Ketchup-Mayo-Senf.de - Blog

Hi folks,

it's a long that i posted something,,, this is mostly due my work on a new SiriProxy Version. This time written in c#. There will be a nice GUI for Windows Users and a lot more features =)

this blogpost is for technical interested people. no tutorial, nothing you HAVE to know.

But let's talk about the topic: Siri and the used networking communication. Due my work on the latest SiriProxy version i more and more get a deeper look into everything. It's pretty similar to what applidium wrote some time ago, but a bit more specific.

The iPhone connects to the Guzzoni Server sending a special http header:

ACE /ace HTTP/1.0
Host: guzzoni.apple.com
User-Agent: Assistant(iPhone/iPhone3,1; iPhone OS/5.0.1/9A405) Ace/1.0
Content-Length: 20000000000
X-ACE-HOST: fxxxx2c5-xxa5-41cd-965a-xxxxxxxxxxxx

There are 3 things which are a bit special:
- the http method "ACE"
- Content-Lengt with ~ 2GB
- added x-ace-host

the guzzoni server checks if http method "ace" is used. if not there is a special error: HTTP Status 406 - Unacceptable
you can check yourself by opening "https://guzzoni.apple.com/ace" in your browser.

After the header we have 4 bytes header: 0xAA 0xCC 0xEE 0x02

The next 2 bytes contain the ZLIB compression lvl which is "best".
from there on everything is packed into zlib. Apple used the ZLIB "full flush" mode.
this means mostly that after sent objects there is a "00 00 FF FF" added.

so the whole stream looks like this:

[header][0xaa0xcc0xee0x02][zlibstream]

If you unpack the zlib stream you find that the first byte contains the "packet type". This can be one of the following:

2 - binary plist object
3 - ping
4 - pong

a ping or pong only consist of 4 bytes:

[PAKETTYPE-BYTE][COUNT OF PING 3BYTES]

So the first Ping/Pong looks like: [3][0 0 1]

a binary plist object starts with 2 and the next 4 bytes contain the length of the packet. if size is for example 500 bytes it looks like this:

[2][0x0 0x1 0xF4][binary plist object]

Every plist object contains a class. i know the following (this is not the complete list!!! just an excerpt):

//iPhone Stuff
CreateAssistant,
CreateSessionInfoRequest,
LoadAssistant,
StartSpeechRequest,
SetRequestOrigin,
SpeechPacket,
FinishSpeech,
EventSearchCompleted,
SetRestrictions,
ClearContext,
//From here its Guzzoni Stuff
SetApplicationContext,
AssistantLoaded,
SetConnectionHeader,
AddViews,
EventSearch,
RequestCompleted,
SpeechRecognized,
SessionValidationFailed,
CommandFailed,
GetSessionCertificateResponse,

In common a full request from iPhone looks like this:

[LoadAssistant][CreateSessionInfoRequest][SetRequestOrigin][StartSpeechRequest][SpeechPaket][SpeechPaket][FinishSpeech]

guzzoni's answers normaly:

[AssistantLoaded][SetConnectionHeader][SpeechRecognized][AddViews][RequestCompleted]

If Authentication fails there will be some other communication.

Btw in loadassistant and createassistant there is another used id which is unique for each iPhone. This might be used to add a simple "authentication" to the server. i heard of ppl which say they have a authentication on their proxy. if they did it, then i would say mostly this way. it's an easy way to include authentication .. but.. easy to "hack". if somebody knows such a siriproxy server with "authentifaction" ... lemme know and i check if i can hack it ;-)

with knowledge of the pakets send around during a siri connection, you can do a lot of fun things.but more about hacking and fun things in one of my next posts...

so long folks =)

/Matthias

Of couse a little bit late ( i am kinda busy these days with my Windows Version of SiriProxy) but maybe still interesting:

Finally there is a Jailbreak available for iPhone 4S and the iPad2.

Where can i download iPhone 4S / iPad2 Jailbreak?

You will find Versions
for Windows here
and for Mac OS here.

The original Blogpost can be found here.

How do i install the jailbreak for iPhone 4S?

- Download greenpois0n and extract the .zip file. Then launch greenpois0n.
- Connect your iPhone 4S to your PC and click "jailbreak". This will prepare everything for DFU mode.
- Press ‘Jailbreak’ again (if you wasn't in DFU mode before) and greenpois0n will do everything for you.
- After it completes you'll get a "complete" message. Wait for your device to be rebooted.
- Once your device has finished rebooting,launch the "loader" app from your iPhone 4S. This will download the Cydia app and install it for you. Be sure that you have internet connection!
- When Cydia has been installed successfully, your device will automatically reboot
- you have finished jailbreaking =)

Will there be changes for Siri on iPhone 4 now?

For now there will be no changes. If i know anything new i will let ya know!

cheers Matthias

JimmyKane" did some nice job in modify my SiriProxy and added some extra functions.

Added Features:

• MySql Database connection support: Supports MySQL database connection for storing configuration,keys and runtime statistics.
• Multiple key support: You can connect more than 1 iPhone4S and store even more keys. The more the keys, the more the clients!
• Key Throttling: Each client uses a different key, if more than one Keys are available. The throttler makes sure that each Key is throttled thus enabling several client registration and assistant object creation.
• KeyLoad Safeguard: Never worry about how many people use your iPhone4S key. Each Key has a maximum keyload. Even when the key is still valid, if the keyload limit is exceeded, the safeguard disables the key and protects the iPhone4S from getting banned.
• KeyLoad Aware: Checks what key is not "Hot" anymore and periodically decreases the load, thus re-enabling Safeguarded Keys
• Web interface and monitoring: Always know what is happening without a CLI! With a web interface you can check statistics such as active connections, valid keys, server load, keyload etc.
• One certificate for all devices: Both Siri Capable devices (currently only iPhone4s) and older devices are using the same certificate and the same port (443 default for SSL)
• One instance of the server: Due to one certificate you can run only one instance of the server.
• Bug Free (I hope...):-) Never worry if the server has crashed. Most of the bugs that were causing the server to crash are fixed now.

It's more complicated (because of the added features) but if you want to do a more heavy used server it might be worth a look!

You find the Proxy here

cheers Matthias!

Hi,
some people have the problem that they get called by someone else`s name.

Why?

Well. Some of you might use KMS-SiriProxy for a while now and in the earlier versions the proxy used all of 4s data to connect.
So the assistantid of the 4s has been saved to your devices. With the new versions this does not happen.
The assistantid is responsible for your personal information.

What can we do about it?

1. deactivate siri

2. if you have spire: put guzzoni.apple.com in your spire settings

3. delete your com.apple.assistant.plist

4. activate siri

5. use siri once (you will get no response)

the assistantid has been newly generated by appleservers

6. reenter your proxy into your spire settings or com.apple.assistant.plist

There you go!

cheers!
@AddiGaz

Hi,
to generate a certificate including 2 common names we are editing
/etc/ssl/openssl.cnf
this time.

Why?

To connect an iPhone4s and non4s devices we needed to run either two processes or using the guzzoni certificate on the non4s devices to connect to the proxy ( needed to edit /etc/hosts on non4s devices )
So with this method you can run one process with two common names included in one certificate.
Install it on your phones and use them over wifi and 3g

How does it work?

In the /etc/ssl/openssl.cnf we can edit and add requirements.
This means we can tell it what to ask for, the next time we are generating a certificate.

What do we need to add?

navigate to [ req_distinguished_name ] and find commonName_default
Replace it with the following

0.commonName_default = guzzoni.apple.com
0.commonName_max = 64
1.commonName = Common Name (eg, YOUR name)
1.commonName_default = www.domain.org
1.commonName_max = 64

Replace www.domain.org with your dyndns or static ip.
Now you can generate a new certificate with two common names.

cheers!
@AddiGaz