Hi all,

Just wondering why I haven't seen more people trying to better figure out the activation process still. I don't mean just the actual activation of the phone, I mean figuring out all that is sent through from iTunes when the phone is legitimately activated.

Knowing Apple, the lock won't be easily defeated, but there will be an alternative to unlocking it anyway. I'm talking about perhaps the activation process actually specifies what network to lock to, including network settings etc rather than whether to actually lock or not.

It just sounds like an Apple thing to do to have the same piece of hardware and base system software for the entire world, and to have iTunes simply take care of what region etc to activate/lock to.

I'm busy trying to figure it out, but I'm having massive trouble trying to interpret the usb dump I received from someone who legitimately activated their phone, as it's all encrypted. Any assistance here would be most appreciated..

What I'm trying to find is where in the activation process it sends the network settings to the phone (if it does), and generally decrypt the activation data being sent to the phone. I attempted to have a 'conversation' with the iTunes activation server (the real one), but it's just too extreme for me - I ran out of IQ haha.

Cheers.
-Adam

Maybe you're right, if you are correct then a special command via usb would be enough to unlock the phone. We allready know that we can activate it via usb, so maybe unlocking via the usb/itunes is not that far fetched.

Cheers.

I'm not actually talking about a command to unlock the phone, I'm saying forget about trying to unlock it for a minute. I'm talking about telling it to lock to a different carrier. That, perhaps in the activation process, iTunes actually tells the phone to lock to a particular carrier as if exactly the same iPhone and software could be used worldwide and just made local through the iTunes activation process.

I'm theorising that Apple are shipping the same iPhone with the same OS as the USA version, to international customers as their regions become open to purchase. That, perhaps the features are already there.

That is indeed an interesting take on it. Let's further scrutinize the logic.

WHAT WE KNOW OR CAN ASSUME FOR NOW:
(A) Apple is able to update the "firmware" of the iphone via itunes.

(B) From a manufacturing point of view, it makes very good sense to 'lock' the iphone to EVERYTHING and activate it via itunes. That way you can add carriers et al "dynamically" - meaning, through a update to itunes or at the very least pushing new software to the iphone

(C) We know that presently, the only way to legitimately activate the iphone as a phone is through itunes.


WHAT WE NEED TO LEARN TO PROVE/DISPROVE THIS THEORY:
So, from these three points we can ask the following questions:

1) Would an AT&T sim card from an ACTIVATED iphone work properly when transferred to an brand-new-never-been-connected to itunes right out of the box iphone?

If the answer is "yes", then the iphone is indeed locked to AT&T and whatever gets sent to the iphone during activation has nothing whatsoever to do with enabling the radio.

2) If question (1) above results in an answer of "no, when using an AT&T sim card from an activated iphone in a new iphone, that iphone still requires a 'sync' with itunes to work, then:

2.1 It should be possible to parse the usbdump to the iphone and find where the activation code is being set - and even simulate it with a valid activation code for whatever sim/ICCID code you want to use.

2.2 Once a SECOND carrier picks up the iphone, it should be possible to identify where this occurs quite easily.

IMHO: In order to do this, we would need, from legitamtely activated iphones:

i The usbdump of the activation process
ii The IMEI of the phone
iii The ICCID of the sim card

and... to make matters a little more difficult - we would need this for MULTIPLE UNIQUE ACTIVATIONS.

The problem here, even if you're correct, is an acute lack of data. We simply don't have enough dumped data to effectively look for it. It's a needle in a haystack.

In the mean time, I'd love to take a look-see at that usb dump. Provided you don't have a problem with sharing that info, please PM me with a link.

Cheers

David

The more I think about your post, the more I like the way you think. I'm modding you up.

this is a usb dump of a legitimate activation process where the user signs up for a 2 year contract with at&t successfully:

http://www.fileden.com/files/2007/7/...ock.usblog.zip

ok so i must point out that i can only say this is what i'm told from the source. i didn't witness the dump myself, so i'll say (to cover my own arse) obsess about studying at your own risk.

cheers.
-adam

Yes, I think you're right too. the "unlocking" or better locking to carrier is done via iTunes.

Maybe somone else had the same idea:

http://blog.iphoneunlocking.com/

But I'm afraid there's more to it, because the guys from iphoneunlocking finished data collection of activation traffic logs on July 3rd, and up to now still no real progress. The POC video announced July 13th is still nowhere to be seen and these guys unlock phones for a living...

it's getting sort of frustrating, sitting here in germany with the best iPod, best Mini Safari an Mini Mail but NO PHONE

greets charley


just to a look at the usblog: Does somone know the autistic kid from "Mercury Rising" - he's badly needed

nice theory wombat
the more I think about, I do think you are onto something here...
-DevTeam: is this something you have considered, if yes what was your thoughts on this?
good work ya'all!! Sooner than later we'll have this sucker figured out

David: Meagain from the following thread... http://www.hackint0sh.org/forum/showthread.php?t=1890
attempted swapping the SIM of an Activated iphone with a non-activated one...

Originally Posted by meagain

Tak - I tried swapping the SIM last night and it did nothing to the non-activated phone. Perhaps if I re-activated it via iTunes (as if it was a loaner phone from Apple), but I was afraid of messing up his phone for work today.

Originally Posted by taktix

David: Meagain from the following thread... http://www.hackint0sh.org/forum/showthread.php?t=1890
attempted swapping the SIM of an Activated iphone with a non-activated one...

I've posted in that thread asking for clarification, just to be safe... but that looks like evidence that iTunes is controlling the lock.

Now we need USBDUMPS with known ICCID and IMSI/IMEI data so we can find the activiation in the dump...

So how do we go about doing that? I'd activate mine, but... well, if I could activate it I probably wouldn't be here...

D