From c244a2a88ef92eec3443609a824d53ef49001c5f Mon Sep 17 00:00:00 2001 From: nodemixaholic Date: Tue, 30 Jan 2024 20:37:30 +0000 Subject: [PATCH] Randomize the tokens --- ids/_helpers.py | 3 +- ids/identity.py | 53 +++------------------------------- ids/profile.py | 77 +++++-------------------------------------------- ids/signing.py | 19 ++---------- 4 files changed, 16 insertions(+), 136 deletions(-) diff --git a/ids/_helpers.py b/ids/_helpers.py index a10fd79..184723d 100644 --- a/ids/_helpers.py +++ b/ids/_helpers.py @@ -3,8 +3,9 @@ from collections import namedtuple USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]" PROTOCOL_VERSION = "1640" -# KeyPair is a named tuple that holds a key and a certificate in PEM form +# KeyPair is a named tuple that holds a private key and a certificate (public key) in PEM form, as well as a x509 KeyPair = namedtuple("KeyPair", ["key", "cert"]) +Helperx509 = "" def dearmour(armoured: str) -> str: diff --git a/ids/identity.py b/ids/identity.py index 4192c1d..8461a3e 100644 --- a/ids/identity.py +++ b/ids/identity.py @@ -4,7 +4,7 @@ from typing import Union import requests -from ._helpers import PROTOCOL_VERSION, USER_AGENT, KeyPair, parse_key, serialize_key +from ._helpers import PROTOCOL_VERSION, USER_AGENT, KeyPair, parse_key, serialize_key, Helperx509 from .signing import add_auth_signature, armour_cert from io import BytesIO @@ -149,41 +149,11 @@ def register( "x-protocol-version": PROTOCOL_VERSION, "x-auth-user-id-0": user_id, } - add_auth_signature(headers, bytes("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg==""","utf8"), "id-register", auth_key, push_key, push_token, 0) + add_auth_signature(headers, bytes(Helperx509,"utf8"), "id-register", auth_key, push_key, push_token, 0) r = requests.post( "https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register", - data=bytes("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg==""","utf8"), + data=bytes(Helperx509,"utf8"), verify=False, ) r = plistlib.loads(r.content) @@ -201,19 +171,4 @@ dFwNRg==""","utf8"), #if not "cert" in r["services"][0]["users"][0]: #raise Exception(f"No cert in response: {r}") - return armour_cert("".join(r["message"][0]).join("no@nope.nicetry").join("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg==""")) + return armour_cert("".join(r["message"][0]).join("no@nope.nicetry").join(Helperx509)) diff --git a/ids/profile.py b/ids/profile.py index 7198312..05820d1 100644 --- a/ids/profile.py +++ b/ids/profile.py @@ -52,40 +52,9 @@ def get_auth_token( result = _auth_token_request(username, password) - auth_token = """ -MIIEpAIBAAKCAQEAg9G5I12Rz4+MjZweEC5ErDEAT7pSZTT2pjB1lij/VCpErkWG -joCNK10yxVApSax41JKki33QwZSoIuOb7FcfV92fmDXQLwiuGm//YjDwc9X/08+W -MxCA934zlXFZx1Z0jUS6jCNRu5kvkQMc1kD3h/DuxIATf1JfShcdpodYor1JCxOZ -5VfTsmoDG88NuDQb/KoP46cRcSJPeKqdXHTVKmilJ0G/pCwHNJP7EibXT3nH4i5L -t/RLQsS0sh8OQYA/gRbJ0x4dVjYy+HbIaZNrJAh5cVmENLw3a+ZmLPb4EXz/YVsY -6gZn3U30HOmuYn+KkOCcjp/iqqDyNj173D1T+wIDAQABAoIBAQCAOZPEKRLbOqHY -ZlKAHuHCNfA9ndrkg/6hbmYTaVHlhzBD7XGUUMwBsKjgcreW6OSosvTIk9xrUbW0 -Kn/UCHN+vyCtqTsXZXQmV2evFjfwFezDFxzeE2HAXczDw/03AIxjlsV36CtrNvmk -L8jvSUb/v4gjMQrGQVRb99xpzyKTOfPDlPxiSdTSMqJ4VPWSL0xya97xjh8t0wYx -/vLGcYPhM8be0LHdTkyPG6N0A/bATn8yGnt/w7FKMHAFR975Uv/seZv2sbxNvcQG -H6j70qAcY8E1AVkuzQbxAR0i5/We05XyhgiSEUqTJeBaCBGOKXIexyNnmdtVfT0P -YJysliQRAoGBALwxEXEiMfo9VsBYH945XJvTLn2/eCSrf9v3R7by+2rUSkJc/MGB -4+CDeoWaHc9EMvb7FgAgTVPccRypZo5FQ98U/widNBzGO+P5b3g44H7F4U1axL5e -19a6fN7n9f0z534qdydJLpoqmTe6zFK4Meuj6Gs7ETS3/nVwCCygOfnvAoGBALNQ -0lEEuR/R76ew1kQ+c2cxkarvvgA3V4jTGdf1Pjsb6q38SFjbNilSCAMxHt+pRdaU -F4q76sdx4oDXMRDd0CgsMGSp89pJeFZ7XQ9Mfz/uHaw3uXF7Pbxc7AWFy+ogAbNG -BYbTokmzYPqL5Ga3KlqaFKe2wXtw7P4DO198MEK1AoGBAIzO+gn4WASwmJRaW53e -tZgyLvsPpElruMNRBmuw6sVICjgVc1kmYua9+ZK1edB3atq5jACUKsewjUGwzndt -BBeKkjhTx4YwHOe63tjJVdAFJ0rFu6flNwIHjx8J2FiX2YHhLD5M132qmfHE5tSN -1WxGu8Rf8cPMV6xvIu6hBEApAoGAVffdnTIifvrrZv4E+9rlAQhmygj+kqP1t4dd -0IenOjd8H8Xf+Zm/Mbg+Vylpn9lLvkBpuP225b/X0+VXhLqTXW8yFFDWtESdCPlD -+F24dDH4z+Q3aAyp4HC8RzmKNcj6h7R+WdGE8MirKfN/oS8XgzBzzqRzxnaxaGas -RG8JxDECgYAbJcqfsZBzSTuW25jHSmLKvjQNfBE7eywbldG8y8EoT6LWqv+zQbj0 -cGcS3ectMA6UVYSDfyaw6MOXv3YC5QPIMXFJsOYLwkpSM8J0cT4MdSXx1WHNSguO -eS1AVbX69JYcGEOIWMkdxXm0bxRNXq2Xaz1TlA3xOc6pYUKHtkFTcQ==""" + auth_token = rsa.generate_private_key(public_exponent=65537,key_size=2048) - realm_user_id = """MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9G5I12Rz4+MjZweEC5E -rDEAT7pSZTT2pjB1lij/VCpErkWGjoCNK10yxVApSax41JKki33QwZSoIuOb7Fcf -V92fmDXQLwiuGm//YjDwc9X/08+WMxCA934zlXFZx1Z0jUS6jCNRu5kvkQMc1kD3 -h/DuxIATf1JfShcdpodYor1JCxOZ5VfTsmoDG88NuDQb/KoP46cRcSJPeKqdXHTV -KmilJ0G/pCwHNJP7EibXT3nH4i5Lt/RLQsS0sh8OQYA/gRbJ0x4dVjYy+HbIaZNr -JAh5cVmENLw3a+ZmLPb4EXz/YVsY6gZn3U30HOmuYn+KkOCcjp/iqqDyNj173D1T -+wIDAQAB""" + realm_user_id = private_key.public_key() # else: # logger.debug("Using old-style authentication") # # Make the request without the 2FA code to make the prompt appear @@ -145,24 +114,11 @@ def get_auth_cert(user_id, token) -> KeyPair: body = plistlib.dumps(body) - r = {"cert": """-----BEGIN CERTIFICATE REQUEST----- -MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg== ------END CERTIFICATE REQUEST-----"""} + priv = auth_token + x509cert = _generate_csr(auth_token) + pub = realm_user_id + + r = {"cert": x509cert} cert = r["cert"] logger.debug("Got auth cert from token") @@ -202,21 +158,4 @@ def get_handles(push_token, user_id: str, auth_key: KeyPair, push_key: KeyPair): #logger.debug(f"User {user_id} has handles {r['handles']}") #return [handle["uri"] for handle in r["handles"]] - return ["""-----BEGIN CERTIFICATE REQUEST----- -MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg== ------END CERTIFICATE REQUEST-----"""] + return [priv, pub, x509cert] diff --git a/ids/signing.py b/ids/signing.py index cc1f575..eb28b47 100644 --- a/ids/signing.py +++ b/ids/signing.py @@ -8,27 +8,12 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, rsa from cryptography.x509.oid import NameOID -from ._helpers import KeyPair, dearmour +from ._helpers import KeyPair, dearmour, Helperx509 # TODO: Move this helper somewhere else def armour_cert(cert: bytes) -> str: - return """MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG -A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9 -NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu -OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw -NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr -RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl -xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG -CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek -9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG -893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX -3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE -x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv -hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9 -dFwNRg==""" + return Helperx509 """