Or how to unbrick your brick
This article describes my research of bypassing Apple iCloud activation lock and analysis of existing techniques and offers from online unlock services.
I was wondering if anyone had succeeded with bypassing Apple iCloud activation lock.. A quick googling gave me a lot of links to fake activators (for both OS X and Windows) and few online services who in fact sell only promises.
Behind the Scenes
The DoulCi team with their website doulci.net offers a magic tool with a few proof videos on YouTube. Their tool is based on a fake Apple activation server which could, in theory, be helpful for the iPhone or iPad device unlocking. They got me interested, so I locked my iPhone with iCloud and started my tests.
The trick with the DoulCi tool is that it doesn’t exist. You cannot download it from their website since the download button is inactive and has no link. They just offer to provide it to the registered users, so registration is opened on their website.
After some additional research I found the source codes for the magic tool, which had been available for downloading on DoulCi website in the past. The source codes were looking pretty realistic and were expected to setup a fake activation server. In fact, this technique could took place for only iOS 7.0 users due to a bug in the operating system. The key feature of that idea is to generate a fake response from the activation server to the locked device. However, all requests and responses are done using SSL, in other words – they should be encrypted using server certificate and private key. As I mentioned before, there was a bug in iOS 7.0, so the device didn’t validate server certificates during the activation request. This was fixed in iOS 7.0.4, so devices with newer firmware have no chances to be unlocked using this technique.
So, why the DoulCi website is still offering a solution and asks users for registration? A closer look at their website showed a lot of ads on all the website parts. These guys seem to just make money on thousands of users who visit their website every day and look for a magic unblocking tool. This also forced another guys to publish some fakes as a “leaked” versions of the magic program. We could only guess what is the real functionality of that tools.
That’s all, folks.
And don’t forget your iCloud passwords 😉