icloud.js
icloud.js copied to clipboard
foxt
iCloud Advanced Data Protection (PCS)
Currently, trying to access iCloud Drive data while having ADP enabled returns
Error: Missing PCS cookies from the request
Looking at the cookies in a web browser, it seems the X-APPLE-WEBAUTH-PCS-Sharing and X-APPLE-WEBAUTH-PCS-Documents are related
Not sure exactly what PCS stands for, possibly Private/Protected Cloud Service?
The iCloud web app sends an empty post request to https://setup.icloud.com/setup/ws/1/requestWebAccessState?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 to check if the user has consented to
ADP disabled:
{"dsid":8363351371,"isWebAccessAllowed":true}
ADP enabled:
{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}
(ICDRS possibly meaning iCloud Data Recovery Service)
If PCS consent is not granted, iCloud website sends a POST request to https://setup.icloud.com/setup/ws/1/enableDeviceConsentForPCS?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 (with no body), to which the following response is sent
{"isDeviceConsentNotificationSent":true,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}
and a notification is sent to the users iPhone.
The URL https://setup.icloud.com/setup/ws/1/requestWebAccessState?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 is polled with an empty POST.
No consent yet:
{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}
Consent granted:
{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":1674401748101}
The expiry period seems to be 1 hour
When accessing an ADP service, iCloud website, if it knows PCS consent is granted, sends a POST request to
https://setup.icloud.com/setup/ws/1/requestPCS?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=4c1e9a0b-7cba-4c27-a9e3-c6f020fd416e&dsid=12024116479 with {"appName":"iclouddrive","derivedFromUserAction":true} to ensure that PCS cookies are present.
If PCS cookies sent with the request are not valid, but consent is already provided, the following is sent as JSON along with the cookies required
{"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"message":"Cookies attached.","deviceConsentForPCSExpiry":1674400678814,"status":"success"}
If PCS cookies sent with the request is valid, the following is sent
{"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"message":"Cookies already present.","deviceConsentForPCSExpiry":1674400678814,"status":"success"}
