Interesting question. No idea what the algorithm behind the distribution is, but I scraped some ECIDs off Google images and mixed them up with a few of my dev devices:

- Code: Select all
` ECID (bin) ECID (hex) Device`

================================================================ ============== =================

0000000000000000000000000001110100110110000000011010110100101100 1d3601ad2c iPhone 4 (model unknown)

0000000000000000000000000111010100101111010111111000111110100100 752f5f8fa4 iPhone 5s (N53AP)

0000000000000000000000001011110101110100000000010111110101001011 bd74017d4b iPhone 5 (N41AP)

0000000000000000000000001110011111110001000110101110001111001110 e7f11ae3ce iPad 2 (model unknown)

0000000000000000000000010011110011011011000110100100110100101110 13cdb1a4d2e iPhone 5 (N41AP)

0000000000000000000000011101000110111010000111101111110111110110 1d1ba1efdf6 iPhone 3GS (N88AP)

0000000000000000000000011111011000110111000101010110001100101111 1f63715632f iPod 5G (N78AP)

0000000000000000000000100110010001000000000011001110001111001101 264400ce3cd iPhone 4S (N94AP)

0000000000000000000000101100000100010001000011010000001110001110 2c1110d038e iPod 4G (N81AP)

0000000000000000000000110001100111110110000110101011010111001111 319f61ab5cf iPod 4G (N81AP)

0000000000000000000000110010110010110000000010100111110100001100 32cb00a7d0c iPad 3 (model unknown)

0000000000000000000000110100111111001010000000101000001100101110 34fca02832e iPhone 3GS (N88AP)

0000000000000000000000110111100010010110000100001011010111110100 3789610b5f4 iPad (K48AP)

0000000000000001001000000001100000111000111100111100010000100110 1201838f3c426 iPhone 6 (N61AP)

0000000000000101001100000100000100100000011010111100100000100110 53041206bc826 iPad Air 2 (J81AP)

0000000000000110010110011100100000010000010100100000100000100110 659c810520826 iPad Air 2 (J81AP)

0000000000001010010100001001100000010000010100100000100000100110 a509810520826 iPad Air 2 (J81AP)

0000000000001011010010011000110000100000000010010000100000100110 b498c20090826 iPad Air 2 (J81AP)

0000000000001100001100011101101000000100100001010100001000100110 c31da04854226 iPod 6G (N102AP)

0000000000001101011010010100110000010000100110110000100000100110 d694c109b0826 iPad Air 2 (J81AP)

0000000000010000001110011000110000100000000010010000100000100110 10398c20090826 iPad Air 2 (J81AP)

0000000000010010000001001001111000011000000010111010110000100110 12049e180bac26 iPad Pro (J99aAP)

0000000000010010011100000101100000010000010100100000100000100110 12705810520826 iPad Air 2 (J81AP)

0000000000010100011001011100000000100000100001000010001000100110 1465c020842226 iPhone SE (N69AP)

0000000000010101011110001110110000010000100110110000100000100110 1578ec109b0826 iPad Air 2 (J81AP)

0000000000010110001000000001100000100100001010001000100000100110 16201824288826 iPad Air 2 (J81AP)

0000000000011101011110010010101000101000001100100100100000100110 1d792a28324826 iPhone 6 (N61AP)

0000000000011110010010000010010000000100010100001000100000100110 1e482404508826 iPad Air 2 (J81AP)

The first thing you''l notice are that there are two "camps"; I'll call them "old" and "new". "Old" has shorter ECIDs and contains all 32-bit devices in this list as well as the iPhone 5s (I suspect the iPad Air and iPad mini 2 would also belong to this camp), which would correspond to 2013 and earlier. "New" has longer ECIDs and contains only 64-bit devices (everything but the aforementioned ones), which would likely correspond to 2014 and newer.

An old ECID seems to have its 22 most significant bits as well as bits 21 and 23 (counting from 0) set to zero.

A new ECID seems to have its 11 most significant bits as well as bits 12, 24, 25, 30, 31, 41 and 47 set to zero, as well as the 9 least significant bits set to 000100110.

All other bits are random as far as I can tell. One might think that the zero bits in the middle could be random, but if that were so then we should observe equal amounts of "all 1s", however there are none at all. One can also argue statistically: (quoted for easy skipping)

There are 13 old and 15 new devices, which makes for 2^13 and 2^15 possible values that one "column" of bits can take. The chance for all bits being 0 is thus 1/(2^13) and 1/(2^15) respectively. Now there are 64 bits, so if all bits were distributed randomly, the chance of observing just one column of all zeroes with a sample of our size would be 1-(1/(2^13)))^64 and 1-(1/(2^15)))^64 respectively, which yields 0.00778253490453 ≈ 0.778% for old devices and 0.001951248637 ≈ 0.195%. A rather small chance.

If we assume that to be representative, then that would make 40 variable bits for old ECIDs and 37 for new ones.

That is a

huge improvement down from 64 bits, but it's still not good enough for mining. Assuming you could make 1000 TSS requests per second, it would take you well above 4 years to request tickets for all possible ECIDs, just for one Model and iOS version. You

don't wanna do this at home. You don't even wanna do this on a server farm, because chances are you'll overload Apple's TSS servers and they'll ban your IP.

If we want to be able to "guess" ECIDs, we need more information than we currently have. I've contacted someone in a unique position regarding that, and am currently waiting for a response.