From b0efc7fde8f1e0969575bec5c71f7849a49a2b8d Mon Sep 17 00:00:00 2001 From: Sam Foxman Date: Sat, 13 Apr 2019 23:37:29 -0400 Subject: [PATCH 1/4] Fix versions of dependencies --- src/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/requirements.txt b/src/requirements.txt index 85dcada..b2b2e12 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -1,3 +1,3 @@ -Twisted>=11.0.0 +Twisted==12.0.0 biplist==0.4 -pyOpenSSL==0.14 +pyOpenSSL \ No newline at end of file From 1d79d7a051f2ee25da3e14369f2e30b55d49b56e Mon Sep 17 00:00:00 2001 From: Sam Foxman Date: Sat, 13 Apr 2019 23:56:18 -0400 Subject: [PATCH 2/4] Use hostnames instead of hardcoded IP addresses --- src/pushserver.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/pushserver.py b/src/pushserver.py index 417669f..1bfaade 100644 --- a/src/pushserver.py +++ b/src/pushserver.py @@ -30,14 +30,10 @@ APPLE_PUSH_IPS = ( - '17.172.232.218', - '17.172.232.59', - '17.172.232.134', - '17.172.232.135', - '17.172.232.145', - '17.172.232.216', - '17.172.232.142', - '17.172.232.212') + '1-courier.push.apple.com', + '2-courier.push.apple.com', + '3-courier.push.apple.com', + '4-courier.push.apple.com') factory = InterceptServerFactory( hosts=APPLE_PUSH_IPS, From 991a50f8e4d9f7cf5819d8a39272708500a8f0ff Mon Sep 17 00:00:00 2001 From: Sam Foxman Date: Sat, 13 Apr 2019 23:56:34 -0400 Subject: [PATCH 3/4] Experimental script to generate keys and certificates --- setup/genpki.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100755 setup/genpki.sh diff --git a/setup/genpki.sh b/setup/genpki.sh new file mode 100755 index 0000000..27c7d8c --- /dev/null +++ b/setup/genpki.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +openssl genrsa -out ca.key 2048 +openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.crt -subj '/C=US/ST=CA/O=Organization/' + +genkey() { + OUTPEM="${2:-$1.pem}" + openssl genrsa -out "$OUTPEM" 2048 + openssl req -new -sha256 -key "$OUTPEM" -subj "/C=US/ST=CA/O=Organization/CN=${3:-$1}" -out "$1.csr" + openssl x509 -req -in "$1.csr" -CA ca.crt -CAkey ca.key -CAcreateserial -days 500 -sha256 >> "$OUTPEM" + rm "$1.csr" +} + +genkey init-p01st.push.apple.com +mkdir -p certs/courier.push.apple.com/ +genkey courier.push.apple.com certs/courier.push.apple.com/server.pem *.push.apple.com \ No newline at end of file From d42a0e322e546366376a8e0f807c364205f75d1f Mon Sep 17 00:00:00 2001 From: Sam Foxman Date: Sun, 14 Apr 2019 00:03:35 -0400 Subject: [PATCH 4/4] Use archived nimble URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fece236..57bfc08 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ When you restart/run `apsd` afterwards (`kill` or `launchctl`), after a few fail ### Extract and copy device certificate #### Extract iOS Certificates -First, download the [nimble](http://xs1.iphwn.org/releases/PushFix.zip) tool, extract `PushFix.zip` and place `nimble` into `setup/ios`. The following script will copy the tool to your iOS device, run it and copy the extracted certificates back to your computer. It assumes you have **SSH** running on your device. I recommend setting up key-based authentication, otherwise you will be typing your password a few times. +First, download the [nimble](https://web.archive.org/web/20140215110845if_/http://xs1.iphwn.org/releases/PushFix.zip) tool, extract `PushFix.zip` and place `nimble` into `setup/ios`. The following script will copy the tool to your iOS device, run it and copy the extracted certificates back to your computer. It assumes you have **SSH** running on your device. I recommend setting up key-based authentication, otherwise you will be typing your password a few times. Make sure you are in the pushproxy root directory, otherwise the script will fail.