nabla-c0d3
Not working with iMessage
I'm trying to man-in-the-middle iMessage's communications using ssl-kill-switch2, Mitmproxy, and an iPad mini 1st gen running iOS 8.1.3. I can confirm it works on the App Store after following your instructions to kill the App Store daemon so this project can hook into the certificate pinning calls. However, when iMessage is opened, it does not trust the proxy. Instead, apsd (Apple Push Service Daemon) reports the following in idevicesyslog:
May 24 10:14:27 myiPad apsd[618] <Error>: SecTrustEvaluate [leaf NonEmptySubject] May 24 10:14:27 myiPad apsd[618] <Warning>: CFNetwork SSLHandshake failed (-9807)
mitmproxy reports that there was an issue with the SSL Handshake with the client, and this can be seen in Wireshark, where I can see the client iPad receive the certificate, then send a FIN to close the connection.
My first thought was to kill imagent itself so it could be hooked into, but that didn't help. Is it possible that another system daemon is perform the cert validation on behalf of apsd, and returning the result to it, thus the error looks like it originates from apsd? Or do I need to modify the hooks in some way to also pass this NonEmptySubject check, in case it's not handled in some subtle way by kill-switch? Thanks in advance for any help!
