The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Activation"
Master-lex- (talk | contribs) (New page: The lockdown patch automatically activates your phone and makes it to where you dont need to activate your phone through ATT or other official carriers. '''Lockdownd Patches on Difference...) |
m |
||
(28 intermediate revisions by 14 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[Image:foto.jpg|thumb|right|iPhone with 1 signal bar and damaged [[hacktivation]] or it doesn't have an internet connection|100px]] |
||
− | The lockdown patch automatically activates your phone and makes it to where you dont need to activate your phone through ATT or other official carriers. |
||
+ | '''Activation''' is the process by which a new (or newly restored) iPhone or iPod touch can get by the "Emergency Call Screen" ([[List of iPhones|iPhone]]) or "Connect to iTunes" screen (not to be confused with [[Recovery Mode]]; the activation screen has a battery icon in the top right corner to indicate this) to access the SpringBoard. |
||
− | '''Lockdownd Patches on Difference Versions''' |
||
+ | The code in charge of this resides in [[lockdownd]], which is always running on [[iOS]] and monitors the activation status of the device. Lockdownd patches (which requires a [[jailbreak]] whereby a patched kernel can be booted by [[iBoot (Bootloader)|iBoot]] without dynamic libraries dynamically patching in RAM) activate your phone and remove the need to activate legitimately through [[iTunes]] with an official carrier (this process is also called "[[hacktivation]]"), however the iPhone cannot be used to communicate unless an [[unlock]] is found for the [[baseband]]. Lockdownd patches are only used on the [[List of iPhones|iPhone]] as the [[List of iPod touches|iPod touch]] has never been denied activation regardless of firmware, country etc. |
||
− | Lockdownd 1.1.2: |
||
+ | Activation is handled by https://albert.apple.com/deviceservices/deviceActivation |
||
− | Offset Original Patched Reason |
||
− | 0×4B3B 0×1A 0xEA Changed to ignore baseband version. |
||
− | 0×79FC 0xD7 0xFF 0×00 00 Disallows enabling of Voided Warranty. |
||
− | 0×79FE 0xFF 0×1A 0xA0 0xE1 Part of patch at 0×79FC |
||
− | 0×7E0B 0×0A 0xEA Disallows enabling of Voided Warranty. |
||
− | 0xAC73 0×0A 0xEA Disallows enabling of Voided Warranty. |
||
− | 0xBC40 0×01 0×00 Change enable brick mode to disable. |
||
− | 0xC5CC 0×01 0×00 Change enable brick mode to disable. |
||
− | 0xC5D4 0×88 0xEC Change Unactivated to FactoryActivated |
||
− | 0xC614 0×48 0xAC Change Unactivated to FactoryActivated |
||
− | 0xC640 0×1C 0×80 Change Unactivated to FactoryActivated |
||
− | 0xC6F0 0×90 0xD0 Change MissingSIM to FactoryActivated |
||
− | 0xC74C 0×44 0×74 Change MismatchedICCID to FactoryActivated |
||
− | 0xC7DC 0xB4 0xE4 Change MismatchedICCID to FactoryActivated |
||
− | 0xC8AC 0xB0 0×33 0×14 0×34 Change Unactivated to FactoryActivated |
||
− | 0xC904 0×01 0×00 Change enable brick mode to disable. |
||
+ | [[iTunes]] generates an [[Activation Token]] and sends it to Apple's activation server. Once the [[Activation Token]] is validated, the server will generate a [[WildcardTicket]] and signs it with Apple's private key. [[iTunes]] then calls AMDeviceActivate with the [[WildcardTicket]]; The device gets the [[WildcardTicket]] and checks if the signature matches. If it does, it get pasts the emergency call screen and allowing the use of the iPhone. All devices actually go through this process. The activation process is outlined in detail in US patent no. [http://www.freepatentsonline.com/20090061934.pdf 2009/0061934]. |
||
+ | Although the [[List of iPod touches|iPod touch]] can be "activated" without an internet connection, some services such as YouTube and Push Notifications will fail to work due to not having a valid authentication token ([http://support.apple.com/kb/TS3305 iPad and iPod touch: Unable to use YouTube or Push notifications]) so connecting to iTunes will activate the [[List of iPod touches|iPod touch]] fully. |
||
+ | The [[List of iPhones|iPhone]] needs a cellular data connection for the first time, after the activation in [[iTunes]]. You can make calls if an alert says "iPhone is activated". If you don't have a cellular data connection (3G, EDGE, GPRS) you won't be able to make calls and you have only 1 bar of reception. If you only have 1 bar and no carrier at the status bar, it isn't activated correctly. |
||
− | Lockdownd 1.1.1: |
||
+ | [[SAM]] (Subscriber Artificial Module) can simulate official activation for hacktivated devices. |
||
− | Offset Original Patched Reason |
||
− | 0×482F 0×1A 0xEA Changed to ignore baseband version. |
||
− | 0xAF5C 0×01 0×00 Change enable brick mode to disable. |
||
− | 0xB814 0×24 0×54 Change Unactivated to FactoryActivated |
||
− | 0xB818 0×01 0×00 Change enable brick mode to disable. |
||
− | 0xB838 0×00 0×30 Change Unactivated to FactoryActivated |
||
− | 0xB858 0xE0 0×14 0×10 0×15 Change Unactivated to FactoryActivated |
||
− | 0xB884 0xB4 0xE4 Change Unactivated to FactoryActivated |
||
− | 0xB958 0×00 0×10 Change MismatchedICCID to FactoryActivated |
||
− | 0xB970 0xEC 0xF8 Change MissingSIM to FactoryActivated |
||
− | 0xB9E0 0×58 0×88 Change Unactivated to FactoryActivated |
||
− | 0xBA58 0×01 0×00 Change enable brick mode to disable. |
||
+ | == See Also == |
||
+ | * [[Activation Token]] |
||
+ | == External Links == |
||
− | Lockdownd 1.0.2: |
||
+ | * [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate] |
||
+ | * [http://www.freepatentsonline.com/20090061934.pdf Apple Patent] |
||
+ | {{stub|firmware}} |
||
− | Offset Original Patched Reason |
||
− | 0×9184 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×94F0 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×94F4 0×3C 0×68 Change Unactivated to FactoryActivated |
||
− | 0×95C4 0×84 0×98 Change MismatchedIMEI to FactoryActivated |
||
− | 0×9604 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×9624 0×2C 0×38 Change MismatchedICCID to FactoryActivated |
||
− | 0×962C 0×28 0×30 Change MissingSIM to FactoryActivated |
||
− | 0×96A4 0×01 0×00 Change enable brick mode to disable. |
||
+ | [[Category:Baseband]] |
||
− | |||
− | |||
− | Lockdownd 1.0.1: |
||
− | |||
− | Offset Original Patched Reason |
||
− | 0×9158 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×94C4 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×94C8 0×3C 0×68 Change Unactivated to FactoryActivated |
||
− | 0×9598 0×84 0×98 Change MismatchedIMEI to FactoryActivated |
||
− | 0×95D8 0×01 0×00 Change enable brick mode to disable. |
||
− | 0×95F8 0×2C 0×38 Change MismatchedICCID to FactoryActivated |
||
− | 0×9600 0×28 0×30 Change MissingSIM to FactoryActivated |
||
− | 0×9678 0×01 0×00 Change enable brick mode to disable. |
||
− | |||
− | Lockdownd 1.0.0: |
||
− | |||
− | Offset Original Patched Reason |
||
− | 0×8CF8 0×01 0×00 Change enable brick mode to disable |
||
− | 0×90A4 0×01 0×00 Change enable brick mode to disable |
||
− | 0×90A8 0×3C 0×68 Change Unactivated to FactoryActivated |
||
− | 0×9178 0×84 0×98 Change MismatchedIMEI to FactoryActivated |
||
− | 0×91B8 0×01 0×00 Change enable brick mode to disable |
||
− | 0×91D8 0×2C 0×38 Change MismatchedICCID to FactoryActivated |
||
− | 0×91E0 0×28 0×30 Change MissingSIM to FactoryActivate |
||
− | 0×9258 0×01 0×00 Change enable brick mode to disable |
||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | '''All Lockdownd''' |
||
− | |||
− | 1.1.4 original http://rapidshare.com/files/133067477/114_lockdownd_original.zip.html |
||
− | |||
− | 1.1.4 patched http://rapidshare.com/files/133067620/114_lockdownd_patched.zip.html |
||
− | |||
− | Details: |
||
− | The lockdownd in firmware 1.1.4 is very similar to the version 1.1.3, so the same patch applied to 1.1.3 also works on 1.1.4. NOTE: You can’t use the old 1.1.3 patched lockdownd because the files are different, you need to apply the patch on the 1.1.4 lockdownd. |
||
− | |||
− | Patch details: |
||
− | |||
− | Search for differences |
||
− | |||
− | 1. G:\iPhone Stuffs\Lockdownd\lockdownd_114_original\lockdownd: 1,107,780 bytes |
||
− | 2. G:\iPhone Stuffs\Lockdownd\lockdownd_114_patched\lockdownd: 1,107,780 bytes |
||
− | Offsets: hexadec. |
||
− | |||
− | 83AF: 0A EA |
||
− | AFA3: 0A EA |
||
− | C4CF: 1A EA |
||
− | CDB4: 80 04 |
||
− | CDB5: 28 29 |
||
− | CDC0: 01 00 |
||
− | CE08: 2C B0 |
||
− | CE58: DC 60 |
||
− | CE59: 27 28 |
||
− | CF24: 3C 94 |
||
− | CF7C: F4 3C |
||
− | CF7D: 26 27 |
||
− | D000: 70 B8 |
||
− | D1A8: 8C 10 |
||
− | D1A9: 24 25 |
||
− | D224: 4C 94 |
||
− | D274: 01 00 |
||
− | |||
− | 17 difference(s) found. |
||
− | |||
− | |||
− | |||
− | 1.1.3 original http://rapidshare.com/files/133068021/113_lockdownd_original.zip.html |
||
− | |||
− | 1.1.3 patched http://rapidshare.com/files/133068133/113_lockdownd_patched.zip.html |
||
− | |||
− | Patch details: |
||
− | |||
− | Search for differences |
||
− | |||
− | 1. G:\iPhone Stuffs\Lockdownd\lockdownd_113_original\lockdownd: 1,107,780 bytes |
||
− | 2. G:\iPhone Stuffs\Lockdownd\lockdownd_113_patched\lockdownd: 1,107,780 bytes |
||
− | Offsets: hexadec. |
||
− | |||
− | 83AF: 0A EA |
||
− | AFA3: 0A EA |
||
− | C4CF: 1A EA |
||
− | CDB4: 80 04 |
||
− | CDB5: 28 29 |
||
− | CDC0: 01 00 |
||
− | CE08: 2C B0 |
||
− | CE58: DC 60 |
||
− | CE59: 27 28 |
||
− | CF24: 3C 94 |
||
− | CF7C: F4 3C |
||
− | CF7D: 26 27 |
||
− | D000: 70 B8 |
||
− | D1A8: 8C 10 |
||
− | D1A9: 24 25 |
||
− | D224: 4C 94 |
||
− | D274: 01 00 |
||
− | |||
− | 17 difference(s) found. |
||
− | |||
− | |||
− | |||
− | 1.1.2 original http://rapidshare.com/files/133068455/112_lockdownd_original.zip.html |
||
− | |||
− | 1.1.2 patched http://rapidshare.com/files/133068558/112_lockdownd_patched.zip.html |
||
− | |||
− | Details: This patch uses the same technique as introduced in 1.1.1 patch. With this patch, the 1.1.2 can be factory activated immediately. |
||
− | |||
− | The patch details: |
||
− | |||
− | Search for differences |
||
− | |||
− | 1. G:\iPhone Stuffs\lockdownd\lockdownd_112_original\lockdownd: 996,440 bytes |
||
− | 2. G:\iPhone Stuffs\lockdownd\lockdownd_112_patched\lockdownd: 996,440 bytes |
||
− | Offsets: hexadec. |
||
− | |||
− | 4B4C: 01 14 |
||
− | 4B4E: A0 00 |
||
− | 4B4F: E3 EA |
||
− | C5C1: 00 40 |
||
− | C5C2: 54 A0 |
||
− | C5C8: 04 00 |
||
− | C5CA: 00 A0 |
||
− | C5CB: 1A E1 |
||
− | C5CC: 01 00 |
||
− | C5D4: 88 EC |
||
− | |||
− | 10 difference(s) found. |
||
− | |||
− | Note: the 1.1.2 has a firmware checking routine which will brick phone in case an unexpected version is found. The patch at 4B4C-4B4F fixes it. In case the firmware version causes any problem, the syslog will log the following info |
||
− | |||
− | lookup_baseband_info: Not the expected firmware version. Enabling brick mode |
||
− | |||
− | but the actual bricking operations will not be run because the patch will force a jump once the syslog is done. |
||
− | |||
− | |||
− | 1.1.1 original http://rapidshare.com/files/133068876/111_lockdownd_original.zip.html |
||
− | |||
− | 1.1.1 patched http://rapidshare.com/files/133068957/111_lockdownd_patched1.zip.html |
||
− | |||
− | Details: |
||
− | Patch detail: |
||
− | |||
− | Search for differences |
||
− | |||
− | 1. C:\iPhone\lockdownd\lockdownd_111_original\lockdownd: 819,328 bytes |
||
− | 2. C:\iPhone\lockdownd\lockdownd_111_patched\lockdownd: 819,328 bytes |
||
− | Offsets: hexadec. |
||
− | |||
− | B810: 04 00 |
||
− | B812: 00 A0 |
||
− | B813: 1A E1 |
||
− | B814: 24 54 |
||
− | B818: 01 00 |
||
− | |||
− | 5 difference(s) found. |
||
− | |||
− | |||
− | |||
− | source: George Zhu's Blog |
Latest revision as of 00:49, 16 October 2017
Activation is the process by which a new (or newly restored) iPhone or iPod touch can get by the "Emergency Call Screen" (iPhone) or "Connect to iTunes" screen (not to be confused with Recovery Mode; the activation screen has a battery icon in the top right corner to indicate this) to access the SpringBoard.
The code in charge of this resides in lockdownd, which is always running on iOS and monitors the activation status of the device. Lockdownd patches (which requires a jailbreak whereby a patched kernel can be booted by iBoot without dynamic libraries dynamically patching in RAM) activate your phone and remove the need to activate legitimately through iTunes with an official carrier (this process is also called "hacktivation"), however the iPhone cannot be used to communicate unless an unlock is found for the baseband. Lockdownd patches are only used on the iPhone as the iPod touch has never been denied activation regardless of firmware, country etc.
Activation is handled by https://albert.apple.com/deviceservices/deviceActivation
iTunes generates an Activation Token and sends it to Apple's activation server. Once the Activation Token is validated, the server will generate a WildcardTicket and signs it with Apple's private key. iTunes then calls AMDeviceActivate with the WildcardTicket; The device gets the WildcardTicket and checks if the signature matches. If it does, it get pasts the emergency call screen and allowing the use of the iPhone. All devices actually go through this process. The activation process is outlined in detail in US patent no. 2009/0061934.
Although the iPod touch can be "activated" without an internet connection, some services such as YouTube and Push Notifications will fail to work due to not having a valid authentication token (iPad and iPod touch: Unable to use YouTube or Push notifications) so connecting to iTunes will activate the iPod touch fully.
The iPhone needs a cellular data connection for the first time, after the activation in iTunes. You can make calls if an alert says "iPhone is activated". If you don't have a cellular data connection (3G, EDGE, GPRS) you won't be able to make calls and you have only 1 bar of reception. If you only have 1 bar and no carrier at the status bar, it isn't activated correctly.
SAM (Subscriber Artificial Module) can simulate official activation for hacktivated devices.
See Also
External Links
This firmware article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |