from getting confused).
I'd even be happy to repeat your cellular signals here in the EU, so you connect to EU towers.
Awesome article. This kind of hacking casually showing iOS app behavior is another world, especially because I thought they were so locked down. How did you get started, any recommendations?
Since you did not end up having bought yourself a very expensive set of earphones, what earphones do you use — or want to get?
haha, I think I've got many miles to go before I'm qualified to answer this :')
I've just been hacking away at things since I was in middle school, am lucky that there's some transfer. LLMs have also been a huge unlock—really cool to be able to try things at near speed of thought!
> what earphones do you use — or want to get?
I'm very happy with my Shure Aonic 3s, a very loyal IEMs guy!
That's a really awesome hack, thanks for sharing. I was slightly surprised that you had to go as far as spoofing a wifi network actually but it's great you figured it out.
Loved the article, thank you for sharing. How happy are the grandparents with the hearing aid functionality? Is it working well for them and how is the battery life?
It's all too early to tell, but we'll know after a week or so. The battery life thing is not seeming like a big problem, since the existing device needs batteries changed every few days or charged every night.
As for the sound quality, a few of our grandparents have tried it, and while they say it sounds 'different', it's not necessarily bad. Grandma was actually quite content even with just the old EQ settings that shipped pre iOS 18 for folks with hearing issues.
The hearing test on one of the images shows a ‘profound loss’. Does the hearing aid feature work for such a significant loss, or does it disable for any result beyond moderate loss?
The feature only works when hearing loss is mild (26–40 dBHL) or moderate (41–60 dBHL). We had to repeat the test a few times to get it in the range and enable it.
Thank you for your work. In the substack write-up, you said: "There was more work to be done: we needed a reliable reproduction, and a concrete process." Could you elaborate on the process for unlocking?
The first prototype was just aluminium foil, tape and hope, but we wanted something more solid so we built one out of n°100 copper mesh and some 2020 aluminium extrusions!
The door of a microwave typically doesn't form an RF-tight seal. Instead there's a groove that forms a resonant trap at the microwave's operating frequency. So it'll probably block 2.4-GHz ISM-band stuff like Bluetooth (I don't actually know how wide the trap band is compared to a BT or wifi channel), but outside that band all bets are off.
Nope, its a one time thing. When the feature is enabled, a flag is set on the iCloud account, so you can travel anywhere and have it work. At the same time, a EQ profile is pushed to the transparency mode of the Airpods, enabling the hearing aid features.
Once done, it sticks with the Airpods, unless you reset them.
However, an interesting quirk is that if you enable this on someone's airpods, and _their_ device/account does not have it 'available', they wont be able to tweak the settings on their device.
I wonder if the flag gets reset every so often if the device doesn't think it's in the US for a long period of time. I've heard Apple considered that for some of the other EU restrictions
Probably not to account for people spending lots of time outside the US. The main restriction is not selling items with particular features outside of approved countries but them getting used after being bought elsewhere isn't usually a big deal. India doesn't care about my Grandma wearing her hearing aids because they're not approved in India and if the government doesn't care where's the incentive for Apple to break functionality for customers?
I live in India and I have been using hearing aid feature since at least March when I bought Airpods Pro. Only that it wasn’t called as such earlier. It uses the audiogram I had provided it which it used to create a customized equalizer for my hearing disability. I am sure they must have improved upon the capability in new OS versions but functionally it has been present for a while now.
I suppose the difference is 1st party support for creating the audiogram, plus the clearance from the US gov to market it the way they want as OTC hearing aids
Shocked we made it this far in life without one! Itching to put devices inside and light the air inside up without worrying about licensing!
We actually ended up seeing a life size Faraday cage at Indian Institute of Science—felt good to see that the construction was similar to our approach