Difference between revisions of "SHSH Protocol"

From The iPhone Wiki
Jump to: navigation, search
(no harm in keeping it)
(Plist request file)
Line 50: Line 50:
 
<string>*************</string> ------------> This is your own [[ECID]]
 
<string>*************</string> ------------> This is your own [[ECID]]
 
<key>ApProductionMode</key>
 
<key>ApProductionMode</key>
<true />
+
<true />
 
<key>ApSecurityDomain</key>
 
<key>ApSecurityDomain</key>
<integer>_____</integer>
+
<integer>____</integer>
 
<key>UniqueBuildID</key>
 
<key>UniqueBuildID</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
  +
<key>ApNonce</key>
  +
<data>????</data>
 
<key>AppleLogo</key>
 
<key>AppleLogo</key>
 
<dict>
 
<dict>
Line 74: Line 76:
 
</dict>
 
</dict>
 
<key>BatteryCharging0</key>
 
<key>BatteryCharging0</key>
<dict>
+
<dict>
 
<key>Digest</key>
 
<key>Digest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
<key>Trusted</key>
+
<key>Trusted</key>
 
<true />
 
<true />
 
</dict>
 
</dict>
 
<key>BatteryCharging1</key>
 
<key>BatteryCharging1</key>
 
<dict>
 
<dict>
<key>Digest</key>
+
<key>Digest</key>
<data>_________________________</data>
+
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
<data>_________________________</data>
+
<data>_________________________</data>
<key>Trusted</key>
+
<key>Trusted</key>
<true />
+
<true />
</dict>
+
</dict>
<key>BatteryFull</key>
+
<key>BatteryFull</key>
 
<dict>
 
<dict>
 
<key>Digest</key>
 
<key>Digest</key>
Line 122: Line 124:
 
<key>Digest</key>
 
<key>Digest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
<key>PartialDigest</key>
+
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
 
<key>Trusted</key>
 
<key>Trusted</key>
Line 149: Line 151:
 
<key>BuildString</key>
 
<key>BuildString</key>
 
<string>_________________________</string>
 
<string>_________________________</string>
  +
<key>Digest</key>
  +
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
  +
<key>Trusted</key>
  +
<true />
 
</dict>
 
</dict>
 
<key>RecoveryMode</key>
 
<key>RecoveryMode</key>
Line 191: Line 197:
 
<dict>
 
<dict>
 
<key>Digest</key>
 
<key>Digest</key>
<data>_________________________</data>
+
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
Line 201: Line 207:
 
<key>BuildString</key>
 
<key>BuildString</key>
 
<string>_________________________</string>
 
<string>_________________________</string>
  +
<key>Digest</key>
  +
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
  +
<key>Trusted</key>
  +
<true />
 
</dict>
 
</dict>
 
<key>iBSS</key>
 
<key>iBSS</key>
Line 208: Line 218:
 
<key>BuildString</key>
 
<key>BuildString</key>
 
<string>_________________________</string>
 
<string>_________________________</string>
  +
<key>Digest</key>
  +
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>
  +
<key>Trusted</key>
  +
<true />
 
</dict>
 
</dict>
 
<key>iBoot</key>
 
<key>iBoot</key>
 
<dict>
 
<dict>
 
<key>Digest</key>
 
<key>Digest</key>
<data>_________________________</data>
+
<data>_________________________</data>
 
<key>PartialDigest</key>
 
<key>PartialDigest</key>
 
<data>_________________________</data>
 
<data>_________________________</data>

Revision as of 09:55, 13 June 2012

Here is a description about the protocol that is used when iTunes requests the SHSH certificate from Apple. For details about what this is used for, please see the main article SHSH.

This is a simple HTTP (POST) request and answer. You can retry this via a Telnet session or similar. The destination host is gs.apple.com (IP 17.171.36.30 [previously 17.112.176.11]) and runs on the common HTTP port 80. The data is plaintext and not encoded in any way. For details about the HTTP protocol itself, please see RFC2616.

Sending data (request)

POST /TSS/controller?action=2 HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-type: text/xml; charset="utf-8"
User-Agent: InetURL/1.0
Content-Length: 12345
Host: gs.apple.com

(here comes the Plist request file)

Receiving data (answer)

HTTP/1.1 200 OK
Date: Sun, 15 Aug 2010 19:25:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Content-Type: text/html
Content-Length: 123456
MS-Author-Via: DAV

STATUS=0&MESSAGE=SUCCESS&REQUEST_STRING=(here comes the requested SHSH file)

Plist request file

NOTE: This template is only for devices other than the iPhone 4

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">
<dict>
	<key>@APTicket</key>
	<true/>
	<key>@HostIpAddress</key>
	<string>192.168.0.1</string>
	<key>@HostPlatformInfo</key>
	<string>windows</string> -------> "darwin" without quotes for Mac/Linux Systems
	<key>@Locality</key>
	<string>en_US</string>
	<key>@VersionInfo</key>
	<string>libauthinstall-34</string>  -------> "3.8" without quotes for Mac/Linux Systems
	<key>ApBoardID</key>
	<integer>____</integer>
	<key>ApChipID</key>
	<integer>____</integer>
	<key>ApECID</key>
	<string>*************</string>  ------------> This is your own ECID
	<key>ApProductionMode</key>
	<true />
	<key>ApSecurityDomain</key>
	<integer>____</integer>
	<key>UniqueBuildID</key>
	_________________________
	<key>ApNonce</key>
	????
	<key>AppleLogo</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryCharging</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryCharging0</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryCharging1</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryFull</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryLow0</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryLow1</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>BatteryPlugin</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>DeviceTree</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>KernelCache</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>LLB</key>
	<dict>
		<key>BuildString</key>
		<string>_________________________</string>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>RecoveryMode</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>RestoreDeviceTree</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>RestoreKernelCache</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>RestoreLogo</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>RestoreRamDisk</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>iBEC</key>
	<dict>
		<key>BuildString</key>
		<string>_________________________</string>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>iBSS</key>
	<dict>
		<key>BuildString</key>
		<string>_________________________</string>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
	<key>iBoot</key>
	<dict>
		<key>Digest</key>
		_________________________
		<key>PartialDigest</key>
		_________________________
		<key>Trusted</key>
		<true />
	</dict>
</dict>
</plist>

The underlined values( _______ ) can be found from the BuildManifest.plist which is located inside a IPSW file.

Status responses

  • STATUS=0&MESSAGE=SUCCESS
  • STATUS=94&MESSAGE=This device isn't eligible for the requested build.
  • STATUS=100&MESSAGE=An internal error occurred.
  • STATUS=511&MESSAGE=No data in the request
  • STATUS=551&MESSAGE=Error occured while importing config packet with cpsn:
  • STATUS=5000&MESSAGE=Invalid Option!

Other parameters / open questions

Some parameters could have other values. Not all details are known.

  • action=2 in the request. What other values exist and what is their meaning?
  • ApProductionMode What does this mean? Is there a test environment?
  • ApSecurityDomain Meaning?
  • Trusted What is this for?
  • Full description of the above values for UniqueBuildID, Digest, PartialDigest and BuildString.