2023-04-07 05:48:14 +00:00
|
|
|
# TLS server to proxy APNs traffic
|
|
|
|
|
|
|
|
import socket
|
2023-04-11 16:23:04 +00:00
|
|
|
import sys
|
2023-04-07 05:48:14 +00:00
|
|
|
import threading
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
import tlslite
|
|
|
|
|
2023-04-07 20:24:05 +00:00
|
|
|
# setting path
|
2023-04-11 16:23:04 +00:00
|
|
|
sys.path.append("../")
|
2023-04-07 20:24:05 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
# APNs server to proxy traffic to
|
2023-04-07 17:44:56 +00:00
|
|
|
APNS_HOST = "windows.courier.push.apple.com"
|
2023-04-07 05:48:14 +00:00
|
|
|
APNS_PORT = 5223
|
2023-04-07 23:54:19 +00:00
|
|
|
ALPN = b"apns-security-v3"
|
2023-04-11 16:23:04 +00:00
|
|
|
# ALPN = b"apns-security-v2"
|
|
|
|
# ALPN = b"apns-pack-v1"
|
2023-04-07 05:48:14 +00:00
|
|
|
|
2023-04-07 20:24:05 +00:00
|
|
|
global_cnt = 0
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
# Connect to the APNs server
|
|
|
|
def connect() -> tlslite.TLSConnection:
|
|
|
|
# Connect to the APNs server
|
|
|
|
sock = socket.create_connection((APNS_HOST, APNS_PORT))
|
|
|
|
# Wrap the socket in TLS
|
|
|
|
ssock = tlslite.TLSConnection(sock)
|
2023-04-11 16:23:04 +00:00
|
|
|
# print("Handshaking with APNs")
|
2023-04-07 05:48:14 +00:00
|
|
|
# Handshake with the server
|
2023-04-07 20:24:05 +00:00
|
|
|
if ALPN == b"apns-security-v3":
|
2023-04-07 23:54:19 +00:00
|
|
|
print("Using v3")
|
2023-04-07 20:24:05 +00:00
|
|
|
ssock.handshakeClientCert(alpn=[ALPN])
|
|
|
|
else:
|
|
|
|
import albert
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-07 20:24:05 +00:00
|
|
|
private_key, cert = albert.generate_push_cert()
|
|
|
|
cert = tlslite.X509CertChain([tlslite.X509().parse(cert)])
|
|
|
|
private_key = tlslite.parsePEMKey(private_key, private=True)
|
|
|
|
# Handshake with the server
|
|
|
|
ssock.handshakeClientCert(cert, private_key, alpn=[ALPN])
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
return ssock
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
|
|
|
|
cert: str = None
|
|
|
|
key: str = None
|
2023-04-07 05:48:14 +00:00
|
|
|
|
2023-04-07 13:28:32 +00:00
|
|
|
|
|
|
|
import apns
|
|
|
|
import printer
|
|
|
|
|
2023-04-08 00:39:55 +00:00
|
|
|
outgoing_list = []
|
|
|
|
incoming_list = []
|
2023-04-11 16:23:04 +00:00
|
|
|
# last_outgoing = b""
|
|
|
|
|
2023-04-07 13:28:32 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
def proxy(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection, prefix: str = ""):
|
2023-04-07 14:33:03 +00:00
|
|
|
try:
|
|
|
|
while True:
|
|
|
|
# Read data from the first connection
|
|
|
|
data = conn1.read()
|
2023-04-11 16:23:04 +00:00
|
|
|
# print(prefix, "data: ", data)
|
2023-04-07 14:33:03 +00:00
|
|
|
# If there is no data, the connection has closed
|
|
|
|
if not data:
|
2023-04-07 23:54:19 +00:00
|
|
|
print(prefix, "Connection closed due to no data")
|
2023-04-07 14:33:03 +00:00
|
|
|
break
|
2023-04-07 05:48:14 +00:00
|
|
|
|
2023-04-08 20:01:03 +00:00
|
|
|
try:
|
2023-04-11 16:23:04 +00:00
|
|
|
override = printer.pretty_print_payload(
|
|
|
|
prefix, apns._deserialize_payload_from_buffer(data)
|
|
|
|
)
|
2023-04-08 20:01:03 +00:00
|
|
|
except Exception as e:
|
2023-04-11 16:23:04 +00:00
|
|
|
print(e) # Can't crash the proxy over parsing errors
|
2023-04-07 14:33:03 +00:00
|
|
|
if override is not None:
|
|
|
|
data = override
|
|
|
|
print("OVERRIDE: ", end="")
|
2023-04-11 16:23:04 +00:00
|
|
|
printer.pretty_print_payload(
|
|
|
|
prefix, apns._deserialize_payload_from_buffer(data)
|
|
|
|
)
|
2023-04-07 13:28:32 +00:00
|
|
|
|
2023-04-08 00:39:55 +00:00
|
|
|
if "apsd -> APNs" in prefix:
|
|
|
|
global outgoing_list
|
|
|
|
outgoing_list.insert(0, data)
|
|
|
|
if len(outgoing_list) > 100:
|
|
|
|
outgoing_list.pop()
|
|
|
|
elif "APNs -> apsd" in prefix:
|
|
|
|
global incoming_list
|
|
|
|
incoming_list.insert(0, data)
|
|
|
|
if len(incoming_list) > 100:
|
|
|
|
incoming_list.pop()
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
# print(prefix, data)
|
2023-04-07 14:33:03 +00:00
|
|
|
# Write the data to the second connection
|
|
|
|
conn2.write(data)
|
2023-04-07 16:19:44 +00:00
|
|
|
except OSError as e:
|
|
|
|
if e.errno == 9:
|
2023-04-07 23:54:19 +00:00
|
|
|
print(prefix, "Connection closed due to OSError 9")
|
2023-04-11 16:23:04 +00:00
|
|
|
pass # Probably a connection closed error
|
2023-04-07 23:54:19 +00:00
|
|
|
else:
|
|
|
|
raise e
|
|
|
|
except tlslite.TLSAbruptCloseError as e:
|
|
|
|
print(prefix, "Connection closed abruptly: ", e)
|
2023-04-07 05:48:14 +00:00
|
|
|
print("Connection closed")
|
|
|
|
# Close the connections
|
|
|
|
conn1.close()
|
|
|
|
conn2.close()
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-08 01:12:10 +00:00
|
|
|
repl_lock = False
|
2023-04-11 16:23:04 +00:00
|
|
|
|
|
|
|
|
2023-04-08 00:51:15 +00:00
|
|
|
def repl(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection):
|
2023-04-08 01:12:10 +00:00
|
|
|
global repl_lock
|
|
|
|
if repl_lock:
|
|
|
|
print("REPL already running")
|
|
|
|
return
|
|
|
|
repl_lock = True
|
|
|
|
import IPython
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-08 01:12:10 +00:00
|
|
|
IPython.embed()
|
2023-04-08 00:39:55 +00:00
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
def handle(conn: socket.socket):
|
|
|
|
# Wrap the socket in TLS
|
|
|
|
s_conn = tlslite.TLSConnection(conn)
|
|
|
|
global cert, key
|
|
|
|
chain = tlslite.X509CertChain()
|
|
|
|
chain.parsePemList(cert)
|
2023-04-11 16:23:04 +00:00
|
|
|
# print(chain)
|
|
|
|
# cert = tlslite.X509CertChain([tlslite.X509().parse(cert)])
|
|
|
|
key_parsed = tlslite.parsePEMKey(key, private=True)
|
|
|
|
# print(key_parsed)
|
|
|
|
s_conn.handshakeServer(
|
|
|
|
certChain=chain, privateKey=key_parsed, reqCert=False, alpn=[ALPN]
|
|
|
|
)
|
2023-04-07 05:48:14 +00:00
|
|
|
|
|
|
|
print("Handling connection")
|
|
|
|
# Connect to the APNs server
|
|
|
|
apns = connect()
|
|
|
|
print("Connected to APNs")
|
2023-04-07 20:24:05 +00:00
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
threading.Thread(target=repl, args=(s_conn, apns)).start()
|
2023-04-08 00:39:55 +00:00
|
|
|
|
2023-04-07 20:24:05 +00:00
|
|
|
global global_cnt
|
|
|
|
global_cnt += 1
|
2023-04-07 05:48:14 +00:00
|
|
|
# Proxy data between the connections
|
|
|
|
# Create a thread to proxy data from the APNs server to the client
|
2023-04-11 16:23:04 +00:00
|
|
|
threading.Thread(
|
|
|
|
target=proxy, args=(s_conn, apns, f"{global_cnt} apsd -> APNs")
|
|
|
|
).start()
|
2023-04-07 05:48:14 +00:00
|
|
|
# Just proxy data from the client to the APNs server in this thread
|
2023-04-07 20:24:05 +00:00
|
|
|
proxy(apns, s_conn, f"{global_cnt} APNs -> apsd")
|
2023-04-07 05:48:14 +00:00
|
|
|
|
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
def serve():
|
2023-04-07 05:48:14 +00:00
|
|
|
# Create a socket to listen for connections
|
|
|
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
2023-04-07 23:54:19 +00:00
|
|
|
# Allow the socket to be reused
|
|
|
|
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
2023-04-07 05:48:14 +00:00
|
|
|
sock.bind(("localhost", 5223))
|
|
|
|
sock.listen()
|
|
|
|
|
|
|
|
print("Listening for connections...")
|
|
|
|
|
|
|
|
# Handshake with the client
|
|
|
|
# Read the certificate and private key from the config
|
|
|
|
with open("push_certificate_chain.pem", "r") as f:
|
|
|
|
global cert
|
|
|
|
cert = f.read()
|
|
|
|
|
|
|
|
# NEED TO USE OPENSSL, SEE CORETRUST CMD, MIMIC ENTRUST? OR AT LEAST SEE PUSHPROXY FOR EXTRACTION & REPLACEMENT
|
|
|
|
with open("push_key.pem", "r") as f:
|
|
|
|
global key
|
|
|
|
key = f.read()
|
|
|
|
|
2023-04-07 23:54:19 +00:00
|
|
|
conns = []
|
2023-04-07 05:48:14 +00:00
|
|
|
# Accept connections
|
2023-04-07 23:54:19 +00:00
|
|
|
try:
|
|
|
|
while True:
|
|
|
|
# Accept a connection
|
|
|
|
conn, addr = sock.accept()
|
|
|
|
conns.append(conn)
|
|
|
|
# Create a thread to handle the connection
|
2023-04-11 16:23:04 +00:00
|
|
|
# handle(conn)
|
2023-04-07 23:54:19 +00:00
|
|
|
thread = threading.Thread(target=handle, args=(conn,))
|
|
|
|
thread.start()
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
print("Keyboard interrupt, closing sockets")
|
|
|
|
for conn in conns:
|
|
|
|
conn.close()
|
|
|
|
sock.close()
|
2023-04-07 05:48:14 +00:00
|
|
|
|
2023-04-11 16:23:04 +00:00
|
|
|
|
2023-04-07 05:48:14 +00:00
|
|
|
if __name__ == "__main__":
|
|
|
|
serve()
|