Example #1
0
def readPlist(filename):
    f = open(filename, "rb")
    d = f.read(16)
    f.close()
    if d.startswith("bplist"):
        return BPlistReader.plistWithFile(filename)
    else:
        return plistlib.readPlist(filename)
Example #2
0
def readPlist(filename):
    f = open(filename,"rb")
    d = f.read(16)
    f.close()
    if d.startswith("bplist"):
        return BPlistReader.plistWithFile(filename)
    else:
        return plistlib.readPlist(filename)
Example #3
0
def parsePlist(s):
    if s.startswith("bplist"):
        return BPlistReader.plistWithString(s)
    else:
        return plistlib.readPlistFromString(s)
Example #4
0
def parsePlist(s):
    if s.startswith("bplist"):
        return BPlistReader.plistWithString(s)
    else:
        return plistlib.readPlistFromString(s)
Example #5
0
 def extractBPlist(self, bplist):
     fd = open(bplist,'r')
     data = fd.read()
     bp = BPlistReader(data)
     return bp.parse()
Example #6
0

def aes_ctr_decrypt(data, key, iv=None, ctr=1):
    res = ""
    a = AES.new(key)
    x = a.encrypt("\x00" * 8 + struct.pack(">Q", ctr))
    for i in xrange(0, len(data), 16):
        res += xor_strings(data[i:i + 16], x)
        ctr += 1
        if len(data[i:i + 16]) == 16:
            x = a.encrypt("\x00" * 8 + struct.pack(">Q", ctr))
    return res


#use https://github.com/meeee/pushproxy to intercept
msg = BPlistReader(open("message.plist", "rb").read()).parse()
d = gzip.GzipFile("", fileobj=StringIO(msg["P"].data)).read()
l = struct.unpack(">H", d[1:3])[0]
x = d[3:3 + l]

#extract "iMessage encryption key" from recipient keychain
pk = M2Crypto.RSA.load_key("recipient_key.txt")

#decrypt session key
z = pk.private_decrypt(x[:160], M2Crypto.RSA.pkcs1_oaep_padding)
aes_key = z[:16]
data = z[16:] + x[160:]
#decrypt message payload
decrypted = aes_ctr_decrypt(data, aes_key)
#double gzip !!!
dec = gzip.GzipFile("", fileobj=StringIO(decrypted)).read()