guilhermecomum
commented
4 years ago I'm getting this error too. Dig in I found that provisioning response is 4F04 Expired or unsupported mobile application.
Closed aviv0404 closed 4 years ago
guilhermecomum
commented
4 years ago I'm getting this error too. Dig in I found that provisioning response is 4F04 Expired or unsupported mobile application.
dlenski
commented
4 years ago It appears Symantec has decided that they don't like us pretending to be an old Mac OS version of their software.
Specifically, this appears to be the offending value:
If I change it to seemingly anything else at all (try MacOS2020, for instance), it'll start working again in terms of getting a valid response.
However, even after doing this, the new tokens don't appear to validate correctly. Meaning that the Symantec server doesn't appear to have stored them. I can't tell if this is a temporary blip, or if something else is still broken.
Update: Yeah… it appears that we'd need to figure out a new HMAC_KEY and/or TOKEN_ENCRYPTION_KEY to make it spoof a newer app :frowning_face:. That'll like require someone with the disassembly skills which @cyrozap first used to figure out the algorithm.
romitathakur
commented
4 years ago Hi Even i am facing same issue, e when try to run vipaccess provision -t SYMC. Even though in my old system vipaccess 0.12 is installed where provisioning was correct and i can generate token.
How i can this provisioning error can be fixed with version 0.13 ?
dlenski
commented
4 years ago in my old system vipaccess 0.12 is installed where provisioning was correct and i can generate token.
@romitathakur You're telling me v0.12 is still working right now to provision a new token? That's incorrect unless you show me otherwise.
This is a change on the server side which prevents python-vipaccess from spoofing an old version of the official Mac OS app.
aviv0404
commented
4 years ago I tried installing v0.12 just in case and its not working
Full output:
C:\Users\user>vipaccess provision -p Generating request... Fetching provisioning response... Getting token from response... Decrypting token... Traceback (most recent call last): File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\Scripts\vipaccess-script.py", line 11, in
load_entry_point('python-vipaccess==0.12', 'console_scripts', 'vipaccess')() File "c:\users\user\appdata\local\programs\python\python38-32\lib\site-packages\vipaccess__main.py", line 176, in main return args.func(p, args) File "c:\users\user\appdata\local\programs\python\python38-32\lib\site-packages\vipaccess\main__.py", line 54, in provision otp_secret = vp.decrypt_key(otp_token['iv'], otp_token['cipher']) TypeError: 'NoneType' object is not subscriptable
Maybe @romitathakur meant he can still use the show command on previously generated tokens, which is possible.
dlenski
commented
4 years ago Maybe @romitathakur meant he can still use the show command on previously generated tokens, which is possible.
Right :ok_hand:. Previously-provisioned tokens haven't been invalidated, but we can no longer generate new ones.
I should add a note to the README about how python-vipaccess is no longer functional unless someone can replicate @cyrozap's feat of extracting the encryption and HMAC keys from a more recent officially-sanctioned client. :frowning_face:
romitathakur
commented
4 years ago Hi, I tried to repeat the process today by installing python-vipaccess2 0.3.6 and was able to do provisioning, i think server changes were temporary. @aviv0404 you can try again with latest version.
dlenski
commented
4 years ago Much to my surprise… you're right. vipaccess provision is working again. :man_shrugging:
bored-engineer
commented
4 years ago Interceptor.attach(Module.findExportByName(null, "CCCrypt"), {
onEnter: function(args) {
console.log('CCCrypt(' +
'op=' + args[0] +
', alg=' + args[1] +
', options=' + args[2] +
', key=' + args[3] +
', keyLength=' + args[4] +
', iv=' + args[5] +
', dataIn=' + args[6] +
', dataInLength=' + args[7] +
', dataOut=' + args[8] +
', dataOutAvailable=' + args[9] +
', dataOutMoved=' + args[10] +
')');
console.log("key:")
console.log(Memory.readByteArray(args[3], args[4].toInt32()))
console.log("iv:")
console.log(Memory.readByteArray(args[5], 16))
console.log("data:")
console.log(Memory.readByteArray(args[6], args[7].toInt32()))
}
});
Interceptor.attach(Module.findExportByName(null, "CCHmac"), {
onEnter: function(args) {
console.log('CCHmac(' +
'algorithm=' + args[0] +
', key=' + args[1] +
', keyLength=' + args[2] +
', data=' + args[3] +
', dataLength=' + args[4] +
', macOut=' + args[5] +
')');
console.log("key:")
console.log(Memory.readByteArray(args[1], args[2].toInt32()))
console.log("data:")
console.log(Memory.readByteArray(args[3], args[4].toInt32()))
}
});The above Frida script will hook any calls to CCCrypt and CCHmac and output the input arguments and data. It could be used as follows:
$ frida -l ~/<path to snippet>.js "/Applications/VIP Access.app/Contents/MacOS/VIP Access"
[Local::VIP Access]-> %resume
So I tried installing python-vipaccess on multiple devices (work pc, desktop pc at home and my laptop) and I get the same error after running 'vipaccess provision -p' or 'vipaccess provision -o'
Full output:
All of the machines I used are running Windows 10. I used a few prints inside
__main__.pyand it appears otp_token is None for some reason.