Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Two-step verification
See original GitHub issueHello!
Firstly, I want to say thank you for developing this great tool. It is exactly what I have been looking for.
Secondly, please forgive me if this question has already been covered, and if I word it in a less than technical manner.
Is there a way of using this tool with two-step verification enabled on my account? Can I obtain (and use) the DsPrsID/mmeAuthToken? I have tried using an app-specific password I generated, too, but this doesn’t seem to work. I receive the following message:
[main] Warn c.g.h.i.cloud.auth.Authenticator - --authenticate() - HttpResponse Exception: Unauthorized: Exception in thread "main" org.apache.http.client.HttpResponseException: Bad appleID/ password or not an iCloud account?
at com.github.horrorho.inflatabledonkey.cloud.auth.Authenticator.authenticate(Authenticator.java:81)
at com.github.horrorho.inflatabledonkey.Main.main(Main.java:125)
Thanks in advance for any suggestions/updates on this matter.
Issue Analytics
- State:
- Created 7 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
You can definitely use InflatableDonkey with a 2SV account. The process of obtaining the MMeAuthToken is the tricky part. Any iCloud device that you use has to use this token to connect to iCloud in the background without asking for verification (Contacts sync, Photo Library, iMessage etc).
So you cannot obtain this token AFTER enabling 2SV without going through a few hoops.
Do you have a Mac or PC with iCloud logged in? If you do, you can get a token using Elcomsoft Token Extractor (no endorsement, just a great tool). It is free.
If you don’t have a computer with iCloud logged in, find a computer, log into / install iCloud, use the Token extractor and then write down the token somewhere. Then log out. This token will be valid forever until you change your iCloud Password (or if you enable/disable 2SV I believe, although I have never actually tested this. So another possibility is to disable 2SV, get the token using InflatableDonkey, and then enable 2SV, and the token may work. Again, not positive, but worth a shot).
If you don’t want to use a computer, you can also intercept the HTTPS traffic coming in / out of your iOS device, by installing a root CA and using MITMproxy or Burp or a similar MITM tool. By inspecting any background iCloud requests that your phone is making, you will find an MMeAuthToken encoded in base64 in the Authorization header of the HTTPS request. This is slightly less intuitive and easy as the token extractor, so I recommend you go that route.
If you have 2SV enabled and try to use InflatableDonkey with just your Apple ID and Password, the credentials will not work (HTTP 409), because of the 2SV. So just pipe your DSID and MMeAuthToken into InflatableDonkey and it will bypass the 2SV. Elcomsoft will also get your DSID for you. Pretty great stuff!
The token should look something like this
DSID: xxxxxxxxxx (9-11 chars) Token: Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (40 chars)
That worked perfectly. Thank you very much, manwhoami!