Skip to content

Latest commit

 

History

History
85 lines (79 loc) · 3.88 KB

README.md

File metadata and controls

85 lines (79 loc) · 3.88 KB

Minimal DIY UDID Retriever

  • Green Verified (signed) .mobileconfig
  • HTTPS web-server
  • Go for cross-platform single-binary deployment
  • Open-source and private
    • I created this to protect my Ad Hoc testers' privacy

Rough guide for Ubuntu 18.04 LTS AMD64 VPS

  • No other guide/support will be provided
  • Non-bug issues will be closed
  • Sorry, I don't have the bandwidth
  • Forks/maintainers welcome
  1. git clone https://github.com/EmperorEarth/udid && cd udid
  2. Create VPS
    a. Digitalocean Droplet, AWS EC2, etc
    b. Recommend 18.04 LTS amd64 if using Ubuntu
  3. Choose URL
    a. Need this for Let's Encrypt certificate
    b. Can be domain.tld or subdomain.domain.tld
  4. Point URL to VPS
  5. Replace subdomain.domain.tld in listed files with your chosen URL
    a. main.go:23
    b. udid_unsigned.mobileconfig:8 (keep /upload)
  6. Generate a UUID
    a. Online UUID generator
  7. Replace 12345678-1234-1234-1234-1234567890ab with your generated UUID
    a. udid_unsigned.mobileconfig:21
  8. GOARCH=amd64 GOOS=linux go build -o udid
    a. go build documentation
    b. valid GOARCH + GOOS combinations
  9. sftp/psftp to VPS
  10. put/mput udid binary and udid_unsigned.mobileconfig
  11. sudo setcap 'cap_net_bind_service=+ep' ./udid && chmod 500 ./udid
    a. Allows server binary to bind to 80 & 443 (and other privileged ports < 1024)
    b. Changes server binary permissions to read/execute by logged in user
  12. ./udid
    a. Starts server to generate TLS Certificate from Let's Encrypt
  13. Navigate to subdomain.domain.tld/foo adjust URL (keep /foo)
    a. Encourages server to generate TLS certificate faster
  14. Refresh until browser receives valid TLS certificate (locked lock icon left of URL in Chrome)
  15. ls certificates/ should show a new file subdomain.domain.tld
  16. Using whichever text editor you prefer, copy parts of certificates/subdomain.domain.tld into various files
    a. Copy from -----BEGIN EC PRIVATE KEY----- until -----END EC PRIVATE KEY----- into private-key.pem
    b. Copy from the first -----BEGIN CERTIFICATE----- until the first -----END CERTIFICATE----- into certificate.pem
    c. Copy from the second -----BEGIN CERTIFICATE----- until the second -----END CERTIFICATE----- into certificate-authority.pem
  17. openssl smime -sign -signer ./certificate.pem -inkey ./private-key.pem -certfile ./certificate-authority.pem -nodetach -outform der -in ./udid_unsigned.mobileconfig -out ./udid.mobileconfig
    a. Signs your .mobileconfig file so users will see a green Verified
  18. sudo vi /etc/systemd/system/udid.service
    a. Creates config file for a systemd service that will start on startup/crash
    b. See Sample SystemD config file section for sample config
  19. sudo systemctl enable udid
    a. Links and enables systemd on each startup/crash
  20. sudo reboot
    a. sudo systemctl start udid won't log properly until restart
    b. Something wonky with journalctl. if you have a fix, please file an issue
  21. Navigate to subdomain.domain.tld on an iPhone

Sample SystemD config file

  • Replace username with VPS username
[Unit]
Description=UDID service
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
WorkingDirectory=/home/username
ExecStart=/home/username/udid
ExecStop=/usr/bin/pkill udid
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target

Assorted notes

  • Lines 15, 17, 23, 25 are customizable in udid_unsigned.mobileconfig
  • Go cross compiles, so I recommend installing it locally
  • Installing Go documentation
  • If using ufw, make sure http&https are allowed
    • sudo ufw allow http
    • sudo ufw allow https