Comments (16)
@horrorho @jirmi I have created a script that dumps the dspPrsID:mmeAuthToken for 2FA accounts. Please have a look at https://github.com/Yaldo425/Apple2FA
I hope this helps!
from inflatabledonkey.
I'm trying to work out a better 2FA process as well. I have a branch that does a hacky version, i.e. Phone has to be on the network to get pop-up code, requests the code from the user, then appends it to the username.
https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky
In that code I also have some code I've been working on to try and make the pyicloud stuff work, but haven't yet figured that all out. Either way, my hacky-branch works for this ATM.
from inflatabledonkey.
I've not really looked at pyicloud in much detail. If you can, just dump the dspPrsID:mmeAuthToken it generates with 2FA and use that with InflatableDonkey.
from inflatabledonkey.
Unfortunately, I do not see any param inside pyicloud protocol (thats is just an icloud.com portal requests repilication technique) which is look like dspPrsID:mmeAuthToken. It seems like they use some other type of tokens to talk to icloud API and different endpoints used. It is cool that they could also access Find me feature to access geo location data.
from inflatabledonkey.
Thank you for the feedback. I've just had quick glance at their code and it looks like they are using the web API. I incorrectly assumed it would be based on a device API process.
To be honest, ripping the 2FA process from something like the Windows iCloud tool should be trivial. Unfortunately I have no devices to play with. so it's not something I can do.
I do have some free time over the weekend and I'll take some time to figure out a solution, although it will probably involve asking others for help in supplying logs. I'll also examine the web API exchange to see if a (possibly obfuscated) dspPrsID:mmeAuthToken is present.
from inflatabledonkey.
That would be great if you have a chance to look at this. Please let me know if I can help you with logs. I do not use Windows but I've test iOS devices. I'd be happy to assist.
from inflatabledonkey.
How long is dspPrsID:mmeAuthToken valid for? One way we can get 2FA to work with InflatableDonkey is we can generate the code from a trusted device and then append the code to the end of password (i.e. your password is abcdefg and the code is 123456 then just pass abcdefg123456 as password) when running InflatableDonkey with --token options to get the dspPrsID:mmeAuthToken and we can use the token to sign in going forward. I am not sure if this is the right way of working with 2FA or not though.
from inflatabledonkey.
@fongph Unless I'm mistaken, the token is generally valid until the password is changed or the account is locked for security reasons.
from inflatabledonkey.
@horrorho @viable-hartman ... just wondering if we shouldn't try to get somehow the 2FA working through the already used escrow proxy protocol. At the moment the InflatableDonkey uses SRP command getrecords but I believe there are also some other commands related to the generating of the sms challenge. Going to try to research the possible usage and will let you know.
from inflatabledonkey.
@jirmi Thank you!
from inflatabledonkey.
@Yaldo425 Thank you! I will certainly take a look. Although I have a huge backlog at work so it may not be until next weekend.
from inflatabledonkey.
@Yaldo425 Unfortunately that's seems no more working I always get the message "Your Apple ID or password was entered incorrectly." :/
from inflatabledonkey.
Then type your password followed by the six-digit verification code directly into the password field. Unfortunately,it return error with code 401.
from inflatabledonkey.
While 2FA is not yet implemented inside InflatableDonkey, I've found that pyicloud (https://github.com/picklepete/pyicloud/) able to pass 2FA process, but it cannot operate with backups as InflatableDonkey. In my project, I'm looking for some kind of combination to allow 2FA apple IDs to use InflatableDonkey super power :) I'd put more efforts to make this working this week but still not sure if it is conceptually possible.
When I try to log in using 2FA enabled appleid I get obvious error message, with key indication:
localizedError
ACCOUNT_INVALID_HSA_TOKENMy understanding is that icloud servers expect to get some header with that HSA Token. After some digging inside pyicloud, I've found that during their 2FA validation process, there are some cookie params with similar name, something like "....WEB_HSA_TRUSTED..." (I'm sorry i cannot tell exact param name right now). Does anybody know what it is that and if it is even possible to extract HSA_TOKEN from pyicloud to use in InfatableDonkey "--token" process.
Did you solve 2FA problem? I need your help.
from inflatabledonkey.
HI Sir,
@horrorho @viable-hartman
i am using build by @viable-harman
https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky for ios 9 icloud backup but i am getting below error could you please help me out why this is coming
" Exception in thread "main" org.apache.http.client.HttpResponseException: Misdirected Request: {"success":false,"error":"Failed to validate the credentials from cookie"}"
HTTP/1.1 421 Misdirected Request [Server: AppleHttpServer/70a91026, Date: Wed, 12 Jun 2019 02:26:45 GMT,
Content-Type: application/json; charset=UTF-8, Connection: keep-alive, X-Apple-Jingle-Correlation-Key:
OWCHICBDUBFZHBVDE7QGNHD6VM, apple-seq: 0, apple-tk: false, Apple-Originating-System:
UnknownOriginatingSystem, X-Responding-Instance: setupservice:37000301:mr30p70ic-
hygg09033001:8001:1910B166:deb003cd1e4f, Cache-Control: no-cache, no-store, private, Access-Control-Allow-
Origin: https://www.icloud.com, Access-Control-Allow-Credentials: true, Strict-Transport-Security: max-
age=31536000; includeSubDomains, via: icloudedge:bm21p00ic-hygw01043501:7401:19RC207:Mumbai, X-Apple-
Request-UUID: 75847408-23a0-4b93-86a3-27e0669c7eab, access-control-expose-headers: X-Apple-Request-UUID,
access-control-expose-headers: Via] org.apache.http.client.entity.DecompressingEntity@34ace1}
from inflatabledonkey.
Hi All ,
Here is change made for this problem in python but can any one please implement in java for us .
in @viable-hartman Sir build https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky
@horrorho @viable-hartman @ajlyakhov @fongph @michaljirman @jirmi @asifmehmoood,@SergeyTim @themylogin
Please help for this
solution :
PeterHedley94/pyicloud@6bf11c8
from inflatabledonkey.
Related Issues (20)
- ios 13 support HOT 2
- SSLHandshakeException - decode error
- IOS 12 2fa Backup not download HOT 5
- icloud Ask questions HOT 4
- Question
- Downloading backup not working for IOS 12.4.5 HOT 2
- Zone Retrieve Request Fails HOT 7
- How to do iCloud Reverse engineering?
- Remove logback.xml from shipped jar
- Man
- Message files are missing from iCloud backup HOT 5
- Maintaining InflatableDonkey For Future HOT 5
- 2FA for iCloud Backup HOT 2
- New Patch not working , not able to download backup HOT 1
- Can I hire you? HOT 1
- com.apple.facetime.bag.plist
- How to recreate protobuffer files? HOT 3
- Out of memory for large backup HOT 5
- Providing support for iOS 12 devices HOT 3
- Misdirected Request [Server: AppleHttpServer/70a91026 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inflatabledonkey.