This is a two part post. I cannot stress enough to read all the directions. They are clear enough…
First part is Push Donor. This is for jailbroken iPhones that are activated via iTunes only (not hacktivated via blackra1n, PwnageTool if you kept “Pre-Activation” ticked, or redsn0w, this will NOT WORK for hacktivated iPhones), and for jailbroken iPod touch devices that can reboot untethered [iPod touch 1G and iPod touch 2G MB Model]. This is a two part process.
Push Donor is on NERV Repo, you download it and install it. Just installing Push Donor does nothing, you need to hook up to a computer as well in order to make use of this. It does NOT give you valid certs like Push Doctor, so do not bother installing this if you are not legitimately activated with iTunes. The second thing you need is the script to run on the computer. WARNING: According to anethema, it’s possible to end up having to restore your phone if you have used blackra1n to jailbreak your device, no matter if you hacktivate or not. While every hacktivated iPhone is uneligable to participate in cert donating, you cannot use Push Donor to supply certs if you’ve used blackra1n to jailbreak, as it installs a hacktivation dylib on every phone even if you activate normally with iTunes. When the script runs, the phone will re-hacktivate and the cycle will break and your phone could be potentially FUCKED. Do NOT, I repeat, DO NOT USE THIS IF YOU USED BLACKRA1N TO JAILBREAK.
Before we get to the scripts/application, if you’re on a Mac you will have to do some terminal and SSH work to get this working seamlessly, otherwise you will be prompted for a password on each cycle, so instead of constantly generating certs, you will get one done and then have to add your pass each time. This is not very productive. Let’s begin.
First open Cydia and install OpenSSH. Then, from your Mac, open up Terminal and SSH to the device using “root@ip.address.goes.here”. You will be prompted for authorization, say yes. Then enter the password for root which is alpine. Don’t really need to worry about security here so just keep moving.
Now that you’ve SSH’d to the device at least once, we going to do the following on the Mac:
exit
cd ~/.ssh
ssh-keygen -t rsa
Now just hit enter for each prompt. When you’re done:
ls -a
You should see “id_rsa.pub” in there. Let’s copy it to the desktop and rename it:
cp id_rsa.pub ~/Desktop/authorized_keys2
We’ll need that for later. Now let’s get back to the device:
ssh root@ip.address.goes.here [enter alpine as pass]
ssh user@mac.ip.address.here [replace user with the logon name you have for your mac]
You will be prompted for authorization, say yes, then enter your mac password.
Now quit terminal. Open up an AFC2 or SFTP client and browse to /var/root/.ssh and put the authorized_keys2 file we made on the desktop before in that directory.
Now, when you open up a terminal and SSH to the device, you should just automatically logon without being prompted for a password. Now you can follow the rest of the guide for Mac.
sh-keygen -t rs
Mac: grabcerts.sh
Windows: CertGen
You will need to run these in order to make use of Push Donor. This will kill itunes, deactivate your phone or iPod, open itunes and activate then trigger the script and nimble on your phone or iPod to send the certs to the cert storage server, and will repeat the process over and over until you kill the script or program.
To run on Mac, you will have to unzip the file and run it in a terminal. To do so, run:
cd /path/to/script
chmod +x grabcerts.sh
./grabcerts.sh “ip-address-to-device”
This will trigger the script and will run until you kill Terminal.app. Just activate via iTunes to use your phone again after you kill the script if you still see the Emergency Call screen or the Connect to iTunes screen you see when you buy a fresh iPod touch from Apple (not recovery, you will see a battery in the top right of the screen).
If you want to use two devices (such as an iPod touch 1G and an iPhone 3GS, like I have), you will want to do the RSA fingerprinting on both devices as shown above, then download grabmorecerts.sh, unzip and do the following:
cd /path/to/script
chmod +x grabmorecerts.sh
./grabmorecerts “ip-of-1st-device” “ip-of-2nd-device”
Then just leave both devices plugged into the computer via USB and let the script do it’s thing.
To run on Windows, just launch the application and follow the instructions. To stop, just close the app and then activate your phone via iTunes if you still see the Emergency Call screen or the Connect to iTunes screen you see when you buy a fresh iPod touch from Apple (not recovery, you will see a battery in the top right of the screen).
While running these, leave the iPhone or iPod touch connected via USB so the reactivation process can complete and the process can cycle over again.
Once again, Push Donor and the appropriate computer scripts will NOT work if you are not able to activate legitimately via iTunes. It’s recommended that you put your iPhone or iPod touch on silent and run only when you do not have to use your iPhone or iPod touch for a lengthy period (while you sleep is probably the best).
========================
Nimble+Inject
This package is for those who are hacktivated ONLY and wish to backup their push certs and be able to restore them in case they have to restore so that they don’t have to kill time trying to hammer the Push Doctor server for a valid push cert.
This package installs MobileTerminal and OpenSSH, as it’s a command line set of utilities, and can be run either on the device via MobileTerminal or via SSH using PuTTY for Windows, Terminal.app on Mac OS X and Terminal on GNU/Linux distro’s. If you don’t know how to SSH from these apps, there are guides all over the internet. It’s very basic, I wont waste time explaining here.
To extract your certs, run:
su [root password required]
cd /private/var/Keychains
./nimble
This will generate 4 .bin files in the Keychains directory. These are your certs, store them in a safe and secure location.
To restore your certs, put those .bin files in /private/var/Keychains and run:
su [root password required]
cd /private/var/Keychains
./inject
This will restore your push certs.
If you happened to restore and forgot to backup according to this guide (and there are no certs available on the server), you can use nimble and inject and a friend’s iTunes activated and jailbroken iDevice to get push working again. Your friend’s iDevice must NOT have been jailbroken with blackra1n. <– VERY IMPORTANT
On your friend’s iPhone or iPod touch, follow the instructions as per nimble above.
Transfer the 4 bin files to your iPhone, then follow the instructions as per inject.
Next, you will need to deactivate and reactivate your friend’s iPhone or iPod touch. SSH into your friend’s device as root or open MobileTerminal on it and assume root privileges, and do the following commands:
rm -rf /var/root/Library/Lockdown
killall -TERM lockdownd SpringBoard
A connect to iTunes image (with a battery icon in the top right, this is NOT recovery mode DO NOT PANIC) will show up, simply reconnect your friend’s iDevice to iTunes and it will reactivate and can be used right away.