Link to this headingiMessage

imessage Key Verification
Python PoC

https://chrissardegna.com/blog/reverse-engineering-apples-typedstream-format/ iMessage data format

Link to this headingHow it works

iMessage, explained

• Uses the same Service as Push notifications. Apple Push Notification Service (APNs)
  • Can be Bidirectional using the push token

Link to this headingIdentity Registration with IDS

Action: Register your application or device with Apple’s Identity Service (IDS).
Outcome: Obtain an identity keypair consisting of a private and public key. This keypair is essential for cryptographic operations.

Link to this headingPublic Key Lookups

Action: Use the obtained keys to perform public key lookups for other users.
Details: Provide the target accounts (user identifiers) to IDS, which returns identities including public keys, push tokens, and session tokens.
Security Note: Session tokens are short-lived and tied to the requesting account, preventing unauthorized use.

Link to this headingMessage Encryption

• Encryption Methods:
  • Legacy (pair): Use for compatibility but lacks forward secrecy.
  • Modern (pair-ec): Preferred for enhanced security with pre-keys offering forward secrecy.
• Implementation: Encrypt messages using the recipient’s public key