Activation Token

Layout of Activation Token
This is the CFDictionary string representation which gets sent to Apple's server.The object can be obtained by using the MobileDevice Library, AMDeviceCopyValue function with the "ActivationInfo" value.

It is generated by lockdownd. Upon generation it stores ActivationRandomness in data ark and later checks it, thus only the last generated token it valid. SHA1 is generated in lockdown and then it makes a request to fairplayd to complete signature process and obtain certificate chain. ActivationInfoComplete ActivationInfoXML FairPlayCertChain FairPlaySignature

Key: ActivationInfoXML
The ActivationInfo plist file above has a key called ActivationInfoXML. The base64 data value of that key represents the plist file below

 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">  ActivationRandomness (GUID) ActivationRequiresActivationTicket ActivationState Unactivated BasebandMasterKeyHash (Hash of hardware IDs) BasebandThumbprint (Hash of hardware IDs not directly used as a key - the TEA key can be derived from this) BuildVersion 8A306 DeviceCertRequest DeviceClass (String ENUM "iPhone", "iPod", "iPod touch", "iPad") IntegratedCircuitCardIdentity (ICCID as base-10 string) InternationalMobileEquipmentIdentity (IMEI as base-10 string) InternationalMobileSubscriberIdentity (IMSI as base-10 string) ModelNumber MC135 PhoneNumber (String like "+1 (555) 555-5555") ProductType iPhone2,1 ProductVersion 4.0.1        SIMGID1 SIMGID2 SIMStatus (ENUM kCTSIMSupportSIMStatusReady kCTSIMSupportSIMStatusNotReady kCTSIMSupportSIMStatusOperatorLocked) SerialNumber ...        SupportsPostponement UniqueChipID ...        UniqueDeviceID (hex UUID)

SIMGIDs and PhoneNumber are present only if installed SIM has them and it was read correctly.

If ActivationState is not Unactivated or token signature is not correct, Apple server will respond with message "there's probled with your device".

Activation Protocol
Use SSL and send the request below with the values POST /WebObjects/ALUnbrick.woa/wa/deviceActivation HTTP/1.1 Accept-Encoding: gzip Accept-Language: en-us, en;q=0.50 Content-Type: multipart/form-data; boundary=DeviceActivation Content-Length: 1234 Host: albert.apple.com Cache-Control: no-cache --DeviceActivation Content-Disposition: form-data; name="activation-info" ActivationInfoComplete ActivationInfoXML FairPlayCertChain FairPlaySignature

Resources

 * posixninja's iDeviceActivate
 * iSn0wra1n's iActivator v2 for Windows