Discuss I still think it's in the activation process at the General - Hackint0sh.org; Meagain has confirmed that an iphone-activated-sim card will not automatically work in an "unopened box" ...
Meagain has confirmed that an iphone-activated-sim card will not automatically work in an "unopened box" iphone.
Thanks to meagain for this info.
I just read her post too! I'm getting excited, at least now we're on the right track...
Although I am a little worried, I purchased my iphone officially 'activated' from the states (i'm in Canada)... would this mean that I'm stuck with AT&T, or would it be possible to reset that initial activation?
Before we are moving down this lane , wouldn't it make sense to hear more about the observations made by the DevTeam !
They have to have been down this lane and made similar dump analysis.
As Apple is using RSA to protect basic OS code, they might as well use this for locking purposes as well.
So if they are using RSA for this process, they may use some kind of Apple private RSA key to sign and/or encrypt one or more messages containing :
- the marriage token of the ICCID), EMEI and Iphoneid
- the 8 digit 'Unlock code' for the AT+CLCK command - assuming this is the entry to the magic open SIM world.
Above implies that the the OS code contain the public key, as I haven't seen any public key in the USB stream.
I haven't read that the radio module is involved in RSA operations ?? which would make sense , as they can hardcode the public key inside the microkernel of the S-GOLD2 module.
I know this a common method, from my experience in the embedded device industry.
One note regarding the 8 digit 'unlocking' code: some if all of the SIM manufacturers create a set of Ki's and PINS/PUKS for each SIM card at random and passed these to the network operators which stores them in huge databases. If Apple uses the same approach, the unlock code is purely random.
UNLESS they derive the code from the EMEI, using some funcky algorithm, which does not seems to relate to standard DES or AES as it only contains the digits: 0-9.
Anyway, where does is leaves us.
One approach could be:
- Strip the USB dump from USB transport noise.
- Find the message format and the direction of the messages.
- figure out why the keys and certificates are transmitted 17 times each, it this the same for other activations ??
are all 17 pair equal ? are they using "security by obscurity"
- are there any non text messages left which looks too random ??
are these 128 byte wide ?
are these blocks different from other activations ?
If so we may have found an RSA encrypted message (which is damm hard to break ( )
If no RSA encrypted message to be found then the remaining data blocks have to be analysed further for DES / AES like sizing.
a) have any made a logging of the SIM communication during activation. ?
The SIM may have (hidden) files which carry code or other interesting info.
b) Could it be that the activation is done OTA (over the air) as the first thing adressing the network ??
But still, before any of this is started, it could be interesting to hear from the Great Guys from the Devteam - Big RESPECT for you hard work.
BTW-2; I havn't yet an Iphone , but expects to buy one in US next week. (looking forward to cuddle the little Babe)
BTW-3: any advise in this respect to buying a "as you go" plan/package, as I would like to 'top it up'. Does these plans allow roaming ?, as I live in Europe.
I just used my own operetors SIM and activated the iPhone using its ICCID. Result was MismatchedICCID. The same error as when you aply DVD Jon's method. Maybe we are on the right track here and is the certificat procedure not totaly tweaked yet.
no international roaming on go phone plans.
the only option is: go to an att store make a deposit and you'll be able to sign on one of these 2 year things;
but careful your're allowed only 40% of your minutes to be roaming and the minute is like 1 $ (discounted).
international data is extra also and for us in germany the roaming partner is eplus (no edge...)
I did the same with my operator SIM and got Activated status. Moreover it looked like the sim was registered at the network as I was able to call my number and hear tones instead of "number is not reachable" message. But iPhone did not ring and no calls were possible from it.
Originally Posted by fedorr
hi all. I've been hanging around ever since the launch, but just signed up... i'm very interested in the unlocking so I can use the iPhone on my home network as well as on trips on my ATT account.
I have in my posession 3 iPhones.
1 is activated with ATT
2 are "waiting for AT&T activation" (there is some problem I'm trying to diagnose, att said that the simcard was the problem on the first one, so I got the second one out, but it is now stuck in the same crap...)
Anyways, I just want to put forth a few things:
Taking an iPhone activated SIM card that works perfectly, and putting it into another iPhone STILL REQUIRES iTunes sync. If you remove the simcard and put another in the same iPhone it always makes you re-sync (i gather iTunes "pairs SimCard<>iPhone" every time there is an initial sync).
Further, I'm making myself available to run any sort of dump or anything that can be done under windows on any of these 3 phones. Please send detailed instructions via PM if you need anything done, as well as what needs to be done for the dump, etc...
I'll also post any dumps on this forum, not just send it back to whomever asked, so it will be available to anyone...
I'm sorry but I dont know anything about the procedures required for unlocking, so all I can really do is make myelf and the 3 iPhone units available as guinea pigs.
1) It is entirely possible that the phone is locked to at&t and itunes simply activates it.
2) It is entirely possible that the unlock code is sent over the air.
3) It is entirely possible that the USB stream contains absolutely NO unlock data.
Logic will prevail:
We know that it is possible to activate (but not unlock) the phone without using iTunes.
Is it possible to take a hacktivated phone and use the phone after inserting the sim card from a legitimately activated iPhone in it?
If so, then we know the unlock doesn't come from iTunes, it comes from the sim or over the air.
Please comment... our combined knowledge is immense.
"2) It is entirely possible that the unlock code is sent over the air."
we can test this by doing an activation in the presence of a GSM jammer.
worth a crack if it can be arranged
I can say activation must come across the internet. I life in germany and I activated the phone the offical way with an pre payed plan. So I received activasion for the phone via itunes, because i cannot receive something over air here in germany. right now i can choose betwenn 4 different providers, but i am not able to stay in one of these networks for more than a few seconds. i lost carrier all the time... so i think it is because there is no possibilitie to get international roaming on an pre paided account. So, how should at&t sen activation over air? through an roaming partner? i dont think so...
By username0 in forum General
Last Post: 01-25-2008, 09:32 AM
By svanalten in forum iPhone "2G" (Rev. 1)
Last Post: 11-25-2007, 09:10 AM
By 997TT in forum iPhone "2G" (Rev. 1)
Last Post: 09-29-2007, 12:14 AM
By tcd2004 in forum General
Last Post: 07-25-2007, 11:30 PM