ANN: apple motion sensor reverse engineered


I have successfully reverse engineered the AMS using a variety of python
scripts, otool, libiberty (for C++ name demangling) and a bit of time.
Most useful is an old script I have that uses graphviz' dot to make a
flow graph out of asm.

The OSX driver is remarkably well written. But maybe all OSX drivers
are, I don't know :)

What I found is documented here:


Some things like how to set the sensitivity are missing, but in normal
operation the OSX driver do this.

I have written a proof of concept driver that creates a HID device which
fully works, but I suppose I cannot publish it since I disassembled the
OSX driver. OTOH, it should be trivial to write a driver from this :)

Have fun. Maybe I'll see a real driver that can even handle interrupts
(I have no idea how to get the interrupt GPIO stuff from the PROM/OF)
when I get back online after the weekend? ;)


