From abb47ddaf70d39d3778b63ae2d36a0326b1457ea Mon Sep 17 00:00:00 2001 From: JJTech0130 Date: Fri, 7 Apr 2023 09:28:32 -0400 Subject: [PATCH] begin adding logging to proxy --- apns.py | 22 +++++++++ printer.py | 118 +++++++++++++++++++++++++++++++++++++++++++++++++ proxy/proxy.py | 14 +++++- 3 files changed, 153 insertions(+), 1 deletion(-) create mode 100644 printer.py diff --git a/apns.py b/apns.py index ab2b917..a66e85e 100644 --- a/apns.py +++ b/apns.py @@ -44,6 +44,28 @@ def _deserialize_payload(stream) -> tuple[int, list[tuple[int, bytes]]] | None: return id, fields +def _deserialize_payload_from_buffer(buffer: bytes) -> tuple[int, list[tuple[int, bytes]]] | None: + id = int.from_bytes(buffer[:1], "big") + + if id == 0x0: + return None + + length = int.from_bytes(buffer[1:5], "big") + + buffer = buffer[5:] + + if len(buffer) < length: + raise Exception("Buffer is too short") + + fields = [] + + while len(buffer) > 0: + fid, value = _deserialize_field(buffer) + fields.append((fid, value)) + buffer = buffer[3 + len(value) :] + + return id, fields + # Returns the value of the first field with the given id def _get_field(fields: list[tuple[int, bytes]], id: int) -> bytes: diff --git a/printer.py b/printer.py new file mode 100644 index 0000000..4701335 --- /dev/null +++ b/printer.py @@ -0,0 +1,118 @@ +from base64 import b64encode, b64decode +from hashlib import sha1 + +# Taken from debug logs of apsd +enabled_topics = "(com.apple.icloud-container.com.apple.avatarsd, com.icloud.askpermission, com.apple.icloud-container.com.apple.Safari, com.apple.itunesstored, com.apple.icloud-container.clouddocs.com.apple.CloudDocs.health, com.apple.passd.usernotifications, com.apple.icloud-container.com.apple.donotdisturbd, com.apple.icloud-container.clouddocs.iCloud.com.reddit.reddit, com.apple.mobileme.fmf3, com.apple.icloud-container.com.apple.cloudpaird, com.apple.icloud-container.clouddocs.com.apple.Pages, com.apple.appstored-testflight, com.apple.askpermissiond, com.apple.icloud-container.com.apple.willowd, com.me.cal, com.apple.icloud-container.com.apple.suggestd, com.apple.icloud-container.clouddocs.F3LWYJ7GM7.com.apple.garageband10, com.apple.icloud-container.clouddocs.com.apple.CloudDocs.container-metadata, com.apple.icloud-container.com.apple.callhistory.sync-helper, com.apple.icloud-container.com.apple.syncdefaultsd, com.apple.icloud-container.com.apple.SafariShared.Settings, com.apple.pay.services.products.prod, com.apple.icloud-container.com.apple.StatusKitAgent, com.apple.icloud-container.com.apple.siriknowledged, com.me.contacts, com.apple.icloud-container.com.apple.TrustedPeersHelper, com.apple.icloud-container.clouddocs.iCloud.com.apple.iBooks, com.apple.icloud-container.clouddocs.iCloud.dk.simonbs.Scriptable, com.apple.icloud-container.clouddocs.com.apple.ScriptEditor2, com.icloud.family, com.apple.idmsauth, com.apple.watchList, com.apple.icloud-container.clouddocs.com.apple.TextEdit, com.apple.icloud-container.com.apple.VoiceMemos, com.apple.sharedstreams, com.apple.pay.services.apply.prod, com.apple.icloud-container.com.apple.SafariShared.CloudTabs, com.apple.wallet.sharing.qa, com.apple.appstored, com.apple.icloud-container.clouddocs.3L68KQB4HG.com.readdle.CommonDocuments, com.apple.icloud-container.clouddocs.com.apple.CloudDocs.pp-metadata, com.me.setupservice, com.apple.icloud-container.com.apple.amsengagementd, com.apple.icloud-container.com.apple.appleaccount.beneficiary.private, com.apple.icloud-container.com.apple.appleaccount.beneficiary, com.apple.icloud-container.clouddocs.com.apple.mail, com.apple.icloud-container.com.apple.appleaccount.custodian, com.apple.icloud-container.com.apple.securityd, com.apple.icloud-container.com.apple.iBooksX, com.apple.icloud-container.clouddocs.com.apple.QuickTimePlayerX, com.apple.icloud-container.clouddocs.com.apple.TextInput, com.apple.icloud-container.com.apple.icloud.fmfd, com.apple.tv.favoriteTeams, com.apple.pay.services.ownershipTokens.prod, com.apple.icloud-container.com.apple.passd, com.apple.amsaccountsd, com.apple.pay.services.devicecheckin.prod.us, com.apple.storekit, com.apple.icloud-container.com.apple.keyboardservicesd, paymentpass.com.apple, com.apple.aa.setupservice, com.apple.icloud-container.clouddocs.com.apple.shoebox, com.apple.icloud-container.clouddocs.F3LWYJ7GM7.com.apple.mobilegarageband, com.apple.icloud-container.com.apple.icloud.searchpartyuseragent, com.apple.icloud-container.clouddocs.iCloud.com.apple.configurator.ui, com.apple.icloud-container.com.apple.gamed, com.apple.icloud-container.clouddocs.com.apple.Keynote, com.apple.icloud-container.com.apple.willowd.homekit, com.apple.amsengagementd.notifications, com.apple.icloud.presence.mode.status, com.apple.aa.idms, com.apple.icloud-container.clouddocs.iCloud.com.apple.MobileSMS, com.apple.gamed, com.apple.icloud-container.clouddocs.iCloud.is.workflow.my.workflows, com.apple.icloud-container.clouddocs.iCloud.md.obsidian, com.apple.icloud-container.clouddocs.com.apple.CloudDocs, com.apple.wallet.sharing, com.apple.icloud-container.clouddocs.iCloud.com.apple.iBooks.iTunesU, com.apple.icloud.presence.shared.experience, com.apple.icloud-container.com.apple.imagent, com.apple.icloud-container.com.apple.financed, com.apple.pay.services.account.prod, com.apple.icloud-container.com.apple.assistant.assistantd, com.apple.pay.services.ck.zone.prod, com.apple.icloud-container.com.apple.security.cuttlefish, com.apple.icloud-container.clouddocs.com.apple.iBooks.cloudData, com.apple.peerpayment, com.icloud.quota, com.apple.pay.provision, com.apple.icloud-container.com.apple.upload-request-proxy.com.apple.photos.cloud, com.apple.icloud-container.com.apple.appleaccount.custodian.private, com.apple.icloud-container.clouddocs.com.apple.Preview, com.apple.maps.icloud, com.apple.icloud-container.com.apple.reminders, com.apple.icloud-container.com.apple.SafariShared.WBSCloudBookmarksStore, com.apple.idmsauthagent, com.apple.icloud-container.clouddocs.com.apple.Numbers, com.apple.bookassetd, com.apple.pay.auxiliary.registration.requirement.prod, com.apple.icloud.fmip.voiceassistantsync)" +opportunistic_topics = "(com.apple.madrid, com.apple.icloud-container.com.apple.photos.cloud, com.apple.private.alloy.ded, com.apple.private.ac, com.apple.private.alloy.coreduet.sync, com.apple.private.alloy.sms, com.apple.private.alloy.ids.cloudmessaging, com.apple.private.alloy.maps, com.apple.private.alloy.facetime.mw, com.apple.private.alloy.facetime.sync, com.apple.private.alloy.maps.eta, com.apple.private.alloy.thumper.keys, com.apple.private.alloy.phonecontinuity, com.apple.private.alloy.continuity.tethering, com.apple.private.alloy.biz, com.apple.private.alloy.tips, com.apple.private.alloy.keytransparency.accountkey.pinning, com.apple.private.alloy.nearby, com.apple.private.alloy.itunes, com.apple.private.alloy.status.keysharing, com.apple.private.alloy.facetime.video, com.apple.private.alloy.screentime.invite, com.apple.private.alloy.proxiedcrashcopier.icloud, com.apple.private.alloy.classroom, com.apple.private.alloy.carmelsync, com.apple.ess, com.apple.private.alloy.facetime.lp, com.apple.private.alloy.icloudpairing, com.apple.private.alloy.accounts.representative, com.apple.private.alloy.gamecenter.imessage, com.apple.private.alloy.photostream, com.apple.private.alloy.electrictouch, com.apple.private.alloy.messagenotification, com.apple.private.alloy.avconference.icloud, com.apple.private.alloy.fmd, com.apple.private.alloy.usagetracking, com.apple.private.alloy.fmf, com.apple.private.alloy.home.invite, com.apple.private.alloy.phone.auth, com.apple.private.alloy.quickrelay, com.apple.private.alloy.copresence, com.apple.private.alloy.home, com.apple.private.alloy.digitalhealth, com.apple.private.alloy.multiplex1, com.apple.private.alloy.screensharing.qr, com.apple.private.alloy.contextsync, com.apple.private.alloy.facetime.audio, com.apple.private.alloy.willow.stream, com.apple.private.ids, com.apple.private.alloy.continuity.activity, com.apple.private.alloy.gamecenter, com.apple.private.alloy.clockface.sharing, com.apple.private.alloy.safeview, com.apple.private.alloy.continuity.unlock, com.apple.private.alloy.continuity.encryption, com.apple.private.alloy.facetime.multi, com.apple.private.alloy.notes, com.apple.private.alloy.screentime, com.apple.private.alloy.willow, com.apple.private.alloy.accessibility.switchcontrol, com.apple.private.alloy.status.personal, com.apple.triald, com.apple.private.alloy.screensharing, com.apple.private.alloy.gelato, com.apple.private.alloy.safari.groupactivities, com.apple.private.alloy.applepay, com.apple.private.alloy.amp.potluck, com.apple.private.alloy.sleep.icloud, com.apple.icloud-container.com.apple.knowledge-agent)" +paused_topics = "(com.apple.icloud-container.company.thebrowser.Browser, com.apple.icloud-container.com.apple.sociallayerd, com.apple.icloud.fmip.app.push, com.apple.iBooksX, company.thebrowser.Browser, com.apple.icloud-container.com.apple.Maps, com.apple.mobileme.fmf2, com.apple.findmy, com.apple.iWork.Numbers, com.apple.jalisco, com.apple.iWork.Pages, com.apple.Notes, com.apple.Maps, com.apple.icloud-container.com.apple.Notes, com.apple.dt.Xcode, com.apple.sagad, com.apple.icloud.presence.channel.management, com.apple.icloud-container.com.apple.protectedcloudstorage.protectedcloudkeysyncing, com.apple.TestFlight, com.apple.icloud-container.com.apple.news, com.apple.music.social, com.apple.icloud-container.com.apple.iWork.Numbers, com.apple.news, com.apple.tilt, com.apple.icloud-container.com.apple.findmy, com.apple.icloud-container.com.apple.iWork.Pages)" + +# Parse the topics into a list +enabled_topics = enabled_topics[1:-1].split(", ") +opportunistic_topics = opportunistic_topics[1:-1].split(", ") +paused_topics = paused_topics[1:-1].split(", ") + +topics = enabled_topics + opportunistic_topics + paused_topics + +# Calculate the SHA1 hash of each topic +topics_lookup = [(topic, sha1(topic.encode()).digest()) for topic in topics] + +class bcolors: + HEADER = '\033[95m' + OKBLUE = '\033[94m' + OKCYAN = '\033[96m' + OKGREEN = '\033[92m' + WARNING = '\033[93m' + FAIL = '\033[91m' + ENDC = '\033[0m' + BOLD = '\033[1m' + UNDERLINE = '\033[4m' + +def _lookup_topic(hash: bytes): + for topic_lookup in topics_lookup: + if topic_lookup[1] == hash: + return topic_lookup[0] + return None + +# Returns the value of the first field with the given id +def _get_field(fields: list[tuple[int, bytes]], id: int) -> bytes: + for field_id, value in fields: + if field_id == id: + return value + return None + +def _p_filter(prefix, fields: list[tuple[int, bytes]]): + enabled = [] + ignored = [] + oppertunistic = [] + paused = [] + + token = "" + + for field in fields: + if field[0] == 1: + token = b64encode(field[1]) + #print(f"Push Token: {b64encode(field[1])}") + elif field[0] == 2: + enabled.append(_lookup_topic(field[1])) + elif field[0] == 3: + ignored.append(_lookup_topic(field[1])) + elif field[0] == 4: + oppertunistic.append(_lookup_topic(field[1])) + elif field[0] == 5: + paused.append(_lookup_topic(field[1])) + else: + print(f"Unknown field ID: {field[0]}") + + # Remove None values + enabled = [topic.strip() for topic in enabled if topic is not None] + ignored = [topic.strip() for topic in ignored if topic is not None] + oppertunistic = [topic.strip() for topic in oppertunistic if topic is not None] + paused = [topic.strip() for topic in paused if topic is not None] + + enabled = ", ".join(enabled) + ignored = ", ".join(ignored) + oppertunistic = ", ".join(oppertunistic) + paused = ", ".join(paused) + + if not enabled: + enabled = "None" + if not ignored: + ignored = "None" + if not oppertunistic: + oppertunistic = "None" + if not paused: + paused = "None" + + # Trim the list of topics + if len(enabled) > 100: + enabled = enabled[:100] + "..." + if len(ignored) > 100: + ignored = ignored[:100] + "..." + if len(oppertunistic) > 100: + oppertunistic = oppertunistic[:100] + "..." + if len(paused) > 100: + paused = paused[:100] + "..." + # (Token: {token.decode()}) + print(f"{bcolors.OKGREEN}{prefix}{bcolors.ENDC}: {bcolors.OKCYAN}Filter{bcolors.ENDC} {bcolors.WARNING}Enabled:{bcolors.ENDC} {enabled} {bcolors.FAIL}Ignored:{bcolors.ENDC} {ignored} {bcolors.OKBLUE}Oppertunistic:{bcolors.ENDC} {oppertunistic} {bcolors.OKGREEN}Paused:{bcolors.ENDC} {paused}") + + +def pretty_print_payload(prefix, payload: tuple[int, list[tuple[int, bytes]]]): + id = payload[0] + + if id == 9: + _p_filter(prefix, payload[1]) + elif id == 8: + token_str = "" + if _get_field(payload[1], 3): + token_str = f"New token: {b64encode(_get_field(payload[1], 3)).decode()}" + print(f"{bcolors.OKGREEN}{prefix}{bcolors.ENDC}: {bcolors.OKCYAN}Connected{bcolors.ENDC} {token_str}") + elif id == 7: + print(f"{bcolors.OKGREEN}{prefix}{bcolors.ENDC}: {bcolors.OKCYAN}Connect Request{bcolors.ENDC}") + else: + print(prefix, f"Payload ID: {hex(payload[0])}") + for field in payload[1]: + print(f"Field ID: {field[0]}") + print(f"Field Value: {field[1]}") + +if __name__ == "__main__": + print(f"{bcolors.OKGREEN}Enabled:{bcolors.ENDC}") \ No newline at end of file diff --git a/proxy/proxy.py b/proxy/proxy.py index 156e045..e0a0e93 100644 --- a/proxy/proxy.py +++ b/proxy/proxy.py @@ -26,6 +26,16 @@ def connect() -> tlslite.TLSConnection: cert:str = None key:str = None + +import sys + +# setting path +sys.path.append('../') + +import apns +import printer + + def proxy(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection, prefix: str = ""): while True: # Read data from the first connection @@ -34,7 +44,9 @@ def proxy(conn1: tlslite.TLSConnection, conn2: tlslite.TLSConnection, prefix: st if not data: break - print(prefix, data) + printer.pretty_print_payload(prefix, apns._deserialize_payload_from_buffer(data)) + + #print(prefix, data) # Write the data to the second connection conn2.write(data) print("Connection closed")