SiriServer – polished and done

So I have really been working my @ss off to get this done as fast as possible, and now here it is: a SiriProxy server program which you can install on a cheap VPS or your own server and let it go! It does everything automatically: reads the key from a 4S every time it changes, and uses it when a 4, 3GS or iPod touch 4G makes a request

It uses this stuff:
-metasploit fakeDNS server – enhanced version by Wesley McGrew, modified to work with the latest Metasploit,
http://www.mcgrewsecurity.com/2008/08/04/man-in-the-middle-fake-dns-for-metasploit/

-Applidium’s Cracking Siri files, especially: eventmachineGuzzoni.rb (modified of course)

-StanTheRipper’s SiriAuth (modified a little bit)

How does it work?
Well, first we need to install our root certificate on the 4S, then set it up to use our DNS server. The big advantagr of McGrew’s fakeDNS server is that it passes through every request to a realDNS-server and alters only the requests you want, which means you can still use the 4S for everything (browse the web, check emails) because it does get valid DNS responses from our fakeDNS server.
Of course Siri wouldn’t work yet.
But I have found this awesome file called eventmachineGuzzoni.rb amongst Applidium’s Cracking-Siri files and it is good for one thing: get data from a 4S and pass it directly to Apple’s server.
I just needed to alter it a little bit so it interprets parts of the data before sending it to Apple, so I will be able to get the session validation key before talking to Apple.
So right now we have a setup that doesn’t change anything in the life of the 4S user but still gives us 4S keys to use.
Next I needed to alter the SiriAuth file to read the session validation data from the file my eventmachineGuzzoni server created. Once this was done my server-platform was ready.
To achieve the goal (no maintenance at all) I changed the SiriAuth’s port to something different than 443 so both eventMachineGuzzoni and SiriAuth can run on the same machine.
After a 4S makes a request the program reads the key and compares it with the stored one. If they match it doesn’t do anything, if they don’t match it writes out the captured 4S key to the file.
SiriAuth reads this file every time a request is made from a non-4S device, making it possible to always use the latest key without the need to change the server or restart anything.
It was a fun project to do, maybe I will add one more feature I miss: if the 4S key you use expires than I might send back Siri a response, so she will say: “your key has been expired, please get a new one to use Siri” or something like that.

If anybody needs the modified server files please leave a comment below and I will upload it somewhere for you.

DOMy

This entry was posted in Ethical Hacking, Személyes and tagged , , , , , . Bookmark the permalink.

8 Responses to SiriServer – polished and done

  1. Terror says:

    Can you please send to my email address younggodiv@gmail.com please and thank you very much in advance

  2. George says:

    Hi!
    Please, can you send mi link to my email address admin@game-host.eu?
    Thank you.

  3. domi007 says:

    All people: check your email ;-)

  4. Karl Anthony says:

    Can you also please and to my email. Karlanthonyuk@me.com thanks

    • domi007 says:

      email sent, as so many people are requesting it I am considering setting up a GIT repo for this, it will be up soon I think

  5. matt says:

    please e-mail to matt@kinetix.net

  6. wannabsiriuser says:

    Perhaps a n00b q, but I have not found the answer anywhere… Is there a way to get this to work if the 4S user only uses 3G? Also, may you send me the files or the git repository?

    actwon_two at yahoo.com

    • domi007 says:

      Hi,
      If the 4S user never-ever connects to WiFi then I am not aware of any solutions which would make this work. The 4S user needs to connect to WiFi at least once in every 24-hour so you grab the keys. However if there is any app in the appstore that is capable of changing the DNS server you are using while on 3G you can fix this problem easily.
      Another solution would be using VPN through 3G, once the 4S user connected to your VPN you can route the Siri packages however you want.
      The git repository is available, but I alao offer cheap SiriServers that you can use with a 4S, and these servers use a revised, so far totally bug free software. To check out this go on: http://bringasirifriend.wordpress.com

      The GiT repo is here:
      https://github.com/domi007/SpireProxy

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>