The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

WildcardTicket

From The iPhone Wiki
Revision as of 03:02, 15 August 2010 by Dogbert (talk | contribs) (New page: The wildcard ticket is used for activating the baseband. It is stored in the file "/var/root/Library/Lockdown/activation_records/wildcard_record.plist". ==Layout== 0x0 Version number (=2...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The wildcard ticket is used for activating the baseband. It is stored in the file "/var/root/Library/Lockdown/activation_records/wildcard_record.plist".

Layout

0x0 Version number (=2 for iPhone 3G, 3GS)
0x4 Encrypted Ticket

The ticket is decrypted with TEA in CBC mode using the norID, chipID, IMEI and a salt. The layout of the decrypted ticket looks like this: 

0x00        Certificate Length (in bits)
0x04        Certificate Serial (usually 1)
0x08        Public Key Length (in bits)
0x0c        Public Key Exponent
0x10-0x90   Public Key
0x110-0x190 Certificate of the first 0x110 bytes signed with rsa_key2
0x190-0x19B ICCID mask (relevant bits for simlock)
0x19C-0x1A3 IMEI
0x1A4-0x1B7 Hash of several hardware IDs (IMEI, norID, chipID)
0x1B7-      Table of "policies" (netlock)

Attached to the decrypted ticket is a certificate (0x80 byte) signed with the key at 0x10.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=WildcardTicket&oldid=8332"