The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Activation Token"

From The iPhone Wiki
Jump to: navigation, search
Line 1: Line 1:
==Layout Activation Token==
 +
==Layout ActivationInfo==
  +
This is the plist file which gets sent to Apple's server
   
 
<?xml version="1.0" encoding="UTF-8"?>
  
<?xml version="1.0" encoding="UTF-8"?>
Line 21: Line 22:
 
</dict>
  
</dict>
   
  +
===Key: ActivationInfoXML===
==Layout ActivationInfo==
  
  +
The ActivationInfo plist file above has a key called ActivationInfoXML. The base64 data value of that key represents the plist file below
  +
 
<?xml version="1.0" encoding="UTF-8"?>
  
<?xml version="1.0" encoding="UTF-8"?>
 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Line 79: Line 82:
 
</plist>
  
</plist>
   
  +
==Spoofing the Activation Server using python==
  +
Here's a python script to spoof it:
  +
import httplib,urllib
  +
import time
  +
ai=open("a.plist",'r')
  +
aidata=ai.read()
  +
conn = httplib.HTTPSConnection("albert.apple.com")
  +
headers = {"Content-type": "application/x-www-form-urlencoded", "User-Agent": 'iTunes/7.6 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96}'}
  +
params = urllib.urlencode({
  +
'activation-info': aidata
  +
})
  +
conn.request('POST', '/WebObjects/ALActivation.woa/wa/deviceActivation',params,headers)
  +
response = conn.getresponse()
  +
resdata=response.read()
  +
f=open("arsp.xml",'w')
  +
f.write(resdata)
  +
#time.sleep(1)
 
==Resources==
  
==Resources==
 
* [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]
  
* [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]

Revision as of 03:06, 19 March 2011

Layout ActivationInfo

This is the plist file which gets sent to Apple's server 

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationInfoComplete</key>
       <true/>
       <key>ActivationInfoXML</key>
       
       (base64-encoded activation info here)
       
       <key>FairPlayCertChain</key>
       
       (base64-encoded cert in DER format)
       
       <key>FairPlaySignature</key>
       
       (base64-encoded signature (SHA1+RSA) of ActivationInfoXML)
       
 </dict>

Key: ActivationInfoXML

The ActivationInfo plist file above has a key called ActivationInfoXML. The base64 data value of that key represents the plist file below 

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
       <key>ActivationRandomness</key>
       <string>(GUID)</string>
       <key>ActivationRequiresActivationTicket</key>
       <true/>
       <key>ActivationState</key>
       <string>Unactivated</string>
       <key>BasebandMasterKeyHash</key>
       <string>(Hash of hardware IDs)<string>
       <key>BasebandThumbprint</key>
       <string>(Hash of hardware IDs not directly used as a key - the TEA key can be derived from this)<string>
       <key>BuildVersion</key>
       <string>8A306</string>
       <key>DeviceCertRequest</key>
       
       (base64 encoded cert)
       
       <key>DeviceClass</key>
       <string>(String ENUM "iPhone", "iPod", "iPod touch", "iPad")</string>
       <key>IntegratedCircuitCardIdentity</key>
       <string>(ICCID as base-10 string)</string>
       <key>InternationalMobileEquipmentIdentity</key>
       <string>(IMEI as base-10 string)</string>
       <key>InternationalMobileSubscriberIdentity</key>
       <string>(IMSI as base-10 string)</string>
       <key>ModelNumber</key>
       <string>MC135</string>
       <key>PhoneNumber</key>
       <string>(String like "+1 (555) 555-5555")</string>
       <key>ProductType</key>
       <string>iPhone2,1</string>
       <key>ProductVersion</key>
       <string>4.0.1</string>
       <string>SIMGID1</string>
       
       (base64-encoded binary GID1)
       
       <string>SIMGID2</string>
       
       (base64-encoded binary GID2)
       
       <key>SIMStatus</key>
       <string>(ENUM kCTSIMSupportSIMStatusReady kCTSIMSupportSIMStatusNotReady kCTSIMSupportSIMStatusOperatorLocked)</string>
       <key>SerialNumber</key>
       <string>...</string>
       <key>SupportsPostponement</key>
       <true/>
       <key>UniqueChipID</key>
       <integer>...</integer>
       <key>UniqueDeviceID</key>
       <string>(hex UUID)</string>
 </dict>
 </plist>

Spoofing the Activation Server using python

Here's a python script to spoof it: 

import httplib,urllib
import time
ai=open("a.plist",'r')
aidata=ai.read()
conn = httplib.HTTPSConnection("albert.apple.com")
headers = {"Content-type": "application/x-www-form-urlencoded", "User-Agent": 'iTunes/7.6 (Windows; U; Microsoft Windows XP Professional Service Pack 2 (Build 2600)) DPI/96}'}
params = urllib.urlencode({
	'activation-info': aidata
	})
conn.request('POST', '/WebObjects/ALActivation.woa/wa/deviceActivation',params,headers)
response = conn.getresponse()
resdata=response.read()
f=open("arsp.xml",'w')
f.write(resdata)
#time.sleep(1)

Resources

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Activation_Token&oldid=16910"