pypush-plus-plus/pypush/ids/identity.py

import plistlib
from base64 import b64decode

import requests

from ._helpers import PROTOCOL_VERSION, KeyPair, parse_key, serialize_key
from .signing import add_auth_signature, armour_cert

from io import BytesIO

from cryptography.hazmat.primitives.asymmetric import ec, rsa

from typing import Self

import logging
logger = logging.getLogger("ids")

class IDSIdentity:
    def __init__(
		self,
		signing_key: str | None = None,
		encryption_key: str | None = None,
		signing_public_key: str | None = None,
		encryption_public_key: str | None = None
	):
        if signing_key is not None:
            self.signing_key = signing_key
            self.signing_public_key = serialize_key(parse_key(signing_key).public_key())# type: ignore
        elif signing_public_key is not None:
            self.signing_key = None
            self.signing_public_key = signing_public_key
        else:
            # Generate a new key
            self.signing_key = serialize_key(ec.generate_private_key(ec.SECP256R1()))
            self.signing_public_key = serialize_key(parse_key(self.signing_key).public_key())# type: ignore

        if encryption_key is not None:
            self.encryption_key = encryption_key
            self.encryption_public_key = serialize_key(parse_key(encryption_key).public_key())# type: ignore
        elif encryption_public_key is not None:
            self.encryption_key = None
            self.encryption_public_key = encryption_public_key
        else:
            self.encryption_key = serialize_key(rsa.generate_private_key(65537, 1280))
            self.encryption_public_key = serialize_key(parse_key(self.encryption_key).public_key())# type: ignore

    @classmethod
    def decode(cls, inp: bytes) -> Self:
        input = BytesIO(inp)

        assert input.read(5) == b'\x30\x81\xF6\x81\x43' # DER header
        raw_ecdsa = input.read(67)
        assert input.read(3) == b'\x82\x81\xAE' # DER header
        raw_rsa = input.read(174)

        # Parse the RSA key
        raw_rsa = BytesIO(raw_rsa)
        assert raw_rsa.read(2) == b'\x00\xAC' # Not sure what this is
        assert raw_rsa.read(3) == b'\x30\x81\xA9' # Inner DER header
        assert raw_rsa.read(3) == b'\x02\x81\xA1'
        rsa_modulus = raw_rsa.read(161)
        rsa_modulus = int.from_bytes(rsa_modulus, "big")
        assert raw_rsa.read(5) == b'\x02\x03\x01\x00\x01' # Exponent, should always be 65537

        # Parse the EC key
        assert raw_ecdsa[:3] == b'\x00\x41\x04'
        raw_ecdsa = raw_ecdsa[3:]
        ec_x = int.from_bytes(raw_ecdsa[:32], "big")
        ec_y = int.from_bytes(raw_ecdsa[32:], "big")

        ec_key = ec.EllipticCurvePublicNumbers(ec_x, ec_y, ec.SECP256R1())
        ec_key = ec_key.public_key()

        rsa_key = rsa.RSAPublicNumbers(e=65537, n=rsa_modulus)
        rsa_key = rsa_key.public_key()

        return IDSIdentity(signing_public_key=serialize_key(ec_key), encryption_public_key=serialize_key(rsa_key))


    def encode(self) -> bytes:
        output = BytesIO()

        raw_rsa = BytesIO()
        raw_rsa.write(b'\x00\xAC')
        raw_rsa.write(b'\x30\x81\xA9')
        raw_rsa.write(b'\x02\x81\xA1')
        raw_rsa.write(parse_key(self.encryption_public_key).public_numbers().n.to_bytes(161, "big")) # type: ignore
        raw_rsa.write(b'\x02\x03\x01\x00\x01') # Hardcode the exponent

        output.write(b'\x30\x81\xF6\x81\x43')
        output.write(b'\x00\x41\x04')
        output.write(parse_key(self.signing_public_key).public_numbers().x.to_bytes(32, "big"))# type: ignore
        output.write(parse_key(self.signing_public_key).public_numbers().y.to_bytes(32, "big"))# type: ignore

        output.write(b'\x82\x81\xAE')
        output.write(raw_rsa.getvalue())

        return output.getvalue()

def register(
    push_token, handles, user_id, auth_key: KeyPair, push_key: KeyPair, identity: IDSIdentity, validation_data
):
    logger.debug(f"Registering IDS identity for {handles}")
    uris = [{"uri": handle} for handle in handles]
    import uuid
    body = {
        "device-name": "pypush",
        "hardware-version": "MacBookPro18,3",
        "language": "en-US",
        "os-version": "macOS,13.2.1,22D68",
        "software-version": "22D68",
        "private-device-data": {
            "u": uuid.uuid4().hex.upper(),
        },
        "services": [
            {
                "capabilities": [{"flags": 1, "name": "Messenger", "version": 1}],
                "service": "com.apple.madrid",
                "sub-services": ["com.apple.private.alloy.sms",
                                 "com.apple.private.alloy.gelato",
                                 "com.apple.private.alloy.biz",
                                 "com.apple.private.alloy.gamecenter.imessage"],
                "users": [
                    {
                        "client-data": {
                            'is-c2k-equipment': True,
						    'optionally-receive-typing-indicators': True,
						    'public-message-identity-key': identity.encode(),
						    'public-message-identity-version':2,
                            'show-peer-errors': True,
                            'supports-ack-v1': True,
                            'supports-activity-sharing-v1': True,
                            'supports-audio-messaging-v2': True,
                            "supports-autoloopvideo-v1": True,
                            'supports-be-v1': True,
                            'supports-ca-v1': True,
                            'supports-fsm-v1': True,
                            'supports-fsm-v2': True,
                            'supports-fsm-v3': True,
                            'supports-ii-v1': True,
                            'supports-impact-v1': True,
                            'supports-inline-attachments': True,
                            'supports-keep-receipts': True,
                            "supports-location-sharing": True,
                            'supports-media-v2': True,
                            'supports-photos-extension-v1': True,
                            'supports-st-v1': True,
                            'supports-update-attachments-v1': True,
                        },
                        "uris": uris,
                        "user-id": user_id,
                    }
                ],
            }
        ],
        "validation-data": b64decode(validation_data),
    }

    body = plistlib.dumps(body)

    headers = {
        "x-protocol-version": PROTOCOL_VERSION,
        "x-auth-user-id-0": user_id,
    }
    add_auth_signature(headers, body, "id-register", auth_key, push_key, push_token, 0)

    r = requests.post(
        "https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",
        headers=headers,
        data=body,
        verify=False,
    )
    r = plistlib.loads(r.content)
    #print(f'Response code: {r["status"]}')
    logger.debug(f"Recieved response to IDS registration: {r}")
    if "status" in r and r["status"] == 6004:
        raise Exception("Validation data expired!")
    # TODO: Do validation of nested statuses
    if "status" in r and r["status"] != 0:
        raise Exception(f"Failed to register: {r}")
    if not "services" in r:
        raise Exception(f"No services in response: {r}")
    if not "users" in r["services"][0]:
        raise Exception(f"No users in response: {r}")
    if not "cert" in r["services"][0]["users"][0]:
        raise Exception(f"No cert in response: {r}")

    return armour_cert(r["services"][0]["users"][0]["cert"])
more refactoring 2023-05-09 15:09:28 -05:00			`import plistlib`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`from base64 import b64decode`

more refactoring 2023-05-09 15:09:28 -05:00			`import requests`

- Remove unused imports - extract idsuser authentication functionality to separate function so that it can be reused - add more typing hints to make lsp happier - access dictionary values more safely with walrus operator - simplify some list comprehension and iteration - print proxy errors in more detail so they're easier to debug - store apnsconnection in proxy so that we can use it to make a user and decrypt payloads if needed 2023-08-21 22:10:04 -05:00			`from ._helpers import PROTOCOL_VERSION, KeyPair, parse_key, serialize_key`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`from .signing import add_auth_signature, armour_cert`
begin refactor 2023-07-27 10:04:57 -05:00
			`from io import BytesIO`

			`from cryptography.hazmat.primitives.asymmetric import ec, rsa`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00
- Remove unused imports - extract idsuser authentication functionality to separate function so that it can be reused - add more typing hints to make lsp happier - access dictionary values more safely with walrus operator - simplify some list comprehension and iteration - print proxy errors in more detail so they're easier to debug - store apnsconnection in proxy so that we can use it to make a user and decrypt payloads if needed 2023-08-21 22:10:04 -05:00			`from typing import Self`

Use logging for logging everywhere 2023-07-24 08:18:21 -05:00			`import logging`
			`logger = logging.getLogger("ids")`

begin refactor 2023-07-27 10:04:57 -05:00			`class IDSIdentity:`
- Remove unused imports - extract idsuser authentication functionality to separate function so that it can be reused - add more typing hints to make lsp happier - access dictionary values more safely with walrus operator - simplify some list comprehension and iteration - print proxy errors in more detail so they're easier to debug - store apnsconnection in proxy so that we can use it to make a user and decrypt payloads if needed 2023-08-21 22:10:04 -05:00			`def __init__(`
			`self,`
			`signing_key: str \| None = None,`
			`encryption_key: str \| None = None,`
			`signing_public_key: str \| None = None,`
			`encryption_public_key: str \| None = None`
			`):`
begin refactor 2023-07-27 10:04:57 -05:00			`if signing_key is not None:`
			`self.signing_key = signing_key`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`self.signing_public_key = serialize_key(parse_key(signing_key).public_key())# type: ignore`
begin refactor 2023-07-27 10:04:57 -05:00			`elif signing_public_key is not None:`
			`self.signing_key = None`
			`self.signing_public_key = signing_public_key`
			`else:`
			`# Generate a new key`
			`self.signing_key = serialize_key(ec.generate_private_key(ec.SECP256R1()))`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`self.signing_public_key = serialize_key(parse_key(self.signing_key).public_key())# type: ignore`
- Remove eol whitespace - Add retry for writing to stream since it's busy sometimes - add a few more type hints - add back demo.py tui commands - add sending with effects 2023-08-22 12:13:31 -05:00
begin refactor 2023-07-27 10:04:57 -05:00			`if encryption_key is not None:`
			`self.encryption_key = encryption_key`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`self.encryption_public_key = serialize_key(parse_key(encryption_key).public_key())# type: ignore`
begin refactor 2023-07-27 10:04:57 -05:00			`elif encryption_public_key is not None:`
			`self.encryption_key = None`
			`self.encryption_public_key = encryption_public_key`
			`else:`
			`self.encryption_key = serialize_key(rsa.generate_private_key(65537, 1280))`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`self.encryption_public_key = serialize_key(parse_key(self.encryption_key).public_key())# type: ignore`
- Remove eol whitespace - Add retry for writing to stream since it's busy sometimes - add a few more type hints - add back demo.py tui commands - add sending with effects 2023-08-22 12:13:31 -05:00
- Remove unused imports - extract idsuser authentication functionality to separate function so that it can be reused - add more typing hints to make lsp happier - access dictionary values more safely with walrus operator - simplify some list comprehension and iteration - print proxy errors in more detail so they're easier to debug - store apnsconnection in proxy so that we can use it to make a user and decrypt payloads if needed 2023-08-21 22:10:04 -05:00			`@classmethod`
			`def decode(cls, inp: bytes) -> Self:`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`input = BytesIO(inp)`
begin refactor 2023-07-27 10:04:57 -05:00
			`assert input.read(5) == b'\x30\x81\xF6\x81\x43' # DER header`
			`raw_ecdsa = input.read(67)`
			`assert input.read(3) == b'\x82\x81\xAE' # DER header`
			`raw_rsa = input.read(174)`

			`# Parse the RSA key`
			`raw_rsa = BytesIO(raw_rsa)`
			`assert raw_rsa.read(2) == b'\x00\xAC' # Not sure what this is`
			`assert raw_rsa.read(3) == b'\x30\x81\xA9' # Inner DER header`
			`assert raw_rsa.read(3) == b'\x02\x81\xA1'`
			`rsa_modulus = raw_rsa.read(161)`
			`rsa_modulus = int.from_bytes(rsa_modulus, "big")`
			`assert raw_rsa.read(5) == b'\x02\x03\x01\x00\x01' # Exponent, should always be 65537`

			`# Parse the EC key`
			`assert raw_ecdsa[:3] == b'\x00\x41\x04'`
			`raw_ecdsa = raw_ecdsa[3:]`
			`ec_x = int.from_bytes(raw_ecdsa[:32], "big")`
			`ec_y = int.from_bytes(raw_ecdsa[32:], "big")`

			`ec_key = ec.EllipticCurvePublicNumbers(ec_x, ec_y, ec.SECP256R1())`
			`ec_key = ec_key.public_key()`

			`rsa_key = rsa.RSAPublicNumbers(e=65537, n=rsa_modulus)`
			`rsa_key = rsa_key.public_key()`

			`return IDSIdentity(signing_public_key=serialize_key(ec_key), encryption_public_key=serialize_key(rsa_key))`


			`def encode(self) -> bytes:`
			`output = BytesIO()`

			`raw_rsa = BytesIO()`
			`raw_rsa.write(b'\x00\xAC')`
			`raw_rsa.write(b'\x30\x81\xA9')`
			`raw_rsa.write(b'\x02\x81\xA1')`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`raw_rsa.write(parse_key(self.encryption_public_key).public_numbers().n.to_bytes(161, "big")) # type: ignore`
begin refactor 2023-07-27 10:04:57 -05:00			`raw_rsa.write(b'\x02\x03\x01\x00\x01') # Hardcode the exponent`

			`output.write(b'\x30\x81\xF6\x81\x43')`
			`output.write(b'\x00\x41\x04')`
typing, async, kinda works most of the time 2023-08-17 20:14:44 -05:00			`output.write(parse_key(self.signing_public_key).public_numbers().x.to_bytes(32, "big"))# type: ignore`
			`output.write(parse_key(self.signing_public_key).public_numbers().y.to_bytes(32, "big"))# type: ignore`
begin refactor 2023-07-27 10:04:57 -05:00
			`output.write(b'\x82\x81\xAE')`
			`output.write(raw_rsa.getvalue())`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00
begin refactor 2023-07-27 10:04:57 -05:00			`return output.getvalue()`
- Remove eol whitespace - Add retry for writing to stream since it's busy sometimes - add a few more type hints - add back demo.py tui commands - add sending with effects 2023-08-22 12:13:31 -05:00
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`def register(`
begin refactor 2023-07-27 10:04:57 -05:00			`push_token, handles, user_id, auth_key: KeyPair, push_key: KeyPair, identity: IDSIdentity, validation_data`
more refactoring 2023-05-09 15:09:28 -05:00			`):`
Use logging for logging everywhere 2023-07-24 08:18:21 -05:00			`logger.debug(f"Registering IDS identity for {handles}")`
more refactoring 2023-05-09 15:09:28 -05:00			`uris = [{"uri": handle} for handle in handles]`
add uuid to registration message to make sms forwarding happy 2023-08-12 06:36:30 -05:00			`import uuid`
more refactoring 2023-05-09 15:09:28 -05:00			`body = {`
stuff we did on the call 2023-08-11 14:45:17 -05:00			`"device-name": "pypush",`
more refactoring 2023-05-09 15:09:28 -05:00			`"hardware-version": "MacBookPro18,3",`
			`"language": "en-US",`
			`"os-version": "macOS,13.2.1,22D68",`
			`"software-version": "22D68",`
add uuid to registration message to make sms forwarding happy 2023-08-12 06:36:30 -05:00			`"private-device-data": {`
			`"u": uuid.uuid4().hex.upper(),`
			`},`
more refactoring 2023-05-09 15:09:28 -05:00			`"services": [`
			`{`
stuff we did on the call 2023-08-11 14:45:17 -05:00			`"capabilities": [{"flags": 1, "name": "Messenger", "version": 1}],`
more refactoring 2023-05-09 15:09:28 -05:00			`"service": "com.apple.madrid",`
stuff we did on the call 2023-08-11 14:45:17 -05:00			`"sub-services": ["com.apple.private.alloy.sms",`
			`"com.apple.private.alloy.gelato",`
			`"com.apple.private.alloy.biz",`
			`"com.apple.private.alloy.gamecenter.imessage"],`
more refactoring 2023-05-09 15:09:28 -05:00			`"users": [`
			`{`
yay kinda works 2023-07-24 15:37:53 -05:00			`"client-data": {`
			`'is-c2k-equipment': True,`
			`'optionally-receive-typing-indicators': True,`
begin refactor 2023-07-27 10:04:57 -05:00			`'public-message-identity-key': identity.encode(),`
IT CAN DECRYPT :tada: 2023-07-25 17:46:50 -05:00			`'public-message-identity-version':2,`
			`'show-peer-errors': True,`
			`'supports-ack-v1': True,`
			`'supports-activity-sharing-v1': True,`
			`'supports-audio-messaging-v2': True,`
			`"supports-autoloopvideo-v1": True,`
			`'supports-be-v1': True,`
			`'supports-ca-v1': True,`
			`'supports-fsm-v1': True,`
			`'supports-fsm-v2': True,`
			`'supports-fsm-v3': True,`
			`'supports-ii-v1': True,`
			`'supports-impact-v1': True,`
			`'supports-inline-attachments': True,`
			`'supports-keep-receipts': True,`
			`"supports-location-sharing": True,`
			`'supports-media-v2': True,`
			`'supports-photos-extension-v1': True,`
			`'supports-st-v1': True,`
			`'supports-update-attachments-v1': True,`
yay kinda works 2023-07-24 15:37:53 -05:00			`},`
more refactoring 2023-05-09 15:09:28 -05:00			`"uris": uris,`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`"user-id": user_id,`
more refactoring 2023-05-09 15:09:28 -05:00			`}`
			`],`
			`}`
			`],`
			`"validation-data": b64decode(validation_data),`
			`}`

			`body = plistlib.dumps(body)`

			`headers = {`
			`"x-protocol-version": PROTOCOL_VERSION,`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`"x-auth-user-id-0": user_id,`
more refactoring 2023-05-09 15:09:28 -05:00			`}`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`add_auth_signature(headers, body, "id-register", auth_key, push_key, push_token, 0)`
more refactoring 2023-05-09 15:09:28 -05:00
			`r = requests.post(`
			`"https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",`
			`headers=headers,`
			`data=body,`
			`verify=False,`
			`)`
			`r = plistlib.loads(r.content)`
Use logging for logging everywhere 2023-07-24 08:18:21 -05:00			`#print(f'Response code: {r["status"]}')`
			`logger.debug(f"Recieved response to IDS registration: {r}")`
more refactoring 2023-05-09 15:09:28 -05:00			`if "status" in r and r["status"] == 6004:`
			`raise Exception("Validation data expired!")`
			`# TODO: Do validation of nested statuses`
remove old stuff, more refactoring 2023-05-09 16:03:27 -05:00			`if "status" in r and r["status"] != 0:`
			`raise Exception(f"Failed to register: {r}")`
			`if not "services" in r:`
			`raise Exception(f"No services in response: {r}")`
			`if not "users" in r["services"][0]:`
			`raise Exception(f"No users in response: {r}")`
			`if not "cert" in r["services"][0]["users"][0]:`
			`raise Exception(f"No cert in response: {r}")`

			`return armour_cert(r["services"][0]["users"][0]["cert"])`