Closed itadepro closed 2 years ago
Hi, if you have any suggestion about this project, please state it here, together we can make it work.
hi bro nice to meet u did u already test this method? how this work i have bypassed i phone 5s from minacrices server
This is modified version of minacriss' first server (he posted it on twitter days ago when he was asking for help, now he figured out how to bypass it and won't release source). It has never worked and never will.
Well, this version was developed by myself when I've tried to bypass iCloud for an iPhone 4S, after I got stuck in some point and I found that someone did same thing. I will continue it once i will have some ideas from other people.
sorry for my bad English, I feel I just need to fix the order of pem files and the keys ... because for me it works great until the script will inject the key here I have an example of the result of the bypass
bplist00Ö
AccountTokenCertificate\AccountTokenFairPlayKeyDataDeviceCertificateLDActivationVersion_AccountTokenSignatureOÙ-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJVUzET
MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkxLTArBgNVBAMTJEFwcGxlIGlQaG9uZSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wNzA0MTYyMjU1MDJaFw0xNDA0MTYyMjU1MDJaMFsxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRUwEwYDVQQLEwxBcHBsZSBp
UGhvbmUxIDAeBgNVBAMTF0FwcGxlIGlQaG9uZSBBY3RpdmF0aW9uMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDFAXzRImArmoiHfbS2oPcqAfbEv0d1jk7GbnX7
+4YUlyIfprzBVdlmz2JHYv1+04IzJtL7cL97UI7fk0i0OMY0al8a+JPQa4Ug611T
bqEt+njAmAkge3HXWDBdAXD9MhkC7T/9o77zOQ1oli4cUdzlnYWfzmW0PduOxuve
AeYY4wIDAQABo4GbMIGYMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBShoNL+t7Rz/psUaq/NPXNPH+/WlDAfBgNVHSMEGDAWgBTnNCouIt45
YGu0lM53g2EvMaB8NTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmFwcGxl
LmNvbS9hcHBsZWNhL2lwaG9uZS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAF9qmrUN
dA+FROYGP7pWcYTAK+pLyOf9zOaE7aeVI885V8Y/BKHhlwAo+zEkiOU3FbEPCS9V
tS18ZBcwD/+d5ZQTMFknhcUJwdPqqjnm9LqTfH/x4pw8ONHRDzxHdp96gOV3A4+8
abkoASfcYqvIRypXnbur3bRRhTzAs4VILS6jTyFYymZeSewtBubmmigo1kCQiZGc
76c5feDAyHb2bzEqtvx3WprljtS46QT5CR6YelinZnio32jAzRYTxtS6r3JsvZDi
J07+EHcmfGdpxwgO+7btW1pFar0ZjF9/jYKKnOYNyvCrwszhafbSYwzAG5EJoXFB
4d+piWHUDcPxtcc=
-----END CERTIFICATE-----
Ob{
"InternationalMobileEquipmentIdentity" = "012030005941102";
"ActivityURL" = "https://albert.apple.com/deviceservices/activity";
"ActivationRandomness" = "E7DA5CCD-37A0-427F-A6A8-9FBED57C6FDC";
"UniqueDeviceID" = "5d46010cfa34495a3779d5a77c3604f4888c6795";
"CertificateURL" = "https://albert.apple.com/deviceservices/certifyMe";
"PhoneNumberNotificationURL" = "https://albert.apple.com/WebObjects/ALUnbrick.woa/wa/phoneHome";
"WildcardTicket" = "0200000050134e66fc2695d9f8b60ae680574364befbab08a220eedf20852c2d77acba85090114c06e95d4659731b1d9cceea34c7f3253de96666615570078f2689cd76ff3d2b0f5569a56b5c5a505cb4e464233a1a29ee4f7003e6cec27f2442d7baf43d376c4021f520a8cac55515c6bdf6a537f5661a6dd8c7f9971ac43c30326684b64f797ba68a8332e119fd3692ed794311359b8515eb76f1be616ba107f818a3871fe0f884318cbd4507449a54c4622627a335d5b3dde1322ea1a4f5777c4060ec906cd4628460faed5852404f9cbd57849c53aaaac84af749c1e082a02009d50370cb67c33db9d2999df1d321ba7a5ec740e2cc854187813b896d8b85da2dbda325eb1f3fe134cc8f97619ed924630f0bf8d8b64113d178c24781de2da9315f1a4f16ded99f6232a36c7dfa657b825d381903684ab773d4362e47a3b8c3caabd73dce676c01169ff249af66f91828104b3bd4f6e23e3ef5c283282489e9a8d986b01faf8b440ceb17feb773141b7c6ae9e468153f0635d7723171d4a055a09627ed4bf264935045c667dd93144ee93023d4b3f2229a25c9809e7f1a746c7eb1af41ebc45b8e6493d5bf0252dcfaf3a682bc0d1381b41e613f6a9a1a78cf64cd51bb5e782948a0dc80ece2096526249e60863bf3ff68d62bc87f4fffc47641fb6dac8d9d48e4c78185a385109d9dcd459fbe6554ce48611d5ed9e7bf20db5a16ff604908612020d167c71b97dddfa727a1e0e912e6a8977e3ea83433e10b4a3dc471d35eb980cdd3b12aef0ee55694ad3785bf1057c2ba15f6b83d22093ffcf7e913c6c4edc38f20e";
}O:-----BEGIN CONTAINER-----
AAEAAQZk/Wt1PPSmiBJWOHfWBAxm0dF3ftOJ4nUvDr4+E3oPehgAR35gksXZO8Dk
Z2+kR050cMrRtK4GLleM+yvWImhD2IqMHP3/EchYbyn8FgMNnSclslTfQBYsG0UW
luUp4t96lLTF897GcxVtxbiQ9ydeYiiiXRRuRb9xQNMq/qWl3kIqY3NwweMFF4xG
VJVJ2bjrCKhchRKv1nxITkAZGdvccDWf5TafusZwq9yrr+zqp056K6jWqZPGFD5n
rKge1zDUwVaMfSQCVxjrA31T/aUolGr187tTnGFVvKqCUSpuUPmSbOEnS5zgvoxX
Cd2hPVRKVfFwFADIIxubPwMErEgDbOFBoce4sqAecityUEX8q3bm1QGe/rMypfQ2
zg2fbal7MMvvL9mket7w5Q+3yrtHa6x9vWGNooOg8xmmf3TOD7PEkQszsVrrSBcF
P2b0Zm08W2ra9c2jVnuymakzdY//UPHGoG3U+AB9ulS312yy9hlUIdxYlOECiahv
ai8Ah6fu+byLElWJEvRU/f58Rs3466H91VqvJ/0OC9V0fZ3GCztZ+n6nzskrFdof
iLGQKKEFVnD51mTTGpckFyrhCAMbu2U/sg1P06wCz4IX6YYH4yhpUzaAzTi1/eag
Bo8kIze+lv84hNGBPB/yu/5t3AGE+AD/ABiedv3MyubjpORTr0FOIEzfaymM0opZ
qUnTuKivvZ3SoHGidtaQ7lQUZy91v2iIbWhxNyc15RKP6/IU6qzMdpbvqa39TTwb
QQSNc+wCS4fCuAkTbCwEtA6/U8z8+vyTqRoE8ss+Fi5CB2U1yEa2SoBdPL2M6RHR
CjwdRCxLvt1ipi74MTcCz/KtCEMGAsJoTq4vdvyq/QiqVX4h5rmiTJwo2rHQ1O2g
PHlHycCbkzkfpVcwAdSP9AEqjQ4O+QMdRuMGShcjcQCEGtCQlcp5nSnGaZAa1u5r
RzbEuKGo2Q/f1fWXGXq2CnxZ6mrWd8fPPbm/n068RdslAaYOjHTZ9H2//UlkGoxX
NG1DwajSi/J6PckWCdxGxZBX50wHq0e26dQGw1KxhPt889yoql7B+1K3jgE/n0Sn
V0XNEbO3p85055lXxW5C8/uqbyBpoJrrcC+T9lbUscmACj1Ghc4UFfn1r9ZHINXJ
qMEGw9U0AZ2NBkd4DTcHGP3UNSSRw+AyDvrddwS5wfHdDH9qa/nzUgI8YTL4Drmv
TX5Chw2M+sYiz12SEHHTTRSxGA2dB6NuR//9tAC5Fxphv/44JAAVVO+RBcRMe5XW
L2qEWUhFK/4gv94vAZztuexBVopCw/JVt/opFmZFcZ3+LEKGpMH4JRZhf6b2D3a0
COKQ+BYMB8OXcDnBeS99zUKGI+6O5kLD5+R4LoloGetahz7QrevhBwsL+xG9MdN5
jckHjBC6CsK+TuYe/i0n69WMc0476HHje8cUdB4It++lIo6Y+oztKFKcdrHynQ+k
mif1LGrXRDvTT7nX/XB5yKaPWnp1iEJvwunlhFOoX0z8XCCH
-----END CONTAINER-----
O:-----BEGIN CERTIFICATE-----
MIIC8zCCAlygAwIBAgIKAW/Daxku7MwdMjANBgkqhkiG9w0BAQUFADBaMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEVMBMGA1UECxMMQXBwbGUgaVBo
b25lMR8wHQYDVQQDExZBcHBsZSBpUGhvbmUgRGV2aWNlIENBMB4XDTE0MDUyMTAz
MDM0MFoXDTE3MDUyMTAzMDM0MFowgYMxLTArBgNVBAMWJDY1REUyOEIzLTRFQ0Mt
NDc4Mi1BMjYzLTNCMDA3REIwREY5MzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQHEwlDdXBlcnRpbm8xEzARBgNVBAoTCkFwcGxlIEluYy4xDzANBgNV
BAsTBmlQaG9uZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0ABlv8+3PF1U
8DZNBUjFM58WXRW4cWqCN6rZorHR9aHeT8G2uYMGMU9VJ2Vpb3fUdqnD61/IMtDF
merqJkCQd57bfsDHEjU3LxesaGDh6nmHpXOgUcBEFAO2upj4VtY+mrbbwhUBnDwf
7gXVyZjibNAkRILv7wUBohn1S42EaF0CAwEAAaOBlTCBkjAfBgNVHSMEGDAWgBSy
/iEjRIaVannVgSaOcxDYp0yOdDAdBgNVHQ4EFgQUXJgw9rFORO4fSaR3hrC1PiUI
480wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBAGCiqGSIb3Y2QGCgIEAgUAMA0GCSqGSIb3DQEB
BQUAA4GBAFX57vZrMGjfaC1En2SXPY01xWr8r5TK7lZW0zQj6uoNsVZ7uqcOX3oO
bI+LXWTJPNnW6ZjHepNDGi1QkLwte6u5bQ4exxSJMP0QNm4iXUfksI3ULuHS3A3a
z+sururaE77Qd+Qwc2gtPKqbywGUpt+2fm1DbjTc4c4ECzbmKXA7
-----END CERTIFICATE-----
O€
ÂúR]d¶ÅKX^75ƒØgTKå£~{³yJ”ÒÕº9âTð’4`¢§µæ”R°˜¾Ï›÷;fc¥þ6Æ
yYÜÏ —²²OÕõã·ÆnTgÎ-Ÿû?pMbks˜òH6,oYøîúæ¥ü^O¾2ÁÁšëÁû$ / < N b x mÓOQ
Ô
Why are you testing with an iPhone 3GS(012030005941102)? or am i wrong !!
not miss this cert it out of a mini ipad O:!
miss ?!! by the way, replaying the same flow to albert after many hours, i got a response. Can we digg more here? or already done?
sorry my bad English that certificate is the result of a bypass done ... the joke here is to clone the script and make the key well
@xenirox I've discovered the same thing yesterday, if i keep the same flow, and I run it separately in curl, I saw that iPhone will activate automatically once is reset, I dug a lot on this flow and I can't break it for other phones yet.
Does this work, I have an iphone 5s if we could test iOS 7.0.4 Itunes 11.1.5
I think, that it will hard to decrypt the server key or the algorithme user to crypt data. I think that albert could be tricked to respond with activation data correctely, otherwise, why bypassers got icloud bypass and no GSM service? it's because they couldn't have all the activation records.
If anyone, had written some code with GUI to send various informations to albert, please share with us.
this was released, it works but it says "invalid blablabla" http://rghost.net/56143073
Essentially it says go to /deviceservices/index.php and change where it says C:// blablabla
They don't get WildcardTicket, so the baseband can't tell if it's unlocked or not so it just has no signal.
To send custom data to albert you can for example use Posterman plugin (https://chrome.google.com/webstore/detail/chrome-poster/cdjfedloinmbppobahmonnjigpmlajcd). But you can't change anything anyway because ActivationInfoXML is signed by FairPlayKeyChain, so if you change a single bit in ActivationInfoXML the signature breaks and albert replies with an error. The only way to get around it I can think of is to grab FairPlayKeyChain from device (the signing process is handled by fairplayd bunary but there are no information on how to do so) or to edit ActivationInfoXML by directly by patching lockdownd binary (a lot of reverse engeneering and ARM assembly).
@P4r4doX you have right, I've tried all the ways to reproduce ActivationInfoXML and that is not possible to edit it, BUT, if i repeat the same original request, it works very well, but only for my phone.
Theoretically there's no way to bypass iCloud for the moment.
@carcabot Doulci?
@Optigonnn I'm not sure if they succeeded. We will see when they will turn on their server.
for now Doulci is just a bypass. i'm sure there is a bug on Albert, i remermber seen someone got informations relative to an iPhone based on his IMEI only, so .....
I've found that the wildcard ticket is changed when the icloud login window appear, until then i can activate my phone with same keys generated last time.
Doulci works, I have tried it about 2 weeks ago. Somewhere I've got saved response from them as well (it's the same as from albert, but activation ticket only contains UDID and ActivationRandomness, nothing more. Activation ticket from them doesn't contain WildcardTicket, that's why carrier doesn't work.).
Can u share please? Or PM if you want
i have 5s bypassed by minacrises and jailbroken too did u need some file give me the name i can find from my phone before they ask for atteched file
On Thu, Jun 12, 2014 at 6:14 PM, xenirox notifications@github.com wrote:
Can u share please? Or PM if you want
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45881535 .
If you have it jailbroken can you attach the entire folder /var/root/Library/Lockdown ?
Thanks
hope this help
On Thu, Jun 12, 2014 at 7:29 PM, carcabot notifications@github.com wrote:
If you have it jailbroken can you attach the entire folder /var/root/Library/Lockdown ?
Thanks
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45887728 .
The attachement isn't delivered to Github. Can you upload it somewhere (dropbox, ...) and post link ?
@Optigonnn where did you get that files from ?
give me your mail
On Thu, Jun 12, 2014 at 9:52 PM, P4r4doX notifications@github.com wrote:
@Optigonnn https://github.com/Optigonnn where did you get that files from ?
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45905916 .
https://www.dropbox.com/sh/y3dh5ful709e9y2/AABRLvByHpY-JIkKJmWLUa6ma
On Thu, Jun 12, 2014 at 10:05 PM, zawzaw sugu zawzawsugu@gmail.com wrote:
give me your mail
On Thu, Jun 12, 2014 at 9:52 PM, P4r4doX notifications@github.com wrote:
@Optigonnn https://github.com/Optigonnn where did you get that files from ?
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45905916 .
is the 5s??
yes ios 7.0.4
On Thu, Jun 12, 2014 at 10:41 PM, itadepro notifications@github.com wrote:
is the 5s??
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45912770 .
I have an iphone 5c with activated after the bypass signal ... I do not remember if it was or aquatime minacriss sorry my bad English
did you pass it?
no activation loop ?
On Thu, Jun 12, 2014 at 10:58 PM, xenirox notifications@github.com wrote:
did you pass it?
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45914866 .
when did you activate it? last days? yesterday?
if you did the bypass ... it was like 2 weeks ago ... do not remember if it was the server or aquatime minacriss
hummmm, interessing
the trouble is that when you take out the sim to the device appears bootloop and has ios 7.1.1 no jailbreak :(
So is there any way to do it? im checking out itadepro's files from drop box for exploits
It has something to do with this read wat Ragemasta said when he was having the error "Invalid blablabla" http://pastebin.com/eq00t0JJ
i have a question, can we decrypt the FairPlayKeyData with device_private_key ? i tried and tried but always errors !!
ragemasta error is he bypass on itunes and cannot bypass on device then he start asking that files
On Fri, Jun 13, 2014 at 3:06 PM, xenirox notifications@github.com wrote:
i have a question, can we decrypt the FairPlayKeyData with device_private_key ? i tried and tried but always errors !!
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45987977 .
minacrises also same on that stage and he figured out some how
On Fri, Jun 13, 2014 at 3:16 PM, zawzaw sugu zawzawsugu@gmail.com wrote:
ragemasta error is he bypass on itunes and cannot bypass on device then he start asking that files
On Fri, Jun 13, 2014 at 3:06 PM, xenirox notifications@github.com wrote:
i have a question, can we decrypt the FairPlayKeyData with device_private_key ? i tried and tried but always errors !!
Reply to this email directly or view it on GitHub https://github.com/carcabot/iCloud-Bypass/issues/5#issuecomment-45987977 .
Hi guys, i have a problem "Fatal error: Call to undefined function openssl_csr_sign() in C:\xampp\htdocs\deviceservices\deviceActivation\index.php on line 45" Somebody can help me?
@gibsfun if your using the zip file attached on this issue then look in the root of the directory inside the folder deviceactivation you'll find the index.php in that file there's a line that has "C:/..." include. You can search and replace. That should fix your issue
I do it, bit dont work "/
Add a zip of your changes and ill take a look
Date: Sat, 14 Jun 2014 10:47:47 -0700 From: notifications@github.com To: iCloud-Bypass@noreply.github.com CC: lg.theoriginal@hotmail.com Subject: Re: [iCloud-Bypass] contact me (#5)
Add a zip of your changes and ill take a look
— Reply to this email directly or view it on GitHub.
Now, i got another problem, A message appears "Congratulations, your iPhone has been unlocked. To set up and sync this iPhone, click Continue."
When i Click on "Continue" a undefinied error from itunes come... (-1202)
The file in Zip: http://www.4shared.com/rar/wLpSDgLEce/Bypass-fungibs.html?
Hi I am very interested in your project we may contact by skype or something ...?