Giter Site home page Giter Site logo

applecache's Introduction

Apple Cache

This is a reverse engineering attempt of the Apple Content Caching system.

The goal of this project is to challenge myself in a serious reverse engineering attempt while also creating something I want to make: an Apple Content Cache that works on Linux servers.

NOTE: asset-cache-tool is a continuation of some of this work.

A Note to Apple

Dear Apple,

I am a good faith actor and due to the design of cache, I do not believe this should cause any harm. Should you consider otherwise, contact me via my email: [email protected]

Thanks, Alex

A Note to Users

Please do not abuse the content you see here. I am trying to do this in good faith and do not condone any malicious use of the Apple Content Cache system, whatever that may be.

Content Caching

Content Caching is available in the Sharing section of System Preferences. It is used to cache content on your local network for public Apple content or iCloud content. The /usr/libexec/AssetCache/AssetCache is responsible for a majority of the work. It has an HTTP server that has an API that allows fetching and uploading of content from the server.

Research

Additionally, packet captures are provided in the captures directory.

Methodology

The work here was done by using Charles Proxy and Frida.

The tools/frida-ssl-pin.js file is a Frida script that can attach to any macOS process and disable all SSL verification and SSL certificate pinning. This has allowed me to deeply examine the requests going to Apple's servers. This script is likely useful for many other use cases. If anyone else uses it, I'd love to hear about how it was used (I'm a super huge nerd and am quite interested in reverse engineering). Note that SIP will need to be disabled in order to correctly use it.

I also have a modified Frida Python script which targets launchd to inject the SSL pinning and verification disable script. Since AssetCache is spawned by launchd, you can attach Frida to launchd, and wait spawn AssetCache via the service. The script is located at: tools/frida-ssl-pin-target.py, just do pip3 install frida frida-tools and run the script.

applecache's People

Contributors

azenla avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.