Why the iPhone Has a Chip That Kills FaceID

I discovered a mysterious component inside the iPhone's FaceID system whose sole purpose is to permanently disable the facial recognition system if damage is detected. Let's figure out why it exists and how it works.

How FaceID Works

The TrueDepth system consists of infrared and RGB cameras, along with two types of IR emitters — a standard backlight and a specialized dot projector. The dot projector emits tens of thousands of infrared points that are captured by the IR camera. Using the optical characteristics and the distance between components, the ISP (Image Signal Processor) creates a depth map of the face.

This three-dimensional topology turns out to be far more important than color data for distinguishing a genuine face from a printed photograph or a mask. The technology derives directly from Microsoft's Kinect for Xbox 360, which was originally developed by the Israeli company PrimeSense. Apple acquired PrimeSense in 2013 for $350 million, obtaining all patents and personnel.

Projector Architecture Breakdown

The dot projector consists of three main parts: an FPC (Flexible Printed Circuit) connector, an emitting assembly, and an optical assembly. The passive connector links to the emission unit via a 0.35mm pitch custom connector manufactured by JAE.

Inside the emitter sits a mysterious chip paired with a MOSFET transistor. At first glance, their purpose is unclear — the chip appears to have no obvious role in the projector's operation.

Identifying the Mystery Chip: "MamaBear"

Through reverse engineering the firmware of iOS 13 and iOS 15, I extracted the ISP code and discovered the internal names Apple uses for TrueDepth components. The entire system is codenamed "Pearl," and its submodules are named after characters from Romeo and Juliet:

• Romeo — the IR dot projector
• Juliet — the IR camera
• Rosaline — the IR backlight
• Rigel — the laser driver

The mystery chip bears the codename "MamaBear" (MB). Analysis of the firmware revealed the following about it:

• It communicates via the I2C bus
• It stores OTP (One-Time Programmable) data including serial numbers and calibration information
• It controls the MOSFET through specific commands
• It measures capacitance (not temperature, as initially assumed)

The Safety Killswitch

At the top of the projector sits a diffractive optical element (DOE) — a tiny lens that splits a single laser beam into hundreds of individual points. This is the key to the entire dot projection system.

Here's the critical safety concern: if the DOE is damaged or removed, the concentrated laser power could burn the user's retina. Instead of thousands of low-power dots spread across the face, you'd have a single high-power beam aimed directly at the eye.

MamaBear continuously monitors the DOE's capacitance via three contact lines. The diffractive element, when intact, has a specific and predictable capacitive signature. When capacitance exceeds safe parameters — indicating that the DOE has been cracked, displaced, or removed — MamaBear immediately cuts MOSFET power to the VCSEL (Vertical-Cavity Surface-Emitting Laser).

It then burns an OTP flag marking the projector as permanently defective. No subsequent commands can override this state. The projector is dead forever.

The Water Damage Problem

The dot projector sits near the speaker at the phone's upper edge — the area most likely to encounter liquid. When water enters, the capacitive sensors malfunction due to the conductive fluid. Frequently, even minimal water exposure triggers a false failure signal, causing MamaBear to permanently disable a perfectly functional FaceID system.

This is one of the most common reasons why FaceID stops working — not actual hardware damage, but a safety chip that's too sensitive to moisture.

The Repair Ecosystem: "Shaman" Solutions

Unofficial repair technicians around the world have developed elaborate methods to resurrect disabled projectors, creating a shadow economy around Apple's anti-repair design:

1. "High-voltage programmers": These devices irreversibly reprogram the MOSFET into a permanent short-circuit configuration, bypassing MamaBear's kill signal. The laser will fire regardless of the chip's state.

2. Chip spoofing: Replacement FPC cables containing Chinese-manufactured clone chips that report the original chip's data to the system, fooling it into thinking everything is fine.

3. Full replacement chips: Two-in-one substitutes that both short-circuit the MOSFET and provide the necessary OTP data to the system.

4. Adapter plates: Minimum-soldering solutions that place a clone chip between the original connector and the motherboard.

Interestingly, these specialized repair tools often include DRM features of their own — account binding and limited repair counts that require paid subscriptions to unlock additional uses. The repair tools are themselves locked down.

Apple's Anti-Repair Policy

The core problem isn't the safety chip itself — it's Apple's approach to component serialization. Each TrueDepth module is paired to a specific device via serial number verification. Even if you take a perfectly working FaceID module from one iPhone and move it to another, it won't function.

If modules could be freely transferred between devices, repair technicians could simply swap in working units from damaged donor phones, restoring full functionality safely and without touching any calibrated optics. Instead, Apple's restrictions force dangerous microsurgery requiring extraordinary precision on components designed never to be serviced.

Legislative initiatives like the Right to Repair movements in the US and EU could change this. If serial-number-based component locking is outlawed, the entire cottage industry of chip spoofing and MOSFET reprogramming would become unnecessary, and FaceID repairs would become as straightforward as replacing a cracked screen.