mirror of
https://github.com/Sneed-Group/pypush-plus-plus
synced 2025-01-09 17:33:47 +00:00
Squashed commit containing a bunch of other work, now can lookup with IDS! 🎉
This commit is contained in:
parent
216cf8b19a
commit
c68d710952
4 changed files with 127 additions and 63 deletions
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -1,7 +1,6 @@
|
||||||
# APNS
|
# IDS
|
||||||
push.crt
|
ids.key
|
||||||
push.key
|
ids.crt
|
||||||
token
|
|
||||||
|
|
||||||
# Byte-compiled / optimized / DLL files
|
# Byte-compiled / optimized / DLL files
|
||||||
__pycache__/
|
__pycache__/
|
||||||
|
|
21
apns.py
21
apns.py
|
@ -14,17 +14,17 @@ class APNSConnection:
|
||||||
#print(self.sock.closed)
|
#print(self.sock.closed)
|
||||||
#print("QUEUE: Waiting for payload...")
|
#print("QUEUE: Waiting for payload...")
|
||||||
#self.sock.read(1)
|
#self.sock.read(1)
|
||||||
print("QUEUE: Got payload?")
|
#print("QUEUE: Got payload?")
|
||||||
payload = _deserialize_payload(self.sock)
|
payload = _deserialize_payload(self.sock)
|
||||||
#print("QUEUE: Got payload?")
|
#print("QUEUE: Got payload?")
|
||||||
|
|
||||||
if payload is not None:
|
if payload is not None:
|
||||||
print("QUEUE: Received payload: " + str(payload))
|
#print("QUEUE: Received payload: " + str(payload))
|
||||||
self.incoming_queue.append(payload)
|
self.incoming_queue.append(payload)
|
||||||
print("QUEUE: Thread ended")
|
#print("QUEUE: Thread ended")
|
||||||
|
|
||||||
def _pop_by_id(self, id: int) -> tuple[int, list[tuple[int, bytes]]] | None:
|
def _pop_by_id(self, id: int) -> tuple[int, list[tuple[int, bytes]]] | None:
|
||||||
print("QUEUE: Looking for id " + str(id) + " in " + str(self.incoming_queue))
|
#print("QUEUE: Looking for id " + str(id) + " in " + str(self.incoming_queue))
|
||||||
for i in range(len(self.incoming_queue)):
|
for i in range(len(self.incoming_queue)):
|
||||||
if self.incoming_queue[i][0] == id:
|
if self.incoming_queue[i][0] == id:
|
||||||
return self.incoming_queue.pop(i)
|
return self.incoming_queue.pop(i)
|
||||||
|
@ -81,9 +81,12 @@ class APNSConnection:
|
||||||
|
|
||||||
self.sock.write(payload)
|
self.sock.write(payload)
|
||||||
|
|
||||||
def send_message(self, topic: str, payload: str):
|
def send_message(self, topic: str, payload: str, id = None):
|
||||||
|
if id is None:
|
||||||
|
id = random.randbytes(4)
|
||||||
|
|
||||||
payload = _serialize_payload(0x0a,
|
payload = _serialize_payload(0x0a,
|
||||||
[(4, random.randbytes(4)),
|
[(4, id),
|
||||||
(1, sha1(topic.encode()).digest()),
|
(1, sha1(topic.encode()).digest()),
|
||||||
(2, self.token),
|
(2, self.token),
|
||||||
(3, payload)])
|
(3, payload)])
|
||||||
|
@ -93,9 +96,13 @@ class APNSConnection:
|
||||||
|
|
||||||
payload = self.wait_for_packet(0x0b)
|
payload = self.wait_for_packet(0x0b)
|
||||||
|
|
||||||
|
if payload[1][0][1] != 0x00.to_bytes():
|
||||||
|
raise Exception("Failed to send message")
|
||||||
|
#raise Exception("Failed to send message, got error code " + str(payload[1][1].hex()))
|
||||||
|
|
||||||
#payload = _deserialize_payload(self.sock)
|
#payload = _deserialize_payload(self.sock)
|
||||||
|
|
||||||
print(payload)
|
#print(payload)
|
||||||
|
|
||||||
def set_state(self, state: int):
|
def set_state(self, state: int):
|
||||||
self.sock.write(_serialize_payload(0x14, [(1, state.to_bytes(1)), (2, 0x7FFFFFFF.to_bytes(4))]))
|
self.sock.write(_serialize_payload(0x14, [(1, state.to_bytes(1)), (2, 0x7FFFFFFF.to_bytes(4))]))
|
||||||
|
|
54
demo.py
54
demo.py
File diff suppressed because one or more lines are too long
108
ids.py
Normal file
108
ids.py
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
import requests
|
||||||
|
import plistlib
|
||||||
|
from base64 import b64encode, b64decode
|
||||||
|
from datetime import datetime
|
||||||
|
import random
|
||||||
|
from hashlib import sha1
|
||||||
|
import zlib
|
||||||
|
|
||||||
|
USER_AGENT = "com.apple.madrid-lookup [macOS,13.2.1,22D68,MacBookPro18,3]"
|
||||||
|
PUSH_TOKEN = "5V7AY+ikHr4DiSfq1W2UBa71G3FLGkpUSKTrOLg81yk="
|
||||||
|
|
||||||
|
# Nonce Format:
|
||||||
|
# 01000001876bd0a2c0e571093967fce3d7
|
||||||
|
# 01 # version
|
||||||
|
# 000001876d008cc5 # unix time
|
||||||
|
# r1r2r3r4r5r6r7r8 # random bytes
|
||||||
|
def generate_nonce() -> bytes:
|
||||||
|
return b"\x01" + int(datetime.now().timestamp() * 1000).to_bytes(8, "big") + random.randbytes(8)
|
||||||
|
|
||||||
|
def load_keys() -> tuple[str, str]:
|
||||||
|
# Load the private key and certificate from files
|
||||||
|
with open("ids.key", "r") as f:
|
||||||
|
ids_key = f.read()
|
||||||
|
with open("ids.crt", "r") as f:
|
||||||
|
ids_cert = f.read()
|
||||||
|
|
||||||
|
return ids_key, ids_cert
|
||||||
|
|
||||||
|
def _create_payload(bag_key: str, query_string: str, push_token: str, payload: bytes) -> tuple[str, bytes]:
|
||||||
|
# Generate the nonce
|
||||||
|
nonce = generate_nonce()
|
||||||
|
push_token = b64decode(push_token)
|
||||||
|
|
||||||
|
return nonce + len(bag_key).to_bytes(4) + bag_key.encode() + len(query_string).to_bytes(4) + query_string.encode() + len(payload).to_bytes(4) + payload + len(push_token).to_bytes(4) + push_token, nonce
|
||||||
|
|
||||||
|
|
||||||
|
def sign_payload(private_key: str, bag_key: str, query_string: str, push_token: str, payload: bytes) -> tuple[str, bytes]:
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import padding
|
||||||
|
from cryptography.hazmat.primitives import hashes
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import utils
|
||||||
|
|
||||||
|
# Load the private key
|
||||||
|
key = serialization.load_pem_private_key(private_key.encode(), password=None, backend=default_backend())
|
||||||
|
|
||||||
|
payload, nonce = _create_payload(bag_key, query_string, push_token, payload)
|
||||||
|
sig = key.sign(payload, padding.PKCS1v15(), hashes.SHA1())
|
||||||
|
|
||||||
|
sig = b"\x01\x01" + sig
|
||||||
|
sig = b64encode(sig).decode()
|
||||||
|
|
||||||
|
return sig, nonce
|
||||||
|
|
||||||
|
body = {'uris': ['mailto:jjtech@jjtech.dev']}
|
||||||
|
body = plistlib.dumps(body)
|
||||||
|
body = zlib.compress(body, wbits=16 + zlib.MAX_WBITS)
|
||||||
|
|
||||||
|
key, cert = load_keys()
|
||||||
|
signature, nonce = sign_payload(key, 'id-query', '', PUSH_TOKEN, body)
|
||||||
|
|
||||||
|
headers = {
|
||||||
|
'x-id-cert': cert.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace("\n", ""),
|
||||||
|
'x-id-nonce': b64encode(nonce).decode(),
|
||||||
|
'x-id-sig': signature,
|
||||||
|
'x-push-token': PUSH_TOKEN,
|
||||||
|
'x-id-self-uri': 'mailto:jjtech@jjtech.dev',
|
||||||
|
'User-Agent': USER_AGENT,
|
||||||
|
'x-protocol-version': '1630',
|
||||||
|
}
|
||||||
|
|
||||||
|
# We have to send it over APNs
|
||||||
|
import apns
|
||||||
|
|
||||||
|
conn1 = apns.APNSConnection()
|
||||||
|
conn1.connect()
|
||||||
|
conn1.keep_alive()
|
||||||
|
conn1.set_state(0x01)
|
||||||
|
conn1.filter([])
|
||||||
|
conn1.connect(False)
|
||||||
|
conn1.filter(["com.apple.madrid"])
|
||||||
|
print(conn1.token)
|
||||||
|
|
||||||
|
to_send = {'cT': 'application/x-apple-plist',
|
||||||
|
'U': b'\x16%D\xd5\xcd:D1\xa1\xa7z6\xa9\xe2\xbc\x8f', # Just random bytes?
|
||||||
|
'c': 96,
|
||||||
|
'ua': '[macOS,13.2.1,22D68,MacBookPro18,3]',
|
||||||
|
'u': 'https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query',
|
||||||
|
'h': headers,
|
||||||
|
'v': 2, # breaks lookup
|
||||||
|
'b': body
|
||||||
|
}
|
||||||
|
|
||||||
|
conn1.send_message("com.apple.madrid", plistlib.dumps(to_send, fmt=plistlib.FMT_BINARY))
|
||||||
|
|
||||||
|
response = conn1.wait_for_packet(0x0a)
|
||||||
|
|
||||||
|
response = apns._get_field(response[1], 3)
|
||||||
|
|
||||||
|
response = plistlib.loads(response)
|
||||||
|
|
||||||
|
print(f"Status code: {response['hs']}")
|
||||||
|
|
||||||
|
body = response['b']
|
||||||
|
body = zlib.decompress(body, 16 + zlib.MAX_WBITS)
|
||||||
|
body = plistlib.loads(body)
|
||||||
|
|
||||||
|
print(f"Body: {body}")
|
Loading…
Reference in a new issue