I think someone used this route but ran the real binary on real phones that had been injected with his code that allowed tokens to be generated.