The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Activation Token"

From The iPhone Wiki
Jump to: navigation, search
Line 1: Line 1:
[[iTunes]] gets three things from the phone, the [[DeviceID]], the [[wikipedia:IMEI|IMEI]], and the [[Wikipedia:ICCID|ICCID]]. This is called the token and is unique to every iPhone. This token is then sent to the Apple server (alfred.apple.com) via [[Wikipedia:Transport Layer Security|SSL]]. Apple uses their private key to sign the token and transmits it back to [[iTunes]]. [[iTunes]] then calls [[AMDeviceActivate]] with this signed token. The device gets the token and checks whether or not the signature matches the token. If it does, the device is activated. A patched [[lockdownd]] circumvents these checks rather then to provide a valid token. (To create a valid token someone needed Apple's private key.)
 +
[[iTunes]] gets a couple things from the phone: the [[DeviceID]], the [[ChipID]], the [[wikipedia:IMEI|IMEI]], the [[Wikipedia:ICCID|ICCID]], the [[Wikipedia:IMSI|IMSI]], the phone number (!), and a few other things. This is called the "activation token" and is unique to every iPhone. This token is then sent to the Apple server (alfred.apple.com) via [[Wikipedia:Transport Layer Security|SSL]]. The server appends the [[WildcardTicket]] to the token, signs the token with Apple's private key and transmits it back to [[iTunes]]. [[iTunes]] then calls [[AMDeviceActivate]] with this signed token. The device gets the token and checks whether or not the signature matches the token. If it does and if the baseband is able to log in to a GSM network, the device is activated. A patched [[lockdownd]] circumvents these checks rather then to provide a valid token.
   
  +
==Layout Activation Ticket==
{
  
  +
"UniqueDeviceID" = "aabbccdd......";
  
  +
<?xml version="1.0" encoding="UTF-8"?>
"InternationalMobileEquipmentIdentity" = "1234....";
  
  +
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
"IntegratedCircuitCardIdentity" = "1234...";
  
  +
<plist version="1.0">
}
  
  +
<dict>
  +
<key>ActivationInfoComplete</key>
  +
<true/>
  +
<key>ActivationInfoXML</key>
  +
<data>
  +
(base64-encoded activation info here)
  +
</data>
  +
<key>FairPlayCertChain</key>
  +
<data>
  +
(base64-encoded activation info here)
  +
</data>
  +
</dict>
   
 
For the first generation iPhones, the [[NCK]] field has been added. For later generation models, the [[WildcardTicket]] field is used for activating the baseband with [[AT+XLCK]].
  
For the first generation iPhones, the [[NCK]] field has been added. For later generation models, the [[WildcardTicket]] field is used for activating the baseband with [[AT+XLCK]].
  +
  +
==Layout ActivationInfo==
  +
<?xml version="1.0" encoding="UTF-8"?>
  +
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  +
<plist version="1.0">
  +
<dict>
  +
<key>ActivationRandomness</key>
  +
<string>...</string>
  +
<key>ActivationRequiresActivationTicket</key>
  +
<true/>
  +
<key>ActivationState</key>
  +
<string>WildcardActivated</string>
  +
<key>BasebandMasterKeyHash</key>
  +
<string>(TEA key)</string>
  +
<key>BasebandThumbprint</key>
  +
<string>(TEA key)string>
  +
<key>BuildVersion</key>
  +
<string>8A306</string>
  +
<key>DeviceCertRequest</key>
  +
<data>
  +
(base64 encoded cert)
  +
</data>
  +
<key>DeviceClass</key>
  +
<string>iPhone</string>
  +
<key>IntegratedCircuitCardIdentity</key>
  +
<string>...</string>
  +
<key>InternationalMobileEquipmentIdentity</key>
  +
<string>...</string>
  +
<key>InternationalMobileSubscriberIdentity</key>
  +
<string>...</string>
  +
<key>ModelNumber</key>
  +
<string>MC135</string>
  +
<key>PhoneNumber</key>
  +
<string>...</string>
  +
<key>ProductType</key>
  +
<string>iPhone2,1</string>
  +
<key>ProductVersion</key>
  +
<string>4.0.1</string>
  +
<key>SIMStatus</key>
  +
<string>kCTSIMSupportSIMStatusReady</string>
  +
<key>SerialNumber</key>
  +
<string>...</string>
  +
<key>SupportsPostponement</key>
  +
<true/>
  +
<key>UniqueChipID</key>
  +
<integer>...</integer>
  +
<key>UniqueDeviceID</key>
  +
<string>...</string>
  +
</dict>
  +
</plist>
  +
   
 
==Resources==
  
==Resources==

Revision as of 18:10, 20 August 2010

iTunes gets a couple things from the phone: the DeviceID, the ChipID, the IMEI, the ICCID, the IMSI, the phone number (!), and a few other things. This is called the "activation token" and is unique to every iPhone. This token is then sent to the Apple server (alfred.apple.com) via SSL. The server appends the WildcardTicket to the token, signs the token with Apple's private key and transmits it back to iTunes. iTunes then calls AMDeviceActivate with this signed token. The device gets the token and checks whether or not the signature matches the token. If it does and if the baseband is able to log in to a GSM network, the device is activated. A patched lockdownd circumvents these checks rather then to provide a valid token.

Layout Activation Ticket

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationInfoComplete</key>
       <true/>
       <key>ActivationInfoXML</key>
       
       (base64-encoded activation info here)
       
       <key>FairPlayCertChain</key>
       
       (base64-encoded activation info here)
       
 </dict>

For the first generation iPhones, the NCK field has been added. For later generation models, the WildcardTicket field is used for activating the baseband with AT+XLCK.

Layout ActivationInfo

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationRandomness</key>
       <string>...</string>
       <key>ActivationRequiresActivationTicket</key>
       <true/>
       <key>ActivationState</key>
       <string>WildcardActivated</string>
       <key>BasebandMasterKeyHash</key>
       <string>(TEA key)</string>
       <key>BasebandThumbprint</key>
       <string>(TEA key)string>
       <key>BuildVersion</key>
       <string>8A306</string>
       <key>DeviceCertRequest</key>
       
       (base64 encoded cert)
       
       <key>DeviceClass</key>
       <string>iPhone</string>
       <key>IntegratedCircuitCardIdentity</key>
       <string>...</string>
       <key>InternationalMobileEquipmentIdentity</key>
       <string>...</string>
       <key>InternationalMobileSubscriberIdentity</key>
       <string>...</string>
       <key>ModelNumber</key>
       <string>MC135</string>
       <key>PhoneNumber</key>
       <string>...</string>
       <key>ProductType</key>
       <string>iPhone2,1</string>
       <key>ProductVersion</key>
       <string>4.0.1</string>
       <key>SIMStatus</key>
       <string>kCTSIMSupportSIMStatusReady</string>
       <key>SerialNumber</key>
       <string>...</string>
       <key>SupportsPostponement</key>
       <true/>
       <key>UniqueChipID</key>
       <integer>...</integer>
       <key>UniqueDeviceID</key>
       <string>...</string>
 </dict>
 </plist>


Resources

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Activation_Token&oldid=8539"