Using 2FA from pyicloud to generate dsPrsID:mmeAuthToken about inflatabledonkey HOT 16 OPEN

@horrorho @jirmi I have created a script that dumps the dspPrsID:mmeAuthToken for 2FA accounts. Please have a look at https://github.com/Yaldo425/Apple2FA

I hope this helps!

from inflatabledonkey.

I'm trying to work out a better 2FA process as well. I have a branch that does a hacky version, i.e. Phone has to be on the network to get pop-up code, requests the code from the user, then appends it to the username.

https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky

In that code I also have some code I've been working on to try and make the pyicloud stuff work, but haven't yet figured that all out. Either way, my hacky-branch works for this ATM.

from inflatabledonkey.

I've not really looked at pyicloud in much detail. If you can, just dump the dspPrsID:mmeAuthToken it generates with 2FA and use that with InflatableDonkey.

from inflatabledonkey.

Unfortunately, I do not see any param inside pyicloud protocol (thats is just an icloud.com portal requests repilication technique) which is look like dspPrsID:mmeAuthToken. It seems like they use some other type of tokens to talk to icloud API and different endpoints used. It is cool that they could also access Find me feature to access geo location data.

from inflatabledonkey.

Thank you for the feedback. I've just had quick glance at their code and it looks like they are using the web API. I incorrectly assumed it would be based on a device API process.

To be honest, ripping the 2FA process from something like the Windows iCloud tool should be trivial. Unfortunately I have no devices to play with. so it's not something I can do.

I do have some free time over the weekend and I'll take some time to figure out a solution, although it will probably involve asking others for help in supplying logs. I'll also examine the web API exchange to see if a (possibly obfuscated) dspPrsID:mmeAuthToken is present.

from inflatabledonkey.

That would be great if you have a chance to look at this. Please let me know if I can help you with logs. I do not use Windows but I've test iOS devices. I'd be happy to assist.

from inflatabledonkey.

How long is dspPrsID:mmeAuthToken valid for? One way we can get 2FA to work with InflatableDonkey is we can generate the code from a trusted device and then append the code to the end of password (i.e. your password is abcdefg and the code is 123456 then just pass abcdefg123456 as password) when running InflatableDonkey with --token options to get the dspPrsID:mmeAuthToken and we can use the token to sign in going forward. I am not sure if this is the right way of working with 2FA or not though.

from inflatabledonkey.

@fongph Unless I'm mistaken, the token is generally valid until the password is changed or the account is locked for security reasons.

from inflatabledonkey.

@horrorho @viable-hartman ... just wondering if we shouldn't try to get somehow the 2FA working through the already used escrow proxy protocol. At the moment the InflatableDonkey uses SRP command getrecords but I believe there are also some other commands related to the generating of the sms challenge. Going to try to research the possible usage and will let you know.

from inflatabledonkey.

@jirmi Thank you!

from inflatabledonkey.

@Yaldo425 Thank you! I will certainly take a look. Although I have a huge backlog at work so it may not be until next weekend.

from inflatabledonkey.

@Yaldo425 Unfortunately that's seems no more working I always get the message "Your Apple ID or password was entered incorrectly." :/

from inflatabledonkey.

Then type your password followed by the six-digit verification code directly into the password field. Unfortunately，it return error with code 401.

from inflatabledonkey.

While 2FA is not yet implemented inside InflatableDonkey, I've found that pyicloud (https://github.com/picklepete/pyicloud/) able to pass 2FA process, but it cannot operate with backups as InflatableDonkey. In my project, I'm looking for some kind of combination to allow 2FA apple IDs to use InflatableDonkey super power :) I'd put more efforts to make this working this week but still not sure if it is conceptually possible.

When I try to log in using 2FA enabled appleid I get obvious error message, with key indication:

localizedError
ACCOUNT_INVALID_HSA_TOKEN

My understanding is that icloud servers expect to get some header with that HSA Token. After some digging inside pyicloud, I've found that during their 2FA validation process, there are some cookie params with similar name, something like "....WEB_HSA_TRUSTED..." (I'm sorry i cannot tell exact param name right now). Does anybody know what it is that and if it is even possible to extract HSA_TOKEN from pyicloud to use in InfatableDonkey "--token" process.
Did you solve 2FA problem? I need your help.

from inflatabledonkey.

HI Sir,
@horrorho @viable-hartman

i am using build by @viable-harman
https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky for ios 9 icloud backup but i am getting below error could you please help me out why this is coming

" Exception in thread "main" org.apache.http.client.HttpResponseException: Misdirected Request: {"success":false,"error":"Failed to validate the credentials from cookie"}"

HTTP/1.1 421 Misdirected Request [Server: AppleHttpServer/70a91026, Date: Wed, 12 Jun 2019 02:26:45 GMT,

Content-Type: application/json; charset=UTF-8, Connection: keep-alive, X-Apple-Jingle-Correlation-Key:

OWCHICBDUBFZHBVDE7QGNHD6VM, apple-seq: 0, apple-tk: false, Apple-Originating-System:

UnknownOriginatingSystem, X-Responding-Instance: setupservice:37000301:mr30p70ic-

hygg09033001:8001:1910B166:deb003cd1e4f, Cache-Control: no-cache, no-store, private, Access-Control-Allow-

Origin: https://www.icloud.com, Access-Control-Allow-Credentials: true, Strict-Transport-Security: max-

age=31536000; includeSubDomains, via: icloudedge:bm21p00ic-hygw01043501:7401:19RC207:Mumbai, X-Apple-

Request-UUID: 75847408-23a0-4b93-86a3-27e0669c7eab, access-control-expose-headers: X-Apple-Request-UUID,

access-control-expose-headers: Via] org.apache.http.client.entity.DecompressingEntity@34ace1}

from inflatabledonkey.

Hi All ,

Here is change made for this problem in python but can any one please implement in java for us .
in @viable-hartman Sir build https://github.com/viable-hartman/InflatableDonkey/tree/TwoFAHacky
@horrorho @viable-hartman @ajlyakhov @fongph @michaljirman @jirmi @asifmehmoood,@SergeyTim @themylogin
Please help for this

solution :
PeterHedley94/pyicloud@6bf11c8

from inflatabledonkey.