Few things get under a technophile’s skin more than a digital device that has been artificially hamstrung by the manufacturer. Sure, that brand new device you just unboxed may have some impressive or cutting-edge features — but not for you! Because you have not paid an upcharge — or worse yet, a lame subscription fee — or maybe even because of the part of the world that you live in, those advanced features will lay dormant as if they were not even there. What a waste!
A group of engineers at Lagrange Point in Bengaluru, India recently picked up some Apple AirPods Pro 2 earbuds to serve as hearing aids for their grandparents. Given the high cost of hearing aids, which frequently sell for several hundreds of dollars and up, the AirPods seemed like a good bargain. Or at least they seemed like a good deal until the hearing aid feature refused to be enabled during setup because it is not available in India. In all fairness to Apple, this restriction is most likely due to local regulations, but still, it was a major bummer to find that out after making the purchase.
A nicer Faraday cage was built for future work (📷: Lagrange Point)
But frustration was not the end of the story for the group at Lagrange Point. Being very technically-inclined individuals, they decided to try to trick the AirPods into thinking they were located in the United States, where the hearing aid feature is available. Of course taking this kind of action might void your warranty or otherwise get you in some hot water and yada yada yada, but you’ve got to live a little, right? Hackers gonna hack.
And hack they did. Being a clear case of a geographic restriction on the feature, the team first tried the easy things, like changing their App Store region and device locale. They also found an Apple web service that devices check to identify their country of origin. A spoofed response was quickly prepared for these web service requests, and the other settings were changed appropriately as well.
This just led to certificate issues with the web service and went nowhere. You didn’t think it would really be that easy, did you? After failing with other location spoofing techniques, it was clear that a more sophisticated approach was needed. iOS devices (which the AirPods rely on for setup) can use nearby Wi-Fi routers to determine their location. By checking SSIDs against a database, it is possible to pinpoint a device’s location pretty accurately.
Success! (📷: Lagrange Point)
Nearby SSIDs were placing the iPad used for setup in India, as they should. To get around that the team built a Faraday cage to block real Wi-Fi signals. Since microwave ovens operate at a frequency of 2.4 GHz like some Wi-Fi bands, they also ran their microwave on high next to the cage to act as a poor man’s radio jammer. The iPad was then placed inside the cage along with an ESP32 microcontroller development board. The ESP32 was then programmed to cycle through a set of 100 SSIDs that are actually located in Menlo Park, California, and broadcast them.
Bingo! After a few reboots — the universal tonic for digital devices — the iPad believed it was located in California and it allowed the hearing aid feature to be enabled. That is a pretty extensive setup process, but ultimately all that really matters is that it worked. If you don’t mind spending a weekend enabling a feature (and taking the aforementioned risks), this approach might be just what you need if you get an unpleasant surprise while setting up your AirPods.
