mirror of
https://github.com/Sneed-Group/pypush-plus-plus
synced 2025-01-09 17:33:47 +00:00
refactoring and cleanup
This commit is contained in:
parent
32d5b56567
commit
4c345a0377
5 changed files with 361 additions and 254 deletions
252
demo.py
252
demo.py
|
@ -60,111 +60,207 @@ def safe_b64decode(s):
|
||||||
except:
|
except:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def safe_config():
|
||||||
|
with open("config.json", "w") as f:
|
||||||
|
json.dump(CONFIG, f, indent=4)
|
||||||
|
|
||||||
async def main():
|
async def main():
|
||||||
|
# Load any existing push credentials
|
||||||
token = CONFIG.get("push", {}).get("token")
|
token = CONFIG.get("push", {}).get("token")
|
||||||
if token is not None:
|
token = b64decode(token) if token is not None else b""
|
||||||
token = b64decode(token)
|
|
||||||
else:
|
|
||||||
token = b""
|
|
||||||
|
|
||||||
push_creds = apns.PushCredentials(
|
push_creds = apns.PushCredentials(
|
||||||
CONFIG.get("push", {}).get("key", ""), CONFIG.get("push", {}).get("cert", ""), token)
|
CONFIG.get("push", {}).get("key", ""), CONFIG.get("push", {}).get("cert", ""), token)
|
||||||
|
|
||||||
async with apns.APNSConnection.start(push_creds) as conn:
|
async with apns.APNSConnection.start(push_creds) as conn:
|
||||||
|
# Save the push credentials to the config
|
||||||
|
CONFIG["push"] = {
|
||||||
|
"token": b64encode(conn.credentials.token).decode(),
|
||||||
|
"key": conn.credentials.private_key,
|
||||||
|
"cert": conn.credentials.cert,
|
||||||
|
}
|
||||||
|
safe_config()
|
||||||
|
|
||||||
|
# Activate the connection
|
||||||
await conn.set_state(1)
|
await conn.set_state(1)
|
||||||
await conn.filter(["com.apple.madrid"])
|
await conn.filter(["com.apple.madrid"])
|
||||||
|
|
||||||
user = ids.IDSUser(conn)
|
# If the user wants a phone number, we need to register it WITH an Apple ID, then register the Apple ID again
|
||||||
|
# otherwise we encounter issues for some reason
|
||||||
|
|
||||||
|
users = []
|
||||||
|
if "id" in CONFIG:
|
||||||
|
logging.debug("Restoring old-style identity...")
|
||||||
|
|
||||||
|
users.append(ids.IDSAppleUser(conn, CONFIG["auth"]["user_id"], ids._helpers.KeyPair(CONFIG["auth"]["key"], CONFIG["auth"]["cert"]),
|
||||||
|
ids.identity.IDSIdentity(CONFIG["encryption"]["ec_key"], CONFIG["encryption"]["rsa_key"]), CONFIG["id"]["cert"],
|
||||||
|
CONFIG["auth"]["handles"]))
|
||||||
|
if "users" in CONFIG:
|
||||||
|
logging.debug("Restoring new-style identity...")
|
||||||
|
for user in CONFIG["users"]:
|
||||||
|
users.append(ids.IDSUser(conn, user["id"], ids._helpers.KeyPair(user["auth_key"], user["auth_cert"]),
|
||||||
|
ids.identity.IDSIdentity(user["signing_key"], user["encryption_key"]), user["id_cert"],
|
||||||
|
user["handles"]))
|
||||||
|
|
||||||
if CONFIG.get("auth", {}).get("cert") is not None:
|
|
||||||
auth_keypair = ids._helpers.KeyPair(CONFIG["auth"]["key"], CONFIG["auth"]["cert"])
|
|
||||||
user_id = CONFIG["auth"]["user_id"]
|
|
||||||
handles = CONFIG["auth"]["handles"]
|
|
||||||
user.restore_authentication(auth_keypair, user_id, handles)
|
|
||||||
else:
|
else:
|
||||||
username = input("Username: ")
|
print("Would you like to register a phone number? (y/n)")
|
||||||
password = getpass("Password: ")
|
if input("> ").lower() == "y":
|
||||||
|
if "phone" in CONFIG:
|
||||||
|
phone_sig = b64decode(CONFIG["phone"].get("sig"))
|
||||||
|
phone_number = CONFIG["phone"].get("number")
|
||||||
|
else:
|
||||||
|
import sms_registration
|
||||||
|
phone_number, phone_sig = sms_registration.register(conn.credentials.token)
|
||||||
|
CONFIG["phone"] = {
|
||||||
|
"number": phone_number,
|
||||||
|
"sig": b64encode(phone_sig).decode(),
|
||||||
|
}
|
||||||
|
safe_config()
|
||||||
|
|
||||||
user.authenticate(username, password)
|
users.append(ids.IDSPhoneUser.authenticate(conn, phone_number, phone_sig))
|
||||||
|
|
||||||
import sms_registration
|
print("Would you like sign in to your Apple ID (recommended)? (y/n)")
|
||||||
phone_sig = safe_b64decode(CONFIG.get("phone", {}).get("sig"))
|
if input("> ").lower() == "y":
|
||||||
phone_number = CONFIG.get("phone", {}).get("number")
|
username = input("Username: ")
|
||||||
|
password = input("Password: ")
|
||||||
|
|
||||||
if phone_sig is None or phone_number is None:
|
users.append(ids.IDSAppleUser.authenticate(conn, username, password))
|
||||||
print("Registering phone number...")
|
|
||||||
phone_number, phone_sig = sms_registration.register(user.push_connection.credentials.token)
|
|
||||||
CONFIG["phone"] = {
|
|
||||||
"number": phone_number,
|
|
||||||
"sig": b64encode(phone_sig).decode(),
|
|
||||||
}
|
|
||||||
if CONFIG.get("phone", {}).get("auth_key") is not None and CONFIG.get("phone", {}).get("auth_cert") is not None:
|
|
||||||
phone_auth_keypair = ids._helpers.KeyPair(CONFIG["phone"]["auth_key"], CONFIG["phone"]["auth_cert"])
|
|
||||||
else:
|
|
||||||
phone_auth_keypair = ids.profile.get_phone_cert(phone_number, user.push_connection.credentials.token, [phone_sig])
|
|
||||||
CONFIG["phone"]["auth_key"] = phone_auth_keypair.key
|
|
||||||
CONFIG["phone"]["auth_cert"] = phone_auth_keypair.cert
|
|
||||||
|
|
||||||
|
|
||||||
user.encryption_identity = ids.identity.IDSIdentity(
|
|
||||||
encryption_key=CONFIG.get("encryption", {}).get("rsa_key"),
|
|
||||||
signing_key=CONFIG.get("encryption", {}).get("ec_key"),
|
|
||||||
)
|
|
||||||
|
|
||||||
#user._auth_keypair = phone_auth_keypair
|
|
||||||
user.handles = [f"tel:{phone_number}"]
|
|
||||||
print(user.user_id)
|
|
||||||
# user.user_id = f"P:{phone_number}"
|
|
||||||
|
|
||||||
|
|
||||||
if (
|
|
||||||
CONFIG.get("id", {}).get("cert") is not None
|
|
||||||
and user.encryption_identity is not None
|
|
||||||
):
|
|
||||||
id_keypair = ids._helpers.KeyPair(CONFIG["id"]["key"], CONFIG["id"]["cert"])
|
|
||||||
user.restore_identity(id_keypair)
|
|
||||||
else:
|
|
||||||
logging.info("Registering new identity...")
|
|
||||||
import emulated.nac
|
import emulated.nac
|
||||||
|
|
||||||
vd = emulated.nac.generate_validation_data()
|
vd = emulated.nac.generate_validation_data()
|
||||||
vd = b64encode(vd).decode()
|
vd = b64encode(vd).decode()
|
||||||
|
|
||||||
user.register(vd, [("P:" + phone_number, phone_auth_keypair)])
|
users = ids.register(conn, users, vd)
|
||||||
#user.register(vd)
|
|
||||||
|
|
||||||
print("Handles: ", user.handles)
|
CONFIG["users"] = []
|
||||||
|
for user in users:
|
||||||
|
CONFIG["users"].append({
|
||||||
|
"id": user.user_id,
|
||||||
|
"auth_key": user.auth_keypair.key,
|
||||||
|
"auth_cert": user.auth_keypair.cert,
|
||||||
|
"encryption_key": user.encryption_identity.encryption_key if user.encryption_identity is not None else None,
|
||||||
|
"signing_key": user.encryption_identity.signing_key if user.encryption_identity is not None else None,
|
||||||
|
"id_cert": user.id_cert,
|
||||||
|
"handles": user.handles,
|
||||||
|
})
|
||||||
|
safe_config()
|
||||||
|
|
||||||
# Write config.json
|
# You CANNOT turn around and re-register like this:
|
||||||
CONFIG["encryption"] = {
|
# It will BREAK the tie between phone number and Apple ID
|
||||||
"rsa_key": user.encryption_identity.encryption_key,
|
|
||||||
"ec_key": user.encryption_identity.signing_key,
|
|
||||||
}
|
|
||||||
CONFIG["id"] = {
|
|
||||||
"key": user._id_keypair.key,
|
|
||||||
"cert": user._id_keypair.cert,
|
|
||||||
}
|
|
||||||
CONFIG["auth"] = {
|
|
||||||
"key": user._auth_keypair.key,
|
|
||||||
"cert": user._auth_keypair.cert,
|
|
||||||
"user_id": user.user_id,
|
|
||||||
"handles": user.handles,
|
|
||||||
}
|
|
||||||
CONFIG["push"] = {
|
|
||||||
"token": b64encode(user.push_connection.credentials.token).decode(),
|
|
||||||
"key": user.push_connection.credentials.private_key,
|
|
||||||
"cert": user.push_connection.credentials.cert,
|
|
||||||
}
|
|
||||||
|
|
||||||
with open("config.json", "w") as f:
|
# import emulated.nac
|
||||||
json.dump(CONFIG, f, indent=4)
|
|
||||||
|
|
||||||
im = imessage.iMessageUser(conn, user)
|
# vd = emulated.nac.generate_validation_data()
|
||||||
|
# vd = b64encode(vd).decode()
|
||||||
|
|
||||||
|
# users = ids.register(conn, [users[1]], vd)
|
||||||
|
|
||||||
|
print(f"Done? {users}")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# user = ids.IDSUser(conn)
|
||||||
|
|
||||||
|
# if CONFIG.get("auth", {}).get("cert") is not None:
|
||||||
|
# auth_keypair = ids._helpers.KeyPair(CONFIG["auth"]["key"], CONFIG["auth"]["cert"])
|
||||||
|
# user_id = CONFIG["auth"]["user_id"]
|
||||||
|
# handles = CONFIG["auth"]["handles"]
|
||||||
|
# user.restore_authentication(auth_keypair, user_id, handles)
|
||||||
|
# else:
|
||||||
|
# username = input("Username: ")
|
||||||
|
# password = getpass("Password: ")
|
||||||
|
|
||||||
|
# user.authenticate(username, password)
|
||||||
|
|
||||||
|
# import sms_registration
|
||||||
|
# phone_sig = safe_b64decode(CONFIG.get("phone", {}).get("sig"))
|
||||||
|
# phone_number = CONFIG.get("phone", {}).get("number")
|
||||||
|
|
||||||
|
# if phone_sig is None or phone_number is None:
|
||||||
|
# print("Registering phone number...")
|
||||||
|
# phone_number, phone_sig = sms_registration.register(user.push_connection.credentials.token)
|
||||||
|
# CONFIG["phone"] = {
|
||||||
|
# "number": phone_number,
|
||||||
|
# "sig": b64encode(phone_sig).decode(),
|
||||||
|
# }
|
||||||
|
# if CONFIG.get("phone", {}).get("auth_key") is not None and CONFIG.get("phone", {}).get("auth_cert") is not None:
|
||||||
|
# phone_auth_keypair = ids._helpers.KeyPair(CONFIG["phone"]["auth_key"], CONFIG["phone"]["auth_cert"])
|
||||||
|
# else:
|
||||||
|
# phone_auth_keypair = ids.profile.get_phone_cert(phone_number, user.push_connection.credentials.token, [phone_sig])
|
||||||
|
# CONFIG["phone"]["auth_key"] = phone_auth_keypair.key
|
||||||
|
# CONFIG["phone"]["auth_cert"] = phone_auth_keypair.cert
|
||||||
|
|
||||||
|
|
||||||
|
# user.encryption_identity = ids.identity.IDSIdentity(
|
||||||
|
# encryption_key=CONFIG.get("encryption", {}).get("rsa_key"),
|
||||||
|
# signing_key=CONFIG.get("encryption", {}).get("ec_key"),
|
||||||
|
# )
|
||||||
|
|
||||||
|
# #user._auth_keypair = phone_auth_keypair
|
||||||
|
# user.handles = [f"tel:{phone_number}"]
|
||||||
|
# print(user.user_id)
|
||||||
|
# # user.user_id = f"P:{phone_number}"
|
||||||
|
|
||||||
|
|
||||||
|
# if (
|
||||||
|
# CONFIG.get("id", {}).get("cert") is not None
|
||||||
|
# and user.encryption_identity is not None
|
||||||
|
# ):
|
||||||
|
# id_keypair = ids._helpers.KeyPair(CONFIG["id"]["key"], CONFIG["id"]["cert"])
|
||||||
|
# user.restore_identity(id_keypair)
|
||||||
|
# else:
|
||||||
|
# logging.info("Registering new identity...")
|
||||||
|
# import emulated.nac
|
||||||
|
|
||||||
|
# vd = emulated.nac.generate_validation_data()
|
||||||
|
# vd = b64encode(vd).decode()
|
||||||
|
|
||||||
|
# ids.register
|
||||||
|
# user.register(vd, [("P:" + phone_number, phone_auth_keypair)])
|
||||||
|
# #user.register(vd)
|
||||||
|
|
||||||
|
# print("Handles: ", user.handles)
|
||||||
|
|
||||||
|
# # Write config.json
|
||||||
|
# CONFIG["encryption"] = {
|
||||||
|
# "rsa_key": user.encryption_identity.encryption_key,
|
||||||
|
# "ec_key": user.encryption_identity.signing_key,
|
||||||
|
# }
|
||||||
|
# CONFIG["id"] = {
|
||||||
|
# "key": user._id_keypair.key,
|
||||||
|
# "cert": user._id_keypair.cert,
|
||||||
|
# }
|
||||||
|
# CONFIG["auth"] = {
|
||||||
|
# "key": user._auth_keypair.key,
|
||||||
|
# "cert": user._auth_keypair.cert,
|
||||||
|
# "user_id": user.user_id,
|
||||||
|
# "handles": user.handles,
|
||||||
|
# }
|
||||||
|
# CONFIG["push"] = {
|
||||||
|
# "token": b64encode(user.push_connection.credentials.token).decode(),
|
||||||
|
# "key": user.push_connection.credentials.private_key,
|
||||||
|
# "cert": user.push_connection.credentials.cert,
|
||||||
|
# }
|
||||||
|
|
||||||
|
# with open("config.json", "w") as f:
|
||||||
|
# json.dump(CONFIG, f, indent=4)
|
||||||
|
|
||||||
|
# im = imessage.iMessageUser(conn, user)
|
||||||
|
|
||||||
# Send a message to myself
|
# Send a message to myself
|
||||||
async with trio.open_nursery() as nursery:
|
# async with trio.open_nursery() as nursery:
|
||||||
nursery.start_soon(input_task, im)
|
# nursery.start_soon(input_task, im)
|
||||||
nursery.start_soon(output_task, im)
|
# nursery.start_soon(output_task, im)
|
||||||
|
|
||||||
async def input_task(im: imessage.iMessageUser):
|
async def input_task(im: imessage.iMessageUser):
|
||||||
while True:
|
while True:
|
||||||
|
|
203
ids/__init__.py
203
ids/__init__.py
|
@ -5,99 +5,142 @@ import apns
|
||||||
from . import _helpers, identity, profile, query
|
from . import _helpers, identity, profile, query
|
||||||
from typing import Callable, Any
|
from typing import Callable, Any
|
||||||
|
|
||||||
|
|
||||||
|
import dataclasses
|
||||||
|
import apns
|
||||||
|
from . import profile, _helpers
|
||||||
|
from base64 import b64encode
|
||||||
|
from typing import Callable
|
||||||
|
|
||||||
|
@dataclasses.dataclass
|
||||||
class IDSUser:
|
class IDSUser:
|
||||||
# Sets self.user_id and self._auth_token
|
push_connection: apns.APNSConnection
|
||||||
def _authenticate_for_token(
|
|
||||||
self, username: str, password: str, factor_callback: Callable | None = None
|
|
||||||
):
|
|
||||||
self.user_id, self._auth_token = profile.get_auth_token(
|
|
||||||
username, password, factor_callback
|
|
||||||
)
|
|
||||||
|
|
||||||
# Sets self._auth_keypair using self.user_id and self._auth_token
|
user_id: str
|
||||||
def _authenticate_for_cert(self):
|
|
||||||
self._auth_keypair = profile.get_auth_cert(self.user_id, self._auth_token)
|
|
||||||
|
|
||||||
# Factor callback will be called if a 2FA code is necessary
|
auth_keypair: _helpers.KeyPair
|
||||||
def __init__(
|
"""
|
||||||
self,
|
Long-lived authentication keypair
|
||||||
push_connection: apns.APNSConnection,
|
"""
|
||||||
):
|
|
||||||
self.push_connection = push_connection
|
|
||||||
self._push_keypair = _helpers.KeyPair(
|
|
||||||
self.push_connection.credentials.private_key, self.push_connection.credentials.cert
|
|
||||||
)
|
|
||||||
|
|
||||||
self.ec_key = self.rsa_key = None
|
encryption_identity: identity.IDSIdentity | None = None
|
||||||
|
|
||||||
def __str__(self):
|
id_cert: bytes | None = None
|
||||||
return f"IDSUser(user_id={self.user_id}, handles={self.handles}, push_token={b64encode(self.push_connection.credentials.token).decode()})"
|
"""
|
||||||
|
Short-lived identity certificate,
|
||||||
|
same private key as auth_keypair
|
||||||
|
"""
|
||||||
|
|
||||||
# Authenticates with a username and password, to create a brand new authentication keypair
|
handles: list[str] = dataclasses.field(default_factory=list)
|
||||||
def authenticate(
|
"""
|
||||||
self, username: str, password: str, factor_callback: Callable | None = None
|
List of usable handles. Not equivalent to the current result of possible_handles, as the user
|
||||||
):
|
may have added or removed handles since registration, which we can't use.
|
||||||
self._authenticate_for_token(username, password, factor_callback)
|
"""
|
||||||
self._authenticate_for_cert()
|
|
||||||
self.handles = profile.get_handles(
|
|
||||||
b64encode(self.push_connection.credentials.token),
|
|
||||||
self.user_id,
|
|
||||||
self._auth_keypair,
|
|
||||||
self._push_keypair,
|
|
||||||
)
|
|
||||||
self.current_handle = self.handles[0]
|
|
||||||
|
|
||||||
|
def possible_handles(self) -> list[str]:
|
||||||
# Uses an existing authentication keypair
|
|
||||||
def restore_authentication(
|
|
||||||
self, auth_keypair: _helpers.KeyPair, user_id: str, handles: list
|
|
||||||
):
|
|
||||||
self._auth_keypair = auth_keypair
|
|
||||||
self.user_id = user_id
|
|
||||||
self.handles = handles
|
|
||||||
self.current_handle = self.handles[0]
|
|
||||||
|
|
||||||
# This is a separate call so that the user can make sure the first part succeeds before asking for validation data
|
|
||||||
def register(self, validation_data: str, additional_keys: list[tuple[str, _helpers.KeyPair]] = [], additional_handles: list[str] = []):
|
|
||||||
"""
|
"""
|
||||||
self.ec_key, self.rsa_key will be set to a randomly gnenerated EC and RSA keypair
|
Returns a list of possible handles for this user.
|
||||||
if they are not already set
|
|
||||||
"""
|
"""
|
||||||
if self.encryption_identity is None:
|
return profile.get_handles(
|
||||||
self.encryption_identity = identity.IDSIdentity()
|
|
||||||
|
|
||||||
auth_keys = additional_keys
|
|
||||||
auth_keys.extend([(self.user_id, self._auth_keypair)])
|
|
||||||
#auth_keys.extend(additional_keys)
|
|
||||||
|
|
||||||
handles_request = self.handles
|
|
||||||
|
|
||||||
handles_request.extend(additional_handles)
|
|
||||||
|
|
||||||
|
|
||||||
cert = identity.register(
|
|
||||||
b64encode(self.push_connection.credentials.token),
|
|
||||||
self.handles,
|
|
||||||
self.user_id,
|
|
||||||
auth_keys,
|
|
||||||
self._push_keypair,
|
|
||||||
self.encryption_identity,
|
|
||||||
validation_data,
|
|
||||||
)
|
|
||||||
self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, cert)
|
|
||||||
|
|
||||||
# Refresh handles
|
|
||||||
self.handles = profile.get_handles(
|
|
||||||
b64encode(self.push_connection.credentials.token),
|
b64encode(self.push_connection.credentials.token),
|
||||||
self.user_id,
|
self.user_id,
|
||||||
self._auth_keypair,
|
self.auth_keypair,
|
||||||
self._push_keypair,
|
_helpers.KeyPair(self.push_connection.credentials.private_key, self.push_connection.credentials.cert),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
async def lookup(self, handle: str, uris: list[str], topic: str = "com.apple.madrid") -> Any:
|
||||||
|
if handle not in self.handles:
|
||||||
|
raise Exception("Handle not registered to user")
|
||||||
|
return await query.lookup(self.push_connection, handle, _helpers.KeyPair(self.auth_keypair.key, self.id_cert), uris, topic)
|
||||||
|
|
||||||
def restore_identity(self, id_keypair: _helpers.KeyPair):
|
|
||||||
self._id_keypair = id_keypair
|
|
||||||
|
|
||||||
async def lookup(self, uris: list[str], topic: str = "com.apple.madrid") -> Any:
|
@dataclasses.dataclass
|
||||||
return await query.lookup(self.push_connection, self.current_handle, self._id_keypair, uris, topic)
|
class IDSAppleUser(IDSUser):
|
||||||
|
"""
|
||||||
|
An IDSUser that is authenticated with an Apple ID
|
||||||
|
"""
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def authenticate(push_connection: apns.APNSConnection, username: str, password: str, factor_callback: Callable | None = None) -> IDSUser:
|
||||||
|
user_id, auth_token = profile.get_auth_token(username, password, factor_callback)
|
||||||
|
auth_keypair = profile.get_auth_cert(user_id, auth_token)
|
||||||
|
|
||||||
|
return IDSAppleUser(push_connection, user_id, auth_keypair)
|
||||||
|
|
||||||
|
@dataclasses.dataclass
|
||||||
|
class IDSPhoneUser(IDSUser):
|
||||||
|
"""
|
||||||
|
An IDSUser that is authenticated with a phone number
|
||||||
|
"""
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def authenticate(push_connection: apns.APNSConnection, phone_number: str, phone_sig: bytes) -> IDSUser:
|
||||||
|
auth_keypair = profile.get_phone_cert(phone_number, push_connection.credentials.token, [phone_sig])
|
||||||
|
|
||||||
|
return IDSPhoneUser(push_connection, "P:" + phone_number, auth_keypair)
|
||||||
|
|
||||||
|
DEFAULT_CLIENT_DATA = {
|
||||||
|
'is-c2k-equipment': True,
|
||||||
|
'optionally-receive-typing-indicators': True,
|
||||||
|
'public-message-identity-version':2,
|
||||||
|
'show-peer-errors': True,
|
||||||
|
'supports-ack-v1': True,
|
||||||
|
'supports-activity-sharing-v1': True,
|
||||||
|
'supports-audio-messaging-v2': True,
|
||||||
|
"supports-autoloopvideo-v1": True,
|
||||||
|
'supports-be-v1': True,
|
||||||
|
'supports-ca-v1': True,
|
||||||
|
'supports-fsm-v1': True,
|
||||||
|
'supports-fsm-v2': True,
|
||||||
|
'supports-fsm-v3': True,
|
||||||
|
'supports-ii-v1': True,
|
||||||
|
'supports-impact-v1': True,
|
||||||
|
'supports-inline-attachments': True,
|
||||||
|
'supports-keep-receipts': True,
|
||||||
|
"supports-location-sharing": True,
|
||||||
|
'supports-media-v2': True,
|
||||||
|
'supports-photos-extension-v1': True,
|
||||||
|
'supports-st-v1': True,
|
||||||
|
'supports-update-attachments-v1': True,
|
||||||
|
}
|
||||||
|
|
||||||
|
import uuid
|
||||||
|
|
||||||
|
def register(push_connection: apns.APNSConnection, users: list[IDSUser], validation_data: str):
|
||||||
|
signing_users = [(user.user_id, user.auth_keypair) for user in users]
|
||||||
|
|
||||||
|
# Create new encryption identity for each user
|
||||||
|
for user in users:
|
||||||
|
if user.encryption_identity is None:
|
||||||
|
user.encryption_identity = identity.IDSIdentity()
|
||||||
|
|
||||||
|
# Construct user payloads
|
||||||
|
user_payloads = []
|
||||||
|
for user in users:
|
||||||
|
user.handles = user.possible_handles()
|
||||||
|
if user.encryption_identity is not None:
|
||||||
|
special_data = DEFAULT_CLIENT_DATA.copy()
|
||||||
|
special_data["public-message-identity-key"] = user.encryption_identity.encode()
|
||||||
|
else:
|
||||||
|
special_data = DEFAULT_CLIENT_DATA
|
||||||
|
user_payloads.append({
|
||||||
|
"client-data": special_data,
|
||||||
|
"tag": "SIM" if isinstance(user, IDSPhoneUser) else None,
|
||||||
|
"uris": [{"uri": handle} for handle in user.handles],
|
||||||
|
"user-id": user.user_id,
|
||||||
|
})
|
||||||
|
|
||||||
|
_helpers.recursive_del_none(user_payloads)
|
||||||
|
|
||||||
|
certs = identity.register(
|
||||||
|
push_connection,
|
||||||
|
signing_users,
|
||||||
|
user_payloads,
|
||||||
|
validation_data,
|
||||||
|
uuid.uuid4()
|
||||||
|
)
|
||||||
|
|
||||||
|
for user in users:
|
||||||
|
user.id_cert = certs[user.user_id]
|
||||||
|
|
||||||
|
return users
|
|
@ -3,9 +3,31 @@ from collections import namedtuple
|
||||||
USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]"
|
USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]"
|
||||||
PROTOCOL_VERSION = "1640"
|
PROTOCOL_VERSION = "1640"
|
||||||
|
|
||||||
|
|
||||||
# KeyPair is a named tuple that holds a key and a certificate in PEM form
|
# KeyPair is a named tuple that holds a key and a certificate in PEM form
|
||||||
KeyPair = namedtuple("KeyPair", ["key", "cert"])
|
KeyPair = namedtuple("KeyPair", ["key", "cert"])
|
||||||
|
|
||||||
|
import apns
|
||||||
|
|
||||||
|
def get_key_pair(creds: apns.PushCredentials):
|
||||||
|
return KeyPair(creds.private_key, creds.cert)
|
||||||
|
|
||||||
|
def recursive_del_none(d: dict | list):
|
||||||
|
if isinstance(d, dict):
|
||||||
|
for k, v in list(d.items()):
|
||||||
|
if v is None:
|
||||||
|
del d[k]
|
||||||
|
else:
|
||||||
|
recursive_del_none(v)
|
||||||
|
elif isinstance(d, list):
|
||||||
|
for i, v in enumerate(d):
|
||||||
|
if v is None:
|
||||||
|
del d[i]
|
||||||
|
else:
|
||||||
|
recursive_del_none(v)
|
||||||
|
|
||||||
|
#apns.PushCredentials.key_pair = get_key_pair # tydpe: ignore # Monkey patching
|
||||||
|
|
||||||
|
|
||||||
def dearmour(armoured: str) -> str:
|
def dearmour(armoured: str) -> str:
|
||||||
import re
|
import re
|
||||||
|
|
113
ids/identity.py
113
ids/identity.py
|
@ -89,20 +89,25 @@ class IDSIdentity:
|
||||||
|
|
||||||
return output.getvalue()
|
return output.getvalue()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
import apns
|
||||||
|
from . import _helpers
|
||||||
|
import uuid
|
||||||
|
from base64 import b64encode
|
||||||
def register(
|
def register(
|
||||||
push_token, handles, user_id, auth_keys: list[tuple[str, KeyPair]], push_key: KeyPair, identity: IDSIdentity, validation_data
|
push_connection: apns.APNSConnection, signing_users: list[tuple[str, _helpers.KeyPair]], user_payloads: list[dict], validation_data, device_id: uuid.UUID
|
||||||
):
|
):
|
||||||
logger.debug(f"Registering IDS identity for {handles}")
|
|
||||||
uris = [{"uri": handle} for handle in handles]
|
|
||||||
import uuid
|
|
||||||
body = {
|
body = {
|
||||||
|
# TODO: Abstract this out
|
||||||
"device-name": "pypush",
|
"device-name": "pypush",
|
||||||
"hardware-version": "MacBookPro18,3",
|
"hardware-version": "MacBookPro18,3",
|
||||||
"language": "en-US",
|
"language": "en-US",
|
||||||
"os-version": "macOS,13.2.1,22D68",
|
"os-version": "macOS,13.2.1,22D68",
|
||||||
"software-version": "22D68",
|
"software-version": "22D68",
|
||||||
|
|
||||||
"private-device-data": {
|
"private-device-data": {
|
||||||
"u": uuid.uuid4().hex.upper(),
|
"u": str(device_id),
|
||||||
},
|
},
|
||||||
"services": [
|
"services": [
|
||||||
{
|
{
|
||||||
|
@ -112,93 +117,25 @@ def register(
|
||||||
"com.apple.private.alloy.gelato",
|
"com.apple.private.alloy.gelato",
|
||||||
"com.apple.private.alloy.biz",
|
"com.apple.private.alloy.biz",
|
||||||
"com.apple.private.alloy.gamecenter.imessage"],
|
"com.apple.private.alloy.gamecenter.imessage"],
|
||||||
"users": [
|
"users": user_payloads,
|
||||||
{
|
|
||||||
"client-data": {
|
|
||||||
'is-c2k-equipment': True,
|
|
||||||
'optionally-receive-typing-indicators': True,
|
|
||||||
'public-message-identity-key': identity.encode(),
|
|
||||||
'public-message-identity-version':2,
|
|
||||||
'show-peer-errors': True,
|
|
||||||
'supports-ack-v1': True,
|
|
||||||
'supports-activity-sharing-v1': True,
|
|
||||||
'supports-audio-messaging-v2': True,
|
|
||||||
"supports-autoloopvideo-v1": True,
|
|
||||||
'supports-be-v1': True,
|
|
||||||
'supports-ca-v1': True,
|
|
||||||
'supports-fsm-v1': True,
|
|
||||||
'supports-fsm-v2': True,
|
|
||||||
'supports-fsm-v3': True,
|
|
||||||
'supports-ii-v1': True,
|
|
||||||
'supports-impact-v1': True,
|
|
||||||
'supports-inline-attachments': True,
|
|
||||||
'supports-keep-receipts': True,
|
|
||||||
"supports-location-sharing": True,
|
|
||||||
'supports-media-v2': True,
|
|
||||||
'supports-photos-extension-v1': True,
|
|
||||||
'supports-st-v1': True,
|
|
||||||
'supports-update-attachments-v1': True,
|
|
||||||
},
|
|
||||||
"tag": "SIM",
|
|
||||||
"uris": uris,
|
|
||||||
"user-id": auth_keys[0][0],
|
|
||||||
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"client-data": {
|
|
||||||
'is-c2k-equipment': True,
|
|
||||||
'optionally-receive-typing-indicators': True,
|
|
||||||
'public-message-identity-key': identity.encode(),
|
|
||||||
'public-message-identity-version':2,
|
|
||||||
'show-peer-errors': True,
|
|
||||||
'supports-ack-v1': True,
|
|
||||||
'supports-activity-sharing-v1': True,
|
|
||||||
'supports-audio-messaging-v2': True,
|
|
||||||
"supports-autoloopvideo-v1": True,
|
|
||||||
'supports-be-v1': True,
|
|
||||||
'supports-ca-v1': True,
|
|
||||||
'supports-fsm-v1': True,
|
|
||||||
'supports-fsm-v2': True,
|
|
||||||
'supports-fsm-v3': True,
|
|
||||||
'supports-ii-v1': True,
|
|
||||||
'supports-impact-v1': True,
|
|
||||||
'supports-inline-attachments': True,
|
|
||||||
'supports-keep-receipts': True,
|
|
||||||
"supports-location-sharing": True,
|
|
||||||
'supports-media-v2': True,
|
|
||||||
'supports-photos-extension-v1': True,
|
|
||||||
'supports-st-v1': True,
|
|
||||||
'supports-update-attachments-v1': True,
|
|
||||||
},
|
|
||||||
"uris": [{
|
|
||||||
"uri": "tel:+16106632676"
|
|
||||||
}],
|
|
||||||
"user-id": user_id,
|
|
||||||
|
|
||||||
},
|
|
||||||
# {
|
|
||||||
# "uris": uris,
|
|
||||||
# "user-id": auth_keys[1][0]
|
|
||||||
# }
|
|
||||||
],
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"validation-data": b64decode(validation_data),
|
"validation-data": b64decode(validation_data),
|
||||||
}
|
}
|
||||||
|
|
||||||
logger.debug(body)
|
logger.debug(f"Sending IDS registration request: {body}")
|
||||||
|
|
||||||
body = plistlib.dumps(body)
|
body = plistlib.dumps(body)
|
||||||
|
|
||||||
|
# Construct headers
|
||||||
headers = {
|
headers = {
|
||||||
"x-protocol-version": PROTOCOL_VERSION,
|
"x-protocol-version": PROTOCOL_VERSION,
|
||||||
#"x-auth-user-id-0": user_id,
|
|
||||||
}
|
}
|
||||||
for i, (user_id, keypair) in enumerate(auth_keys):
|
for i, (user_id, keypair) in enumerate(signing_users):
|
||||||
headers[f"x-auth-user-id-{i}"] = user_id
|
headers[f"x-auth-user-id-{i}"] = user_id
|
||||||
add_auth_signature(headers, body, "id-register", keypair, push_key, push_token, i)
|
add_auth_signature(headers, body, "id-register", keypair, _helpers.get_key_pair(push_connection.credentials), b64encode(push_connection.credentials.token).decode(), i)
|
||||||
|
|
||||||
print(headers)
|
logger.debug(f"Headers: {headers}")
|
||||||
|
|
||||||
r = requests.post(
|
r = requests.post(
|
||||||
"https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",
|
"https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",
|
||||||
|
@ -207,8 +144,9 @@ def register(
|
||||||
verify=False,
|
verify=False,
|
||||||
)
|
)
|
||||||
r = plistlib.loads(r.content)
|
r = plistlib.loads(r.content)
|
||||||
#print(f'Response code: {r["status"]}')
|
|
||||||
logger.debug(f"Recieved response to IDS registration: {r}")
|
logger.debug(f"Received response to IDS registration: {r}")
|
||||||
|
|
||||||
if "status" in r and r["status"] == 6004:
|
if "status" in r and r["status"] == 6004:
|
||||||
raise Exception("Validation data expired!")
|
raise Exception("Validation data expired!")
|
||||||
# TODO: Do validation of nested statuses
|
# TODO: Do validation of nested statuses
|
||||||
|
@ -218,7 +156,14 @@ def register(
|
||||||
raise Exception(f"No services in response: {r}")
|
raise Exception(f"No services in response: {r}")
|
||||||
if not "users" in r["services"][0]:
|
if not "users" in r["services"][0]:
|
||||||
raise Exception(f"No users in response: {r}")
|
raise Exception(f"No users in response: {r}")
|
||||||
if not "cert" in r["services"][0]["users"][0]:
|
|
||||||
raise Exception(f"No cert in response: {r}")
|
|
||||||
|
|
||||||
return armour_cert(r["services"][0]["users"][0]["cert"])
|
output = {}
|
||||||
|
for user in r["services"][0]["users"]:
|
||||||
|
if not "cert" in user:
|
||||||
|
raise Exception(f"No cert in response: {r}")
|
||||||
|
for uri in user["uris"]:
|
||||||
|
if uri["status"] != 0:
|
||||||
|
raise Exception(f"Failed to register URI {uri['uri']}: {r}")
|
||||||
|
output[user["user-id"]] = armour_cert(user["cert"])
|
||||||
|
|
||||||
|
return output
|
19
imessage.py
19
imessage.py
|
@ -267,7 +267,7 @@ class iMessage(Message):
|
||||||
def create(user: "iMessageUser", text: str, participants: list[str]) -> "iMessage":
|
def create(user: "iMessageUser", text: str, participants: list[str]) -> "iMessage":
|
||||||
"""Creates a basic outgoing `iMessage` from the given text and participants"""
|
"""Creates a basic outgoing `iMessage` from the given text and participants"""
|
||||||
|
|
||||||
sender = user.user.current_handle
|
sender = user.current_handle
|
||||||
if sender not in participants:
|
if sender not in participants:
|
||||||
participants += [sender]
|
participants += [sender]
|
||||||
|
|
||||||
|
@ -356,6 +356,7 @@ class iMessageUser:
|
||||||
def __init__(self, connection: apns.APNSConnection, user: ids.IDSUser):
|
def __init__(self, connection: apns.APNSConnection, user: ids.IDSUser):
|
||||||
self.connection = connection
|
self.connection = connection
|
||||||
self.user = user
|
self.user = user
|
||||||
|
self.current_handle = user.handles[0]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _parse_payload(p: bytes) -> tuple[bytes, bytes]:
|
def _parse_payload(p: bytes) -> tuple[bytes, bytes]:
|
||||||
|
@ -421,7 +422,7 @@ class iMessageUser:
|
||||||
random_seed,
|
random_seed,
|
||||||
message
|
message
|
||||||
+ b"\x02"
|
+ b"\x02"
|
||||||
+ iMessageUser._hash_identity(self.user.encryption_identity.encode())
|
+ iMessageUser._hash_identity(self.user.encryption_identity.encode()) # type: ignore
|
||||||
+ iMessageUser._hash_identity(key.encode()),
|
+ iMessageUser._hash_identity(key.encode()),
|
||||||
sha256,
|
sha256,
|
||||||
).digest()
|
).digest()
|
||||||
|
@ -528,8 +529,8 @@ class iMessageUser:
|
||||||
|
|
||||||
async def _cache_keys(self, participants: list[str], topic: str):
|
async def _cache_keys(self, participants: list[str], topic: str):
|
||||||
# Clear the cache if the handle has changed
|
# Clear the cache if the handle has changed
|
||||||
if self.KEY_CACHE_HANDLE != self.user.current_handle:
|
if self.KEY_CACHE_HANDLE != self.current_handle:
|
||||||
self.KEY_CACHE_HANDLE = self.user.current_handle
|
self.KEY_CACHE_HANDLE = self.current_handle
|
||||||
self.KEY_CACHE = {}
|
self.KEY_CACHE = {}
|
||||||
self.USER_CACHE = {}
|
self.USER_CACHE = {}
|
||||||
|
|
||||||
|
@ -539,7 +540,7 @@ class iMessageUser:
|
||||||
# TODO: This doesn't work since it doesn't check if they are cached for all topics
|
# TODO: This doesn't work since it doesn't check if they are cached for all topics
|
||||||
|
|
||||||
# Look up the public keys for the participants, and cache a token : public key mapping
|
# Look up the public keys for the participants, and cache a token : public key mapping
|
||||||
lookup = await self.user.lookup(participants, topic=topic)
|
lookup = await self.user.lookup(self.current_handle, participants, topic=topic)
|
||||||
|
|
||||||
logger.debug(f"Lookup response : {lookup}")
|
logger.debug(f"Lookup response : {lookup}")
|
||||||
for key, participant in lookup.items():
|
for key, participant in lookup.items():
|
||||||
|
@ -594,7 +595,7 @@ class iMessageUser:
|
||||||
|
|
||||||
p = {
|
p = {
|
||||||
"tP": participant,
|
"tP": participant,
|
||||||
"D": not participant == self.user.current_handle,
|
"D": not participant == self.current_handle,
|
||||||
"sT": self.KEY_CACHE[push_token][topic][1],
|
"sT": self.KEY_CACHE[push_token][topic][1],
|
||||||
"t": push_token,
|
"t": push_token,
|
||||||
}
|
}
|
||||||
|
@ -618,7 +619,7 @@ class iMessageUser:
|
||||||
"i": int.from_bytes(message_id, "big"),
|
"i": int.from_bytes(message_id, "big"),
|
||||||
"U": id.bytes,
|
"U": id.bytes,
|
||||||
"dtl": dtl,
|
"dtl": dtl,
|
||||||
"sP": self.user.current_handle,
|
"sP": self.current_handle,
|
||||||
}
|
}
|
||||||
|
|
||||||
body.update(extra)
|
body.update(extra)
|
||||||
|
@ -671,7 +672,7 @@ class iMessageUser:
|
||||||
|
|
||||||
await self._send_raw(
|
await self._send_raw(
|
||||||
147,
|
147,
|
||||||
[self.user.current_handle],
|
[self.current_handle],
|
||||||
"com.apple.private.alloy.sms",
|
"com.apple.private.alloy.sms",
|
||||||
extra={
|
extra={
|
||||||
"nr": 1
|
"nr": 1
|
||||||
|
@ -686,7 +687,7 @@ class iMessageUser:
|
||||||
else:
|
else:
|
||||||
raise Exception("Unknown message type")
|
raise Exception("Unknown message type")
|
||||||
|
|
||||||
send_to = message.participants if isinstance(message, iMessage) else [self.user.current_handle]
|
send_to = message.participants if isinstance(message, iMessage) else [self.current_handle]
|
||||||
|
|
||||||
await self._cache_keys(send_to, topic)
|
await self._cache_keys(send_to, topic)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue