[MuffinFlavored]

> Migicovsky previously denied to Ars that Beeper used "fake credentials"

As far as I know (I could be wrong), in order to log in + auth to Apple's various protocols that are involved to make iMessage work, you need a valid Apple ID and some sort of valid hardware ID.

If you don't have either of those, how would you be talking to Apple's services?

If their POST /login requires email + password + valid registered serial # of device sold that isn't flagged stolen and not shared across 100 accounts... how does Beeper Mini expect to work?

[saintfire]

AFAIK, and I could be wrong, beeper mini registers a new HWID with apple for each phone. Which is why they thought it was unpatchable, at first, as they would need to determine which phone is in fact an iPhone.

[nneonneo]

There's much more to the validation protocol than just HWID/serial. See https://github.com/JJTech0130/pypush/blob/main/emulated/data... for a list of the data that is pulled from the platform and used for validation. I would assume that Beeper registrations either use data from a pool of real devices, or made-up data that Apple might "permit" (because hackintoshes) but can definitely detect and block at any time.

[MuffinFlavored]

> use data from a pool of real devices

This feels super against terms of services. Taking a paying Apple user's hardware ID and using it for a non-paying user?

Also, I thought you had to tie/pair hardware ID to Apple ID.