Figuring out how iSync interacts with .Mac

Where are we now?

[2/20/2004] Since I have gotten numerous emails asking me what has happened since I wrote this page, I wanted to post a short update. At this point I have not pursued this any further; I satisfied my curiosity and hopefully provided someone else enough information to get a jumpstart. I do hope someone takes up the task and if you are that person, let me know and I will link to your work.

What am I doing?

I have been playing with iSync since the public beta came out. I think it is cool. I do not have a permanent .Mac account, but I was very curious about the .Mac syncing. After reading Otto Moerbeek's article about using Backup without a .Mac account I was interested to try to see what I could do with iSync. I am not writing this as a HOWTO for doing this yourself, I am just documenting my work. I am assuming you are familiar with using UNIX, SSL, PKI, Apache, XML, and probably some other stuff too.

Getting iSync to talk to my server

The first thing to do was to get iSync talking to my server instead of Apple's. Using tcpdump I found the host that iSync was attempting to communicate with. In my /etc/hosts file, I added an entry for that had it's IP address set to my server. Next I set up Apache to serve an SSL site on my server at the IP listed above. The certificate that I used initially was a simple self-signed certificate. This is similar to what Otto did when working with Backup.

I fired up iSync and tried to register my machine. As I expected, this attempt did connect to my server, but failed in the SSL negotiation before even requesting a URL. From my server logs, it appeared that iSync closed the connection immediately after getting the server certificate. My initial surmise was that iSync was checking the content of the server certificate to verify that it was from an Apple server.

So I created a new self-signed certificate with the same data that is in the Apple certificate. The information I used is below:

C=US ST=California L=Cupertino O=Apple Computer Inc. OU=Internet Services

This did not get me anywhere, the same error occured. In thinking about it more, I came to the conclusion that iSync doesn't care about the contents of the certificate as long as it came from a trusted root CA. Now, I was not about to go pay for a server cert signed but I do have my own CA I could use. But I would need to get my OS X box to trust my CA. This took a little bit of reasearch and help from a mailing list I am on. Below is what I needed to do:

# cp /System/Library/Keychains/X509Anchors ~/Library/Keychains # /usr/bin/certtool i my_root_ca.der d k=X509Anchors # sudo cp ~/Library/Keychains/X509Anchors /System/Library/Keychains

At last! Success! iSync died with a different error, but from looking at the server logs, it did negotiate the SSL connection and was able to request the URL.

What does iSync want?

I saw that iSync was POSTing a request to /servlet/f1.xml.ServiceRequestV3 with XML data. I modified a Perl script I had for tracking attempted IIS server exploits so that it would proxy the requests coming from my computer to Apple's server and recording the conversation.

image of proxy

I was then able to use iSync to see how the conversations worked. I used a trial .Mac account which should work just fine. All of the requests and replies are XML. I have listed some of the interactions below (with userids and passwords removed).

Registration of first machine and first Sync

What next?

The transactions above give a good amount of information. I am not sure what I will do with it at this point, as much of my curiosity has been satisfied. But things that would be next are as follows:

That is all that I can think of now. I can be reached below if you have any questions.