A Magical iPad Unlocking Experience...

lyc8503

2019-03-15

This article is currently an experimental machine translation and may contain errors. If anything is unclear, please refer to the original Chinese version. I am continuously working to improve the translation.

0x00 Preface

Recently, I dug up an old, dusty iPad mini from a corner at home.

Was planning to use it as my main device instead of my old Huawei tablet :P

Reinstalled the system… and then… what the heck is this activation lock?!

Activation Lock

Yeah sure, Apple values security and all… but I’ve long forgotten this Apple ID, okay?!

0x01 Recovering Account via Official Website

Of course the account was locked… they want my birth date and security questions?? Obviously, I’ve forgotten those ages ago.

Immediately gave up on this idea :o

0x02 Futile Attempts

But of course, I didn’t give up that easily.

Started trying to bypass this activation lock.

Googled around, but found absolutely no reliable solutions =(

After tinkering for about half an hour, I realized the truth:

Apple signs the system during flashing, so modding the OS itself is impossible
Apple’s activation lock uses HTTPS encryption and digital signature verification

In short: this iPad has turned into an expensive paperweight (??)

0x03 Calling Customer Support

Called Apple’s official support for help… they asked me to provide the original purchase invoice and warranty certificate to unlock it?

Gone with the wind long ago :P Not happening.

0x04 When Luck Solves Everything

Wrote a Python script (extremely hardcore) *brute-forcing the birthday (the year was probably correct, but the exact date was a complete guess)*

from selenium import webdriver
import time
from datetime import date
from datetime import timedelta
import os
import random

apple_id = ""

all_date = []
while True:
    start = date(1978,1,1)
    end = date(1978,12,31)
    delta = timedelta(days=1)
    all_date.clear()

    while start <= end:
        all_date.append(start.strftime('%Y%m%d'))
        start += delta

    for i in os.listdir():
        if i[-4:] == ".png":
            print(i)
            try:
                all_date.remove(i[0:-4])
            except:
                pass

    #print(all_date)
    random.shuffle(all_date)
    print(all_date)

    print("Tried: " + str(365 - len(all_date)) + " " + str((365 - len(all_date)) / 365 * 100) + "%")

    def try_date(date):
        try:
            print("Trying... " + str(date))
            browser = webdriver.Firefox()
            browser.get('https://iforgot.apple.com/password/verify/appleid')
            browser.set_page_load_timeout(10)
            browser.set_script_timeout(10)
            
            time.sleep(0.5)
            browser.find_element_by_class_name("iforgot-apple-id").clear()
            browser.find_element_by_class_name("iforgot-apple-id").send_keys(apple_id)
            time.sleep(0.5)  
            browser.find_element_by_class_name("button").click()

            time.sleep(5)
            browser.find_element_by_class_name("content-input").clear()
            browser.find_element_by_class_name("content-input").send_keys(str(date))

            time.sleep(0.5)
            browser.find_element_by_class_name("right-nav").click()
            time.sleep(5)
            browser.save_screenshot(str(date) + ".png")
            time.sleep(0.5)
            browser.quit()
        except Exception as e:
            time.sleep(1)
            browser.quit()
            raise e

    try:
        try_date(all_date[0])
    except Exception as e:
        print(str(e))

After running the script non-stop for about three days and nights… I actually guessed it right (??!!)

And just like that, it was solved…(??)

This article is licensed under the CC BY-NC-SA 4.0 license.

Author: lyc8503, Article link: https://blog.lyc8503.net/en/post/unlock-ipad/
If this article was helpful or interesting to you, consider buy me a coffee¬_¬
Feel free to comment in English below o/