Originally Posted by Olethros

This is also my understanding, and is why I took apart this firmware to look for changes. I still doubt that the original poster got push notifications properly working simply because of this hacked firmware. I cannot find a reason why it would work. I think the devicetree is a red herring and has nothing to do with solving this.

Does anyone know more about the structure of these unique certs? Do you get a new unique cert if you restore your phone and activate again? Is the UDID of the device embedded into the cert at all? There is some good information about which files are critical to push on the forum of the guy who is selling certificates.

Push Fix • View topic - Try this if all else fails

I was looking into that right now.

They are X509 certificates/key pairs in DER format. The problem is that they are signed by Apple, so there is no way to create such certificates other than by proper iTunes controlled Activation.

To illustrate, this is the dump of one of the certificates:

Code:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:81:0b:5d:d0:8c:48:88:19:b5
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Device CA
        Validity
            Not Before: Oct 20 02:12:42 2009 GMT
            Not After : Oct 20 02:12:42 2012 GMT
        Subject: CN=F7066122-C872-469D-8B17-9D16E59ED1C4, C=US, ST=CA, L=Cupertino, O=Apple Inc., OU=iPhone
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1023 bit)
                Modulus (1023 bit):
                    52:a9:a4:5c:0e:4a:6c:4d:fd:a3:a7:4a:b9:44:08:
                    88:2b:a4:ee:3d:e4:b4:04:0a:4c:bf:3b:1d:65:0a:
                    40:ac:1c:58:a1:c7:d3:5f:43:26:c5:32:c6:ce:e9:
                    c2:11:04:b1:f4:99:e0:fa:f5:fd:00:8e:91:2e:df:
                    b9:23:04:88:f3:a2:14:5e:83:14:47:0e:85:79:d5:
                    fe:58:cf:d0:60:6d:e3:d5:7b:04:10:5e:cf:6d:5d:
                    9a:7d:6d:54:5c:de:60:8a:0f:ca:04:6f:d6:61:f0:
                    c1:ee:dc:eb:91:0b:94:c5:f4:a4:f7:58:c3:97:2c:
                    a8:1a:e1:a2:b0:11:f3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:B2:FE:21:23:44:86:95:6A:79:D5:81:26:8E:73:10:D8:A7:4C:8E:74

            X509v3 Subject Key Identifier: 
                FB:56:5C:08:51:8A:1B:CA:59:D7:AA:1F:8F:2B:2D:16:6B:FF:AE:A1
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
    Signature Algorithm: sha1WithRSAEncryption
        bf:a3:9e:e8:88:6c:52:0f:4a:5d:c0:13:90:28:48:57:a3:36:
        68:21:bf:0d:9d:a5:31:b1:b5:73:87:78:a3:27:9d:79:5b:a3:
        22:92:c0:57:c5:0d:b5:be:44:17:4f:6d:a5:d5:1f:65:a1:f1:
        31:88:f9:c8:21:9f:57:66:ed:6e:e2:af:0a:50:ef:0f:07:ca:
        30:db:46:b4:d1:6c:3e:1d:e7:b5:21:26:72:97:0d:af:5e:ad:
        76:ca:81:3e:a4:d6:79:0f:b8:06:54:cb:fc:eb:55:3d:bb:7e:
        76:3f:cb:40:5d:49:c9:4f:22:ff:a7:ec:cf:4b:f0:a0:09:54:
        84:7d

In the example, the issuing Certificate Authority is "Apple iPhone Device CA".

There is no "requirement" for the Push server to validate the certificate, and the certificate could be used exclusively as the delivery vessel for the public key and the iPhone identity. Code already exists for this and it's much simpler to use.

I can easily create one of those with a Private CA and give it a shot to see if that is the case.

In loading winterboard I totally hozed my first gen. So i had to reload the said firmware. And still my push is working. How I know this as my MobileMe account has find my iPhone. If push is not working correctly this function does not work. With this firmware this functions correctly & I am constantly receiving email via push like my legit iPhones.

I wish I could offer more help as to why this firmware is working. I have tried to locate the origination but its been a lost cause. Except I think this firmware was made in Asia possibly Vietnam.

Originally Posted by w9cae

In loading winterboard I totally hozed my first gen. So i had to reload the said firmware. And still my push is working. How I know this as my MobileMe account has find my iPhone. If push is not working correctly this function does not work. With this firmware this functions correctly & I am constantly receiving email via push like my legit iPhones.

I think you misunderstand. Push mail and push notifications for applications are two separate technologies. We are talking about push notifications for apps. Try to install a free app that supports push notifications (i recommend bargainbin). It has an option to configure "additional notifications" if you turn these all on then you should get some notifications quite quickly.

I can pretty much guarantee this will not work for you on a 2G hacktivated iPhone because as we keep on saying, the hacktivation lacks the proper certificates.

Push email has always worked on hacktivated phones even back in the iPhone OS 2.x days as long as it is properly configured.

There is some talk that the find my iphone feature uses the push notifications feature (when you try and send a message to your missing iPhone) I am not sure how they have implemented this.

Well I never had either locate me or push email working prior to this firmware. I have installed BargainBin but seem to be having problems making a list to track. I do have AP news which has push & is sending me updates.

Maybe some others with a first gen can load up this firmware & see if it works for them. Then we will know if I was just one off lucky or it is some sort of amazing hack work.

I will agree BargainBin does not work on my first gen but was simple to get working with notification on my 3GS which is not hacked.

Originally Posted by w9cae

Well I never had either locate me or push email working prior to this firmware. I have installed BargainBin but seem to be having problems making a list to track. I do have AP news which has push & is sending me updates.

Maybe some others with a first gen can load up this firmware & see if it works for them. Then we will know if I was just one off lucky or it is some sort of amazing hack work.

Locate me and youtube can be broken due to incorrect hacktivation. I recall that was a bug in one of the first redsn0w versions.

If you have a problem making a list to track, then you have broken push notifications. When you say AP news, I guess you mean AP mobile. Is it really popping up alerts even if you do not have AP mobile app running? I highly doubt it.

I just tested both apps on my 2G iphone which is hacktivated and has broken push notifications. I got the "problem making a list to track" and I have got no alerts from AP mobile despite selecting the US as my region (last I heard was that the other AP mobile regions do not support push notifications yet)

I dont get allot of alerts from AP mobile but when I do they are the same as for my legit iPhone.

But BargainBin I cant get it working so, guess your correct there is issue.

I am actually happy my MobileMe functionality & email alerts are now coming through. I can also send a message with locate my iPhone.

I will say this, my 3G iPhone, I put a prepaid sim from the same provider it is locked to, it activates & works. But with the prepaid sim none of the MobileMe or locate me works. YouTube & that is fine.

Anyones guess could be correct, I have had my first gen since launch day. And ran a myriad of hacks to get it working. Since 2.0 I just kept hitting update & it kept working. Then 3.0 came out & gave me hell at one stage I was locked out of my first gen. So for me finding a hacked firmware that now we can say for the most part works. Was cool, if I do find any more info I pop a post here.

Originally Posted by Olethros

The only unexplained difference is DeviceTree.m68ap.img3 pwnage tool does not change this file at all but it is definitely changed in the other ipsw. I cannot yet explain why it is changed and because it is a binary file I can't really tell what the changes are.

I think I know the reason why it works (at least for a while): the set of certificates in this custom ipsw is different, and since not many users have installed it, at least for a while it works. As soon as someone another iPhone that shares the same certificates attempts to use Push, it fails.

The problem is the standard hacktivation certificates from pwnagetool and redsnow is that they are the same and tons of iPhones are loaded with them, therefore the chance of certificate conflict is enormous.

I think I know how that guy @ pushfix.info makes his "unique" certificates.

He always reactivates an iPhone or iPod Touch. Every iTunes activation generates a new set of certificates. He extracts those certs and sends them to all his "customers"

Originally Posted by kdhoe

I think I know how that guy @ pushfix.info makes his "unique" certificates.

He always reactivates an iPhone or iPod Touch. Every iTunes activation generates a new set of certificates. He extracts those certs and sends them to all his "customers"

bingo, you got it, I guess

I had the same thought, but he claims to have automated the certificate generation. Does he have a script that grabs the certificate then deletes the appropriate files and triggers a reactivation? He has thoughtfully documented the files required to be deleted for reactivation on his forum.

Won't Apple notice the same device requesting reactivation over and over again and blacklist it?

He's likely stockpiled thousands of certificates already anyway.