ios 6 (getting past createsessioninforequest)

[rotastrain]

I was looking at the new ios 6 and why the server just stops after trying to connect.

The problem is

Earlier the phone used to send a request by createtsessioninforequest and we would bypass it by sending commandfailed.

However now sending a commandfailed just stops the protocol.

After spoofing a createsessioninforesponse the iphone just responds by saying "can you please say that again?"

if i connect to TLP proxy and then in the next 20 seconds switch over to our own proxy the protocol goes through and siri works. this is because the iphone doesnt ask for a getsessioninforesponse and directly goes to loadassistant

Any thoughts and insights on this? Unless we can bypass it google api servers are extinct. :X

[janrueth]

I updated the repo with changes and added info in the readme in how to use it with iOS 6

[rotastrain]

Ok thats great. i installed the deb and it works great. Do you a header file i could use to hook into loadassistant using theos?

Also can you release the code of the tweak. Or if you cant then can u give a small tutorial into which header u hooked into for educational purposes?

[janrueth]

Why do you need a header file for that? You can dump headers with class-dump-z by kennytm (https://github.com/kennytm/Miscellaneous/downloads) As you are interested in SAObjects framework you must first dump it from the dyld_shared_cache_armv7 which you can find on the device in /System/Library/Caches/com.apple.dyld/. You can dump it with dyld_decache (copy dyld_shared_cache_armv7 to your mac) which you also get from kennytm's github (use c version) see the command line help to see how you can restrict it to only SAObjects framework.. Now that you got the shared framework SAObjects you can rum class-dump-z over it (see the command line options first to see where you want your headers to go and what else you can configure)

[rotastrain]

I want the header file for that so that i can hook in to loadassistant and send custom information back to server with load assistant for example a personal weather key. i need the header for that right?

[janrueth]

not really... you just need to hook into a call there, you don't need to have the header for that necessarily, but you need to know in which method you wanna hook into

[rotastrain]

ok can you please help me? i want to hook into the loadassistant. i had previously managed to do this with createsessioninforequest but i had got the header

for example my last tweak i had taken help from paradox. it was like this import #<SAOBjects/SACreateSessionInfoRequest.h> %hook SaCreateSessionInfoRequest

• {id}dictionary { blablabla } return dict } %end

now if i want to hook into load assistant what would i do exactly? help on this would really be appreciated as there is practically no one in the internet with as much skill and knowledge as you in these matters.

[janrueth]

haha I don't think I have very deep knowledge in this. First of all you seem to use theos with logos preprocessor (I don't use that, I code it on my own, directly in Objective-C). But basically you just need to switch what is at hook to the class you want to hook now. SALoadAssistant.

I don't have knowledge about how logos is used as I said, I do it manually without the preprocessor this gives me more control

[rotastrain]

come on eich dont be modest. Your god damn good at this.

directly in objective-c meaning using x-code? So if i use theos i would need the header? and if i use x-code i wouldnt?

[janrueth]

No you misunderstood me, I use theos but I don't use logos, the theos preprocessor.

I do write that stuff with X-Code but I just use this as an editor.

I use the theos makefile but instead of these xm files I write mm files (Objective-C++) (the xm files are translated by logos to mm files). However I find it easier to do it directly, it gives me more freedom to do stuff (for example neglecting headers) :D

There you can use something like this to hook into a class:

MSHookMessageEx([NSClassFromString(@"ADAuthenticator") class], @selector(_getSessionRequestForCertificate:completion:), (IMP)replaced__getSessionRequestForCertificate, (IMP *)&original__getSessionRequestForCertificate);

Using NSClassFromString I don't need to include any header for ADAuthenticator. It is all done during runtime (thats the beauty of Objective-C).

http://iphonedevwiki.net/index.php/MobileSubstrate gives an good intro which I also used to learn this

[rotastrain]

oh ok . i took your advice and just hooked into whatever i needed using a mm and it works beautifully.

Also now that we got this stuff sorted, the siri ports that have been made are lacking location services. Thats because the setrequestorigin is giving a "Denied" as a signal. Which means its being denied locaitoninfo from the iphone. Under location settings there isnt any siri thing to toggle. I will investigate this and try to solve it

[janrueth]

also the siri options under General seem to be faulty

[rotastrain]

ok i was looking at the headers now and after reading your advice on the mm files i wanted to ask now --

to get past the authentication did you hook into AdSession.h that is (ADSession) and then set the value of the bool authenticationdisabled to true?

Y i am asking is because if i see a real life example i can then try it out myself and apply it to other places.

[janrueth]

Hm in AFPreferences, thats what session is readin afaik... Not at my computer atm...

[rotastrain]

ok i got a lot to learn ;p

[rotastrain]

It disabled from both ADPrefences and ADSession. About the location thing

1. At first i thought that siri wasn't getting permissions for location data as it was sending a denied back to the server in SetRequestOrigin. I thought if siri asked maybe for location info it may prompt us to give it permission.

I forced it to think that permissions were given by a hook.

the result was that siri started the location request but returned a time out. Still no permission .

when i looked at the log using socat i found that when i go into settings->privacy->location settings it prints out this warning

Oct 17 17:32:27 xxxx-iPhone Preferences[7818] : EntityClassUnknown: com.apple.locationd.bundle-/System/Library/PrivateFrameworks/AssistantServices.framework { BundlePath = "/System/Library/PrivateFrameworks/AssistantServices.framework"; Executable = ""; Registered = ""; Whitelisted = 0; }

also i can't see siri there..

any idea on whats missing?

[rotastrain]

i fixed the location problem and it works now perfectly. I am trying to compile a deb for it but i have one problem.

I need to edit a system plist. i am unable to do so what ever i do. Do you know a way to do it?

i have even tried deleting it but i haven't been successful

[weinzach]

What specifically are you tryin to edit.. I make deb scripts all the time :D

[rotastrain]

It's ok I am now closing this issue. Thank you eich and zdog !