Siri Protocol Exploit for multiple key generation

Requires JailBroken iPhone4s. 
This is a rally simple exploit.

Logic:

Every time an iDevice uses Siri for the first time or creates a new assistant in apple database, guzzoni replies with a property validityDuration  that tells for how long the generated validation data from the iDevice are valid.
Default reply on this by apple is: 90000 sec = 25h!!!

So response from apple is:


{"class"=>"CreateSessionInfoResponse",
 "properties"=>
  {"sessionInfo"=>
    "\x02\b N\xF7\x88o\t!\xEE\xE4w\x83\x1AH\x1E\x81\x00\x00\x00@\xEA\xE2\x17\x1F!\xD4\xF6%-\xB7\x0FRr\x8D\x1D\x9D\xDF\xE1@&=\x96\xEDkf(\xC6f\xA4\xDBl\xA5oE\xD1\x13\xE9G\xFEj\xA0\x83\xDF\xDB\xCE\xDA\x0F\xFE'\xB7p9\x8Egz\x14\xEA\xC0\xD3[t\xBCW\xE1\x01\xF0R]\xED\xF1\t\x87]5\xE9\x9Da{\xCC\x0F\x12z\xCF\xA9Y\x00\x00\x006\x05\x03\x8A\xC2\xD6w\xA6\xF5\xD8*4\\\xB8\xA2\xB2\xE7\x0F\x12O; \x95luD\x83:\xA3\xAC,,,.\x81\xF9\xE2i\xD6\xED\xCC\x9Ee9\xADuN\x83F[\x06\xC2\x8D2\xB2",
   "validityDuration"=>90000}


And we just change the validityDuration to whatever we please

This will force the 4S to regenerate its validation data every time it uses siri after the above elapsed time.

This can also probably (I haven't tested it!) be done by editing the assistant.plist on the 4S and setting the time to an expired point, eg 5 hours before, but may generate only one key. Repeat as pleased

Updated in TLP source here... 
And experimental source here...

1 σχόλιο: