[jwells89]

My understanding is that the serials represent information, including model and date/location of manufacture. It’s therefore possible to create correctly formed but impossible serials, for example one that represents a pre-touchbar 2015 MBP manufactured in Ireland in 2018.

Apple should easily be able to tell when someone has done this.

[turquoisevar]

They indeed used to have data like that encoded in it.

Not too long ago, however, they moved to a completely randomized serial format, perhaps partly because of iMessages shenanigans.

[rezonant]

Hmm, how many bits of entropy are in one of these things? Can we calculate the likelihood of collision?

[nneonneo]

iMessage seems to use quite a lot of information from the hardware aside from the serial number. See https://github.com/JJTech0130/pypush/blob/main/emulated/data... for the data that is used to calculate the "validation blob" to activate iMessage. Several of the keys (not values!) are random-looking gibberish like "kbjfrfpoJU" and "oycqAZloTNDm", while others are normal things like "product-name" and "IOPlatformUUID".

[turquoisevar]

Those random looking keys are derived from the hardware and together with the values they serve as seeds for some of the keys.

Server-side there’s a bunch more information used from the Apple ID.

Together it results in a score and the server then decides if it meets the threshold before deciding to play nice.