|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tatsu Signing Server"
m |
(TSS research) |
||
| Line 1: | Line 1: | ||
The '''Tatsu Signing Server''' ('''TSS''') is a collection of services provided by Apple. In late 2012, the list of available services was briefly made public at [https://web.archive.org/web/20121128012112/http://gs.apple.com/TSS/ gs.apple.com]. This index page has since been removed, although at least one archived capture of this page exists. |
The '''Tatsu Signing Server''' ('''TSS''') is a collection of services provided by Apple. In late 2012, the list of available services was briefly made public at [https://web.archive.org/web/20121128012112/http://gs.apple.com/TSS/ gs.apple.com]. This index page has since been removed, although at least one archived capture of this page exists. |
||
| + | TSS is accessed chiefly for use of the [[SHSH Protocol]] to receive signed blobs for a given iOS build. This is accessed with the SHSH controller at http://gs.apple.com/TSS/controller. |
||
| + | |||
There is an Apple internal equivalent, known as Spidercab, running at [http://tatsu-tss-internal.apple.com:80 tatsu-tss-internal.apple.com] and [http://tss-int.apple.com:80 tss-int.apple.com], which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production. |
There is an Apple internal equivalent, known as Spidercab, running at [http://tatsu-tss-internal.apple.com:80 tatsu-tss-internal.apple.com] and [http://tss-int.apple.com:80 tss-int.apple.com], which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production. |
||
| − | Reliable communication to the TSS server requires the appropriate HTTP header, as described in [[SHSH Protocol#Communication]]. |
+ | Reliable communication to the TSS server requires the appropriate HTTP header, as described in [[SHSH Protocol#Communication]]. If you are communicating with a TSS service and not the SHSH controller itself, you must additionally provide a <code>SOAPAction:</code> header. |
| − | == |
+ | == Services == |
| + | |||
| − | It is of moderate security concern to know that the TSS server runs [http://tomcat.apache.org/ Apache Tomcat], the version of which being exposed in the default 404 page. |
||
| + | There are two services provided, both accessible via [https://en.wikipedia.org/wiki/SOAP SOAP] requests. They are located in http://gs.apple.com/TSS/services/ under their respective names. |
||
| + | |||
| + | ===PacketPort=== |
||
| + | |||
| + | * pushDataPacket |
||
| + | |||
| + | ===tatsuReceiptsStatusPort=== |
||
| + | |||
| + | * getReceiptPacketStatus |
||
| + | * queryTASExpireTSA |
||
| + | * updateTSSStatus |
||
| + | |||
| + | == Notes == |
||
| + | |||
| + | [https://www.soapui.org SoapUI], an automation framework for the SOAP protocol, lists Apple among their largest users [https://www.soapui.org/downloads/download-soapui-pro-trial.html]. |
||
| + | |||
| + | ===Server Details=== |
||
| + | It is of moderate security concern to know that the TSS server runs [http://tomcat.apache.org/ Apache Tomcat], exposed, alongside version number, in the default 404 page. The SOAP implementation used is [http://axis.apache.org/axis/ Apache Axis] (Java). |
||
== References == |
== References == |
||
* [[TinyUmbrella]] |
* [[TinyUmbrella]] |
||
| + | * [https://www.w3.org/TR/2000/NOTE-SOAP-20000508 SOAP specification] |
||
== External Links == |
== External Links == |
||
* [https://web.archive.org/web/20121128012112/http://gs.apple.com/TSS/ List of available services (archive.org)] |
* [https://web.archive.org/web/20121128012112/http://gs.apple.com/TSS/ List of available services (archive.org)] |
||
| − | |||
| − | {{stub|Apple Inc.}} |
||
Revision as of 00:20, 16 February 2020
The Tatsu Signing Server (TSS) is a collection of services provided by Apple. In late 2012, the list of available services was briefly made public at gs.apple.com. This index page has since been removed, although at least one archived capture of this page exists. TSS is accessed chiefly for use of the SHSH Protocol to receive signed blobs for a given iOS build. This is accessed with the SHSH controller at http://gs.apple.com/TSS/controller.
There is an Apple internal equivalent, known as Spidercab, running at tatsu-tss-internal.apple.com and tss-int.apple.com, which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production.
Reliable communication to the TSS server requires the appropriate HTTP header, as described in SHSH Protocol#Communication. If you are communicating with a TSS service and not the SHSH controller itself, you must additionally provide a SOAPAction: header.
Contents
Services
There are two services provided, both accessible via SOAP requests. They are located in http://gs.apple.com/TSS/services/ under their respective names.
PacketPort
- pushDataPacket
tatsuReceiptsStatusPort
- getReceiptPacketStatus
- queryTASExpireTSA
- updateTSSStatus
Notes
SoapUI, an automation framework for the SOAP protocol, lists Apple among their largest users [1].
Server Details
It is of moderate security concern to know that the TSS server runs Apache Tomcat, exposed, alongside version number, in the default 404 page. The SOAP implementation used is Apache Axis (Java).
