more changes still untested

This commit is contained in:
JJTech0130 2023-09-23 16:13:41 -04:00
parent cce6e39079
commit eee69e17bd
No known key found for this signature in database
GPG key ID: 23C92EBCCF8F93D6
8 changed files with 204 additions and 83 deletions

View file

@ -92,6 +92,7 @@ async def main():
"key": user.push_connection.credentials.private_key, "key": user.push_connection.credentials.private_key,
"cert": user.push_connection.credentials.cert, "cert": user.push_connection.credentials.cert,
} }
CONFIG["extra"] = user.extra
with open("config.json", "w") as f: with open("config.json", "w") as f:
json.dump(CONFIG, f, indent=4) json.dump(CONFIG, f, indent=4)

View file

@ -4,7 +4,7 @@ import logging
import apns import apns
from . import _helpers, identity, profile, query from . import _helpers, identity, profile, query, encryption
from typing import Callable, Any from typing import Callable, Any
class IDSUser: class IDSUser:
@ -66,6 +66,12 @@ class IDSUser:
self.ec_key, self.rsa_key will be set to a randomly gnenerated EC and RSA keypair self.ec_key, self.rsa_key will be set to a randomly gnenerated EC and RSA keypair
if they are not already set if they are not already set
""" """
self.ngm = encryption.NGMIdentity(self.extra.get("device_key"), self.extra.get("prekey"))
self.extra["device_key"] = self.ngm.device_key
self.extra["prekey"] = self.ngm.pre_key
cert = identity.register( cert = identity.register(
b64encode(self.push_connection.credentials.token), b64encode(self.push_connection.credentials.token),
self.handles, self.handles,
@ -74,13 +80,18 @@ class IDSUser:
self._push_keypair, self._push_keypair,
self.encryption_identity, self.encryption_identity,
validation_data, validation_data,
self.ngm
) )
self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, cert) self._id_keypair = _helpers.KeyPair(self._auth_keypair.key, cert)
#self.extra = extra
def restore_identity(self, id_keypair: _helpers.KeyPair): def restore_identity(self, id_keypair: _helpers.KeyPair):
self._id_keypair = id_keypair self._id_keypair = id_keypair
def auth_and_set_encryption_from_config(self, config: dict[str, dict[str, Any]]): def auth_and_set_encryption_from_config(self, config: dict[str, dict[str, Any]]):
if "extra" in config:
self.extra = config["extra"]
auth = config.get("auth", {}) auth = config.get("auth", {})
if ( if (

View file

@ -78,6 +78,28 @@ def create_compact_key():
return pub, serialize_key(key) return pub, serialize_key(key)
def compact_key(key: ec.EllipticCurvePrivateKey):
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
return key.public_key().public_bytes(Encoding.X962, PublicFormat.CompressedPoint)[1:]
def create_compactable_key():
# Generate a P256 keypair
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
# Generate keys until we get one that is even
key = None
while True:
key = ec.generate_private_key(ec.SECP256R1())
pub = key.public_key().public_bytes(Encoding.X962, PublicFormat.CompressedPoint)
if pub[0] == 0x02:
break
return serialize_key(key)
def create_encoded_compact_key() -> tuple[str, str]: def create_encoded_compact_key() -> tuple[str, str]:
pub, key = create_compact_key() pub, key = create_compact_key()
# URL-safe base64 encode # URL-safe base64 encode

View file

@ -1,8 +1,56 @@
from . import ids_pb2, _helpers from . import ids_pb2, _helpers
import struct,time
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import hashes
import logging import logging
logger = logging.getLogger("ids") logger = logging.getLogger("ids")
class NGMIdentity:
def __init__(self, device_key: str | None, pre_key: str | None):
if device_key is None:
device_key = _helpers.create_compactable_key()
if pre_key is None:
pre_key = _helpers.create_compactable_key()
self.device_key = device_key
self.pre_key = pre_key
@staticmethod
def serialize_timestamp(timestamp: float):
import struct
return struct.pack("<d", timestamp)
import time
time.time()
def sign_prekey(self):
timestamp = time.time()
to_sign = b"NGMPrekeySignature" + _helpers.compact_key(_helpers.parse_key(self.pre_key)) + struct.pack("<d", timestamp)
signed = _helpers.parse_key(self.device_key).sign(to_sign, ec.ECDSA(hashes.SHA256()))
prekey_signed = ids_pb2.PublicDevicePrekey()
prekey_signed.prekeySignature = signed
prekey_signed.prekey = _helpers.compact_key(_helpers.parse_key(self.pre_key))
prekey_signed.timestamp = timestamp
return prekey_signed.SerializeToString()
def generate_loggable_data(self):
identity = ids_pb2.NgmPublicIdentity()
identity.publicKey = _helpers.compact_key(_helpers.parse_key(self.device_key))
loggable_data = ids_pb2.KeyTransparencyLoggableData()
loggable_data.ngmPublicIdentity = identity.SerializeToString()
loggable_data.ngmVersion = 12
loggable_data.ktVersion = 0
return loggable_data.SerializeToString()
def parse_loggable_data(data: bytes): def parse_loggable_data(data: bytes):
# Parse as a LoggableData # Parse as a LoggableData
loggable_data = ids_pb2.KeyTransparencyLoggableData() loggable_data = ids_pb2.KeyTransparencyLoggableData()
@ -30,6 +78,8 @@ def create_loggable_data():
loggable_data = ids_pb2.KeyTransparencyLoggableData() loggable_data = ids_pb2.KeyTransparencyLoggableData()
loggable_data.ngmPublicIdentity = identity.SerializeToString() loggable_data.ngmPublicIdentity = identity.SerializeToString()
loggable_data.ngmVersion = 12
loggable_data.ktVersion = 5

View file

@ -97,11 +97,16 @@ class IDSIdentity:
return output.getvalue() return output.getvalue()
from . import encryption
def register( def register(
push_token, handles, user_id, auth_key: KeyPair, push_key: KeyPair, identity: IDSIdentity, validation_data push_token, handles, user_id, auth_key: KeyPair, push_key: KeyPair, identity: IDSIdentity, validation_data, ngm: encryption.NGMIdentity
): ):
logger.debug(f"Registering IDS identity for {handles}") logger.debug(f"Registering IDS identity for {handles}")
uris = [{"uri": handle} for handle in handles] uris = [{"uri": handle} for handle in handles]
from . import encryption
data, key = encryption.create_loggable_data()
import uuid import uuid
body = { body = {
"device-name": "pypush", "device-name": "pypush",
@ -122,37 +127,31 @@ def register(
"com.apple.private.alloy.gamecenter.imessage"], "com.apple.private.alloy.gamecenter.imessage"],
"users": [ "users": [
{ {
"client-data": { # "client-data": {
'is-c2k-equipment': True, # 'is-c2k-equipment': True,
'optionally-receive-typing-indicators': True, # 'optionally-receive-typing-indicators': True,
'public-message-identity-key': identity.encode(), # 'public-message-identity-key': identity.encode(),
'public-message-identity-version':2, # 'public-message-identity-version':2,
'show-peer-errors': True, # 'show-peer-errors': True,
'supports-ack-v1': True, # 'supports-ack-v1': True,
'supports-activity-sharing-v1': True, # 'supports-activity-sharing-v1': True,
'supports-audio-messaging-v2': True, # 'supports-audio-messaging-v2': True,
"supports-autoloopvideo-v1": True, # "supports-autoloopvideo-v1": True,
'supports-be-v1': True, # 'supports-be-v1': True,
'supports-ca-v1': True, # 'supports-ca-v1': True,
'supports-fsm-v1': True, # 'supports-fsm-v1': True,
'supports-fsm-v2': True, # 'supports-fsm-v2': True,
'supports-fsm-v3': True, # 'supports-fsm-v3': True,
'supports-ii-v1': True, # 'supports-ii-v1': True,
'supports-impact-v1': True, # 'supports-impact-v1': True,
'supports-inline-attachments': True, # 'supports-inline-attachments': True,
'supports-keep-receipts': True, # 'supports-keep-receipts': True,
"supports-location-sharing": True, # "supports-location-sharing": True,
'supports-media-v2': True, # 'supports-media-v2': True,
'supports-photos-extension-v1': True, # 'supports-photos-extension-v1': True,
'supports-st-v1': True, # 'supports-st-v1': True,
'supports-update-attachments-v1': True, # 'supports-update-attachments-v1': True,
}, # },
"uris": uris,
"user-id": user_id,
}
],
},
{
"client-data": { "client-data": {
"supports-ack-v1": True, "supports-ack-v1": True,
"public-message-identity-key": identity.encode(), "public-message-identity-key": identity.encode(),
@ -170,7 +169,8 @@ def register(
"supports-inline-attachments": True, "supports-inline-attachments": True,
"supports-people-request-messages": True, "supports-people-request-messages": True,
"supports-cross-platform-sharing": True, "supports-cross-platform-sharing": True,
"public-message-ngm-device-prekey-data-key": b"\n \xb4\\\x15\x8e\xa4\xc8\xe5\x07\x98\tp\xd0\xa4^\x84k\x05#Ep\xa9*\xcd\xadt\xf5\xb0\xfb\xa6_ho\x12@\xe3\xf5\xcaOwh\xfd\xb9\xecD\t\x0e\x9e\xb8\xb0\xa1\x1c=\x92\x9dD/lmL\xde.\\o\xeb\x15>\x9f\xae\xd9\xf9\xd1\x9c*\x8dU\xe0\xd2\xdeo\xb2\xcb\xd8\xf8i\xd4\xd0a^\t!\x0fa\xb2\xddI\xfc_*\x19\xb2\xf0#\x12\xe0@\xd9A", "public-message-ngm-device-prekey-data-key": ngm.sign_prekey(),
#"public-message-ngm-device-prekey-data-key": b"\n \xb4\\\x15\x8e\xa4\xc8\xe5\x07\x98\tp\xd0\xa4^\x84k\x05#Ep\xa9*\xcd\xadt\xf5\xb0\xfb\xa6_ho\x12@\xe3\xf5\xcaOwh\xfd\xb9\xecD\t\x0e\x9e\xb8\xb0\xa1\x1c=\x92\x9dD/lmL\xde.\\o\xeb\x15>\x9f\xae\xd9\xf9\xd1\x9c*\x8dU\xe0\xd2\xdeo\xb2\xcb\xd8\xf8i\xd4\xd0a^\t!\x0fa\xb2\xddI\xfc_*\x19\xb2\xf0#\x12\xe0@\xd9A",
"supports-original-timestamp-v1": True, "supports-original-timestamp-v1": True,
"supports-sa-v1": True, "supports-sa-v1": True,
"supports-photos-extension-v2": True, "supports-photos-extension-v2": True,
@ -181,7 +181,7 @@ def register(
"supports-fsm-v2": True, "supports-fsm-v2": True,
"supports-shared-exp": True, "supports-shared-exp": True,
"supports-location-sharing": True, "supports-location-sharing": True,
"device-key-signature": b'0c\x04\x14\x1d\xb02~\xefk&\xf8\r;R\xa4\x95c~\x8a\x90H\x85\xb0\x02\x01\x01\x04H0F\x02!\x00\xa7\x08\xf5"z.3/\xbe\xea\x8c\xce\x8dD\xb6\xf0v\xd0\x030\xac\xd1\xde\x88\x89q\x9ej\x1bJR\xce\x02!\x00\xb8^\xd9\x97`\x19|\xa8\x1d\\\xf9E\x1a`<0\x00\xab\x94\x0bs\xed\x8b\xc4h\xcb\r\x91\xdb\xb0W\xdc', #"device-key-signature": b'0c\x04\x14\x1d\xb02~\xefk&\xf8\r;R\xa4\x95c~\x8a\x90H\x85\xb0\x02\x01\x01\x04H0F\x02!\x00\xa7\x08\xf5"z.3/\xbe\xea\x8c\xce\x8dD\xb6\xf0v\xd0\x030\xac\xd1\xde\x88\x89q\x9ej\x1bJR\xce\x02!\x00\xb8^\xd9\x97`\x19|\xa8\x1d\\\xf9E\x1a`<0\x00\xab\x94\x0bs\xed\x8b\xc4h\xcb\r\x91\xdb\xb0W\xdc',
"supports-st-v1": True, "supports-st-v1": True,
"supports-ca-v1": True, "supports-ca-v1": True,
"supports-protobuf-payload-data-v2": True, "supports-protobuf-payload-data-v2": True,
@ -196,9 +196,13 @@ def register(
"public-message-identity-ngm-version": 12.0, "public-message-identity-ngm-version": 12.0,
"supports-audio-messaging-v2": True, "supports-audio-messaging-v2": True,
}, },
"kt-loggable-data": b'\n"\n \rl\xbe\xca\xf7\xe8\xb2\x89k\x18\x1e\xb9,d\xf8\xe2\n\xbf\x8d\xe1E\xd6\xf3T\xcb\xd9\x99d\xd1mk\xeb\x10\x0c\x18\x05"E\x08\x01\x12A\x04\xe3\xe7Y.zW\x0f\x9d\x95\xc2\xc5\xd9\x9eC\x05\xa0\x95.\xa9DW\xa9\xfb\xa9\xaa\x1a\x868\x0e\xee\xe6\x8f%\x12\xa3\r\x01\xe1\xbb\x97M\x9a\x19\x16\x94D\xcdv\xeb\xefem?\xb3\xefzM#~a\x92\x0fO\xab', "kt-loggable-data": ngm.generate_loggable_data(),
"kt-mismatch-account-flag": True, "kt-mismatch-account-flag": True,
}, "uris": uris,
"user-id": user_id,
}
],
}
], ],
"validation-data": b64decode(validation_data), "validation-data": b64decode(validation_data),
} }

View file

@ -1,4 +1,4 @@
syntax = "proto3"; syntax = "proto2";
// message InnerMessage { // message InnerMessage {
// required bytes message = 1; // required bytes message = 1;
@ -8,11 +8,17 @@ syntax = "proto3";
// } // }
message KeyTransparencyLoggableData { message KeyTransparencyLoggableData {
bytes ngmPublicIdentity = 1; optional bytes ngmPublicIdentity = 1;
uint32 ngmVersion = 2; optional uint32 ngmVersion = 2;
uint32 ktVersion = 3; optional uint32 ktVersion = 3;
} }
message NgmPublicIdentity { message NgmPublicIdentity {
bytes publicKey = 1; optional bytes publicKey = 1;
}
message PublicDevicePrekey {
required bytes prekey = 1;
required bytes prekeySignature = 2;
required double timestamp = 3;
} }

View file

@ -13,7 +13,7 @@ _sym_db = _symbol_database.Default()
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\rids/ids.proto\"_\n\x1bKeyTransparencyLoggableData\x12\x19\n\x11ngmPublicIdentity\x18\x01 \x01(\x0c\x12\x12\n\nngmVersion\x18\x02 \x01(\r\x12\x11\n\tktVersion\x18\x03 \x01(\r\"&\n\x11NgmPublicIdentity\x12\x11\n\tpublicKey\x18\x01 \x01(\x0c\x62\x06proto3') DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\rids/ids.proto\"_\n\x1bKeyTransparencyLoggableData\x12\x19\n\x11ngmPublicIdentity\x18\x01 \x01(\x0c\x12\x12\n\nngmVersion\x18\x02 \x01(\r\x12\x11\n\tktVersion\x18\x03 \x01(\r\"&\n\x11NgmPublicIdentity\x12\x11\n\tpublicKey\x18\x01 \x01(\x0c\"P\n\x12PublicDevicePrekey\x12\x0e\n\x06prekey\x18\x01 \x02(\x0c\x12\x17\n\x0fprekeySignature\x18\x02 \x02(\x0c\x12\x11\n\ttimestamp\x18\x03 \x02(\x01')
_globals = globals() _globals = globals()
_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
@ -25,4 +25,6 @@ if _descriptor._USE_C_DESCRIPTORS == False:
_globals['_KEYTRANSPARENCYLOGGABLEDATA']._serialized_end=112 _globals['_KEYTRANSPARENCYLOGGABLEDATA']._serialized_end=112
_globals['_NGMPUBLICIDENTITY']._serialized_start=114 _globals['_NGMPUBLICIDENTITY']._serialized_start=114
_globals['_NGMPUBLICIDENTITY']._serialized_end=152 _globals['_NGMPUBLICIDENTITY']._serialized_end=152
_globals['_PUBLICDEVICEPREKEY']._serialized_start=154
_globals['_PUBLICDEVICEPREKEY']._serialized_end=234
# @@protoc_insertion_point(module_scope) # @@protoc_insertion_point(module_scope)

33
test.py
View file

@ -1,8 +1,33 @@
import ids import ids
from ids import encryption from ids import encryption
test = "0a220a200d6cbecaf7e8b2896b181eb92c64f8e20abf8de145d6f354cbd99964d16d6beb100c180522450801124104e3e7592e7a570f9d95c2c5d99e4305a0952ea94457a9fba9aa1a86380eeee68f2512a30d01e1bb974d9a19169444cd76ebef656d3fb3ef7a4d237e61920f4fab" from rich.logging import RichHandler
test = bytes.fromhex(test) import logging
encryption.parse_loggable_data(test) logging.basicConfig(
level=logging.NOTSET, format="%(message)s", datefmt="[%X]", handlers=[RichHandler()]
)
print(encryption.create_loggable_data()) # Set sane log levels
logging.getLogger("urllib3").setLevel(logging.WARNING)
logging.getLogger("py.warnings").setLevel(logging.ERROR) # Ignore warnings from urllib3
logging.getLogger("asyncio").setLevel(logging.WARNING)
logging.getLogger("jelly").setLevel(logging.INFO)
logging.getLogger("nac").setLevel(logging.INFO)
logging.getLogger("apns").setLevel(logging.INFO)
logging.getLogger("albert").setLevel(logging.INFO)
logging.getLogger("ids").setLevel(logging.DEBUG)
logging.getLogger("bags").setLevel(logging.INFO)
logging.getLogger("imessage").setLevel(logging.INFO)
logging.captureWarnings(True)
test = "0a220a200d6cbecaf7e8b2896b181eb92c64f8e20abf8de145d6f354cbd99964d16d6beb100c180522450801124104e3e7592e7a570f9d95c2c5d99e4305a0952ea94457a9fba9aa1a86380eeee68f2512a30d01e1bb974d9a19169444cd76ebef656d3fb3ef7a4d237e61920f4fab"
test2 = b'\n"\n \rl\xbe\xca\xf7\xe8\xb2\x89k\x18\x1e\xb9,d\xf8\xe2\n\xbf\x8d\xe1E\xd6\xf3T\xcb\xd9\x99d\xd1mk\xeb\x10\x0c\x18\x05"E\x08\x01\x12A\x04\xe3\xe7Y.zW\x0f\x9d\x95\xc2\xc5\xd9\x9eC\x05\xa0\x95.\xa9DW\xa9\xfb\xa9\xaa\x1a\x868\x0e\xee\xe6\x8f%\x12\xa3\r\x01\xe1\xbb\x97M\x9a\x19\x16\x94D\xcdv\xeb\xefem?\xb3\xefzM#~a\x92\x0fO\xab'
print(test2.hex())
test3 = b'\n"\n \xa0F\x01\xf7x]\xbb\x11<\x98y\xba\xd3<\xec\xa2s\x95\x02\xc4\x17\x95\xfc\x83!\x88\x96P\xa9\x01\xc2\x9c\x10\x0c\x18\x05'
test = bytes.fromhex(test)
#encryption.parse_loggable_data(test)
print(encryption.parse_loggable_data(test2))
print(encryption.parse_loggable_data(test3))
print(encryption.create_loggable_data()[0])