apple-data 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 364470e15839f7c778c71e079e71b390ce25f658badad6fa75dedd951f76aea8
+  data.tar.gz: b42d763751fba1422c89902c3b8291c368164e370db2ef473b931a34b8ed5f56
+SHA512:
+  metadata.gz: ced7544c4aa23fc1f7fcfde68387726ce8aa7f636be4921deb020801a04b7c82cc25bd3221691c263ea1f8f9b9b0bb9d4f0c157c246aee21e3887fae65034f36
+  data.tar.gz: acef047056e1b709c6564c05c2dc59a285aeb5c9a5e9c5cf093676ee8f1567fcd572f436ef969666f65c532aac7d4d7cb1cc61b4a03c909a11eac9c338a56a3e

data/share/4cc.yaml

@@ -0,0 +1,295 @@
+---
+- code: 0Cfg
+  description:
+  usage:
+  - SysCfg
+- code: AAPL
+  description: Generic 4CC for Apple, often Creator Code
+  usage:
+  - Everywhere
+- code: ADDA
+  description:
+  usage:
+  - SysCfg
+- code: BNCH
+  description: Boot Nonce Hash
+  usage:
+  - APTicket
+- code: BNDL
+  description: Loadable Bundle (plugin)
+  usage:
+  - macOS
+- code: BORD
+  description: Board ID
+  usage:
+  - APTicket
+- code: CEPO
+  description: Certificate Epoch
+  usage:
+  - APTicket
+- code: CHIP
+  description: Chip ID
+  usage:
+  - APTicket
+- code: CLHS
+  description:
+  usage:
+  - SysCfg
+- code: CPRO
+  description: Chip Production Status
+  usage:
+  - Boot Policy
+- code: CPRV
+  description: Chip Revision
+  usage:
+  - APTicket
+- code: CSEC
+  description: Chip Security Mode
+  usage:
+  - APTicket
+- code: ECID
+  description: Exclusive Chip ID
+  usage:
+  - APTicket
+- code: EPRO
+  description: Effective Production Status
+  usage:
+  - APTicket
+- code: ESEC
+  description: Effective Security Status
+  usage:
+  - APTicket
+- code: MANB
+  description: Manifest Body
+  usage:
+  - APTicket
+- code: MANP
+  description: Manifest Properties
+  usage:
+  - APTicket
+- code: MOJO
+  description: Mojo Debug Flag
+  usage:
+  - SMC
+- code: Mod#
+  description: Model Number
+  usage:
+  - FDR
+  - SysCfg
+- code: Regn
+  description: Region
+  usage:
+  - FDR
+  - SysCfg
+- code: SDOM
+  description: Security Domain
+  usage:
+  - APTicket
+- code: SrNm
+  description: Serial Number
+  usage:
+  - SysCfg
+- code: WSKU
+  description:
+  usage:
+  - SysCfg
+- code: anef
+  description: Apple Neural Engine Firmware
+  usage:
+  - Firmware
+- code: ansf
+  description: Apple NAND Storage Firmware
+  usage:
+  - Firmware
+- code: aopf
+  description: Always-on-Processor Firmware
+  usage:
+  - Firmware
+- code: appv
+  description:
+  usage:
+  - FDR
+  - SysCfg
+- code: aubt
+  description:
+  usage: []
+- code: auxi
+  description: Auxiliary Kernel Cache Image4 Hash
+  usage:
+  - Boot Policy
+- code: auxp
+  description: User Authorized Kext List Hash
+  usage:
+  - Boot Policy
+- code: auxr
+  description: Kext Receipt Hash
+  usage:
+  - Boot Policy
+- code: avef
+  description: Audio / Video Encryption (DRM) Firmware
+  usage:
+  - Firmware
+- code: bstc
+  description:
+  usage: []
+- code: ciof
+  description:
+  usage:
+  - Firmware
+- code: coih
+  description: CustomKC or fuOS Image4 Hash
+  usage:
+  - APTicket
+- code: csys
+  description:
+  usage: []
+- code: dCfg
+  description:
+  usage:
+  - FDR
+- code: dcp2
+  description:
+  usage: []
+- code: dcpf
+  description:
+  usage: []
+- code: dtre
+  description: Device Tree
+  usage:
+  - Firmware
+- code: eCfg
+  description:
+  usage:
+  - FDR
+  - SysCfg
+- code: fCfg
+  description:
+  usage: []
+- code: gfxf
+  description: Graphics Firmware
+  usage:
+  - Firmware
+- code: ibdt
+  description: iBoot Data
+  usage:
+  - Firmware
+- code: ibot
+  description: iBoot
+  usage:
+  - Firmware
+- code: ispf
+  description: Image Signal Processor Firmware
+  usage:
+  - Firmware
+- code: krnl
+  description: XNU Kernel
+  usage:
+  - Firmware
+- code: ksku
+  description:
+  usage: []
+- code: kuid
+  description: Key Exchange Key Group UUID
+  usage:
+  - Boot Policy
+- code: logo
+  description: iBoot Apple Logo
+  usage:
+  - Firmware
+- code: love
+  description: OS Version
+  usage:
+  - Boot Policy
+- code: lpnh
+  description: Local Policy Nonce Hash
+  usage:
+  - Boot Policy
+- code: lpol
+  description: Local Policy
+  usage:
+  - Firmware
+  - Boot Policy
+- code: nsih
+  description: Next Stage Image4 Hash
+  usage: []
+- code: pmpf
+  description: Power Management Processor Firmware
+  usage:
+  - Firmware
+- code: rlg1
+  description: Restore logo
+  usage:
+  - Firmware
+- code: rlg2
+  description: Restore logo
+  usage:
+  - Firmware
+- code: ronh
+  description: RecoveryOS Policy Nonce Hash
+  usage:
+  - Boot Policy
+- code: rpnh
+  description: Remote Policy Nonce Hash
+  usage:
+  - Boot Policy
+- code: seal
+  description:
+  usage:
+  - FDR
+- code: siof
+  description: Smart-IO Firmware
+  usage:
+  - Firmware
+- code: sip0
+  description: System Integrity Protection (SIP Status)
+  usage:
+  - Boot Policy
+- code: sip1
+  description: System Integrity Protection (Signed System Volume Status)
+  usage:
+  - Boot Policy
+- code: sip2
+  description: System Integrity Protection (Kernel CTRR Status)
+  usage:
+  - Boot Policy
+- code: sip3
+  description: System Integrity Protection (Boot Args Filtering Status)
+  usage:
+  - Boot Policy
+- code: smb0
+  description: Secure Multi-Boot (Security Mode)
+  usage:
+  - Boot Policy
+- code: smb1
+  description: Secure Multi-Boot
+  usage:
+  - Boot Policy
+- code: smb2
+  description: Secure Multi-Boot (3rd Party Kexts Status)
+  usage:
+  - Boot Policy
+- code: smb3
+  description: Secure Multi-Boot (User-allowed MDM Control)
+  usage:
+  - Boot Policy
+- code: smb4
+  description: Secure Multi-Boot (DEP-allowed MDM Control)
+  usage:
+  - Boot Policy
+- code: snon
+  description: Secure Enclave Processor Boot Nonce Hash
+  usage:
+  - APTicket
+- code: tCfg
+  description:
+  usage:
+  - FDR
+  - SysCfg
+- code: tmuf
+  description:
+  usage:
+  - Firmware
+- code: vuid
+  description: Volume Group UUID
+  usage:
+  - Boot Policy

data/share/apns.yaml

@@ -0,0 +1,386 @@
+# SPDX-FileCopyrightText: 2021 Nicolás Alvarez <nicolas.alvarez@gmail.com>
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Legacy incoming commands (current client code seems to support them still):
+# 0x01 connected
+# 0x03 message received
+# 0x06 keep-alive response
+
+0x07:
+  name:  connect
+  label: Connect
+  direction: outgoing
+  items:
+    0x01:
+      name:  token
+      label: Token
+    0x02:
+      name:  state
+      label: State
+    0x05:
+      # the bitfield is not decoded yet, and it doesn't seem easy,
+      # as there's several constant values.
+      name:  flags
+      label: Flags
+    0x06:
+      # 'interface' internally has values [0..4], but the number in this field
+      # is only 0/1 for cellular/WiFi
+      name:  interface
+      label: Interface
+      type: FT_UINT8
+      base: BASE_DEC
+      strings: VALS(interface_string)
+    0x07:
+      name:  active_interval
+      label: Active Interval
+    0x08:
+      name:  carrier
+      label: Carrier
+      type: FT_STRING
+    0x09:
+      name:  software_version
+      label: Software Version
+      type: FT_STRING
+    0x0a:
+      name:  software_build
+      label: Software Build
+      type: FT_STRING
+    0x0b:
+      name:  hardware_version
+      label: Hardware Version
+      type: FT_STRING
+    0x0c:
+      name:  certificate
+      label: Certificate
+    0x0d:
+      name:  nonce
+      label: Nonce
+    0x0e:
+      name:  signature
+      label: Signature
+    0x10:
+      # I *think* this is a protocol version. Values seen:
+      # macOS Sierra: 3
+      # iOS 12.4.8:   6
+      # iOS 13.7:     7
+
+      name:  version
+      label: Protocol Version
+      type: FT_UINT16
+      base: BASE_DEC
+    0x11:
+      name:  redirect_count
+      label: Redirect Count
+      type: FT_UINT16
+      base: BASE_DEC
+    0x13:
+      name:  dns_time
+      label: DNS Resolve Time
+    0x14:
+      name:  tls_time
+      label: TLS Handshake Time
+      type: FT_RELATIVE_TIME
+
+0x08:
+  name:  connected
+  label: Connected
+  direction: incoming
+  items:
+    0x01:
+      name:  connected_response
+      label: Response
+      type: FT_UINT8
+      base: BASE_HEX
+    0x02:
+      name:  server_metadata
+      label: Server Metadata
+      type: FT_STRING
+    0x03:
+      name:  token
+      label: Token
+    0x04:
+      name:  message_size
+      label: Message Size
+      type: FT_UINT16
+      base: BASE_DEC
+    0x06:
+      name:  capabilities
+      label: Capabilities
+      type: FT_UINT32
+      base: BASE_HEX
+      ## whole field: capabilities
+      ## bit0: dualChannelSupport
+      ## bit1: reportLastReversePushRTT
+    0x07:
+      name:  bad_nonce_time
+      label: Server Time For Bad Nonce
+      type: FT_UINT64
+      base: BASE_HEX
+    0x08:
+      name:  large_message_size
+      label: Large Message Size
+      type: FT_UINT16
+      base: BASE_DEC
+    0x09:
+      name:  redirect_reason
+      label: Redirect Reason
+      type: FT_STRING
+    0x0a:
+      name:  server_time
+      label: Server Time
+      type: FT_ABSOLUTE_TIME
+      base: ABSOLUTE_TIME_UTC
+    0x0b:
+      name:  geo_region
+      label: Geo Region
+      type: FT_STRING
+    # This is a timestamp but I don't know what it means
+    0x0c:
+      name:  unknown_ts
+      label: Unknown
+      type: FT_ABSOLUTE_TIME
+      base: ABSOLUTE_TIME_UTC
+
+0x09:
+  name:  filter
+  label: Filter
+  direction: outgoing
+  items:
+    0x01:
+      name:  token
+      label: Token
+    0x02:
+      name:  enabled_hash
+      label: Enabled Topic Hash
+    0x03:
+      name:  ignored_hash
+      label: Ignored Topic Hash
+    0x04:
+      name:  opportunistic_hash
+      label: Opportunistic Topic Hash
+    0x05:
+      name:  paused_hash
+      label: Paused Topic Hash
+
+0x0a:
+  name:  message
+  label: Message
+  direction: both
+  items:
+  # outgoing, 1 is topic hash, 2 is token
+  # incoming, 1 is token, 2 is topic hash
+    0x1:
+      name:  topic_hash
+      label: Topic Hash
+    0x2:
+      name:  token
+      label: Token
+    0x3:
+      name:  payload
+      label: Payload
+    0x4:
+      name:  message_id
+      label: Message ID
+      type: FT_UINT32
+      base: BASE_HEX
+    0x5:
+      name:  expiry
+      label: Message Expiry Time
+      type: FT_ABSOLUTE_TIME
+      base: ABSOLUTE_TIME_UTC
+    0x6:
+      # this is nanoseconds since Unix epoch,
+      # but Wireshark doesn't yet support that
+      name:  timestamp
+      label: Message Timestamp
+      type: FT_UINT64
+      base: BASE_HEX
+    0x9:
+      name:  storage_flags
+      label: Storage Fiags
+      type: FT_UINT8
+      base: BASE_HEX
+    0xd:
+      name:  priority
+      label: Priority
+      type: FT_UINT8
+      base: BASE_HEX
+    0xf:
+      name:  base_token
+      label: Base Token
+    0x15:
+      name:  tracing_uuid
+      label: Message Tracing UUID
+    0x18:
+      name:  correlation_id
+      label: Correlation Identifier
+      type: FT_STRING
+    0x1a:
+      name:  apn_flags
+      label: APN Flags
+      type: FT_UINT32
+      base: BASE_HEX
+    0x1c:
+      name:  push_type
+      label: Push Type
+      type: FT_UINT16
+      base: BASE_DEC
+      strings: VALS(push_type_string)
+    0x19:
+      name:  lastRTT
+      label: Last RTT
+      type: FT_UINT16
+      base: BASE_DEC
+
+0x0b:
+  name:  ack
+  label: Acknowledge Message
+  direction: both
+  items:
+    0x1:
+      name:  token
+      label: Token
+    0x4:
+      name:  message_id
+      label: Message ID
+      type: FT_UINT32
+      base: BASE_HEX
+    0x8:
+      name:  response
+      label: Response
+      type: FT_UINT8
+      base: BASE_HEX
+
+0x0c:
+  name:  keepalive
+  label: Keep-Alive
+  direction: outgoing
+  items:
+    0x01:
+      name:  carrier
+      label: Carrier
+      type: FT_STRING
+    0x02:
+      name:  software_version
+      label: Software Version
+      type: FT_STRING
+    0x03:
+      name:  software_build
+      label: Software Build
+      type: FT_STRING
+    0x04:
+      name:  hardware_version
+      label: Hardware Version
+      type: FT_STRING
+    0x05:
+      name:  interval
+      label: Keepalive Interval
+      type: FT_STRING
+    0x06:
+      name:  delayed_interval
+      label: Delayed Response Interval
+      type: FT_STRING
+
+0x0d:
+  name: keepalive_response
+  label: Keep-Alive Response
+  direction: incoming
+  items:
+    0x1:
+      name:  response
+      label: Response
+      type: FT_UINT8
+      base: BASE_HEX
+
+0x0f:
+  name:  flush
+  label: Flush
+  direction: incoming
+  items:
+    0x1:
+      name:  want_padding
+      label: Want Padding
+      type: FT_UINT16
+      base: BASE_HEX
+
+0x10:
+  name:  flush_response
+  label: Flush Response
+  direction: incoming
+
+0x11:
+  name:  apptoken
+  label: App Token Generate Request
+  direction: outgoing
+  items:
+    0x01:
+      name:  base_token
+      label: Base Token
+    0x02:
+      name:  topic_hash
+      label: Topic Hash
+    0x03:
+      name:  appid
+      label: App ID
+      type: FT_UINT16
+      base: BASE_HEX
+
+0x12:
+  name:  apptoken_response
+  label: App Token Generate Response
+  direction: incoming
+  items:
+    0x01:
+      name:  response
+      label: Response
+      type: FT_UINT8
+      base: BASE_HEX
+    0x02:
+      name:  token
+      label: Token
+    0x03:
+      name:  topic_hash
+      label: Topic Hash
+    0x04:
+      name:  appid
+      label: App ID
+      type: FT_UINT16
+      base: BASE_HEX
+
+0x14:
+  name:  setstate
+  label: Set Active State
+  direction: outgoing
+  items:
+    0x01:
+      name: state
+      label: State
+      type: FT_UINT8
+      base: BASE_DEC
+      strings: VALS(active_state_string)
+    # this is hardcoded to 0x258 ??
+    0x02:
+      name: interval
+      label: Interval
+      type: FT_UINT32
+      base: BASE_HEX
+
+0x16:
+  name:  keepalive_ack
+  label: Keep-Alive Ack
+  direction: incoming
+
+0x17:
+  name:  redirect
+  label: Redirect # ??
+  direction: incoming
+  items:
+    0x02:
+      name:  server_metadata
+      label: Server Metadata
+      type: FT_STRING
+    0x09:
+      name:  redirect_reason
+      label: Redirect Reason
+      type: FT_STRING

data/share/backup.yaml

@@ -0,0 +1,45 @@
+---
+domains:
+  - AppDomainGroup-group.com.apple.tips
+  - AppDomain-com.apple.Music
+  - AppDomain-com.apple.podcasts
+  - HomeDomain
+  - AppDomain-com.apple.mobilenotes
+  - AppDomainGroup-243LU875E5.groups.com.apple.podcasts
+  - AppDomainGroup-group.com.apple.notes
+  - WirelessDomain
+  - AppDomainGroup-group.com.apple.news
+  - AppDomainGroup-group.com.apple.Music
+  - AppDomain-com.apple.news
+  - SysSharedContainerDomain-systemgroup.com.apple.icloud.findmydevice.managed
+  - AppDomain-com.apple.mobilemail
+  - AppDomainPlugin-com.apple.weather.widget
+  - KeyboardDomain
+  - AppDomainGroup-group.com.apple.mail
+  - AppDomainPlugin-com.apple.news.widget
+  - AppDomain-com.apple.mobilesafari
+  - AppDomain-com.apple.ScreenshotServicesService
+  - AppDomain-com.apple.MobileSMS
+  - SysSharedContainerDomain-systemgroup.com.apple.lskdrl
+  - KeychainDomain
+  - AppDomain-com.apple.Maps
+  - SystemPreferencesDomain
+  - SysSharedContainerDomain-systemgroup.com.apple.nearbyd.datastore
+  - AppDomainGroup-group.com.apple.weather
+  - AppDomain-com.apple.SleepLockScreen
+  - AppDomain-com.apple.Passbook
+  - AppDomainGroup-group.com.apple.Maps
+  - SysSharedContainerDomain-systemgroup.com.apple.bluetooth
+  - ManagedPreferencesDomain
+  - NetworkDomain
+  - AppDomainPlugin-com.apple.Maps.GeneralMapsWidget
+  - AppDomainPlugin-com.apple.MobileSMS.MessagesNotificationExtension
+  - AppDomainPlugin-com.apple.Music.Messages
+  - AppDomainPlugin-com.apple.TestFlight.ServiceExtension
+  - RootDomain
+  - AppDomainPlugin-com.apple.AppleMediaDiscovery.AMDEngagementExtension
+  - MediaDomain
+  - AppDomain-com.apple.store.Jolly
+  - SysSharedContainerDomain-systemgroup.com.apple.configurationprofiles
+  - AppDomainPlugin-com.apple.AppStore.ProductPageExtension
+  - SysContainerDomain-com.apple.appstored

data/share/baseband.yaml

@@ -0,0 +1,4 @@
+---
+description: various components of the UTRAN radio system
+esim:
+  root_keys: