The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Apple Push Service Protocol

From The iPhone Wiki
Revision as of 06:09, 24 April 2021 by Nicolas17 (talk | contribs) (Mention apnspack protocol)
Jump to: navigation, search

iOS devices connect to Apple's push servers via port 5223. The protocol is proprietary and has nothing to do with XMPP (which uses the same port to establish SSL-encrypted client connections). The Push service protocol also uses SSL encryption.

As of iOS5, Apple uses a new push protocol. The same protocol is used on the Mac too. With iOS4, the protocol used message types 04 to 06, while the new protocol uses message types 07 to 0f and all fields have a type-length-value encoding.

While every iOS version after that continued adding new message and field types, in iOS 12 there is another new push protocol known as "apnspack", which uses the same message and field types but encodes them in a completely different binary format. The client negotiates use of this new protocol with the protocol name "apns-pack-v1" in ALPN. The apnspack format is not yet documented in this page.

Message Structure

The format of the non-packed APNS protocol is as follows:

  • 1 byte message type
  • 4 byte payload length
  • fields, all with
    • 1 byte type
    • 2 byte length
    • value

Example:

  • 07 message type (Connect)
  • 00 00 00 27 39 byte payload length
  • 01 1st field
    • 00 20 32 byte length
    • 8a 73 82 00 82 ac 91 32 88 b6 aa ef 90 91 65 ce 8a 73 82 00 82 ac 91 32 88 b6 aa ef 90 91 65 cevalue 1 (32-byte push token)
  • 02 2nd field
    • 00 01 1 byte length
    • 01 value

Messages

07 Connect

  • Direction: device to server
  • message type: 07
  • fields:
    • 01 32-byte push token
    • 02 1 byte unknown (value 01)

08 Connect Response

  • Direction: server to device
  • message type: 08
  • fields:
    • 01 status (00 ok, 02 some error)
    • 04 unknown (value 10 00)
    • 05 unknown (value 00 02)
    • 03 32-byte push token (optional), sent after 05 field

09 Push Topics

  • Direction: device to server
  • message type: 09
  • fields:
    • 02 20-byte ID for enabled topic (like topic for push-enabled app or a specific iCloud service like Find My iPhone)
    • 03 20-byte ID for disabled topic

0A Push Notification

  • Direction: server to device (for iMessage and possibly others too, also the other way round)
  • message type: 0a
  • fields:
    • 01 recipient push token
    • 02 topic
    • 03 notification payload
    • 04 response token
    • 05 expiry (32-bit UNIX timestamp)
    • 06 timestamp (64-bit UNIX timestamp in nanoseconds)
    • 07 unknown (00)

0B Push Notification Response

  • Direction: server to device (for iMessage and possibly others too, also the other way round)
  • message type: 0b
  • fields:
    • 04 response token
    • 08 status (00 ok, 02 error)

0C Keep-Alive

  • Direction: device to server
  • message type: 0c
  • fields:
    • 01 connection method ("WiFi" or GSM MNC like "31038" for AT&T)
    • 02 iOS version, e.g. "5.0"
    • 03 iOS build number
    • 04 device model, e.g. "iPhone2,1"
    • 05 unknown (values like 10, 15 or 20)

0D Keep-Alive Confirmation

  • Direction: server to device
  • message type: 0d
  • no fields

0E No Storage

  • Direction: server to device
  • message type: 0e
  • fields:
    • 03 32-byte push token

0F Flush

  • Direction: both
  • message type: 0f
  • fields:
    • 2-byte integer indicating length of padding
    • padding: NULL-bytes, typical lengths are 64, 128, 256, 512

References

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Apple_Push_Service_Protocol&oldid=112284"