private void SrpAuthenticationUsingStandardParameters <T>(string username, string password) where T : HashAlgorithm { // test all standard groups using the same hashing algorithm SrpAuthentication(username, password, SrpParameters.Create1024 <T>()); SrpAuthentication(username, password, SrpParameters.Create1536 <T>()); SrpAuthentication(username, password, SrpParameters.Create2048 <T>()); SrpAuthentication(username, password, SrpParameters.Create3072 <T>()); SrpAuthentication(username, password, SrpParameters.Create4096 <T>()); SrpAuthentication(username, password, SrpParameters.Create6144 <T>()); SrpAuthentication(username, password, SrpParameters.Create8192 <T>()); }
// THIS GITHUB ISSUE THREAD IS LITERALLY GOLD: https://github.com/horrorho/InflatableDonkey/issues/87 GIVE THEM LOVE, ESPECIALLY TO RobLinux public static async Task Main(string[] args) { // Apple ID for testing, use temp-mail.org to login. // Security Questions: Mailart, Montcuq var email = "*****@*****.**"; var password = "******"; Cookies.Add(new Cookie("dslang", "US-EN", "/", "gsa.apple.com")); ServicePointManager .ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true; // Initiate SRP Client, and generate ephemeral keys var srpClient = new SrpClient(SrpParameters.Create2048 <SHA256>()); var eph = srpClient.GenerateEphemeral(); // Split keys into lines var splitPublic = "\t\t" + string.Join("\r\n\t\t", SplitInParts(ToB64(eph.Public), 60)) + "\r\n"; var post1 = string.Format(string.Concat( "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n", "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\r\n", "<plist version=\"1.0\">\r\n", "<dict>\r\n", "\t<key>Header</key>\r\n", "\t<dict>\r\n", "\t\t<key>Version</key>\r\n", "\t\t<string>1.0.1</string>\r\n", "\t</dict>\r\n", "\t<key>Request</key>\r\n", "\t<dict>\r\n", // A field of SRP "\t\t<key>A2k</key>\r\n", "\t\t<data>\r\n", "{1}", "\t\t</data>\r\n", "\t\t<key>cpd</key>\r\n", "\t\t<dict>\r\n", "\t\t\t<key>X-Apple-I-Client-Time</key>\r\n", "\t\t\t<string>2019-11-30T22:10:15Z</string>\r\n", "\t\t\t<key>X-Apple-I-Locale</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>X-Apple-I-SRL-NO</key>\r\n", "\t\t\t<string>DNPS88X1HG82</string>\r\n", // Fields of Anisette data "\t\t\t<key>X-Apple-I-MD</key>\r\n", "\t\t\t<string>AAAABQAAABCZg6d+upDLWkNW98xGuiOXAAAAAw==</string>\r\n", "\t\t\t<key>X-Apple-I-MD-M</key>\r\n", "\t\t\t<string>faFsm6glupJEkv10H8HxT+cpTVQ/q8mWyPiJRkYfbXJDfIK+eL52Z7GyRCamzWYnvv1N/US6VaawwZG9</string>\r\n", "\t\t\t<key>X-Apple-I-MD-RINFO</key>\r\n", "\t\t\t<string>17106176</string>\r\n", "\t\t\t<key>X-Apple-I-TimeZone</key>\r\n", "\t\t\t<string>CET</string>\r\n", "\t\t\t<key>X-Apple-Locale</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>bootstrap</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>icscrec</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>loc</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>pbe</key>\r\n", "\t\t\t<false/>\r\n", "\t\t\t<key>prkgen</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>svct</key>\r\n", "\t\t\t<string>iCloud</string>\r\n", "\t\t</dict>\r\n", "\t\t<key>o</key>\r\n", "\t\t<string>init</string>\r\n", "\t\t<key>ps</key>\r\n", "\t\t<array>\r\n", "\t\t\t<string>s2k</string>\r\n", "\t\t\t<string>s2k_fo</string>\r\n", "\t\t</array>\r\n", "\t\t<key>u</key>\r\n", "\t\t<string>{0}</string>\r\n", "\t</dict>\r\n", "</dict>\r\n", "</plist>\r\n" ), email, splitPublic); Console.WriteLine(post1); var res1 = PList.ParsePList(new PList(await PostRequest("https://gsa.apple.com/grandslam/GsService2", post1))); Console.WriteLine(res1); // c is a string in the form x-xxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:AAA with x lower case hexadecimal numbers and A letters in upper case var c = res1["Response"]["c"].ToString(); // Convert in hexa for SRP.NET var b = new BigInteger(Convert.FromBase64String(res1["Response"]["B"].ToString())).ToString("X"); var salt = Convert.FromBase64String(res1["Response"]["s"].ToString()); // Generate keys for Apple SRP protocol var pk = srpClient.DerivePrivateKey(salt, int.Parse(res1["Response"]["i"].ToString()), password); var clientSession = srpClient.DeriveSession(eph.Secret, b, salt, email, pk); // POST request to Apple, but it fails 'Your Apple ID or password is incorrect' var post2 = string.Format(string.Concat( "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n", "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\r\n", "<plist version=\"1.0\">\r\n", "<dict>\r\n", "\t<key>Header</key>\r\n", "\t<dict>\r\n", "\t\t<key>Version</key>\r\n", "\t\t<string>1.0.1</string>\r\n", "\t</dict>\r\n", "\t<key>Request</key>\r\n", "\t<dict>\r\n", // A field of SRP "\t\t<key>M1</key>\r\n", "\t\t<data>\r\n", "\t\t{2}\r\n", "\t\t</data>\r\n", // A field of Apple's GrandSlam "\t\t<key>c</key>\r\n", "\t\t<string>{1}</string>\r\n", "\t\t<key>cpd</key>\r\n", "\t\t<dict>\r\n", "\t\t\t<key>X-Apple-I-Client-Time</key>\r\n", "\t\t\t<string>2019-11-30T22:10:15Z</string>\r\n", "\t\t\t<key>X-Apple-I-Locale</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>X-Apple-I-SRL-NO</key>\r\n", "\t\t\t<string>DNPS88X1HG82</string>\r\n", // Fields of Anisette data "\t\t\t<key>X-Apple-I-MD</key>\r\n", "\t\t\t<string>AAAABQAAABCZg6d+upDLWkNW98xGuiOXAAAAAw==</string>\r\n", "\t\t\t<key>X-Apple-I-MD-M</key>\r\n", "\t\t\t<string>faFsm6glupJEkv10H8HxT+cpTVQ/q8mWyPiJRkYfbXJDfIK+eL52Z7GyRCamzWYnvv1N/US6VaawwZG9</string>\r\n", "\t\t\t<key>X-Apple-I-MD-RINFO</key>\r\n", "\t\t\t<string>17106176</string>\r\n", "\t\t\t<key>X-Apple-I-TimeZone</key>\r\n", "\t\t\t<string>CET</string>\r\n", "\t\t\t<key>X-Apple-Locale</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>bootstrap</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>icscrec</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>loc</key>\r\n", "\t\t\t<string>en_FR</string>\r\n", "\t\t\t<key>pbe</key>\r\n", "\t\t\t<false/>\r\n", "\t\t\t<key>prkgen</key>\r\n", "\t\t\t<true/>\r\n", "\t\t\t<key>svct</key>\r\n", "\t\t\t<string>iCloud</string>\r\n", "\t\t</dict>\r\n", "\t\t<key>o</key>\r\n", "\t\t<string>complete</string>\r\n", "\t\t<key>u</key>\r\n", "\t\t<string>{0}</string>\r\n", "\t</dict>\r\n", "</dict>\r\n", "</plist>\r\n" ), email, c, Convert.ToBase64String(clientSession.Proof)); Console.WriteLine(post2); var res2 = PList.ParsePList(new PList(await PostRequest("https://gsa.apple.com/grandslam/GsService2", post2))); Console.WriteLine(res2); Console.ReadKey(); }