[cynicalsecurity]

> In order to generate the “validation data”, pieces of information about the device such as its serial number, model, and disk UUID are used.

Sadly, this is a clear sign the project is going to stop working eventually. At some point, the Apple is simply going to pull the plug.

I remember doing similar tricks when I was a kid. Nowadays I simply won't even care trying. The problem clearly isn't supposed to be solved this way. I'm not even sure if it's a good exercise in programming either. Software development is about doing the things the right way, not exercising in futility.

A better experience would be writing your own message delivery solution, superior to iMessage.

[dinobones]

"I remember doing similar tricks when I was a kid. Nowadays I simply won't even care trying. The problem clearly isn't supposed to be solved this way."

This level of snark is undeserved, and a subtle amount of bitterness/jealousy leaks through.

Even if this stops working, this was a fantastic exercise to learn and practice reverse engineering.

"The problem clearly isn't supposed to be solved this way." No duh, there is no public iMessage API and not even the EU can make that happen. There is nothing wrong with *hacking* a solution to a problem.

"Software development is about doing the things the right way, not exercising in futility." LOL what? Okay thanks Agent Smith, have fun at your BigCo job installing Norton antivirus and pinging me about updating my laptop every 2 weeks.

[zer0zzz]

I think the engineering on this project is a great step forward, I am not a lawyer but I think it’s possibly actually especially a step forward if Apple pulls the plug on this because it will add that much more ammunition to the case regulators have against Apple using their services as gatekeepers.

[wizerdrobe]

> "I remember doing similar tricks when I was a kid. Nowadays I simply won't even care trying. The problem clearly isn't supposed to be solved this way."

For some, being a hacker is a fashion and a phase. Much like being a punk.

[nrb]

> Even if this stops working, this was a fantastic exercise to learn and practice reverse engineering.

I agree in principle, but I’d try to avoid running afoul of the Computer Fraud and Abuse Act against one of the most deep-pocketed legal teams in the history of capitalism.

Extremely impressive work, but whether it’s worth the potential risk is another story, personally speaking.

[mrpippy]

To me, the more concerning paragraph is the next one:

> Note: The binary that generates this “validation data” is highly obfuscated. pypush sidesteps this issue by using a custom mach-o loader and the Unicorn Engine to emulate an obfuscated binary. pypush also bundles device properties such as the serial number in a file called data.plist, which it feeds to the emulated binary.

The binary being emulated was extracted from an old macOS version and is hosted on GitHub: https://github.com/JJTech0130/nacserver. Apple obviously holds the copyright on this binary, and issuing a takedown would be the easiest way to sink this project. I wonder if the Beeper Android app also includes the file, that would be legally problematic.

[jjtech]

I was thinking of finding a way to extract it directly from old Mac OS X updates downloaded directly from Apple... anyway, Beeper's app doesn't use it, that's purely a hack I came up with to make the proof-of-concept easier to use.

[mrpippy]

Interesting, how does Beeper avoid including it?

[hn_throwaway_99]

> I remember doing similar tricks when I was a kid. Nowadays I simply won't even care trying. The problem clearly isn't supposed to be solved this way.

Not to be too harsh (maybe to be somewhat harsh given I had such a distaste for what you wrote?), but why would you post this on a site called Hacker News? I can't think of a better implementation of the "hacker ethos" than this project: look at a hard problem, and when the "straightforward" approach doesn't work, find a workaround.

More to your specific point about "Apple is simply going to pull the plug", there are technical and business reasons why they might not want to, at least not quickly. First, as mentioned in the other Beeper thread, there are lots of older Mac devices without a secure enclave, and breaking Beeper would likely break them as well. Second, from a business and regulatory perspective, Apple might have to do a careful dance regarding how to shut this down without looking blatantly anti-competitive.

[jowea]

I get it and it may be true in this case that Apple can too easily pull the plug, adversarial interoperability has a long history: https://www.eff.org/deeplinks/2019/06/adversarial-interopera...

[ianlevesque]

The messaging space also had the amazing Adium client during the last round of messaging wars, and less amazing Trillian as reverse engineered clients distributed or sold. I for one am excited to see this space heating back up.

[panzi]

And Miranda and Kopete and more. Might have used them all at some point.

[selykg]

Trillian used to be amazing. It is up there in my memory as about as life changing as Winamp was for me personally.

[joshmanders]

I remember being jealous I couldn't use Trillian because I didn't have a way to pay for it. Running AIM, ICQ and MSN all at the same time.

[selykg]

Ah man, it was glorious. I was really just in awe at how I could talk to all my various friends in one app, regardless of which platform they were on. Such a great app. I recently went to the webpage for the app and see it's sort of a shell of its former self and is some sort of business tool now. Kind of a bummer, but such fond memories of how amazing it was back in the peak of the various instant messaging tools, before unlimited text messaging was an affordable option.

[curt15]

>I'm not even sure if it's a good exercise in programming either. Software development is about doing the things the right way, not exercising in futility.

Reverse engineering is a valuable art that can't be learned just from a canonical reference for "the right way". It cultivates the same skills used in debugging.

[haswell]

> Software development is about doing the things the right way, not exercising in futility.

I strongly disagree on the first point, and mostly disagree on the second. The first point is antithetical to the hacker mindset.

Software development is about solving problems using computers and code. Some of the most interesting and impactful work I’ve done involved doing things the “wrong” way as a way to get people’s attention. Some of these prototypes raise awareness. Some of them become the precursor to a project that does things “right”. And sometimes, just getting something to work is the only thing that really matters.

Software development is also about trying things and seeing what works for the sake of learning about it. I’ve written tons of code that never made it to production, but the act of writing it taught me so much that the time was well spent.

> A better experience would be writing your own message delivery solution, superior to iMessage.

This completely misses the point. People don’t want a better experience. They just want to use iMessage on Android. They want to be part of the blue bubble group chats.

Building a new “superior” solution just creates another iteration of the current problem and solves nothing.

[9dev]

There is a wonderful song by a German band, which roughly translates to "Pure reason must never prevail."

Sometimes you grow the most when doing things the way you aren’t supposed to.

[kazinator]

There is also a wonderful book by a German philosopher, titled The Critique of Pure Reason.

[metadat]

> A better experience would be writing your own message delivery solution, superior to iMessage.

May be infeasible, due to network effects

[sbuk]

Evidence exists that, with regards to a messaging platform, this has already been achieved.

[vinniepukh]

wow, haven't read something this off-base ina while