fix ipsw download ipa #595
Conversation
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
|
I'm still getting: • POST Login: (404): and • POST Download: (200): <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<plist version="1.0">
<dict>
<key>pings</key>
<array></array>
<key>failureType</key><string>5002</string>
<key>customerMessage</key><string>An unknown error has occurred</string>
<key>m-allowed</key><false/>
</dict>
</plist>going to delete my keychain entry and try again |
|
Same here with empty keychain |
|
I haven’t tested with an empty keychain. I’ll do that and update the PR. |
Did you do a |
Done it, error 412 on the endpoint, still does not. Gonna give u full logs in the morning. |
412 is promising, probably just needs 2fa |
|
I did the 2FA tho, allowed, then entered the code. I'll try to get it wrong
tomorrow, maybe its just send inappropriately.
I intercepted my iOS App Store, it sends a request to a p70* itunes
Endpoint, which cannot be send, where do u guys read the requests from?
Also iOS or Mac?
blacktop ***@***.***> schrieb am Di., 26. Nov. 2024, 20:42:
… Did you do a ipsw dl dev first? That would probably get you some good two
factor auth'd session cookies
Done it, error 412 on the endpoint, still does not. Gonna give u full logs
in the morning.
412 is promising, probably just needs 2fa
—
Reply to this email directly, view it on GitHub
<#595 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB34P4IUUOHTCNLHL66JFD32CTFLPAVCNFSM6AAAAABSP2FI3KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMBRG44DANJYGA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
@t0rr3sp3dr0 I believe the problem is we need to use the 2fa URL instead (once the code has been used) did you see what the new one is? (and probably change the attempt number to 2) |
|
I'm not really sure what is going on. I'm unable to reproduce the issue. I've deleted the Keychain item and I get 2FA prompt and pop-up as expected. Screen.Recording.mov |
|
What is your macOS and iOS version? |
|
Okay, I think I got it. I was able to reproduce the problem with another Apple ID. |
|
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
|
@AltayAkkus @blacktop, could you try again? The problem that I've identified is that different Apple IDs use different iTunes Pods, and if you don't use the right one authentication fails. |
|
I still have the same exact error as before, although when I use the cmd in #594 |
|
@AltayAkkus, could you try setting |
|
If that doesn't work, can you share the error? |
|
Fun fact: The download for already purchased apps works again :) Auto-Purchasing not, unfortunately. Seems like a change in the API again, because the request is sent with the right Store Front header. @t0rr3sp3dr0 what setup do you use to get the requests from? I have a jailbroken iPhone with Cert Pinnning bypassed, or do you use MacOS? |
|
Thanks! I was able to reproduce the problem using a non-American Apple ID. I'll modify the code to extract the store front from the Apple ID by default. |
|
https://mitmproxy.org + OS X Mavericks VM 😂 
|
LMAO okay my Sonoma 14.5 has far too many security features which stop me from intercepting the App Store traffic :D Amazing to see that they support OS X even though its like 11 yrs old. |
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
|
I think this solution is going to work for a lot of people, it however still has issues for me. for example I am not getting prompted for a 2fa for my guid (as we discussed) there must be a way to reset it? I think I saw a 'logout' URL in the bag? when I changed my guid to "0" to get prompted it failed in the old way again. I'll test more tomorrow. |
|
lol i just tried again and just put a random code in of 123456 and it worked and is now working and downloading correctly 😆 |
|
There was a problem with the 2FA handling, I think my last commit fixes it |
|
The thing is, I've just hit a road block on the purchase side of things. I was only able to purchase an app while using the Mac App Store user-agent, but to sign in without the whole body signature thing I need to use the Apple Configurator user-agent. This is what happens when you try to make a purchase as the Configurator: <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<plist version="1.0">
<dict>
<key>pings</key>
<array></array>
<key>metrics</key>
<dict>
<key>dialogId</key><string>MZCommerce.SystemError</string>
<key>message</key><string>Unable to process your re</string>
<key>options</key>
<array>
<string>OK</string>
</array>
<key>actionUrl</key><string>buy.itunes.apple.com/WebObjects/MZBuy.woa/wa/buyProduct?PRH=54&Pod=54</string>
<key>asnState</key><integer>0</integer>
<key>mtTopic</key><string>xp_its_main</string>
<key>eventType</key><string>dialog</string>
</dict>
<key>failureType</key><string></string>
<key>customerMessage</key><string>Unable to process your request.</string>
<key>m-allowed</key><false/>
<key>dialog</key>
<dict><key>m-allowed</key><false/>
<key>isFree</key><true/>
<key>message</key><string>Unable to process your request.</string>
<key>explanation</key><string>Try again later.</string>
<key>defaultButton</key><string>ok</string>
<key>okButtonString</key><string>OK</string>
<key>initialCheckboxValue</key><true/></dict>
<key>cancel-purchase-batch</key><true/>
</dict>
</plist>And this is what happens if I try to sign-in as the Apple Configurator and reuse the session as the Mac App Store: <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<plist version="1.0">
<dict>
<key>pings</key>
<array></array>
<key>metrics</key>
<dict>
<key>dialogId</key><string>MZCommerce.BadPasswordToken</string>
<key>message</key><string>Your password has changed</string>
<key>messageCode</key><string>2002</string>
<key>options</key>
<array>
<string>OK</string>
</array>
<key>actionUrl</key><string>buy.itunes.apple.com/WebObjects/MZBuy.woa/wa/buyProduct?PRH=54&Pod=54</string>
<key>asnState</key><integer>0</integer>
<key>mtTopic</key><string>xp_its_main</string>
<key>eventType</key><string>dialog</string>
</dict>
<key>failureType</key><string>2002</string>
<key>customerMessage</key><string>Your password has changed.</string>
<key>m-allowed</key><false/>
<key>dialog</key>
<dict><key>m-allowed</key><false/>
<key>isFree</key><true/>
<key>message</key><string>Your password has changed.</string>
<key>explanation</key><string>Please sign out from the Account menu and sign in again.</string>
<key>defaultButton</key><string>ok</string>
<key>okButtonString</key><string>OK</string>
<key>initialCheckboxValue</key><true/></dict>
<key>cancel-purchase-batch</key><true/>
</dict>
</plist>And I've checked the last, and the cause seems simple. The |
|
And this is what I expect to get on a successful purchase. I got it by signing in as the MAS and making the <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<plist version="1.0">
<dict>
<key>pings</key>
<array></array>
<key>jingleDocType</key><string>purchaseSuccess</string>
<key>jingleAction</key><string>purchaseProduct</string>
<key>status</key><integer>0</integer>
<key>authorized</key><false/><key>download-queue-item-count</key><integer>0</integer>
<key>songList</key>
<array>
</array>
<key>metrics</key>
<dict>
<key>pliIds</key>
<array>
<string>94072936604715</string>
</array>
<key>sapTypes</key>
<array>
<string>3</string>
</array>
<key>sapLineItemTypes</key>
<array>
<string>0</string>
</array>
<key>itemIds</key>
<array>
<integer>6446901002</integer>
</array>
<key>price</key><real>0.00</real>
<key>priceType</key><string>STDRDL</string>
<key>productTypes</key>
<array>
<string>C</string>
</array>
<key>mtTopic</key><string>xp_its_main</string>
<key>currency</key><string>USD</string>
<key>extractedCommerceEvent_latestLineItem_sapType</key><string>3</string>
<key>commerceEvent_purchase_priceType</key><string>STDRDL</string>
<key>commerceEvent_storeFrontId</key><string>143441</string>
<key>extractedCommerceEvent_latestLineItem_adamId</key><string>6446901002</string>
<key>extractedCommerceEvent_latestLineItem_currencyCodeISO3A</key><string>USD</string>
<key>commerceEvent_result_resultType</key><integer>0</integer>
<key>extractedCommerceEvent_latestLineItem_amountPaid</key><real>0.00000</real>
<key>commerceEvent_flowType</key><integer>17</integer>
<key>commerceEvent_flowStep</key><integer>27</integer>
<key>commerceEvent_correlationKey</key><string>AZP7YO2UE7P45QAR4ZFIB5MWPI</string>
</dict>
<key>subscriptionStatus</key>
<dict>
<key>terms</key>
<array>
<dict>
<key>type</key><string>Store</string>
<key>latestTerms</key><integer>32</integer>
<key>agreedToTerms</key><integer>39</integer>
<key>source</key><string>account</string>
</dict>
</array>
<key>account</key>
<dict>
<key>isMinor</key><false/>
<key>suspectUnderage</key><false/>
</dict>
<key>family</key>
<dict>
<key>hasFamily</key><true/>
<key>hasFamilyGreaterThanOneMember</key><true/>
<key>isHoH</key><true/>
</dict>
</dict>
</dict>
</plist> |
In my testing, signing out does not invalidate the 2FA authentication and you will not be prompted for it again when using the same GUID. There must be a way to invalidate the sessions, but I have no clue.
The GUID must be a valid MAC Address, otherwise the server rejects it. |
|
This was my best attempt so far to fix purchases: t0rr3sp3dr0/ipsw@fix-download...t0rr3sp3dr0:ipsw:fix-purchase. I guess we could focus on downloads for now and get this merged soon. Please validate if you have any problems downloading and/or authenticating with my last commit. After we merge this, I can try fixing purchases in a portable way. Worst case scenario, purchases will be macOS-only until we have a workaround. |
Still got the "Your account is not valid for use in the U.S. store. You must switch to the German store before purchasing." error :/ I'll look into the storefront stuff in 6-7 hours |
|
The download of already purchased items work for me with the fix. Tested it with accounts from different countries. Thanks for investigating the issue. I previously tried intercepting the store traffic from a jailbroken iPhone without success. The macos way is very interesting. |
I haven’t fixed the storefront issue in my attempt to fix purchases. It should be a straightforward fix, you just need to get that information from the sign-in response and pass it as a header in the purchase request. But before that, I want to reduce the number of variables and try to make purchases work with an American Apple ID. |
|
@blacktop, please let me know if are still facing some problem with this implementation. If not, I think we can merge it and try to fix purchases in another PR. |
|
just tested w/ both my devices/accounts and LGTM 👍 |
I couldn't even get it to work on Sonoma. Couldn't see AppStore data at all, but safari (and some other apps) worked fine. Was pulling my hair all day 😬 Anyway, thanks a lot everyone. Saved my sanity. |
Fixes #594