|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Siri Protocol"
(initial page) |
m |
||
| Line 1: | Line 1: | ||
| − | Applidium documented the Siri Protocol on 14 November 2011[http://applidium.com/en/news/cracking_siri/] by setting up a DNS to see the traffic. The traffic is simple HTTPS (with some modifications, mentioned later). The server presents a certificate for guzzoni.apple.com (IP 17.174.4.4) and the client checks for the correct domain certificate. But it does not check the issuer, so you can create a self-signed certificate to see the traffic. |
+ | Applidium documented the '''Siri Protocol''' on 14 November 2011[http://applidium.com/en/news/cracking_siri/] by setting up a DNS to see the traffic. The traffic is simple HTTPS (with some modifications, mentioned later). The server presents a certificate for [http://guzzoni.apple.com guzzoni.apple.com] (IP 17.174.4.4) and the client checks for the correct domain certificate. But it does not check the issuer, so you can create a self-signed certificate to see the traffic. |
=== Protocol === |
=== Protocol === |
||
| − | The request looks similar to |
+ | The request looks similar to this: |
ACE /ace HTTP/1.0 |
ACE /ace HTTP/1.0 |
||
Host: guzzoni.apple.com |
Host: guzzoni.apple.com |
||
| Line 12: | Line 12: | ||
=== Binary Data === |
=== Binary Data === |
||
| − | *Starts with 0x00AACCEE |
+ | * Starts with 0x00AACCEE |
| − | *Rest is compressed with |
+ | * Rest is compressed with [http://zlib.net zlib] |
Then the data is made out of chunks: |
Then the data is made out of chunks: |
||
| − | *Starting with 0x020000xxxx are "plist" packets with size xxxx of the binary plist data. |
+ | * Starting with 0x020000xxxx are "plist" packets with size xxxx of the binary plist data. |
| − | *Starting with 0x030000xxxx are "ping" packets, sent by the iPhone to Siri server to keep connection alive. xx is the ping sequence number. |
+ | * Starting with 0x030000xxxx are "ping" packets, sent by the iPhone to Siri server to keep connection alive. xx is the ping sequence number. |
| − | *Starting with 0x040000xxxx are "pong" packets, sent from Siri server to the iPhone to keep connection alive. xx is the pong sequence number. |
+ | * Starting with 0x040000xxxx are "pong" packets, sent from Siri server to the iPhone to keep connection alive. xx is the pong sequence number. |
| − | To decipher the binary [[plist]] you can use the plutil command-line tool on Mac OS X. |
+ | To decipher the binary [[PLIST File Format|plist]] you can use the plutil command-line tool on Mac OS X. |
=== plist data === |
=== plist data === |
||
Revision as of 00:44, 15 November 2011
Applidium documented the Siri Protocol on 14 November 2011[1] by setting up a DNS to see the traffic. The traffic is simple HTTPS (with some modifications, mentioned later). The server presents a certificate for guzzoni.apple.com (IP 17.174.4.4) and the client checks for the correct domain certificate. But it does not check the issuer, so you can create a self-signed certificate to see the traffic.
Protocol
The request looks similar to this:
ACE /ace HTTP/1.0 Host: guzzoni.apple.com User-Agent: Assistant(iPhone/iPhone4,1; iPhone OS/5.0/9A334) Ace/1.0 Content-Length: 2000000000 X-Ace-Host: 4620a9aa-88f4-4ac1-a49d-e2012910921
The X-Ace-Host is tied to the 4S you are using and the content length of almost 2GB is fixed, so no actual length. The data itself is binary.
Binary Data
- Starts with 0x00AACCEE
- Rest is compressed with zlib
Then the data is made out of chunks:
- Starting with 0x020000xxxx are "plist" packets with size xxxx of the binary plist data.
- Starting with 0x030000xxxx are "ping" packets, sent by the iPhone to Siri server to keep connection alive. xx is the ping sequence number.
- Starting with 0x040000xxxx are "pong" packets, sent from Siri server to the iPhone to keep connection alive. xx is the pong sequence number.
To decipher the binary plist you can use the plutil command-line tool on Mac OS X.
plist data
The audio data is compressed with Speex audio codec.
(More documentation of plist data is missing here.)
