Generating certificates for iOS 7

[seberenimer]

I am running iOS 7 and the siri server seems to be different. I used wireshark to figure out which siri server is used and from what I gather the siri server for iOS 7 seems to be daryl.apple.com.

I am trying to generate the certificates for daryl.apple.com using openssl. When I replace the certificates in your keys directory with the ones I generate and run the install app, I am able to install the certificate on my phone and then everything is green on the install page. But when the siri server starts and I try to speak to siri I get the following error:

Error: 1292:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:openssl\ssl\s3_srvr.c:1355

I am really not familiar with SSL so I am pretty sure that I am doing something wrong when I generate the certificates

Could you tell me the exact openssl commands you used to generate the guzzoni.apple.com certificate

Thank you

[jnovack]

It is possible they completely reworked Siri's protocol for iOS 7. The error you are receiving is not a problem with your device talking to the proxy, it's a problem with the proxy talking to apple's servers.

Is that the FULL error you are receiving? There's no node dump?

If the case is they reworked Siri's protocol, this is all broken and pointless.

[seberenimer]

Yes this is the only error I get and I had to set DEBUG=siri:* to get it

I don't know if they reworked Siri's protocol but when I search for the no shared cipher error I got the feeling that this is an SSL handshake error so from what I understand at this point we are not even talking about the Siri protocol, the problem is at a lower level, it is pure TLS or SSL

[seberenimer]

I am not sure how to get the node dump. I set dumpdata: true in the config.json but nothing changed

[jnovack]

Yes, you are correct so far. It seems at this point it is merely the SSL Cipher, but until we get past that we won't know if the protocol has changed or not.

openssl s_client -connect daryl.apple.com:443 -ssl3

returns:

SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5

You may have to change line 235 from:

serverStream = tls.connect(SIRI_PORT, SIRI_SERVER, onServerConnect)

to:

serverStream = tls.connect(SIRI_PORT, SIRI_SERVER, { secureProtocol: "SSLv3_method"}, onServerConnect)

and try again.

[jnovack]

Additionally, you have to set SIRI_SERVER as daryl.apple.com.

In the contrib/ directory, there is a genca.sh that has the exact commands to run. Edit the file and replace 1024 with 2048. Try again.

[seberenimer]

Thanks I will try it tonight! I already set the SIRI_SERVER to daryl.apple.com via the the server property of the config.json

[zhangyuanwei]

I have't upgrade to IOS7 yet. Siri's protocol for iOS 7 may have changed.I will analyze the protocol as soon as possible when IOS7 is released.

[monoxgas]

Fantastic work you've done so far. Me and wejmolahs are looking into solutions for iOS 7 and would love to help out wherever we can. It seems Plamoni has been quiet over the issue lately.

[jnovack]

plamoni has been rightfully quiet because he may be a Apple Developer. They are under an NDA to not disclose anything until it has been publicly released. Now that it has been publicly release, he can most likely talk about it if he has the time.

[seberenimer]

@jnovack I edited the genca.sh script like you said and it worked, I was able to inspect the SIRI packets which changed a little from the previous version but the structure remains the same. When I came back the next day to continue where I left off I don't know why but I still had the same SSL problems as before (no shared cipher).

Since I had modified a little bit of code in siri.js I decided to re-install node-siri from scratch but no luck.

After examining the clientStream and the serverStream I am pretty sure that the problem is not with Apple's siri server, the connection seems to work properly. The handshake problem occurs when the iPhone connects to the siri proxy

[rendom]

Any progress? Maybe this can be helpful plamoni/SiriProxy#542

[jnovack]

No, I'm playing GTA V this month, and have not upgraded to iOS 7 yet.

[criroselli]

Any progress for IOS 7 ?

[Ant1B2x]

Please progress in SiriProxy for iOS 7 ! It's very important for some people ! Help us !

[schiizo]

Hi guys
Any progress for iOS 7?

[zhangyuanwei]

Well, I'll try it tonight.

[suhajdab]

Pretty please!

[phillpafford]

is there a tutorial on how to set this up? and help with testing?

[kaminskypavel]

bump. any news on the subject?

[ritvik1512]

Are we heading towards a brick wall? ANY Updates? @seberenimer @jnovack

[jnovack]

I have dropped this project due to a lack of interest.

Justin J. Novack
Official Disturber of the Peace

On Mon, Mar 17, 2014 at 2:02 AM, Ritvik Choudhary
notifications@github.comwrote:

Are we heading towards a brick wall? ANY Updates? @seberenimerhttps://github.com/seberenimer
@jnovack https://github.com/jnovack

Reply to this email directly or view it on GitHubhttps://github.com//issues/13#issuecomment-37787220
.

[Timvdv]

I think there are a lot of people (including me) who want to see this project go live!

[zhangyuanwei]

I never gave up on this project.But regrettably,Node-siri has no full time development staff.I have full time job that keep me busy.
On the other hand.Significant changes made to the Siri protocol stack have rendered node-siri inoperable with iOS 7.I don't have enough time to follow up.
So, I'm waiting for this project to solve the IOS7 problem,then I well transplant to node-siri.
Thx.

[kaminskypavel]

im with you, this proj should be alive!

[Timvdv]

Have you read the comment from @KenFalk 3 days ago? He said: instead of intercepting and changing the response we could try to just read it.

The downside is that you can't have a response from Siri, but I think a lot of people would still be happy because most tasks don't require a response.

Do you think this would work?

[thomaslove]

Apologies for digging up an old thread, just been poking around with this and wanted to share what I learnt. Poking around on iOS8, it seems that the server is back to guzzoni.apple.com again. I still get the same error @seberenimer got originally though, the issue with the handshake.

Again, not an SSL expert myself either. I just though it was interesting that the servers had changed again. Can anyone else confirm this as well? iPhone 6 in the UK