/dev/random

After hanging around the osx86 crew last night on IRC, I found out that they had finally cracked the activation service and made a proof of concept tool that would activate the iPhone with a plist file. The developers refused to release the actual tokens that needed to be embedded inside the plist file for activation though, for good reason, as they are DVD Jon’s.

Now, they did tell me one thing. The keys are embedded in the .NET binary in JLJ’s iPhone activation server. So I began working and this led to where I’m at now, a how-to. This post will not provide the tokens, nor will I provide them until JLJ says I can. This article will walk you through the process of obtaining them so you can activate your iPhone on a mac though, as suggested by the developers of the tool.zip we will be using.
As of now, you can just download the newly released iPhoneActivatorTool to activate your phone. This is a newer version of tool.zip that includes the plist file required.

Step 1:
Download the following files:

• JLJ’s PhoneActSrv - Mirror
• tool.zip - mirror
• My iPhone Decrypt App
• Lutz Roeder’s Reflector .NET disassembler

Step 2:
This step is where you’ll actually prepare the data you need to get. You will need windows with .NET framework 2.0+. JLJ’s PhoneActSrv’s binary has the keys stored within it, encrypted using AES. In order to get the keys, we need to disassemble the binary. To do this, you need to open up Reflector and go to File->Open then locate and open the PhoneActSrv.exe file.

Once it’s loaded, you will see the entry in the tree view. Right click on PhoneActSrv and click Export. Make sure you save this somewhere that you will remember, you will spend a lot of time looking at the disassembly. You also need access to it over the mac.

Step 3:
Now, open the directory you saved the disassembly files to. You should see the following files:

• a.cs
• b.cs
• AssemblyInfo.cs
• d.cs
• DotfuscatorAttribute.cs
• e.cs
• e.resources
• f.resources
• Global.cs
• PhoneActSrv.csproj

If you see these files, you did step 2 correct. If not, go back and do it again. This is where you may need some coding experience, as I can’t just hand these keys out. I provide you with enough hints that I feel you can find the keys. Unzip my iPhone Decrypt application and open up iphone_decrypt.c and read the comments. For each variable needed, I provide you with a hint on how to find it. All the values needed are located in the d.cs file.

Once you find them, plug the values into their appropriate arrays in iphone_decrypt.c. Once you have what you think are the values, open up a terminal, go to the directory iphone_decrypt.c is located in and run the following in console.

$ ./build.sh
$ chmod +x iphone_decrypt
$ ./iphone_decrypt

If all goes well, you should see something like the following on the terminal:

kalashnikov:~/Desktop/iPhone-RE/AES decrypt cody$ ./build.sh
kalashnikov:~/Desktop/iPhone-RE/AES decrypt cody$ ./iphone_decrypt
Welcome to the iPhone JLJ key decryptor. Find the data in his app and set the variables in the code to this one.
Setting AES key...done
---1076
Attempting to decrypt the key...done
Key is <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Document xmlns="http://www.apple.com/itms/" disableHistory="true" disableNavigation="true">
&nbsp;
<Protocol>
    <plist version="1.0">
        <dict>
	
          <key>iphone-activation</key>
          <dict>
            <key>unbrick</key>
            <true/>
            <key>activation-record</key>
            <dict>
              <key>AccountToken</key><data>*snip*</data>
              <key>AccountTokenSignature</key><data>*snip*/data>
            </dict>
          </dict>
	
        </dict>
    </plist>
</Protocol>
&nbsp;
</Document>??V?n9???lsQ?
Freeing up memory...done

If you do, move onto step 4, if not, keep trying.

Step 4:
Unzip tool.zip and open up the blank.plist file in something like textmate. It’s just an XML file. blank.plist contains the following:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>ActivationRecord</key>
	<dict>
		<key>AccountToken</key>
		<data>
		</data>
		<key>AccountTokenCertificate</key>
		<data>
		</data>
		<key>AccountTokenSignature</key>
		<data>
		</data>
		<key>DeviceCertificate</key>
		<data>
		</data>
		<key>FairPlayKeyData</key>
		<data>
		</data>
	</dict>
	<key>Request</key>
	<string>Activate</string>
	
</dict>
</plist>

Copy the AccountToken and AccountTokenCertificate lines and their data lines from the console output of iphone_decrypt. Paste them into the plist file so that it looks like the following:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>ActivationRecord</key>
	<dict>
		<key>AccountToken</key><data>*snip*</data>
	              <key>AccountTokenSignature</key><data>*snip*</data>
	</dict>
	<key>Request</key>
	<string>Activate</string>
	
</dict>
</plist>

Save this file as activate.plist in the same directory as blank.plist

Step 5:
Activate your iPhone by running the following command in the terminal after changing to the directory that blank.plist is located in.

$ ./tool --activate activate.plist

You should see the following output on the console:

kalashnikov:~/Desktop/tool Folder cody$ ./tool –activate test.plist
iPhoneActivatorTool 1.0
2007-07-04 15:10:43.887 tool[10443] Found iPhone Device: 1
2007-07-04 15:10:43.887 tool[10443] Connecting…
2007-07-04 15:10:43.892 tool[10443] Checking Pairing…
2007-07-04 15:10:43.905 tool[10443] Starting device session…
2007-07-04 15:10:43.990 tool[10443] ActivationState: Unactivated
2007-07-04 15:10:43.990 tool[10443] Deactivating your iPhone…
2007-07-04 15:10:44.002 tool[10443] New ActivationState: Unactivated
2007-07-04 15:10:44.003 tool[10443] Activating your iPhone…
2007-07-04 15:10:44.163 tool[10443] New ActivationState: MismatchedICCID
2007-07-04 15:10:44.163 tool[10443] Your iPhone was successfully activated.

You will probably see a popup about your iPhone having an incorrect SIM card. Just slide the unlock slider at the bottom to the right and you should be ready to go.

Permalink | Comments(26)  |   Del.icio.us  |   Digg  |   Slashdot

As some of you know, and some of you don’t, last weekend was the 2nd NetBSD bugathon. Over 300 bugs have been reported as fixed and over 97 people joined the IRC channel to help out and talk about their ideas, I was one of them. I spent a lot of yesterday, in between homework assignments, chatting to a few of the developers about getting NetBSD/BeBox running again, and I succeeded.

Currently, the only thing you have to do to get NetBSD 3.0 Release to compile is edit the list file that has two entries for pte.h, one marking it obsolete and one marking it not. Remove the line marking it non-obsolete and compile as the handbook says with build.sh.

The good news to come from this is that one of the developers instructed to get the port updated was there. He doesn’t have a bebox, so he didn’t want to do it blindly. He asked me to assist him with getting it up-to-date. So not only was yesterday the first day that NetBSD 3.0 has run on the bebox, as far as I know, but it also marks my slow journey back into an open source project. (I’m not going to get near as involved this time.)

Here are some pics to drool over, click for larger versions:

NetBSD 3.0 on bebox Hosted on Zooomr

NetBSD 3.0 on bebox Hosted on Zooomr

Permalink | Leave a comment  |   Del.icio.us  |   Digg  |   Slashdot

Well, i spent the last hour and a half reading up on PowerPC assembly code. It’s definitely interesting coming from an 80×86 background. (Even though I knew very little x86 assembly) I will say one thing right now, I can imagine it being pretty odd pulling all nighters with ppc asm, since there is no way to distinguish the type or register you are modifying. They are identified by just a digit, 1-32.

I definitely find the architecture to be cool though. One of the really nice things about it, is the insane backwards compatibility with 32bit ppc apps on ppc64 machines. The binaries usually work just great. Unlike going to longmode, where you have to actually try in the kernel so you have 32bit support.

For those of you who don’t know, I’m planning on porting my OS to my BeBox as soon as I have enough knowledge of the architecture. Hopefully, I can manage to get another OS going in the process too, maybe updating the netbsd port of porting haiku?

I would also like to say that the ThreadBound teaser page has done better than I thought it would in one day. We’ve already got quite a few email address sign up for the updates. Keep them coming. :)

If I don’t update for a while, I’m rushing to get my summer assignment finished. I have a huge precal packet to do and a report on Fahrenheit 451 and I haven’t started to read it yet…

Permalink | Leave a comment  |   Del.icio.us  |   Digg  |   Slashdot

So today I did some more research for my new site. I into memcached and XMPP. You have to admit, for as much as the LiveJournal site is put down in the technology area on the web, they have some really cool technologies that were developed behind the scenes, memcached being one of them. Many people don’t even realise this, but memcached alone is used by many really large sites, such as sourceforge.net and slashdot.org. I will be using it in my new site as well, if things go as planned. (I haven’t messed with it on BSD yet)

XMPP is the really nice XML based protocol that Jabber uses. Not only does it allow secure remote logins, but it can be used from all over the place. To top that off, the actual XMPP or Jabberd doesn’t have to be open to the public pool, how Gtalk was when it first came out.

I REALLY like this protocal and I’m trying to find a nice implementation to play with. If I don’t find one, I will probably strip the JayantHTTPD code base and start reading the RFC for the protocol. Hopefully, I can get a server up and mod it to do authentication from a local database.

Either way, I’ll be playing with it from the web. My new site needs global accounts that can be accessed from around the internet, similar to OpenID. If I can keep this method fast and simple to work with, I’ll be extremely happy.

Oh, and in other news, I have a work-in-progress mockup of the new design for this slum. See it here. Let me know what you think!

Permalink | Leave a comment  |   Del.icio.us  |   Digg  |   Slashdot

I got the bug worked out of Jayant today. It can now serve 10,000 concurrent requests in a measly 3.7 seconds according to apachebench. :) The bug was that recv was returning 0 due to it receiving no data. I never checked for zero, but only negative one, so the thread would sit in an infinite loop.

A release should be coming soon, I started the subversion repository today and setup the cia.navi.cx hookscripts.

You may have noticed this site was down today for about two hours. I upgraded my server’s php installation and all the modules with it, so hopefully we get some performance benefits, but I doubt it. At least we know there are less bugs in the setup. :)

More tomorrow, for now bed.

Permalink | Comments(2)  |   Del.icio.us  |   Digg  |   Slashdot