mirror of
https://github.com/Sneed-Group/pypush-plus-plus
synced 2025-01-09 17:33:47 +00:00
Merge branch 'facetime-experiments' into ec-encryption
This commit is contained in:
commit
766c1c411d
8 changed files with 393 additions and 62 deletions
25
apns.py
25
apns.py
|
@ -374,6 +374,18 @@ class APNSField:
|
|||
self.id.to_bytes(1, "big") + len(self.value).to_bytes(2, "big") + self.value
|
||||
)
|
||||
|
||||
async def receive_exact(stream: trio.abc.Stream, length: int) -> bytes:
|
||||
"""Receives exactly length bytes from the given stream"""
|
||||
buffer = b""
|
||||
while len(buffer) < length:
|
||||
b = await stream.receive_some(length - len(buffer))
|
||||
if b == b"":
|
||||
raise Exception("Unable to read payload from stream (EOF)")
|
||||
elif b is None:
|
||||
logger.warning("Got None from receive_some, why?")
|
||||
else:
|
||||
buffer += b
|
||||
return buffer
|
||||
|
||||
@dataclass
|
||||
class APNSPayload:
|
||||
|
@ -385,20 +397,17 @@ class APNSPayload:
|
|||
@staticmethod
|
||||
async def read_from_stream(stream: trio.abc.Stream) -> APNSPayload:
|
||||
"""Reads a payload from the given stream"""
|
||||
if not (id_bytes := await stream.receive_some(1)):
|
||||
raise Exception("Unable to read payload id from stream")
|
||||
id: int = int.from_bytes(id_bytes, "big")
|
||||
id = await receive_exact(stream, 1)
|
||||
id = int.from_bytes(id, "big")
|
||||
|
||||
if (length := await stream.receive_some(4)) is None:
|
||||
raise Exception("Unable to read payload length from stream")
|
||||
length = await receive_exact(stream, 4)
|
||||
length = int.from_bytes(length, "big")
|
||||
|
||||
if length == 0:
|
||||
return APNSPayload(id, [])
|
||||
|
||||
buffer = await stream.receive_some(length)
|
||||
if buffer is None:
|
||||
raise Exception("Unable to read payload from stream")
|
||||
buffer = await receive_exact(stream, length)
|
||||
|
||||
fields = []
|
||||
|
||||
while len(buffer) > 0:
|
||||
|
|
37
demo.py
37
demo.py
|
@ -6,6 +6,7 @@ from subprocess import PIPE, Popen
|
|||
from rich.logging import RichHandler
|
||||
|
||||
import apns
|
||||
import ids.facetime
|
||||
import ids
|
||||
import imessage
|
||||
|
||||
|
@ -21,7 +22,7 @@ logging.getLogger("py.warnings").setLevel(logging.ERROR) # Ignore warnings from
|
|||
logging.getLogger("asyncio").setLevel(logging.WARNING)
|
||||
logging.getLogger("jelly").setLevel(logging.INFO)
|
||||
logging.getLogger("nac").setLevel(logging.INFO)
|
||||
logging.getLogger("apns").setLevel(logging.INFO)
|
||||
logging.getLogger("apns").setLevel(logging.DEBUG)
|
||||
logging.getLogger("albert").setLevel(logging.INFO)
|
||||
logging.getLogger("ids").setLevel(logging.DEBUG)
|
||||
logging.getLogger("bags").setLevel(logging.INFO)
|
||||
|
@ -67,7 +68,7 @@ async def main():
|
|||
|
||||
async with apns.APNSConnection.start(push_creds) as conn:
|
||||
await conn.set_state(1)
|
||||
await conn.filter(["com.apple.madrid"])
|
||||
await conn.filter(["com.apple.madrid"]+ids.facetime.TEST_TOPICS)
|
||||
|
||||
user = ids.IDSUser(conn)
|
||||
user.auth_and_set_encryption_from_config(CONFIG)
|
||||
|
@ -80,6 +81,7 @@ async def main():
|
|||
CONFIG["id"] = {
|
||||
"key": user._id_keypair.key,
|
||||
"cert": user._id_keypair.cert,
|
||||
"ft_cert": user._facetime_cert,
|
||||
}
|
||||
CONFIG["auth"] = {
|
||||
"key": user._auth_keypair.key,
|
||||
|
@ -97,6 +99,8 @@ async def main():
|
|||
with open("config.json", "w") as f:
|
||||
json.dump(CONFIG, f, indent=4)
|
||||
|
||||
await ids.facetime.provision_alias(user)
|
||||
|
||||
im = imessage.iMessageUser(conn, user)
|
||||
|
||||
# Send a message to myself
|
||||
|
@ -182,9 +186,34 @@ async def input_task(im: imessage.iMessageUser):
|
|||
print("No chat selected")
|
||||
|
||||
async def output_task(im: imessage.iMessageUser):
|
||||
import plistlib
|
||||
while True:
|
||||
msg = await im.receive()
|
||||
print(str(msg))
|
||||
def check(payload: apns.APNSPayload):
|
||||
# Check if the "c" key matches
|
||||
#ody = payload.fields_with_id(3)[0].value
|
||||
#if body is None:
|
||||
#3 return False
|
||||
#body = plistlib.loads(body)
|
||||
#if not "c" in body:
|
||||
# return False
|
||||
#if isinstance(c, int) and body["c"] != c:
|
||||
# return False
|
||||
#elif isinstance(c, list) and body["c"] not in c:
|
||||
# return False
|
||||
return True
|
||||
|
||||
payload = await im.connection.expect_notification(ids.facetime.TEST_TOPICS, check)
|
||||
|
||||
body_bytes: bytes = payload.fields_with_id(3)[0].value
|
||||
body: dict[str, Any] = plistlib.loads(body_bytes)
|
||||
|
||||
print(body)
|
||||
|
||||
print(im._decrypt_payload(body["P"]))
|
||||
#return body
|
||||
|
||||
#msg = await im.receive()
|
||||
#print(str(msg))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
@ -72,7 +72,7 @@ class IDSUser:
|
|||
self.extra["device_key"] = self.ngm.device_key
|
||||
self.extra["prekey"] = self.ngm.pre_key
|
||||
|
||||
cert = identity.register(
|
||||
certs = identity.register(
|
||||
b64encode(self.push_connection.credentials.token),
|
||||
self.handles,
|
||||
self.user_id,
|
||||
|
@ -82,7 +82,8 @@ class IDSUser:
|
|||
validation_data,
|
||||
self.ngm
|
||||
)
|
||||
self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, cert)
|
||||
self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, certs["com.apple.madrid"])
|
||||
self._facetime_cert = certs["com.apple.private.alloy.facetime.multi"]
|
||||
|
||||
#self.extra = extra
|
||||
|
||||
|
@ -114,7 +115,8 @@ class IDSUser:
|
|||
(rsa_key := encryption.get("rsa_key")) and
|
||||
(signing_key := encryption.get("ec_key")) and
|
||||
(cert := id.get("cert")) and
|
||||
(key := id.get("key"))
|
||||
(key := id.get("key")) and
|
||||
(ft_cert := id.get("ft_cert"))
|
||||
):
|
||||
self.encryption_identity = identity.IDSIdentity(
|
||||
encryption_key=rsa_key,
|
||||
|
@ -123,6 +125,8 @@ class IDSUser:
|
|||
|
||||
id_keypair = _helpers.KeyPair(key, cert)
|
||||
self.restore_identity(id_keypair)
|
||||
|
||||
self._facetime_cert = ft_cert
|
||||
else:
|
||||
logging.info("Registering new identity...")
|
||||
import emulated.nac
|
||||
|
@ -132,6 +136,7 @@ class IDSUser:
|
|||
|
||||
self.register(vd)
|
||||
|
||||
async def lookup(self, uris: list[str], topic: str = "com.apple.madrid") -> Any:
|
||||
return await query.lookup(self.push_connection, self.current_handle, self._id_keypair, uris, topic)
|
||||
|
||||
async def lookup(self, uris: list[str], topic: str = "com.apple.madrid", keypair = None) -> Any:
|
||||
if keypair is None:
|
||||
keypair = self._id_keypair
|
||||
return await query.lookup(self.push_connection, self.current_handle, keypair, uris, topic)
|
||||
|
|
112
ids/facetime.py
Normal file
112
ids/facetime.py
Normal file
|
@ -0,0 +1,112 @@
|
|||
from ids import IDSUser
|
||||
import logging
|
||||
logger = logging.getLogger("ids")
|
||||
import plistlib
|
||||
from ids._helpers import PROTOCOL_VERSION, KeyPair, parse_key, serialize_key
|
||||
from ids.signing import add_auth_signature, armour_cert, add_id_signature, add_push_signature
|
||||
import requests
|
||||
import base64
|
||||
import time
|
||||
|
||||
TEST_TOPICS = ["com.apple.ess",
|
||||
"com.apple.private.alloy.facetime.video",
|
||||
"com.apple.private.alloy.facetime.sync",
|
||||
"com.apple.private.alloy.facetime.lp",
|
||||
"com.apple.private.alloy.facetime.mw",
|
||||
"com.apple.private.alloy.facetime.multi",
|
||||
"com.apple.ids"
|
||||
]
|
||||
async def provision_alias(user: IDSUser):
|
||||
logger.debug(f"Adding new temp alias")
|
||||
body = {
|
||||
"attributes": {
|
||||
"allowedServices": {
|
||||
"com.apple.private.alloy.facetime.multi": []
|
||||
},
|
||||
# Unix timestamp in seconds, with decimal places, for 1 year from now
|
||||
"expiry-epoch-seconds": time.time() + 31536000,
|
||||
"featureId": "Gondola"
|
||||
},
|
||||
"operation": "create"
|
||||
}
|
||||
body = plistlib.dumps(body)
|
||||
|
||||
headers = {
|
||||
"x-protocol-version": PROTOCOL_VERSION,
|
||||
"x-id-self-uri": user.current_handle,
|
||||
}
|
||||
add_push_signature(headers, body, "id-provision-alias", user._push_keypair, base64.b64encode(user.push_connection.credentials.token))
|
||||
# Create ID keypair with facetime cert
|
||||
keypair = KeyPair(
|
||||
user._id_keypair.key,
|
||||
user._facetime_cert,
|
||||
)
|
||||
add_id_signature(headers, body, "id-provision-alias", keypair, base64.b64encode(user.push_connection.credentials.token))
|
||||
|
||||
r = requests.post(
|
||||
"https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/provisionAlias",
|
||||
headers=headers,
|
||||
data=body,
|
||||
verify=False,
|
||||
)
|
||||
r = plistlib.loads(r.content)
|
||||
|
||||
print(r)
|
||||
alias = r["alias"]
|
||||
# remove pseud: prefix
|
||||
alias = alias[6:]
|
||||
# link
|
||||
|
||||
pub, key = create_key()
|
||||
print(f"https://facetime.apple.com/join#v=1&p={alias}&k={pub}")
|
||||
print(key)
|
||||
|
||||
# print(await user.lookup(["mailto:jjtech@jjtech.dev"]))
|
||||
|
||||
#print(await user.lookup([f"pseud:{alias}"], "com.apple.private.alloy.facetime.multi", KeyPair(user._auth_keypair.key, user._facetime_cert)))
|
||||
|
||||
def parse_key(key: str):
|
||||
# Add = padding
|
||||
key = key + "=" * (4 - len(key) % 4)
|
||||
# Urlsafe base64 decode
|
||||
key = base64.urlsafe_b64decode(key)
|
||||
print(key.hex())
|
||||
# Parse as a P256 key
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
|
||||
|
||||
# Parse compressed key... need to add 0x02 prefix
|
||||
k = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), b"\x02" + key)
|
||||
# Serialize as PEM
|
||||
k = k.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
|
||||
print(k.decode())
|
||||
|
||||
def create_key() -> tuple[str, str]:
|
||||
"""
|
||||
Create a P256 keypair and return the public key as a URL-safe base64 string
|
||||
and the private key as a PEM string.
|
||||
"""
|
||||
|
||||
# Generate a P256 keypair
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
|
||||
|
||||
# Generate keys until we get one that is even
|
||||
key = None
|
||||
pub = None
|
||||
|
||||
while True:
|
||||
key = ec.generate_private_key(ec.SECP256R1())
|
||||
pub = key.public_key().public_bytes(Encoding.X962, PublicFormat.CompressedPoint)
|
||||
if pub[0] == 0x02:
|
||||
pub = pub[1:]
|
||||
break
|
||||
|
||||
# URL-safe base64 encode
|
||||
pub = base64.urlsafe_b64encode(pub).decode()
|
||||
# Remove padding
|
||||
pub = pub.replace("=", "")
|
||||
|
||||
# Turn private key into PEM for convenience
|
||||
return pub, serialize_key(key)
|
||||
|
233
ids/identity.py
233
ids/identity.py
|
@ -13,57 +13,61 @@ from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
|||
from typing import Self
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger("ids")
|
||||
|
||||
|
||||
class IDSIdentity:
|
||||
def __init__(
|
||||
self,
|
||||
signing_key: str | None = None,
|
||||
encryption_key: str | None = None,
|
||||
signing_public_key: str | None = None,
|
||||
encryption_public_key: str | None = None
|
||||
):
|
||||
self,
|
||||
signing_key: str | None = None,
|
||||
encryption_key: str | None = None,
|
||||
signing_public_key: str | None = None,
|
||||
encryption_public_key: str | None = None,
|
||||
):
|
||||
if signing_key is not None:
|
||||
self.signing_key = signing_key
|
||||
self.signing_public_key = serialize_key(parse_key(signing_key).public_key())# type: ignore
|
||||
self.signing_public_key = serialize_key(parse_key(signing_key).public_key()) # type: ignore
|
||||
elif signing_public_key is not None:
|
||||
self.signing_key = None
|
||||
self.signing_public_key = signing_public_key
|
||||
else:
|
||||
# Generate a new key
|
||||
self.signing_key = serialize_key(ec.generate_private_key(ec.SECP256R1()))
|
||||
self.signing_public_key = serialize_key(parse_key(self.signing_key).public_key())# type: ignore
|
||||
self.signing_public_key = serialize_key(parse_key(self.signing_key).public_key()) # type: ignore
|
||||
|
||||
if encryption_key is not None:
|
||||
self.encryption_key = encryption_key
|
||||
self.encryption_public_key = serialize_key(parse_key(encryption_key).public_key())# type: ignore
|
||||
self.encryption_public_key = serialize_key(parse_key(encryption_key).public_key()) # type: ignore
|
||||
elif encryption_public_key is not None:
|
||||
self.encryption_key = None
|
||||
self.encryption_public_key = encryption_public_key
|
||||
else:
|
||||
self.encryption_key = serialize_key(rsa.generate_private_key(65537, 1280))
|
||||
self.encryption_public_key = serialize_key(parse_key(self.encryption_key).public_key())# type: ignore
|
||||
self.encryption_public_key = serialize_key(parse_key(self.encryption_key).public_key()) # type: ignore
|
||||
|
||||
@classmethod
|
||||
def decode(cls, inp: bytes) -> Self:
|
||||
input = BytesIO(inp)
|
||||
|
||||
assert input.read(5) == b'\x30\x81\xF6\x81\x43' # DER header
|
||||
assert input.read(5) == b"\x30\x81\xF6\x81\x43" # DER header
|
||||
raw_ecdsa = input.read(67)
|
||||
assert input.read(3) == b'\x82\x81\xAE' # DER header
|
||||
assert input.read(3) == b"\x82\x81\xAE" # DER header
|
||||
raw_rsa = input.read(174)
|
||||
|
||||
# Parse the RSA key
|
||||
raw_rsa = BytesIO(raw_rsa)
|
||||
assert raw_rsa.read(2) == b'\x00\xAC' # Not sure what this is
|
||||
assert raw_rsa.read(3) == b'\x30\x81\xA9' # Inner DER header
|
||||
assert raw_rsa.read(3) == b'\x02\x81\xA1'
|
||||
assert raw_rsa.read(2) == b"\x00\xAC" # Not sure what this is
|
||||
assert raw_rsa.read(3) == b"\x30\x81\xA9" # Inner DER header
|
||||
assert raw_rsa.read(3) == b"\x02\x81\xA1"
|
||||
rsa_modulus = raw_rsa.read(161)
|
||||
rsa_modulus = int.from_bytes(rsa_modulus, "big")
|
||||
assert raw_rsa.read(5) == b'\x02\x03\x01\x00\x01' # Exponent, should always be 65537
|
||||
assert (
|
||||
raw_rsa.read(5) == b"\x02\x03\x01\x00\x01"
|
||||
) # Exponent, should always be 65537
|
||||
|
||||
# Parse the EC key
|
||||
assert raw_ecdsa[:3] == b'\x00\x41\x04'
|
||||
assert raw_ecdsa[:3] == b"\x00\x41\x04"
|
||||
raw_ecdsa = raw_ecdsa[3:]
|
||||
ec_x = int.from_bytes(raw_ecdsa[:32], "big")
|
||||
ec_y = int.from_bytes(raw_ecdsa[32:], "big")
|
||||
|
@ -74,25 +78,27 @@ class IDSIdentity:
|
|||
rsa_key = rsa.RSAPublicNumbers(e=65537, n=rsa_modulus)
|
||||
rsa_key = rsa_key.public_key()
|
||||
|
||||
return IDSIdentity(signing_public_key=serialize_key(ec_key), encryption_public_key=serialize_key(rsa_key))
|
||||
|
||||
return IDSIdentity(
|
||||
signing_public_key=serialize_key(ec_key),
|
||||
encryption_public_key=serialize_key(rsa_key),
|
||||
)
|
||||
|
||||
def encode(self) -> bytes:
|
||||
output = BytesIO()
|
||||
|
||||
raw_rsa = BytesIO()
|
||||
raw_rsa.write(b'\x00\xAC')
|
||||
raw_rsa.write(b'\x30\x81\xA9')
|
||||
raw_rsa.write(b'\x02\x81\xA1')
|
||||
raw_rsa.write(parse_key(self.encryption_public_key).public_numbers().n.to_bytes(161, "big")) # type: ignore
|
||||
raw_rsa.write(b'\x02\x03\x01\x00\x01') # Hardcode the exponent
|
||||
raw_rsa.write(b"\x00\xAC")
|
||||
raw_rsa.write(b"\x30\x81\xA9")
|
||||
raw_rsa.write(b"\x02\x81\xA1")
|
||||
raw_rsa.write(parse_key(self.encryption_public_key).public_numbers().n.to_bytes(161, "big")) # type: ignore
|
||||
raw_rsa.write(b"\x02\x03\x01\x00\x01") # Hardcode the exponent
|
||||
|
||||
output.write(b'\x30\x81\xF6\x81\x43')
|
||||
output.write(b'\x00\x41\x04')
|
||||
output.write(parse_key(self.signing_public_key).public_numbers().x.to_bytes(32, "big"))# type: ignore
|
||||
output.write(parse_key(self.signing_public_key).public_numbers().y.to_bytes(32, "big"))# type: ignore
|
||||
output.write(b"\x30\x81\xF6\x81\x43")
|
||||
output.write(b"\x00\x41\x04")
|
||||
output.write(parse_key(self.signing_public_key).public_numbers().x.to_bytes(32, "big")) # type: ignore
|
||||
output.write(parse_key(self.signing_public_key).public_numbers().y.to_bytes(32, "big")) # type: ignore
|
||||
|
||||
output.write(b'\x82\x81\xAE')
|
||||
output.write(b"\x82\x81\xAE")
|
||||
output.write(raw_rsa.getvalue())
|
||||
|
||||
return output.getvalue()
|
||||
|
@ -108,6 +114,7 @@ def register(
|
|||
data, key = encryption.create_loggable_data()
|
||||
|
||||
import uuid
|
||||
|
||||
body = {
|
||||
"device-name": "pypush",
|
||||
"hardware-version": "MacBookPro18,3",
|
||||
|
@ -121,10 +128,12 @@ def register(
|
|||
{
|
||||
"capabilities": [{"flags": 1, "name": "Messenger", "version": 1}],
|
||||
"service": "com.apple.madrid",
|
||||
"sub-services": ["com.apple.private.alloy.sms",
|
||||
"com.apple.private.alloy.gelato",
|
||||
"com.apple.private.alloy.biz",
|
||||
"com.apple.private.alloy.gamecenter.imessage"],
|
||||
"sub-services": [
|
||||
"com.apple.private.alloy.sms",
|
||||
"com.apple.private.alloy.gelato",
|
||||
"com.apple.private.alloy.biz",
|
||||
"com.apple.private.alloy.gamecenter.imessage",
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
# "client-data": {
|
||||
|
@ -203,7 +212,149 @@ def register(
|
|||
"user-id": user_id,
|
||||
}
|
||||
],
|
||||
}
|
||||
},
|
||||
{
|
||||
"capabilities": [{"flags": 1, "name": "Invitation", "version": 1}],
|
||||
"service": "com.apple.private.alloy.facetime.multi",
|
||||
"sub-services": [],
|
||||
"users": [
|
||||
{
|
||||
"client-data": {
|
||||
"public-message-identity-key": identity.encode(),
|
||||
"public-message-identity-version": 2,
|
||||
"supports-avless": True,
|
||||
"supports-co": True,
|
||||
"supports-gft-calls": True,
|
||||
"supports-gft-errors": True,
|
||||
"supports-modern-gft": True,
|
||||
"supports-self-one-to-one-invites": True,
|
||||
},
|
||||
# "client-data": {
|
||||
# "public-message-ngm-device-prekey-data-key": b"\n \xb4\\\x15\x8e\xa4\xc8\xe5\x07\x98\tp\xd0\xa4^\x84k\x05#Ep\xa9*\xcd\xadt\xf5\xb0\xfb\xa6_ho\x12@\xe3\xf5\xcaOwh\xfd\xb9\xecD\t\x0e\x9e\xb8\xb0\xa1\x1c=\x92\x9dD/lmL\xde.\\o\xeb\x15>\x9f\xae\xd9\xf9\xd1\x9c*\x8dU\xe0\xd2\xdeo\xb2\xcb\xd8\xf8i\xd4\xd0a^\t!\x0fa\xb2\xddI\xfc_*\x19\xb2\xf0#\x12\xe0@\xd9A",
|
||||
# "supports-avless": True,
|
||||
# "public-message-identity-key": b"0\x81\xf6\x81C\x00A\x04\x87\x1e\xeb\xe4u\x0b\xa3\x9e\x9c\xbc\xf8rK\x1e\xfe44%f$\x1d\xe8\xbb\xc6\xbdCD\x9ckv K\xc1\x1e\xb1\xdf4\xc8S6\x0f\x92\xd0=\x1e\x84\x9c\xc5\xa5\xb6\xb7}\xdd\xec\x1e\x1e\xd8Q\xd8\xca\xdb\x07'\xc7\x82\x81\xae\x00\xac0\x81\xa9\x02\x81\xa1\x00\xa8 \xfc\x9f\xa6\xb0V2\xce\x1c\xa7\x13\x9e\x03\xd1\xd8\x97a\xbb\xdd\xac\x86\xb8\x10(\x89\x13QP\x8f\xf0+EP\xd1\xb06\xee\x94\xcd\xa8\x9e\xf1\xedp\xa4\x9726\x1e\xe9\xab\xd4\xcb\xac\x05\xd7\x8c?\xbb\xa2\xde,\xfe\r\x1a\xb9\x88W@\x99\xec\xa0]\r\x1a>dV\xb2@\xc5P\xf3m\x80y\xf5\xa0G\xae\xd8h\x92\xef\xca\x85\xcbB\xed\xa9W\x8c\x13\xd4O\xdbYI2\xdcM\x1f\xf6c\x17\x1c\xd1v\xdd\xbcc\xac,&V\xfd\x07\xa0\xc3\x9f\x00\x1f\xc6\xe4\x02u\x12p\x8f\xe2\xb0\x14\xfai\x12\xbb\xa6\x9a6Q\xa5\xde+\x9e{\xcf\xc8\x1b}\x02\x03\x01\x00\x01",
|
||||
# "supports-gft-calls": True,
|
||||
# "public-message-identity-version": 2.0,
|
||||
# "supports-co": True,
|
||||
# "supports-gft-errors": True,
|
||||
# "supports-self-one-to-one-invites": True,
|
||||
# "supports-modern-gft": True,
|
||||
# "public-message-identity-ngm-version": 12.0,
|
||||
# "device-key-signature": b"0a\x04\x14\x1d\xb02~\xefk&\xf8\r;R\xa4\x95c~\x8a\x90H\x85\xb0\x02\x01\x01\x04F0D\x02 @\xce\xa7P6\x89\x92Wf\x87\xc9\xc5M-\xb1\xe5Q\x9f\x7fKi\x1bp\xd5\x12\x1c,:\xdb\xed\x08\x12\x02 l\xfd\\\xe2\xd3:,\xc1\xd8\x08|\xbe\x05M\x12\xee@\xc2=eR8:\xa7h3u|\x83ia\x19",
|
||||
# },
|
||||
# "kt-loggable-data": b'\n"\n \rl\xbe\xca\xf7\xe8\xb2\x89k\x18\x1e\xb9,d\xf8\xe2\n\xbf\x8d\xe1E\xd6\xf3T\xcb\xd9\x99d\xd1mk\xeb\x10\x0c\x18\x05',
|
||||
|
||||
"uris": uris,
|
||||
"user-id": user_id,
|
||||
}
|
||||
],
|
||||
},
|
||||
{
|
||||
"capabilities": [{"flags": 1, "name": "Invitation", "version": 21}],
|
||||
"service": "com.apple.ess",
|
||||
"sub-services": [
|
||||
"com.apple.private.alloy.facetime.video",
|
||||
"com.apple.private.alloy.facetime.sync",
|
||||
"com.apple.private.alloy.facetime.lp",
|
||||
"com.apple.private.alloy.facetime.mw",
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"client-data": {
|
||||
"public-message-identity-key": identity.encode(),
|
||||
"public-message-identity-version": 2,
|
||||
"supports-avless": True,
|
||||
"supports-co": True,
|
||||
"supports-gft-calls": True,
|
||||
"supports-gft-errors": True,
|
||||
"supports-modern-gft": True,
|
||||
"supports-self-one-to-one-invites": True,
|
||||
},
|
||||
"uris": uris,
|
||||
"user-id": user_id,
|
||||
}
|
||||
],
|
||||
},
|
||||
{
|
||||
"capabilities": [
|
||||
{"flags": 1, "name": "com.apple.private.alloy", "version": 1}
|
||||
],
|
||||
"service": "com.apple.private.alloy.multiplex1",
|
||||
"sub-services": [
|
||||
"com.apple.private.alloy.continuity.encryption",
|
||||
"com.apple.private.alloy.willow.stream",
|
||||
"com.apple.private.alloy.status.keysharing",
|
||||
"com.apple.private.alloy.ids.cloudmessaging",
|
||||
"com.apple.private.alloy.avconference.icloud",
|
||||
"com.apple.private.alloy.keytransparency.accountkey.pinning",
|
||||
"com.apple.private.alloy.gamecenter",
|
||||
"com.apple.private.alloy.thumper.keys",
|
||||
"com.apple.private.alloy.electrictouch",
|
||||
"com.apple.private.alloy.alarms-timers",
|
||||
"com.apple.private.alloy.continuity.activity",
|
||||
"com.apple.private.alloy.home.invite",
|
||||
"com.apple.private.alloy.safeview",
|
||||
"com.apple.private.alloy.screensharing.qr",
|
||||
"com.apple.private.alloy.phone.auth",
|
||||
"com.apple.private.alloy.home",
|
||||
"com.apple.private.alloy.groupkit.invite",
|
||||
"com.apple.private.alloy.fmf",
|
||||
"com.apple.private.alloy.continuity.tethering",
|
||||
"com.apple.private.alloy.status.personal",
|
||||
"com.apple.private.alloy.amp.potluck",
|
||||
"com.apple.private.alloy.screentime",
|
||||
"com.apple.private.alloy.copresence",
|
||||
"com.apple.private.alloy.screentime.invite",
|
||||
"com.apple.private.alloy.tips",
|
||||
"com.apple.private.alloy.siri.icloud",
|
||||
"com.apple.private.alloy.maps.eta",
|
||||
"com.apple.private.alloy.phonecontinuity",
|
||||
"com.apple.private.alloy.sleep.icloud",
|
||||
"com.apple.private.alloy.usagetracking",
|
||||
"com.apple.private.alloy.icloudpairing",
|
||||
"com.apple.private.alloy.clockface.sharing",
|
||||
"com.apple.private.alloy.carmelsync",
|
||||
"com.apple.private.alloy.messagenotification",
|
||||
"com.apple.private.alloy.digitalhealth",
|
||||
"com.apple.private.alloy.ded",
|
||||
"com.apple.private.alloy.screensharing",
|
||||
"com.apple.private.alloy.contextsync",
|
||||
"com.apple.private.alloy.accessibility.switchcontrol",
|
||||
"com.apple.private.alloy.familycontrols",
|
||||
"com.apple.private.alloy.fmd",
|
||||
"com.apple.private.alloy.willow",
|
||||
"com.apple.private.alloy.coreduet.sync",
|
||||
"com.apple.private.alloy.nearby",
|
||||
"com.apple.private.alloy.safari.groupactivities",
|
||||
"com.apple.private.alloy.groupkit",
|
||||
"com.apple.private.alloy.accounts.representative",
|
||||
"com.apple.private.alloy.notes",
|
||||
"com.apple.private.alloy.classroom",
|
||||
"com.apple.private.alloy.applepay",
|
||||
"com.apple.private.alloy.proxiedcrashcopier.icloud",
|
||||
"com.apple.private.alloy.continuity.unlock",
|
||||
"com.apple.private.alloy.nearby.family",
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"client-data": {
|
||||
"public-message-identity-key": identity.encode(),
|
||||
"public-message-identity-version": 2,
|
||||
"supports-beacon-sharing-v2": True,
|
||||
"supports-beneficiary-invites": True,
|
||||
"supports-cross-platform-sharing": True,
|
||||
"supports-fmd-v2": True,
|
||||
"supports-incoming-fmd-v1": True,
|
||||
"supports-maps-routing-path-leg": True,
|
||||
"supports-maps-waypoint-route-sharing": True,
|
||||
"supports-screen-time-v2": True,
|
||||
"supports-secure-loc-v1": True,
|
||||
},
|
||||
"uris": uris,
|
||||
"user-id": user_id,
|
||||
}
|
||||
],
|
||||
},
|
||||
],
|
||||
"validation-data": b64decode(validation_data),
|
||||
}
|
||||
|
@ -223,7 +374,7 @@ def register(
|
|||
verify=False,
|
||||
)
|
||||
r = plistlib.loads(r.content)
|
||||
#print(f'Response code: {r["status"]}')
|
||||
# print(f'Response code: {r["status"]}')
|
||||
logger.debug(f"Recieved response to IDS registration: {r}")
|
||||
if "status" in r and r["status"] == 6004:
|
||||
raise Exception("Validation data expired!")
|
||||
|
@ -237,4 +388,14 @@ def register(
|
|||
if not "cert" in r["services"][0]["users"][0]:
|
||||
raise Exception(f"No cert in response: {r}")
|
||||
|
||||
return armour_cert(r["services"][0]["users"][0]["cert"])
|
||||
return {
|
||||
"com.apple.madrid": armour_cert(r["services"][0]["users"][0]["cert"]),
|
||||
"com.apple.private.alloy.facetime.multi": armour_cert(
|
||||
r["services"][1]["users"][0]["cert"]
|
||||
),
|
||||
"com.apple.ess": armour_cert(r["services"][2]["users"][0]["cert"]),
|
||||
"com.apple.private.alloy.multiplex1": armour_cert(r["services"][3]["users"][0]["cert"]),
|
||||
|
||||
}
|
||||
|
||||
# return armour_cert(r["services"][0]["users"][0]["cert"])
|
||||
|
|
|
@ -31,8 +31,8 @@ async def lookup(
|
|||
"x-protocol-version": PROTOCOL_VERSION,
|
||||
}
|
||||
|
||||
if 'alloy' in topic:
|
||||
headers["x-id-sub-service"] = topic # Hack, if it has alloy in the name it's probably a sub-service
|
||||
#if 'alloy' in topic:
|
||||
# headers["x-id-sub-service"] = topic # Hack, if it has alloy in the name it's probably a sub-service
|
||||
signing.add_id_signature(headers, body, BAG_KEY, id_keypair, push_token)
|
||||
|
||||
msg_id = random.randbytes(16)
|
||||
|
|
|
@ -90,11 +90,7 @@ def add_auth_signature(
|
|||
push_token: str,
|
||||
auth_number=None,
|
||||
):
|
||||
push_sig, push_nonce = _sign_payload(push_key.key, bag_key, "", push_token, body)
|
||||
headers["x-push-sig"] = push_sig
|
||||
headers["x-push-nonce"] = b64encode(push_nonce)
|
||||
headers["x-push-cert"] = dearmour(push_key.cert)
|
||||
headers["x-push-token"] = push_token
|
||||
add_push_signature(headers, body, bag_key, push_key, push_token)
|
||||
|
||||
auth_sig, auth_nonce = _sign_payload(auth_key.key, bag_key, "", push_token, body)
|
||||
auth_postfix = "-" + str(auth_number) if auth_number is not None else ""
|
||||
|
@ -102,6 +98,18 @@ def add_auth_signature(
|
|||
headers["x-auth-nonce" + auth_postfix] = b64encode(auth_nonce)
|
||||
headers["x-auth-cert" + auth_postfix] = dearmour(auth_key.cert)
|
||||
|
||||
def add_push_signature(
|
||||
headers: dict,
|
||||
body: bytes,
|
||||
bag_key: str,
|
||||
push_key: KeyPair,
|
||||
push_token: str
|
||||
):
|
||||
push_sig, push_nonce = _sign_payload(push_key.key, bag_key, "", push_token, body)
|
||||
headers["x-push-sig"] = push_sig
|
||||
headers["x-push-nonce"] = b64encode(push_nonce)
|
||||
headers["x-push-cert"] = dearmour(push_key.cert)
|
||||
headers["x-push-token"] = push_token
|
||||
|
||||
def add_id_signature(
|
||||
headers: dict,
|
||||
|
|
|
@ -214,6 +214,13 @@ def pretty_print_payload(
|
|||
|
||||
print(f" {bcolors.WARNING}Topic{bcolors.ENDC}: {topic}", end="")
|
||||
|
||||
if topic is not None and "facetime" in topic:
|
||||
payload: dict[str, Any] = plistlib.loads(_get_field(payload[1], 3))
|
||||
for (key, value) in payload.items():
|
||||
print(f" {bcolors.OKBLUE}{key}{bcolors.ENDC}: {value}") # type: ignore
|
||||
|
||||
|
||||
|
||||
if topic == "com.apple.madrid" or topic == "com.apple.private.alloy.sms":
|
||||
print(f" {bcolors.FAIL}Madrid{bcolors.ENDC}", end="")
|
||||
orig_payload = payload
|
||||
|
|
Loading…
Reference in a new issue