For all the iPhone Mac users out there, I've taken one step towards not needing Windows to use DVD Jon's method for activation. I ported his Phone Activation Server application from C# to Java.

Here's a link to the executable JAR file (double-click to run it on Mac OS X - remember to shut down any running web server first though):

*removed* - see post #17 for newer version

And here's a link to the Java source code (zipped):

*removed* - see post #17 for newer version

Unfortunately, I don't have a locked iPhone I can test it with. So if someone wants to give it a go, please report back as to whether it works or not (it also runs on Windows - so you can follow DVD Jon's method and use this version of the server instead).

Also, if anyone would like to host those files somewhere better, feel free to do so (as long as they are kept unmodified).

Now we just need to figure out some magic hexadecimal changes to iTunes for Mac... where's a Mac version of SoftICE when you need it?

hey dude...umm sorry i cant test i too dont have a iphone though can u just provide me with a link to softice for windows vista...i searched all over but couldnt find it..thanx!

No, sorry, I'm predominantly a Mac user (hence the need for a Mac version of DVD Jon's method).

I've only used SoftICE/DriverStudio on 98/2000/XP. Here's a page you might find interesting though:

http://en.wikipedia.org/wiki/Softice

Looks like SyserDebugger is what you're looking for on Vista.

For mac users, perhaps Oxed will work?

[Edit: Well, maybe I was doing something wrong, but I was unable to find Dvd John's "magic numbers". Guess they're different for the Mac version?]

Yeah, I just downloaded that. I've been using Hex Fiend though, which works ok too. But a hex editor is no replacement for a low-level debugger with the power of SoftICE.

I took a look at where he patched iTunes.exe on Windows and there's nothing which stands out about those locations (ie. they're not simple string replacements). So they must be code patches, which obviously won't translate simply to the Mac version of iTunes.

I've found some "interesting" strings in the Mac version, and am planning to see where those strings are being used in the code. Unfortunately, not having an iPhone makes it very difficult since I can't use gdb (because I have no way to attempt activation). I tried scanning for obvious function names using nm, but I don't see anything.

One easy thing to check (if I had a locked iPhone) would be to see if my Java version of the Phone Activation Server works with the Mac version of iTunes without modification. That would be nice (but highly doubtful). There were a couple of error strings in there regarding a signature from the server (which Jon mentions in his blog as well). So I'm guessing that his patches bypass the need for that signature...

I was hoping someone would offer this crack for Mac people. Good luck Operator!

omg, otx is a genius piece of software... I can see through time... but I'm still running blind. If only I had an iPhone to test with.

PM me if you have a locked iPhone and can help out. I really need to see what error message comes up when the Mac version of iTunes tries to activate with my app.

Basically, what you'd need to do (on Mac) is:

1) Edit /etc/hosts and add "127.0.0.1 albert.apple.com". You'll probably need to be root to do this.
2) Disconnect from the internet (just to be safe)
3) Shut down Personal Web Sharing in System Prefs->Sharing
4) Run my Java app (as root). Easiest way is to open a Terminal, cd to the directory where you saved the JAR file, and type: "sudo java -jar PhoneActSrv.jar"
5) Try to activate your iPhone via iTunes (using any information)

You _should_ get a "Server Activation Error" message popping up. I need to know what that message is.

For some reason, it couldn't bind to 127.0.0.1, even though I have no HTTP server running there.

A netstat showed that it did bind to the wireless adapter, on IP 192.168.1.101. It also didn't like running as a non-priveleged user - I supect it's the whole "priveleged port" thing going on.

So, changed /etc/hosts, and ran "lookupd -flushcache". Verified that a connection to albert.apple.com:80 works as expected.

I get the error: "We could not complete your iTunes store request. The network connection was refused."

I think I see the problem. The binary version of the windows activator has a key hidden inside it. That key is missing in the source.

Yeah, I forgot to mention that you need to be root to run it.

So it seems like the problem is that it bound to the wrong network interface. That should be pretty easy to fix.

This is because the server is bound to the wrong interface. So there's nothing handling connections on loopback (127.0.0.1).

Lemme fix that and try a new version.