http://www.theios!exploit.com/2011/12/how-to-grab-iphone-4s-siri-authentication-keys/
note: remove the ! in the link theios
!exploit .. remove this to get link to work..
Prerequisites: Make sure you have Ruby Gems installed on your computer (Mac or Ubuntu) and Install MacPorts for libxml2, openssl, and zlib.
Here’s the Ruby Gems…
sudo gem install eventmachinesudo gem install CFPropertyList
Written Tutorial - First you should download the tools that applidium so graciously posted on github.
- Put those downloaded tools aside for now, and open up Terminal (If you don’t know what that is you should probably give up right now) and change the current directory to your desktop (or whatever directory you’d like to work in).
- We’re going to need to create fake SSL certificates to spoof your iPhone 4S into thinking that your computer is actually Siri’s servers. You’ll need openssl installed (I believe it’s installed by default on Mac OS X).
- Generate your certificate authority by entering the following into Terminalpenssl genrsa -des3 -out ca.key 4096openssl req -new -x509 -days 365 -key ca.key -out ca.crt
- Next you’ll need to generate your server key and request for signing. Make sure to enter guzzoni.apple.com as the Common Name.openssl genrsa -des3 -out server.key 4096openssl req -new -key server.key -out server.csr
- Now we can sign our certificate request using our certificate authorityopenssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.passless.crt
- Now we need to create a version of the server key that doesn’t cause a prompt for a passwordopenssl rsa -in server.key -out server.key.insecuremv server.key server.key.securemv server.key.insecure server.passless.key
- OK, now that we have our certificate’s we can transfer the certificate authority to your iPhone 4S so that it will accept our custom server as Siri’s server. To do this you’ll need the iPhone Configuration Utility which can be found here (Mac only).
EDIT: Instead you can just email the ca.crt file to your iPhone 4S and install it that way. If you do this, you can skip to step 16. (Thanks Büromöbel Team!) - Once that’s downloaded open it up and connect your iPhone 4S to your computer, select File, then New Configuration Profile.
- In the General section enter guzzoni.apple.com as the name, and anything you want in the identifier field (i.e. com.company.profile).
- Select the Credentials section and click Configure.
- Then navigate to the ca.crt file we created earlier and select that.
- Now select your iPhone 4S in the source list on the right side of the window and select the Configuration Profiles tab.
- Next to the profile we just created, select Install.
- You should now be prompted on your iPhone 4S to install then approve the certificate. Do that.
- Now we’ll need to setup a fake DNS server on your computer to fool your iPhone into thinking that your computer is the Siri server. To do this download the python script found here and save it as dns.py.
- Open that file up in your text editor of choice and go to line 29 and change the IP to the local IP address of your computer.
- Now in Terminal go to the directory where that python script is and enter the following:sudo python dns.py
- Now back on your iPhone 4S, go to Settings > WiFi and connect to the same network as your computer.
- Now tap the blue arrow next to the WiFi signal to configure options.
- In the DNS Server field enter the IP address of your computer.
- Now back on your computer open a new Terminal window (leave dns.py running!) and go to the directory with the files we downloaded in the first step. Also make sure that server.passless.key and server.passless.crt are in this directory as well.
- Enter the following into the new Terminal window:sudo ruby siriServer.rb
- Now back on your iPhone 4S make a dictation request with Siri. For example, go to the Notes app and tap the microphone next to the space bar and say something.
- If everything worked you should see a bunch of text in the Terminal window. This will give you everything you need to get Siri to authenticate using the other various tools downloaded in step 1. You’ll want to replace all the instances of COMMENTED_OUT in the ruby scripts with the data that was dumped into Terminal.
- You are DONE! Watch part 2 of the video (last 8 minutes) to get it installed on your phone!