2023-05-09 15:09:28 -05:00
|
|
|
import plistlib
|
2023-05-09 16:03:27 -05:00
|
|
|
from base64 import b64decode
|
|
|
|
|
|
2023-05-09 15:09:28 -05:00
|
|
|
import requests
|
|
|
|
|
|
2023-07-27 10:04:57 -05:00
|
|
|
from ._helpers import PROTOCOL_VERSION, USER_AGENT, KeyPair, parse_key, serialize_key
|
2023-05-09 16:03:27 -05:00
|
|
|
from .signing import add_auth_signature, armour_cert
|
2023-07-27 10:04:57 -05:00
|
|
|
|
|
|
|
|
from io import BytesIO
|
|
|
|
|
|
|
|
|
|
from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
2023-05-09 16:03:27 -05:00
|
|
|
|
2023-07-24 08:18:21 -05:00
|
|
|
import logging
|
|
|
|
|
logger = logging.getLogger("ids")
|
|
|
|
|
|
2023-07-27 10:04:57 -05:00
|
|
|
class IDSIdentity:
|
|
|
|
|
def __init__(self, signing_key: str | None = None, encryption_key: str | None = None, signing_public_key: str | None = None, encryption_public_key: str | None = None):
|
|
|
|
|
if signing_key is not None:
|
|
|
|
|
self.signing_key = signing_key
|
2023-08-17 20:14:44 -05:00
|
|
|
self.signing_public_key = serialize_key(parse_key(signing_key).public_key())# type: ignore
|
2023-07-27 10:04:57 -05:00
|
|
|
elif signing_public_key is not None:
|
|
|
|
|
self.signing_key = None
|
|
|
|
|
self.signing_public_key = signing_public_key
|
|
|
|
|
else:
|
|
|
|
|
# Generate a new key
|
|
|
|
|
self.signing_key = serialize_key(ec.generate_private_key(ec.SECP256R1()))
|
2023-08-17 20:14:44 -05:00
|
|
|
self.signing_public_key = serialize_key(parse_key(self.signing_key).public_key())# type: ignore
|
2023-07-27 10:04:57 -05:00
|
|
|
|
|
|
|
|
if encryption_key is not None:
|
|
|
|
|
self.encryption_key = encryption_key
|
2023-08-17 20:14:44 -05:00
|
|
|
self.encryption_public_key = serialize_key(parse_key(encryption_key).public_key())# type: ignore
|
2023-07-27 10:04:57 -05:00
|
|
|
elif encryption_public_key is not None:
|
|
|
|
|
self.encryption_key = None
|
|
|
|
|
self.encryption_public_key = encryption_public_key
|
|
|
|
|
else:
|
|
|
|
|
self.encryption_key = serialize_key(rsa.generate_private_key(65537, 1280))
|
2023-08-17 20:14:44 -05:00
|
|
|
self.encryption_public_key = serialize_key(parse_key(self.encryption_key).public_key())# type: ignore
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def decode(inp: bytes) -> 'IDSIdentity':
|
|
|
|
|
input = BytesIO(inp)
|
2023-07-27 10:04:57 -05:00
|
|
|
|
|
|
|
|
assert input.read(5) == b'\x30\x81\xF6\x81\x43' # DER header
|
|
|
|
|
raw_ecdsa = input.read(67)
|
|
|
|
|
assert input.read(3) == b'\x82\x81\xAE' # DER header
|
|
|
|
|
raw_rsa = input.read(174)
|
|
|
|
|
|
|
|
|
|
# Parse the RSA key
|
|
|
|
|
raw_rsa = BytesIO(raw_rsa)
|
|
|
|
|
assert raw_rsa.read(2) == b'\x00\xAC' # Not sure what this is
|
|
|
|
|
assert raw_rsa.read(3) == b'\x30\x81\xA9' # Inner DER header
|
|
|
|
|
assert raw_rsa.read(3) == b'\x02\x81\xA1'
|
|
|
|
|
rsa_modulus = raw_rsa.read(161)
|
|
|
|
|
rsa_modulus = int.from_bytes(rsa_modulus, "big")
|
|
|
|
|
assert raw_rsa.read(5) == b'\x02\x03\x01\x00\x01' # Exponent, should always be 65537
|
|
|
|
|
|
|
|
|
|
# Parse the EC key
|
|
|
|
|
assert raw_ecdsa[:3] == b'\x00\x41\x04'
|
|
|
|
|
raw_ecdsa = raw_ecdsa[3:]
|
|
|
|
|
ec_x = int.from_bytes(raw_ecdsa[:32], "big")
|
|
|
|
|
ec_y = int.from_bytes(raw_ecdsa[32:], "big")
|
|
|
|
|
|
|
|
|
|
ec_key = ec.EllipticCurvePublicNumbers(ec_x, ec_y, ec.SECP256R1())
|
|
|
|
|
ec_key = ec_key.public_key()
|
|
|
|
|
|
|
|
|
|
rsa_key = rsa.RSAPublicNumbers(e=65537, n=rsa_modulus)
|
|
|
|
|
rsa_key = rsa_key.public_key()
|
|
|
|
|
|
|
|
|
|
return IDSIdentity(signing_public_key=serialize_key(ec_key), encryption_public_key=serialize_key(rsa_key))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def encode(self) -> bytes:
|
|
|
|
|
output = BytesIO()
|
|
|
|
|
|
|
|
|
|
raw_rsa = BytesIO()
|
|
|
|
|
raw_rsa.write(b'\x00\xAC')
|
|
|
|
|
raw_rsa.write(b'\x30\x81\xA9')
|
|
|
|
|
raw_rsa.write(b'\x02\x81\xA1')
|
2023-08-17 20:14:44 -05:00
|
|
|
raw_rsa.write(parse_key(self.encryption_public_key).public_numbers().n.to_bytes(161, "big")) # type: ignore
|
2023-07-27 10:04:57 -05:00
|
|
|
raw_rsa.write(b'\x02\x03\x01\x00\x01') # Hardcode the exponent
|
|
|
|
|
|
|
|
|
|
output.write(b'\x30\x81\xF6\x81\x43')
|
|
|
|
|
output.write(b'\x00\x41\x04')
|
2023-08-17 20:14:44 -05:00
|
|
|
output.write(parse_key(self.signing_public_key).public_numbers().x.to_bytes(32, "big"))# type: ignore
|
|
|
|
|
output.write(parse_key(self.signing_public_key).public_numbers().y.to_bytes(32, "big"))# type: ignore
|
2023-07-27 10:04:57 -05:00
|
|
|
|
|
|
|
|
output.write(b'\x82\x81\xAE')
|
|
|
|
|
output.write(raw_rsa.getvalue())
|
2023-05-09 16:03:27 -05:00
|
|
|
|
2023-07-27 10:04:57 -05:00
|
|
|
return output.getvalue()
|
2023-08-25 21:26:37 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import apns
|
|
|
|
|
from . import _helpers
|
|
|
|
|
import uuid
|
|
|
|
|
from base64 import b64encode
|
2023-05-09 16:03:27 -05:00
|
|
|
def register(
|
2023-08-25 21:26:37 -05:00
|
|
|
push_connection: apns.APNSConnection, signing_users: list[tuple[str, _helpers.KeyPair]], user_payloads: list[dict], validation_data, device_id: uuid.UUID
|
2023-05-09 15:09:28 -05:00
|
|
|
):
|
|
|
|
|
body = {
|
2023-08-25 21:26:37 -05:00
|
|
|
# TODO: Abstract this out
|
2023-10-08 12:47:53 -05:00
|
|
|
"device-name": "iPhone",
|
|
|
|
|
"hardware-version": "iPhone9,4",
|
2023-05-09 15:09:28 -05:00
|
|
|
"language": "en-US",
|
2023-10-08 12:47:53 -05:00
|
|
|
"os-version": "iPhone OS,15.7.5,19H332",
|
|
|
|
|
"software-version": "19H332",
|
|
|
|
|
|
|
|
|
|
# "private-device-data": {
|
|
|
|
|
# "ap": "1",
|
|
|
|
|
# "c": "#c8caca",
|
|
|
|
|
# "d": "717284928.014101",
|
|
|
|
|
# "dt": 2,
|
|
|
|
|
# "ec": "#dcdede",
|
|
|
|
|
# "gt": "0",
|
|
|
|
|
# "h": "1",
|
|
|
|
|
# "ktf": "0",
|
|
|
|
|
# "m": "1",
|
|
|
|
|
# "p": "1",
|
|
|
|
|
# "pb": "19H332",
|
|
|
|
|
# "pn": "iPhone OS",
|
|
|
|
|
# "pv": "15.7.5",
|
|
|
|
|
# "s": "1",
|
|
|
|
|
# "t": "1",
|
|
|
|
|
# "u": "68DCE294-AE02-4740-8AD8-9689A1470505",
|
|
|
|
|
# "v": "1",
|
|
|
|
|
# },
|
2023-05-09 15:09:28 -05:00
|
|
|
"services": [
|
|
|
|
|
{
|
2023-08-11 14:45:17 -05:00
|
|
|
"capabilities": [{"flags": 1, "name": "Messenger", "version": 1}],
|
2023-05-09 15:09:28 -05:00
|
|
|
"service": "com.apple.madrid",
|
2023-08-11 14:45:17 -05:00
|
|
|
"sub-services": ["com.apple.private.alloy.sms",
|
|
|
|
|
"com.apple.private.alloy.biz",
|
|
|
|
|
"com.apple.private.alloy.gamecenter.imessage"],
|
2023-08-25 21:26:37 -05:00
|
|
|
"users": user_payloads,
|
2023-05-09 15:09:28 -05:00
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"validation-data": b64decode(validation_data),
|
2023-10-08 12:47:53 -05:00
|
|
|
# "validation-data": b64decode("""
|
|
|
|
|
# Au1sqv8fuZVdB2nCX4pVx3/s6FLDr5+bIzK+NUsMkjEhAAAA4AYAAAAAAAAAgA1uoKC3
|
|
|
|
|
# E4nBdWTD+QVCDx7Xu2Ih6ds2l02C5N1c2M2kCUHV1kMquP0ZtFe+UflhXdUJgapdkiN2
|
|
|
|
|
# Hn/L8GRMvfwIKZcPUUZXRFcjtE5UkwnWoTQ6pO37eDGV0ioggZJG1lv/zCEJDodB6qRB
|
|
|
|
|
# nqzdprSzIgQJKurqMkBqb8oCszd/AAAAAAAAAE8BbRfGn/FGhbN4rpbN/HDJu5yXCvcA
|
|
|
|
|
# AAA2CABPOkmSAuxjuaJK7fou9SkxZRCv+WrtU73TrSBnDLgZ60wRnlDQ7pHtRpFOQe99
|
|
|
|
|
# Us6D/TwC
|
|
|
|
|
# """.replace("\n", "").replace(" ", "")),
|
|
|
|
|
|
2023-05-09 15:09:28 -05:00
|
|
|
}
|
2023-08-25 21:26:37 -05:00
|
|
|
|
2023-10-08 12:47:53 -05:00
|
|
|
logger.warning(f"Sending IDS registration request: {body}")
|
2023-08-24 06:31:11 -05:00
|
|
|
|
2023-05-09 15:09:28 -05:00
|
|
|
body = plistlib.dumps(body)
|
|
|
|
|
|
2023-08-25 21:26:37 -05:00
|
|
|
# Construct headers
|
2023-05-09 15:09:28 -05:00
|
|
|
headers = {
|
|
|
|
|
"x-protocol-version": PROTOCOL_VERSION,
|
|
|
|
|
}
|
2023-08-25 21:26:37 -05:00
|
|
|
for i, (user_id, keypair) in enumerate(signing_users):
|
2023-08-24 06:31:11 -05:00
|
|
|
headers[f"x-auth-user-id-{i}"] = user_id
|
2023-08-25 21:26:37 -05:00
|
|
|
add_auth_signature(headers, body, "id-register", keypair, _helpers.get_key_pair(push_connection.credentials), b64encode(push_connection.credentials.token).decode(), i)
|
2023-08-24 06:31:11 -05:00
|
|
|
|
2023-08-25 21:26:37 -05:00
|
|
|
logger.debug(f"Headers: {headers}")
|
2023-05-09 15:09:28 -05:00
|
|
|
|
|
|
|
|
r = requests.post(
|
|
|
|
|
"https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",
|
|
|
|
|
headers=headers,
|
|
|
|
|
data=body,
|
|
|
|
|
verify=False,
|
|
|
|
|
)
|
|
|
|
|
r = plistlib.loads(r.content)
|
2023-08-25 21:26:37 -05:00
|
|
|
|
|
|
|
|
logger.debug(f"Received response to IDS registration: {r}")
|
|
|
|
|
|
2023-05-09 15:09:28 -05:00
|
|
|
if "status" in r and r["status"] == 6004:
|
|
|
|
|
raise Exception("Validation data expired!")
|
|
|
|
|
# TODO: Do validation of nested statuses
|
2023-05-09 16:03:27 -05:00
|
|
|
if "status" in r and r["status"] != 0:
|
|
|
|
|
raise Exception(f"Failed to register: {r}")
|
|
|
|
|
if not "services" in r:
|
|
|
|
|
raise Exception(f"No services in response: {r}")
|
|
|
|
|
if not "users" in r["services"][0]:
|
|
|
|
|
raise Exception(f"No users in response: {r}")
|
2023-08-25 21:26:37 -05:00
|
|
|
|
|
|
|
|
output = {}
|
|
|
|
|
for user in r["services"][0]["users"]:
|
|
|
|
|
if not "cert" in user:
|
|
|
|
|
raise Exception(f"No cert in response: {r}")
|
|
|
|
|
for uri in user["uris"]:
|
|
|
|
|
if uri["status"] != 0:
|
|
|
|
|
raise Exception(f"Failed to register URI {uri['uri']}: {r}")
|
|
|
|
|
output[user["user-id"]] = armour_cert(user["cert"])
|
|
|
|
|
|
|
|
|
|
return output
|
