Activation Hacking Server
It was mentioned on the wiki that it might be possible to replace the .pem for activation, and do a self-signed activation.
Towards that end, I put together a script that generates a token and signature from my own certificate authority.
CA Pem at http://iphone.t28.net/ca-cert.pem
It's SHA1/RSA 1024 bit, and has the same organization/cn/etc as the original certificate. It's self-signed, as opposed to chained to the root - I don't want to replace the whole root if not needed.
If the pem isn't checked for chaining (or a hash of the file), it's theoritically possible to simply replace /System/Library/Lockdown/iPhoneActivation.pem with my pem, plug in the appropriate information, and directly activate the phone.
Unfortunately, I don't have a way to modify the files on the phone to test it myself.