Siri

Just a few days ago mobile app development firm applidium managed to crack the Siri protocol. While this does not mean anything for Siri on older iOS devices, it’s still quite interesting. What they’ve done allows virtually any device to interact with Siri’s servers. Unfortunately, to accomplish this you’ll need some data from a real iPhone 4S. Applidium’s tutorial for doing this is not very in-depth, so I thought I’d post a slightly more in-depth guide to getting the necessary data from an iPhone 4S. This guide assumes that you’ll be running Mac OS X 10.7.2, but in theory any UNIX operating system should work with a few simple tweaks.

1. EDIT: Also forgot to mention that you’ll need to install a few ruby gems for the ruby scripts to work. Run the following commands in Terminal to get those:

   sudo gem install eventmachine
   sudo gem install CFPropertyList

2. EDIT 2: You’ll also need libxml2, openssl, and zlib installed. I used MacPorts for this, but you can install however you’d like.
3. First you should download the tools that applidium so graciously posted on github.
4. Put those downloaded tools aside for now, and open up Terminal (If you don’t know what that is you should probably give up right now) and change the current directory to your desktop (or whatever directory you’d like to work in).
5. We’re going to need to create fake SSL certificates to spoof your iPhone 4S into thinking that your computer is actually Siri’s servers. You’ll need openssl installed (I believe it’s installed by default on Mac OS X).
6. Generate your certificate authority by entering the following into Terminal:

   openssl genrsa -des3 -out ca.key 4096
   openssl req -new -x509 -days 365 -key ca.key -out ca.crt

7. Next you’ll need to generate your server key and request for signing. Make sure to enter guzzoni.apple.com as the Common Name.

   openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr
   

8. Now we can sign our certificate request using our certificate authority

   openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.passless.crt

9. Now we need to create a version of the server key that doesn’t cause a prompt for a password

   openssl rsa -in server.key -out server.key.insecure
   mv server.key server.key.secure
   mv server.key.insecure server.passless.key

10. OK, now that we have our certificate’s we can transfer the certificate authority to your iPhone 4S so that it will accept our custom server as Siri’s server. To do this you’ll need the iPhone Configuration Utility which can be found here (Mac only).
11. Once that's downloaded open it up and connect your iPhone 4S to your computer, select File, then New Configuration Profile.
12. In the General section enter guzzoni.apple.com as the name, and anything you want in the identifier field (i.e. com.company.profile).
13. Select the Credentials section and click Configure.
14. Then navigate to the ca.crt file we created earlier and select that.
15. Now select your iPhone 4S in the source list on the right side of the window and select the Configuration Profiles tab.
16. Next to the profile we just created, select Install.
17. You should now be prompted on your iPhone 4S to install then approve the certificate. Do that.
18. Now we'll need to setup a fake DNS server on your computer to fool your iPhone into thinking that your computer is the Siri server. To do this download the python script found here and save it as dns.py.
19. Open that file up in your text editor of choice and go to line 29 and change the IP to the local IP address of your computer.
20. Now in Terminal go to the directory where that python script is and enter the following:

    sudo python dns.py

21. Now back on your iPhone 4S, go to Settings > WiFi and connect to the same network as your computer.
22. Now tap the blue arrow next to the WiFi signal to configure options.
23. In the DNS Server field enter the IP address of your computer.
24. Now back on your computer open a new Terminal window (leave dns.py running!) and go to the directory with the files we downloaded in the first step. Also make sure that server.passless.key and server.passless.crt are in this directory as well.
25. Enter the following into the new Terminal window:

    sudo ruby siriServer.rb

26. Now back on your iPhone 4S make a dictation request with Siri. For example, go to the Notes app and tap the microphone next to the space bar and say something.
27. If everything worked you should see a bunch of text in the Terminal window. This will give you everything you need to get Siri to authenticate using the other various tools downloaded in step 1. You'll want to replace all the instances of COMMENTED_OUT in the ruby scripts with the data that was dumped into Terminal.

Please note that this tutorial does not illustrate how to get Siri working on older iOS devices, it simply tells you how to get the necessary authentication information from a live iPhone 4S. You can use what you've learned here to communicate with Siri from your Mac, and essentially any other device using the tools provided in step 1.