Geeks circumvent AirPods Pro 2 hearing aid geo-restriction for their grandmas with a Faraday cage and leaky microwave
Apple recently introduced Hearing Health features for the AirPods Pro 2 with the 7B19 firmware update. Hearing Health is comprised of Hearing Test, Hearing Aid, and Hearing Protection features, but the first two are geo-restricted due to regulatory requirements. Unfortunately, users in India are out of luck as the country is not on Apple's availability list yet.
However, a team of enterprising geeks have found a way to skirt around Apple's geo-restriction.
As soon as Apple released the iOS 18.1 update, Rithwik Jayasimha (@thel3l on X) got a set of AirPods Pro 2 for his grandmother only to realize that the much-vaunted feature isn't available in India. Instead of throwing those shiny pods away, Rithwik and his friends from Lagrange Point found out a way to circumvent Apple's geolocation.
You can read the full details on how they spoofed Apple's petulant geolocation strategy here. Essentially, Rithwik discovered that iOS uses three methods to check the iPhone's location — a GET request to an endpoint (https://gspe1-ssl.ls.apple.com/pep/gcc), Apple Store location, and likely the device's timezone and region settings.
Additionally, for cellular devices, Apple also uses GPS and an internal database that helps tally location based on mobile country/network codes (MCC/MNC) received from the cellular network.
The logical first step was to minimize the trouble of identifying location from MCC/MNC. Rithwik and team relied on an iPad 10th gen that only had Wi-Fi and GPS without cellular. However, spoofing the location isn't apparently as straightforward.
Changing the device's locale, attempts to spoof the GET request to a US location, and using Xcode to simulate a device's location all ended in vain. Although the iPad did technically change its location, it was as if it knew that wasn't actually the case.
Further brainstorming led them to discover that the iPad could actually be triangulating its position using a combination of GPS, Wi-Fi SSIDs, and MAC addresses of surrounding routers and devices. They tried forking the Skylift ESP32 project to spoof SSIDs from Menlo Park, California but that didn't work either. Besides, it's practically impossible to shun all Wi-Fi networks at home and office.
Enter the Faraday cage
For those not in the know, a Faraday cage is an enclosure that prevents electromagnetic radiation (which radio waves are a part of) from getting in or out. A microwave oven is a good example of a Faraday cage that we use daily. Microwaves operate at 2.4 GHz frequency like Wi-Fi, so in this case the oven also works as a Wi-Fi jammer.
The team's Faraday cage involved placing the ESP32 in a cardboard box with aluminum foil to broadcast California SSIDs to the iPad. This was placed on top of a leaky microwave oven that should effectively block out any 2.4 GHz signals in the air. The iPad initially still figured out it was in IN, but a few tweaks would see the iPad finally recognizing it was in the US.
They now opened the AirPods Pro 2 case and waited for the moment of truth. And voila! Hearing Assistance features were instantly activated on the AirPods Pro 2.
The team even discovered that the hearing aid feature is essentially just an equalizer preset that replaces the transparency mode and should theoretically work even with older firmware. The icing on the cake is that once activated with this hack, all devices connected to your iCloud account activate Hearing Health features on the AirPods Pro 2 without having to go through the whole rigmarole again.
Rithwik and team built a more practical Faraday cage with the help of a friend and are even running a small camp at Lagrange Point to help those in need. The AirPods Pro 2 aren't exactly cheap for TWS earbuds, but they surely make for very cost-effective hearing aids.
If you or someone you know have an AirPods Pro 2 and see benefit from this feature, hit up Rithwik on X for help.
Source(s)
@thel3l and @itsarnavb on X
