refactor bag lookups

This commit is contained in:
JJTech0130 2023-04-12 13:13:47 -04:00
parent 8148504722
commit 125c668ea1
No known key found for this signature in database
GPG key ID: 23C92EBCCF8F93D6
4 changed files with 57 additions and 33 deletions

49
bags.py Normal file
View file

@ -0,0 +1,49 @@
import plistlib
import requests
def apns_init_bag():
r = requests.get("https://init.push.apple.com/bag", verify=False)
if r.status_code != 200:
raise Exception("Failed to get APNs init bag")
# Parse the config as a plist
bag = plistlib.loads(r.content)
return bag
# This is the same as the above, but the response has a signature which we unwrap
def apns_init_bag_2():
r = requests.get("http://init-p01st.push.apple.com/bag", verify=False)
if r.status_code != 200:
raise Exception("Failed to get APNs init bag 2")
content = plistlib.loads(r.content)
bag = plistlib.loads(content["bag"])
return bag
def ids_bag():
r = requests.get(
"https://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag?ix=3", verify=False
)
if r.status_code != 200:
raise Exception("Failed to get IDS bag")
# Parse the config as a plist
content = plistlib.loads(r.content)
# Load the inner bag
bag = plistlib.loads(content["bag"])
return bag
if __name__ == "__main__":
# config = get_config()
# print(config)
# print(apns_init_bag_2())
print(apns_init_bag_2() == apns_init_bag())
# print(ids_bag())

View file

@ -1,25 +0,0 @@
import plistlib
import requests
# CONFIG_URL = "http://init-p01st.push.apple.com/bag"
CONFIG_URL = "https://init.push.apple.com/bag"
def get_config():
r = requests.get(CONFIG_URL, verify=False)
if r.status_code != 200:
raise Exception("Failed to get config")
# Parse the config as a plist
config = plistlib.loads(r.content)
# Parse the nested "bag" as a plist
# config["bag"] = plistlib.loads(config["bag"])
return config
if __name__ == "__main__":
config = get_config()
print(config)

11
ids.py
View file

@ -9,6 +9,7 @@ from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.asymmetric import padding
import apns import apns
import bags
USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]" USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]"
# NOTE: The push token MUST be registered with the account for self-uri! # NOTE: The push token MUST be registered with the account for self-uri!
@ -78,18 +79,14 @@ def sign_payload(
return sig, nonce return sig, nonce
BAG_KEYS = {
"id-query": "https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query"
}
global_key, global_cert = load_keys() global_key, global_cert = load_keys()
def _send_request(conn: apns.APNSConnection, type: str, body: bytes) -> bytes: def _send_request(conn: apns.APNSConnection, bag_key: str, body: bytes) -> bytes:
body = zlib.compress(body, wbits=16 + zlib.MAX_WBITS) body = zlib.compress(body, wbits=16 + zlib.MAX_WBITS)
# Sign the request # Sign the request
signature, nonce = sign_payload(global_key, type, "", PUSH_TOKEN, body) signature, nonce = sign_payload(global_key, bag_key, "", PUSH_TOKEN, body)
headers = { headers = {
"x-id-cert": global_cert.replace("-----BEGIN CERTIFICATE-----", "") "x-id-cert": global_cert.replace("-----BEGIN CERTIFICATE-----", "")
@ -108,7 +105,7 @@ def _send_request(conn: apns.APNSConnection, type: str, body: bytes) -> bytes:
"U": b"\x16%D\xd5\xcd:D1\xa1\xa7z6\xa9\xe2\xbc\x8f", # Just random bytes? "U": b"\x16%D\xd5\xcd:D1\xa1\xa7z6\xa9\xe2\xbc\x8f", # Just random bytes?
"c": 96, "c": 96,
"ua": USER_AGENT, "ua": USER_AGENT,
"u": BAG_KEYS[type], "u": bags.ids_bag()[bag_key],
"h": headers, "h": headers,
"v": 2, "v": 2,
"b": body, "b": body,

View file

@ -221,7 +221,7 @@ def pretty_print_payload(
print(f" {bcolors.FAIL}Madrid{bcolors.ENDC}", end="") print(f" {bcolors.FAIL}Madrid{bcolors.ENDC}", end="")
payload = plistlib.loads(_get_field(payload[1], 3)) payload = plistlib.loads(_get_field(payload[1], 3))
# print(payload) # print(payload)
if "cT" in payload: if "cT" in payload and False:
# It's HTTP over APNs # It's HTTP over APNs
if "hs" in payload: if "hs" in payload:
print( print(
@ -248,6 +248,9 @@ def pretty_print_payload(
if b"plist" in body: if b"plist" in body:
body = plistlib.loads(body) body = plistlib.loads(body)
print(f" {bcolors.FAIL}Body{bcolors.ENDC}: {body}", end="") print(f" {bcolors.FAIL}Body{bcolors.ENDC}: {body}", end="")
if not "cT" in payload:
for key in payload:
print(f" {bcolors.OKBLUE}{key}{bcolors.ENDC}: {payload[key]}")
print() print()