Randomize the tokens

2024-12-23 11:22:42 -06:00 · 2024-01-30 20:37:30 +00:00 · 2024-01-30 20:37:30 +00:00 · c244a2a88e
commit c244a2a88e
parent 2bbc748efb
4 changed files with 16 additions and 136 deletions
--- a/ids/_helpers.py
+++ b/ids/_helpers.py
@ -3,8 +3,9 @@ from collections import namedtuple
 USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]"
 PROTOCOL_VERSION = "1640"

-# KeyPair is a named tuple that holds a key and a certificate in PEM form
+# KeyPair is a named tuple that holds a private key and a certificate (public key) in PEM form, as well as a x509
 KeyPair = namedtuple("KeyPair", ["key", "cert"])
+Helperx509 = ""


 def dearmour(armoured: str) -> str:
--- a/ids/identity.py
+++ b/ids/identity.py
@ -4,7 +4,7 @@ from typing import Union

 import requests

-from ._helpers import PROTOCOL_VERSION, USER_AGENT, KeyPair, parse_key, serialize_key
+from ._helpers import PROTOCOL_VERSION, USER_AGENT, KeyPair, parse_key, serialize_key, Helperx509
 from .signing import add_auth_signature, armour_cert

 from io import BytesIO
@ -149,41 +149,11 @@ def register(
        "x-protocol-version": PROTOCOL_VERSION,
        "x-auth-user-id-0": user_id,
    }
-    add_auth_signature(headers, bytes("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg==""","utf8"), "id-register", auth_key, push_key, push_token, 0)
+    add_auth_signature(headers, bytes(Helperx509,"utf8"), "id-register", auth_key, push_key, push_token, 0)

    r = requests.post(
        "https://identity.ess.apple.com/WebObjects/TDIdentityService.woa/wa/register",
-        data=bytes("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg==""","utf8"),
+        data=bytes(Helperx509,"utf8"),
        verify=False,
    )
    r = plistlib.loads(r.content)
@ -201,19 +171,4 @@ dFwNRg==""","utf8"),
    #if not "cert" in r["services"][0]["users"][0]:
        #raise Exception(f"No cert in response: {r}")

-    return armour_cert("".join(r["message"][0]).join("no@nope.nicetry").join("""MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg=="""))
+    return armour_cert("".join(r["message"][0]).join("no@nope.nicetry").join(Helperx509))
--- a/ids/profile.py
+++ b/ids/profile.py
@ -52,40 +52,9 @@ def get_auth_token(
    result = _auth_token_request(username, password)
    
    
-    auth_token = """
-MIIEpAIBAAKCAQEAg9G5I12Rz4+MjZweEC5ErDEAT7pSZTT2pjB1lij/VCpErkWG
-joCNK10yxVApSax41JKki33QwZSoIuOb7FcfV92fmDXQLwiuGm//YjDwc9X/08+W
-MxCA934zlXFZx1Z0jUS6jCNRu5kvkQMc1kD3h/DuxIATf1JfShcdpodYor1JCxOZ
-5VfTsmoDG88NuDQb/KoP46cRcSJPeKqdXHTVKmilJ0G/pCwHNJP7EibXT3nH4i5L
-t/RLQsS0sh8OQYA/gRbJ0x4dVjYy+HbIaZNrJAh5cVmENLw3a+ZmLPb4EXz/YVsY
-6gZn3U30HOmuYn+KkOCcjp/iqqDyNj173D1T+wIDAQABAoIBAQCAOZPEKRLbOqHY
-ZlKAHuHCNfA9ndrkg/6hbmYTaVHlhzBD7XGUUMwBsKjgcreW6OSosvTIk9xrUbW0
-Kn/UCHN+vyCtqTsXZXQmV2evFjfwFezDFxzeE2HAXczDw/03AIxjlsV36CtrNvmk
-L8jvSUb/v4gjMQrGQVRb99xpzyKTOfPDlPxiSdTSMqJ4VPWSL0xya97xjh8t0wYx
-/vLGcYPhM8be0LHdTkyPG6N0A/bATn8yGnt/w7FKMHAFR975Uv/seZv2sbxNvcQG
-H6j70qAcY8E1AVkuzQbxAR0i5/We05XyhgiSEUqTJeBaCBGOKXIexyNnmdtVfT0P
-YJysliQRAoGBALwxEXEiMfo9VsBYH945XJvTLn2/eCSrf9v3R7by+2rUSkJc/MGB
-4+CDeoWaHc9EMvb7FgAgTVPccRypZo5FQ98U/widNBzGO+P5b3g44H7F4U1axL5e
-19a6fN7n9f0z534qdydJLpoqmTe6zFK4Meuj6Gs7ETS3/nVwCCygOfnvAoGBALNQ
-0lEEuR/R76ew1kQ+c2cxkarvvgA3V4jTGdf1Pjsb6q38SFjbNilSCAMxHt+pRdaU
-F4q76sdx4oDXMRDd0CgsMGSp89pJeFZ7XQ9Mfz/uHaw3uXF7Pbxc7AWFy+ogAbNG
-BYbTokmzYPqL5Ga3KlqaFKe2wXtw7P4DO198MEK1AoGBAIzO+gn4WASwmJRaW53e
-tZgyLvsPpElruMNRBmuw6sVICjgVc1kmYua9+ZK1edB3atq5jACUKsewjUGwzndt
-BBeKkjhTx4YwHOe63tjJVdAFJ0rFu6flNwIHjx8J2FiX2YHhLD5M132qmfHE5tSN
-1WxGu8Rf8cPMV6xvIu6hBEApAoGAVffdnTIifvrrZv4E+9rlAQhmygj+kqP1t4dd
-0IenOjd8H8Xf+Zm/Mbg+Vylpn9lLvkBpuP225b/X0+VXhLqTXW8yFFDWtESdCPlD
-+F24dDH4z+Q3aAyp4HC8RzmKNcj6h7R+WdGE8MirKfN/oS8XgzBzzqRzxnaxaGas
-RG8JxDECgYAbJcqfsZBzSTuW25jHSmLKvjQNfBE7eywbldG8y8EoT6LWqv+zQbj0
-cGcS3ectMA6UVYSDfyaw6MOXv3YC5QPIMXFJsOYLwkpSM8J0cT4MdSXx1WHNSguO
-eS1AVbX69JYcGEOIWMkdxXm0bxRNXq2Xaz1TlA3xOc6pYUKHtkFTcQ=="""
+    auth_token = rsa.generate_private_key(public_exponent=65537,key_size=2048)
    
-    realm_user_id = """MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9G5I12Rz4+MjZweEC5E
-rDEAT7pSZTT2pjB1lij/VCpErkWGjoCNK10yxVApSax41JKki33QwZSoIuOb7Fcf
-V92fmDXQLwiuGm//YjDwc9X/08+WMxCA934zlXFZx1Z0jUS6jCNRu5kvkQMc1kD3
-h/DuxIATf1JfShcdpodYor1JCxOZ5VfTsmoDG88NuDQb/KoP46cRcSJPeKqdXHTV
-KmilJ0G/pCwHNJP7EibXT3nH4i5Lt/RLQsS0sh8OQYA/gRbJ0x4dVjYy+HbIaZNr
-JAh5cVmENLw3a+ZmLPb4EXz/YVsY6gZn3U30HOmuYn+KkOCcjp/iqqDyNj173D1T
-+wIDAQAB"""
+    realm_user_id = private_key.public_key()
    # else:
    #     logger.debug("Using old-style authentication")
    #     # Make the request without the 2FA code to make the prompt appear
@ -145,24 +114,11 @@ def get_auth_cert(user_id, token) -> KeyPair:

    body = plistlib.dumps(body)

-    r = {"cert": """-----BEGIN CERTIFICATE REQUEST-----
-MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg==
-----END CERTIFICATE REQUEST-----"""}
+    priv = auth_token
+    x509cert = _generate_csr(auth_token)
+    pub = realm_user_id
+    
+    r = {"cert": x509cert}

    cert = r["cert"]
    logger.debug("Got auth cert from token")
@ -202,21 +158,4 @@ def get_handles(push_token, user_id: str, auth_key: KeyPair, push_key: KeyPair):

    #logger.debug(f"User {user_id} has handles {r['handles']}")
    #return [handle["uri"] for handle in r["handles"]]
-    return ["""-----BEGIN CERTIFICATE REQUEST-----
-MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg==
-----END CERTIFICATE REQUEST-----"""]
+    return [priv, pub, x509cert]
--- a/ids/signing.py
+++ b/ids/signing.py
@ -8,27 +8,12 @@ from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.x509.oid import NameOID

-from ._helpers import KeyPair, dearmour
+from ._helpers import KeyPair, dearmour, Helperx509


 # TODO: Move this helper somewhere else
 def armour_cert(cert: bytes) -> str:
-    return """MIIC0DCCAbgCAQAwSDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkFsYXNrYTETMBEG
-A1UEBwwKTm9ydGggUG9sZTETMBEGA1UECgwKQXBwbGUgSW5jLjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANENQCvM8n5F9OPdH4GlB/EeQ2bQ7KFFEuL9
-NL8DXlm9YRiyGza7KB7BR/P8cjIVuRHIehEcHOjXRhgSqey73JGFLCNZO9TYPJIu
-OSMV/O99u2Si/9l1rZIlkWUnAQ1UtOQ94xsUp3Kh2aK3CrJCitHp1VwjGm27dojw
-NwaGJq0f0Qi9j6p21pEO41VY7Q1W5wFFa5D2pjXAK4E/AnccI2KGnx+sGzniVMCr
-RJG+A89VQYGN5H0YMCfu5T/IUDHTkOuJQWrDgW4D/NLy4ybXO80yQ9Vogk94LVdl
-xPHkMHOCq1Va2KTMKLtnol8BKhzMEdJMHvMt2qRZ9HBdzFUwplUCAwEAAaBDMEEG
-CSqGSIb3DQEJDjE0MDIwDgYDVR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsG
-AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAS4wigV8i82EGChek
-9MKrjjEQrw0ca7OC3PNo3UG+XYdgly7h1Tv8jEjppsPGbnpOOEV0lX7Xncc8GRvG
-893/473Zekyzjo48KGnvTuTFARfn58Nh5LrrFtrOqEjoOjpSFuVuHDJI1MjQdMeX
-3mzc1xAaH4nYwFxe5VhDDPNiz0OJ5YlrOmxLz25bGtPpPGQp+jKqYvaQolsuKjUE
-x9oPpOGn/b3whTZrIz1KwN59n11l0AB2UUJA8jN7Rmk+w8htJYWobxAa/JwBSFzv
-hj+/A2TVeYj/+xkdCy780HvZgRTW2+7nLytW6mvAowZzYTHGjJudzX9jivRUZNG9
-dFwNRg=="""
+    return Helperx509


 """