Skip to content

Latest commit

 

History

History
92 lines (59 loc) · 3.06 KB

ios-token-without-reset.md

File metadata and controls

92 lines (59 loc) · 3.06 KB
Raw

Get Device Token Without Resetting on Non-Jailbroken iOS Devices

If you have devices already setup, their tokens could be hidden by default. In that case, if you want to get their tokens without setting them up one by one again, this document would show you the way. Because all the tokens are stored in a file named "######_mihome.sqlite"

Step 1: Create an iOS Unencrypted Backup

Step 2: Extract MiHome database

  1. Install iPhoneBackupTools by Rich Infante
npm i ibackuptool --save
  1. Find the specific backup, we just need the udid
ibackuptool -l

the output would be something like this:

ibackuptool list output

Specifically, we want the udid of the backup.

  1. Extract the file "######_mihome.sqlite"
ibackuptool -b udid_from_step_3 -r backup.files --extract extraction_destination --filter "mihome.sqlite"
  1. Locate the extracted file
cd extraction_destination/AppDomain-com.xiaomi.mihome/Documents
ls | grep mihome

Step 3: Extract Tokens from MiHome database

  1. Open the file in sqlite
sqlite3 77861590_mihome.sqlite
  1. Adjust the options in sqlite3. These options are not necessary, but they do make the final output easier to read.
sqlite> .headers on
sqlite> .mode column

"sqlite>" is the prompt in sqlite3, you only need to type what is after that

  1. Extract the encrypted tokens
sqlite> select ZNAME, ZTOKEN, ZMAC, ZLOCALIP from ZDevice;

mihome encrypted tokens

Step 4: Decrypt Tokens

Ref Obtain MiHome Device Token

  1. The latest Mi Home app store the tokens encrypted into a 96 character key and require an extra step to decode this into the actual token. Visit this website and enter the details as shown below: ** Input type: text

    • Input text (hex): your 96 character key
    • Selectbox Plaintext / Hex: Hex
    • Function: AES
    • Mode: ECB
    • Key (hex): 00000000000000000000000000000000
    • Selectbox Plaintext / Hex: Hex

  2. Hit the decrypt button. Your token are the first two lines of the right block of code. These two lines should contain a token of 32 characters and should be the correct token for your device.

Alternatively, for step 2 of step 4, you can download the decrypted token (filename odt-IV-00000000000000000000000000000000.dat), then use a tool called hexyl, it can output the decrypted token in text, the website only displays it as an image, the font it used for the image output is a bit hard on the eye.

After you install hexyl, run the following command, then you can copen the decrypted token as text. No squinting required.

hexyl path-to-downloaded-file

the output would be like this

hexyl output

the token (32 characters) is the part enclosed in the yellow circle