In my last Blogpost i showed you a way to connect any iDevice ( like iPhone 4 or iPhone 3GS) over a SiriProxy with Apple's Siri Server. Some of you finished my tutorial and have it up and running and enjoy Siri on their iPhones.
Most of you probably are not technical enough to complete the tutorial and/or don't have access to an iPhone 4S (which is still required).
In this Blogpost i will descripe Siri a little bit. How Siri works (from a technical view). Why "public" SiriProxy server have problems (like the one from h1siri), why you never should use any public server and what you should know generally if running a Siri Proxy Server.
How Siri works
Siri on your iPhone is just a little bit more than a GUI. It records your voice and send this along with other informations to Apple's Siri Server ( known as guzzoni.apple.com ). The Server analyzis your speech, check what you have said. checks what you could have meant and send this thoughts along with the information what to do back to your Siri GUI on your phone.
Really nothing special runs on your phone. everything is done remotely on Apple's SiriServer.
How exactly everything works, which pakets are sent, etc etc will be described later in another blogpost.
i personally suggest to have a deeper looking into siri before using it very often. apple gets a lot of data from you and you should at least know that.
SiriProxy and the auth keys
To run your own SiriProxy (my modified version) you need actual and working iPhone 4S keys. As mentioned for a lot of times these 4 keys are:
- x-ace-host
- assistantID
- speechID
- validationData ( aka sessionValidationData)
After running my server for over 2 weeks now, i can't say if you really need x-ace-host. looks like it worked anytime for me because every phone with SiriGUI installed has one.
assistantID and speechID don't change over time and can leave untouched most times ( they will be written to your phone anyway automatic from SiriGUI)
The most important key is the validationData. This one is generated from your phone. containing some hardcoded infos like your hardware version. thats why you need this one from an iPhone 4S. It changes every 24h (after beeing generated by the iPhone 4S) and the change date is visible in the com.apple.assistant.plist on your iPhone 4S.
Running a SiriProxy server with my modified version is currently not a good thing. everything in there is hardcoded and have to be changed once every 24h. Well this public release was never intend for use like public servers. it was just a proof of concept. showing the world " hell yay it works!!".
Beside that my posted public version of the siriproxy is not very stable and can't handle enough connects. it's ok for like 5 ppl using it over the day.
One advantage of a SiriProxy over a direct access from your phone is, that apple only see one ip using the auth-stuff. another advantage is_ automatisation ( will post about that later).
How a real public Server could look like will be shown later this week in one of my next blogposts.
Why are public SiriServer a bad idea?
SiriGUI releases like h1siri are using a public SiriProxy server. this isn't a good idea for all people. Siri is sending a massive amount on private data over this public ProxyServer. So all this informations can be seen by the owner of this public server. I saw following Data in my logs:
- Your Name and personal Details
- All your contacts
- SMS
- Mails
- your location
There might be more but i am too lazy to check everything for the moment. i will do an analyzis about this data later in another blogpost.
Beside that, a SiriProxy Server can do things you dont notice on your phone ( like spamming via sms, mail, twitter, facebook etc) and if its an modified version of a SiriGUI it can do really harmful things to your phone like bricking it. it might be used to hide illegal thins (running a socks proxy which hacker can use to cloak themself) etc etc. there are really really really a lot of things which can be done with your phone.
so once more: NEVER EVER USE A PUBLIC SERVER FROM PEOPLE YOU DONT KNOW
oh and never trust somebody. never! ( hey that even includes me as well) Learn to get more interested in what can happen to you if you have too much trust into somebody!
What's comming up next on this blog?
There will be several blogposts during the next days for these things:
- howto setup linux / macos in vmware including automatic install scripts
- howto setup a siriproxy server with key cycling, automatic key retrieving (from users with 4s), and heavy user handling ( more than 10 users )
- info how siri works in detail (which pakets, how authentication looks like, assistant data, etc etc)
if you have things you want to know.. let me know and i see if i can blog about it =)
Very Nice job ! Good article !
For you what is the best siriGUI ? I use h1siri (plist modified to guzzoni) but i don t know if it s a good idea to use it !
Is it possible to make a siri proxy without connection with guzzoni, only for home automation, so fully working with iPhone 4 ;)
it's not possible (without a log of coding work) to make connections without apple's server.
tough it is technical possible to set up a own speech recognizing server and use siri with this. but thats a lot of work.