The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "SHSH Protocol"
(taken down due to copyright issues) |
|||
Line 236: | Line 236: | ||
*Trusted What is this for? |
*Trusted What is this for? |
||
*Full description of the above values for UniqueBuildID, Digest, PartialDigest and BuildString. |
*Full description of the above values for UniqueBuildID, Digest, PartialDigest and BuildString. |
||
− | |||
− | ==Resources== |
||
− | [https://github.com/iSn0wra1n/TinyUmbrella TinyUmbrella source code] |
||
[[Category:Firmware Tags]] |
[[Category:Firmware Tags]] |
Revision as of 07:59, 19 April 2011
Here is a description about the protocol that is used when iTunes requests the SHSH certificate from Apple. For details about what this is used for, please see the main article SHSH.
This is a simple HTTP (POST) request and answer. You can retry this via a Telnet session or similar. The destination host is gs.apple.com (IP 17.112.176.11) and runs on the common HTTP port 80. The data is plaintext and not encoded in any way. For details about the HTTP protocol itself, please see RFC2616.
Contents
Sending data (request)
POST /TSS/controller?action=2 HTTP/1.1 Accept: */* Cache-Control: no-cache Content-type: text/xml; charset="utf-8" User-Agent: InetURL/1.0 Content-Length: 12345 Host: gs.apple.com (here comes the Plist request file)
Receiving data (answer)
HTTP/1.1 200 OK Date: Sun, 15 Aug 2010 19:25:18 GMT Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Content-Type: text/html Content-Length: 123456 MS-Author-Via: DAV STATUS=0&MESSAGE=SUCCESS&REQUEST_STRING=(here comes the requested SHSH file)
Plist request file
NOTE: This template is only for devices other than the iPhone 4
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>@HostIpAddress</key> <string>192.168.0.1</string> <key>@HostPlatformInfo</key> <string>windows</string> -------> "darwin" without quotes for Mac/Linux Systems <key>@Locality</key> <string>en_US</string> <key>@VersionInfo</key> <string>libauthinstall-34</string> -------> "3.8" without quotes for Mac/Linux Systems <key>ApBoardID</key> <integer>____</integer> <key>ApChipID</key> <integer>____</integer> <key>ApECID</key> <string>*************</string> ------------> This is your own ECID <key>ApProductionMode</key> <true /> <key>ApSecurityDomain</key> <integer>_____</integer> <key>UniqueBuildID</key> _________________________ <key>AppleLogo</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryCharging</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryCharging0</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryCharging1</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryFull</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryLow0</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryLow1</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>BatteryPlugin</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>DeviceTree</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>KernelCache</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>LLB</key> <dict> <key>BuildString</key> <string>_________________________</string> <key>PartialDigest</key> _________________________ </dict> <key>RecoveryMode</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>RestoreDeviceTree</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>RestoreKernelCache</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>RestoreLogo</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>RestoreRamDisk</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> <key>iBEC</key> <dict> <key>BuildString</key> <string>_________________________</string> <key>PartialDigest</key> _________________________ </dict> <key>iBSS</key> <dict> <key>BuildString</key> <string>_________________________</string> <key>PartialDigest</key> _________________________ </dict> <key>iBoot</key> <dict> <key>Digest</key> _________________________ <key>PartialDigest</key> _________________________ <key>Trusted</key> <true /> </dict> </dict> </plist>
The underlined values( _______ ) can be found from the BuildManifest.plist which is located inside a IPSW file.
Status responses
STATUS=0&MESSAGE=SUCCESS
STATUS=511&MESSAGE=No data in the request
STATUS=551&MESSAGE=Error occured while importing config packet with cpsn:
STATUS=5000&MESSAGE=Invalid Option!
Other parameters / open questions
Some parameters could have other values. Not all details are known.
- action=2 in the request. What other values exist and what is their meaning?
- STATUS=0&MESSAGE=SUCCESS in the answer. What other values exist?
- ApProductionMode What does this mean? Is there a test environment?
- ApSecurityDomain Meaning?
- Trusted What is this for?
- Full description of the above values for UniqueBuildID, Digest, PartialDigest and BuildString.