Jul 4th, 2007
After hanging around the osx86 crew last night on IRC, I found out that they had finally cracked the activation service and made a proof of concept tool that would activate the iPhone with a plist file. The developers refused to release the actual tokens that needed to be embedded inside the plist file for activation though, for good reason, as they are DVD Jon’s.
Now, they did tell me one thing. The keys are embedded in the .NET binary in JLJ’s iPhone activation server. So I began working and this led to where I’m at now, a how-to. This post will not provide the tokens, nor will I provide them until JLJ says I can. This article will walk you through the process of obtaining them so you can activate your iPhone on a mac though, as suggested by the developers of the tool.zip we will be using.
As of now, you can just download the newly released iPhoneActivatorTool to activate your phone. This is a newer version of tool.zip that includes the plist file required.
Download the following files:
- JLJ’s PhoneActSrv – Mirror
- tool.zip – mirror
- My iPhone Decrypt App
- Lutz Roeder’s Reflector .NET disassembler
This step is where you’ll actually prepare the data you need to get. You will need windows with .NET framework 2.0+. JLJ’s PhoneActSrv’s binary has the keys stored within it, encrypted using AES. In order to get the keys, we need to disassemble the binary. To do this, you need to open up Reflector and go to File->Open then locate and open the PhoneActSrv.exe file.
Once it’s loaded, you will see the entry in the tree view. Right click on PhoneActSrv and click Export. Make sure you save this somewhere that you will remember, you will spend a lot of time looking at the disassembly. You also need access to it over the mac.
Now, open the directory you saved the disassembly files to. You should see the following files:
If you see these files, you did step 2 correct. If not, go back and do it again. This is where you may need some coding experience, as I can’t just hand these keys out. I provide you with enough hints that I feel you can find the keys. Unzip my iPhone Decrypt application and open up iphone_decrypt.c and read the comments. For each variable needed, I provide you with a hint on how to find it. All the values needed are located in the d.cs file.
Once you find them, plug the values into their appropriate arrays in iphone_decrypt.c. Once you have what you think are the values, open up a terminal, go to the directory iphone_decrypt.c is located in and run the following in console.
$ chmod +x iphone_decrypt
If all goes well, you should see something like the following on the terminal:
kalashnikov:~/Desktop/iPhone-RE/AES decrypt cody$ ./build.sh kalashnikov:~/Desktop/iPhone-RE/AES decrypt cody$ ./iphone_decrypt Welcome to the iPhone JLJ key decryptor. Find the data in his app and set the variables in the code to this one. Setting AES key...done ---1076 Attempting to decrypt the key...done Key is
??V?n9???lsQ? Freeing up memory...done iphone-activation unbrick activation-record AccountToken*snip* AccountTokenSignature*snip*/data>
If you do, move onto step 4, if not, keep trying.
Unzip tool.zip and open up the blank.plist file in something like textmate. It’s just an XML file. blank.plist contains the following:
ActivationRecord AccountToken AccountTokenCertificate AccountTokenSignature DeviceCertificate FairPlayKeyData Request Activate
ActivationRecord AccountToken*snip* AccountTokenSignature*snip* Request Activate
Save this file as activate.plist in the same directory as blank.plist
Activate your iPhone by running the following command in the terminal after changing to the directory that blank.plist is located in.
$ ./tool --activate activate.plist
You should see the following output on the console:
kalashnikov:~/Desktop/tool Folder cody$ ./tool –activate test.plist
2007-07-04 15:10:43.887 tool Found iPhone Device: 1
2007-07-04 15:10:43.887 tool Connecting…
2007-07-04 15:10:43.892 tool Checking Pairing…
2007-07-04 15:10:43.905 tool Starting device session…
2007-07-04 15:10:43.990 tool ActivationState: Unactivated
2007-07-04 15:10:43.990 tool Deactivating your iPhone…
2007-07-04 15:10:44.002 tool New ActivationState: Unactivated
2007-07-04 15:10:44.003 tool Activating your iPhone…
2007-07-04 15:10:44.163 tool New ActivationState: MismatchedICCID
2007-07-04 15:10:44.163 tool Your iPhone was successfully activated.
You will probably see a popup about your iPhone having an incorrect SIM card. Just slide the unlock slider at the bottom to the right and you should be ready to go.