The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Siri Protocol"
m |
m |
||
Line 1: | Line 1: | ||
− | Applidium documented the '''Siri Protocol''' on 14 November 2011 |
+ | Applidium <span class="plainlinks">[http://applidium.com/en/news/cracking_siri/ documented]<span class="plainlinks"> the '''Siri Protocol''' on 14 November 2011 by setting up a DNS to see the traffic. The traffic is simple HTTPS (with some modifications, mentioned later). The server presents a certificate for guzzoni.apple.com (IP 17.174.4.4) and the client checks for the correct domain certificate. But it does not check the issuer, so you can create a self-signed certificate to see the traffic. |
=== Protocol === |
=== Protocol === |
||
Line 12: | Line 12: | ||
=== Binary Data === |
=== Binary Data === |
||
* Starts with 0x00AACCEE |
* Starts with 0x00AACCEE |
||
− | * Rest is compressed with [http://zlib.net zlib] |
+ | * Rest is compressed with <span class="plainlinks">[http://zlib.net zlib]<span class="plainlinks"> |
Then the data is made out of chunks: |
Then the data is made out of chunks: |
||
Line 22: | Line 22: | ||
=== plist data === |
=== plist data === |
||
− | The audio data is compressed with [http://www.speex.org/ Speex] audio codec. |
+ | The audio data is compressed with <span class="plainlinks">[http://www.speex.org/ Speex]<span class="plainlinks"> audio codec. |
(More documentation of plist data is missing here.) |
(More documentation of plist data is missing here.) |
Revision as of 23:39, 21 October 2013
Applidium documented the Siri Protocol on 14 November 2011 by setting up a DNS to see the traffic. The traffic is simple HTTPS (with some modifications, mentioned later). The server presents a certificate for guzzoni.apple.com (IP 17.174.4.4) and the client checks for the correct domain certificate. But it does not check the issuer, so you can create a self-signed certificate to see the traffic.
Protocol
The request looks similar to a standard HTTP request:
ACE /ace HTTP/1.0 Host: guzzoni.apple.com User-Agent: Assistant(iPhone/iPhone4,1; iPhone OS/5.0/9A334) Ace/1.0 Content-Length: 2000000000 X-Ace-Host: 4620a9aa-88f4-4ac1-a49d-e2012910921
The X-Ace-Host is tied to the 4S you are using. The content length of almost 2GB is fixed, so no actual length. The User-Agent is modified depending on your OS version and build. The data itself is binary.
Binary Data
- Starts with 0x00AACCEE
- Rest is compressed with zlib
Then the data is made out of chunks:
- Starting with 0x020000xxxx are "plist" packets with size xxxx of the binary plist data.
- Starting with 0x030000xxxx are "ping" packets, sent by the iPhone to Siri server to keep connection alive. xx is the ping sequence number.
- Starting with 0x040000xxxx are "pong" packets, sent from Siri server to the iPhone to keep connection alive. xx is the pong sequence number.
To decipher the binary plist you can use the plutil command-line tool on Mac OS X.
plist data
The audio data is compressed with Speex audio codec.
(More documentation of plist data is missing here.)