From 2530814b13078ba8eaf42fbe45b9cd8f80762d7e Mon Sep 17 00:00:00 2001 From: danny Date: Wed, 5 Feb 2025 14:21:31 +0100 Subject: [PATCH] Aded password encryption with s2k_fo protocol --- endpoint/register/pypush_gsa_icloud.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/endpoint/register/pypush_gsa_icloud.py b/endpoint/register/pypush_gsa_icloud.py index e20de45..bfea303 100644 --- a/endpoint/register/pypush_gsa_icloud.py +++ b/endpoint/register/pypush_gsa_icloud.py @@ -28,7 +28,6 @@ # Disable SSL Warning urllib3.disable_warnings() - logger = logging.getLogger() @@ -76,13 +75,12 @@ def gsa_authenticate(username, password): r = gsa_authenticated_request( {"A2k": A, "ps": ["s2k", "s2k_fo"], "u": username, "o": "init"}) - if r["sp"] != "s2k": - logger.warn( - f"This implementation only supports s2k. Server returned {r['sp']}") + if r["sp"] not in ["s2k", "s2k_fo"]: + logger.warn(f"This implementation only supports s2k and sk2_fo. Server returned {r['sp']}") return # Change the password out from under the SRP library, as we couldn't calculate it without the salt. - usr.p = encrypt_password(password, r["s"], r["i"]) + usr.p = encrypt_password(password, r["s"], r["i"], r["sp"]) M = usr.process_challenge(r["s"], r["B"]) @@ -190,8 +188,11 @@ def generate_meta_headers(serial="0", user_id=uuid.uuid4(), device_id=uuid.uuid4 } -def encrypt_password(password, salt, iterations): +def encrypt_password(password, salt, iterations, protocol): + assert protocol in ["s2k", "s2k_fo"] p = hashlib.sha256(password.encode("utf-8")).digest() + if protocol == "s2k_fo": + p = p.hex().encode("utf-8") return pbkdf2.PBKDF2(p, salt, iterations, SHA256).read(32)