-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working with Apple Push Service (apsd) #67
Comments
In addition, from the log on Xcode, I saw that "apsd" got error in SSL Handshake and the error still continously occurred though I killed the apsd process. (I'm using IOS 12.2) |
Well, I use Frida and hook the SecTrustEvaluate(), it works. Reference:https://kov4l3nko.github.io/blog/2018-05-27-sll-pinning-hook-sectrustevaluate/ |
Hi @a3135134 , I keep have the same problem even after hooking with Frida. Are you sure that you get the response from Charles with Frida hook? I still have the problem of SSL failed. |
Yes, it worked when I hooked SecTrustEvaluate() in apsd. I saw SSL connection (like courier.apple.com) established successfully in mitmdump, however, the server of Apples didn't response to the client's message! I even saw the client sent the first message to server in wireshark, and the client shutdown the connection because of no response from server. It it said that the server also checks the certificate of client. Even though I configured the client's certificate in mitmproxy, it didn't work. |
I face the same problem, even configuring client and server certificates for authentication, I don't get response from apple servers. Maybe apsd uses low-level ssl certificate check or I don't know what should be the reason. For sure certificates are hardcoded in apsd and frida doesn't work for low level hook functions (at least what I understand). Did you find any other daemon that tries to authenticate with apple? |
I'm sure the client trust the proxy's certificate after hooking by Frida because I saw the first message from apsd clientin my proxy. I also hooked imagent, cloudd, identityservicesd and there was no error from my mitm proxy. However, I still face that problem: the server didn't response in that established ssl connection from my proxy. Carefully inspecting the traffics may throw some lights upon this strange behavior? |
I didn't try hooking SSL_read() function but it may be a solution for this problem. I need to do some research first to find the correct functions that do the pinning. At least when I enable SSL -kill-switch it disables pinning for some icloud requests but not those we want. |
Hi,
I'm trying to decrypt the SSL traffic of Apple's Home App (official homekit app). After installing the newest SSL-Kill-Swich2, I thought I killed related process (e.g. , apsd, homed), but it didn't work. I still got the Handshake failed error: the client may not trust proxy's certificate for courier.push.apple.com.
Could anyone provide any ideas on this issue? Can ssl-kill hook Apple's push service?
Thanks!
The text was updated successfully, but these errors were encountered: