Skip to main content

How iPhone activation works

Of interest to security wonks:

Activation in the iPhone works in a similar manner to windows activation (standard signature handshake).

iTunes gets three things from the phone, the DeviceID, the IMEI, and the ICCID. This is called the token and is unique to every iPhone. This token is then sent to the apple server (alfred.apple.com) via SSL. Apple uses their private key to sign the token and transmits it back to iTunes. iTunes then calls AMDeviceActivate with this signed token. The device gets the token and checks whether or not the signature matches the token. If it does, the device is activated.

{ "UniqueDeviceID" = "aabbccdd......"; "InternationalMobileEquipmentIdentity" = "1234...."; "IntegratedCircuitCardIdentity" = "1234...";}

Link here.

Alex is a technology CEO, with leadership, operating partner, investor, and board member roles at security firms including AutoLoop, Borland, Quarterdeck (now Symantec and Cisco WebEx), GFI/TeamViewer, Sunbelt Software (now ThreatTrack Security), BlueStripe Software, StopBadware, Knowbe4, Malwarebytes, and Runaware Holding AB. When CEO of Sunbelt he ran a security blog, and he still writes on security.