Thank you very much for building and open-sourcing ipatool! I'm doing research on data protection in Android and iOS apps, so this is very helpful.
Previously, I was (ab)using 3uTools for downloading IPAs but having to do that manually through a GUI was of course very cumbersome for the thousands of apps I need.
This PR adds support for downloading apps the used Apple ID doesn't already own (and thus fixes #28), a feature I need.
This is based on quite a lot of trial and error, and fighting with Apple's servers. I've looked at the network traffic of every program that can download IPAs that I could find. As you said, Apple Configurator 2 doesn't have the capability to buy new apps (same for tools based on that API, like iMazing). But older versions of iTunes could also download and buy apps (3u's mechanism is based on that, and I've also observed the same requests from the iOS App Store a year ago, though they seem to have changed that since…) through this endpoint:
Surprisingly, this endpoint also works with a Configurator user agent and corresponding auth cookies, though it behaves a little differently for that (for iTunes, it returns essentially the same information as the volumeStoreDownloadProduct endpoint, but for Configurator, it doesn't include the download URL in the response). Luckily, it seems like many of the parameters iTunes sets (including the dreaded kbsync) aren't actually necessary and can just be left out from the request.
I've tested this on two different Apple IDs, so hopefully it should work universally.
Thank you very much for building and open-sourcing ipatool! I'm doing research on data protection in Android and iOS apps, so this is very helpful.
Previously, I was (ab)using 3uTools for downloading IPAs but having to do that manually through a GUI was of course very cumbersome for the thousands of apps I need.
This PR adds support for downloading apps the used Apple ID doesn't already own (and thus fixes #28), a feature I need.
This is based on quite a lot of trial and error, and fighting with Apple's servers. I've looked at the network traffic of every program that can download IPAs that I could find. As you said, Apple Configurator 2 doesn't have the capability to buy new apps (same for tools based on that API, like iMazing). But older versions of iTunes could also download and buy apps (3u's mechanism is based on that, and I've also observed the same requests from the iOS App Store a year ago, though they seem to have changed that since…) through this endpoint:
https://buy.itunes.apple.com/WebObjects/MZBuy.woa/wa/buyProduct
Surprisingly, this endpoint also works with a Configurator user agent and corresponding auth cookies, though it behaves a little differently for that (for iTunes, it returns essentially the same information as the
volumeStoreDownloadProduct
endpoint, but for Configurator, it doesn't include the download URL in the response). Luckily, it seems like many of the parameters iTunes sets (including the dreadedkbsync
) aren't actually necessary and can just be left out from the request.I've tested this on two different Apple IDs, so hopefully it should work universally.