The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Activation Token"

From The iPhone Wiki
Jump to: navigation, search
m
(Added the Activation Protocol)
Line 82: Line 82:
 
</plist>
  
</plist>
   
==Spoofing the Activation Server using python==
 +
==Activation Protocol==
  +
POST /WebObjects/ALUnbrick.woa/wa/deviceActivation HTTP/1.1
Here's a python script to spoof it:
  
  +
Accept-Encoding: gzip
import httplib,urllib
  
  +
Accept-Language: en-us, en;q=0.50
import time
  
  +
Content-Type: multipart/form-data; boundary=DeviceActivation
ai=open("a.plist",'r')
  
  +
Content-Length: 1234
aidata=ai.read()
  
  +
Cache-Control: no-cache
headers = {"Content-type": "application/x-www-form-urlencoded", "User-Agent": 'iTunes/7.6 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96}'}
  
  +
params = urllib.urlencode({
  
  +
--DeviceActivation
'activation-info': aidata
  
  +
Content-Disposition: form-data; name="activation-info"
})
  
  +
conn.request('POST', '/WebObjects/ALActivation.woa/wa/deviceActivation',params,headers)
  
  +
<dict>
response = conn.getresponse()
  
  +
<key>ActivationInfoComplete</key>
resdata=response.read()
  
  +
<true/>
f=open("arsp.xml",'w')
  
  +
<key>ActivationInfoXML</key>
f.write(resdata)
  
  +
<data>
#time.sleep(1)
  
conn = httplib.HTTPSConnection("albert.apple.com")
 +
Host: albert.apple.com
  +
(base64-encoded activation info here)
  +
</data>
  +
<key>FairPlayCertChain</key>
  +
<data>
  +
(base64-encoded cert in DER format)
  +
</data>
  +
<key>FairPlaySignature</key>
  +
<data>
  +
(base64-encoded signature (SHA1+RSA) of ActivationInfoXML)
  +
</data>
  +
</dict>
  +
 
==Resources==
  
==Resources==
 
* [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]
  
* [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]

Revision as of 07:12, 8 April 2011

Layout Activation Token

This is the plist file which gets sent to Apple's server.It can be obtained by using the MobileDevice Library, AMDeviceCopyValue function with the "ActivationInfo" value 

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationInfoComplete</key>
       <true/>
       <key>ActivationInfoXML</key>
       
       (base64-encoded activation info here)
       
       <key>FairPlayCertChain</key>
       
       (base64-encoded cert in DER format)
       
       <key>FairPlaySignature</key>
       
       (base64-encoded signature (SHA1+RSA) of ActivationInfoXML)
       
 </dict>

Key: ActivationInfoXML

The ActivationInfo plist file above has a key called ActivationInfoXML. The base64 data value of that key represents the plist file below 

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationRandomness</key>
       <string>(GUID)</string>
       <key>ActivationRequiresActivationTicket</key>
       <true/>
       <key>ActivationState</key>
       <string>Unactivated</string>
       <key>BasebandMasterKeyHash</key>
       <string>(Hash of hardware IDs)<string>
       <key>BasebandThumbprint</key>
       <string>(Hash of hardware IDs not directly used as a key - the TEA key can be derived from this)<string>
       <key>BuildVersion</key>
       <string>8A306</string>
       <key>DeviceCertRequest</key>
       
       (base64 encoded cert)
       
       <key>DeviceClass</key>
       <string>(String ENUM "iPhone", "iPod", "iPod touch", "iPad")</string>
       <key>IntegratedCircuitCardIdentity</key>
       <string>(ICCID as base-10 string)</string>
       <key>InternationalMobileEquipmentIdentity</key>
       <string>(IMEI as base-10 string)</string>
       <key>InternationalMobileSubscriberIdentity</key>
       <string>(IMSI as base-10 string)</string>
       <key>ModelNumber</key>
       <string>MC135</string>
       <key>PhoneNumber</key>
       <string>(String like "+1 (555) 555-5555")</string>
       <key>ProductType</key>
       <string>iPhone2,1</string>
       <key>ProductVersion</key>
       <string>4.0.1</string>
       <string>SIMGID1</string>
       
       (base64-encoded binary GID1)
       
       <string>SIMGID2</string>
       
       (base64-encoded binary GID2)
       
       <key>SIMStatus</key>
       <string>(ENUM kCTSIMSupportSIMStatusReady kCTSIMSupportSIMStatusNotReady kCTSIMSupportSIMStatusOperatorLocked)</string>
       <key>SerialNumber</key>
       <string>...</string>
       <key>SupportsPostponement</key>
       <true/>
       <key>UniqueChipID</key>
       <integer>...</integer>
       <key>UniqueDeviceID</key>
       <string>(hex UUID)</string>
 </dict>
 </plist>

Activation Protocol

POST /WebObjects/ALUnbrick.woa/wa/deviceActivation HTTP/1.1
Accept-Encoding: gzip
Accept-Language: en-us, en;q=0.50
Content-Type: multipart/form-data; boundary=DeviceActivation
Content-Length: 1234
Host: albert.apple.com
Cache-Control: no-cache

--DeviceActivation
Content-Disposition: form-data; name="activation-info"

<dict>
       <key>ActivationInfoComplete</key>
       <true/>
       <key>ActivationInfoXML</key>
       
       (base64-encoded activation info here)
       
       <key>FairPlayCertChain</key>
       
       (base64-encoded cert in DER format)
       
       <key>FairPlaySignature</key>
       
       (base64-encoded signature (SHA1+RSA) of ActivationInfoXML)
       
 </dict>

Resources

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Activation_Token&oldid=17318"