Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
iPhone Newsforums, a part of the
11-14-2011, 11:07 PM #1
Siri Protocol Cracked - Requires iPhone 4S UDID To Run
After carefully looking into Apple’s personal assistant, Siri, mobile developer Applidium has dissected the service’s protocol to develop tools for playing with the service outside of the iPhone 4S. Recent testing done by Applidium mentions that the iPhone 4S uses standard HTTPS network requests to communicate with Apple’s server, but sends data using an “ACE” command rather than regular web GET requests.
According to Applidium, each Siri request an iPhone 4S makes involves a unique host identifier that seems to be based on the hardware UDID, which prevents unauthorized devices from sending requests to Apple’s servers. The developer is reporting success in copying an iPhone 4S host identifier into requests sent from other devices, including a test Mac set up. Applidium said he was able to obtain a correct response after sending a similarly packaged request.
The testing helped prove that Siri sends raw audio captures of the user’s voice, compressed with the Speex audio codec optimized for VoIP.It had been speculated that the iPhone 4S was performing preprocessing of the audio and sending the results to Apple’s servers instead but that turned out incorrect. Applidium’s discovery helps to indicate that any iPhone should be able to support at least Siri’s basic voice recognition features, although Apple previously indicated that they have no plans to release capabilities to earlier iOS 5 models, including the iPhone 4 and iPhone 3GS. Both older models have support for third party speech-to-text services, but Apple doesn’t offer any way to integrate the third party service into any app system wide. This means that users have to dictate into one app and then copy the results elsewhere.
This leaves the iOS platform as the only platform of the three major platforms (the others being Android and Windows Phone 7) which does not offer system wide, integrated voice recognition features. Siri however does go above and beyond the average simple voice recognition. Instead of just converting audio to text, Siri evaluates the meaning of requests and maintains an understanding ot he user’s relationships with specific contacts and contextual session of the location along with other details of a request.
The investigation ended up revealing that Siri packages requests in compressed property lists but further exploration of the protocol is difficult to accomplish due to a number of issues including the complexity of requests. The fact that these requests are tied to a hardware key and are subject to change makes things more difficult as well. As of right now, Apple could stop responding to a given hardware key if they suspected that some exploit was being used. Furthermore, the Siri service is owned by Apple and the company can change how it transmits data whenever they want to.
According to Applidium, “anyone cold now write an Android app that uses the real Siri! Or use Siri on an iPad!” however, in order to access Siri, users would have to find the unique user key of an actual iPhone 4S and use the key until it expired or was blocked by Apple. The latter doesn’t seem like it would be a task that one could get away with. It is currently suspected that Siri will eventually find its way in new models of other iOS devices such as the iPad and iPod Touch as well as the rumored Apple TV in the future though.
What do you think of the whole situation? I know Siri is something many of you are waiting for but we probably won’t see a port unless another work around is found. I can’t imagine using the same iPhone 4S hardware key being a good idea for a prolonged amount of time.
11-14-2011, 11:10 PM #2
In other words, Apple did it right. You want to use Siri, you gotta pay up. It really is one of the more compelling reasons to upgrade from a 4 (when it's working), at least for me. Speed increase is nice but it isn't something I am actually really noticing, and I do still use the iPhone 4 sparingly.
11-14-2011, 11:28 PM #3
im still keeping my hopes up, the hacking community for ios is huge, and we hve a huge demand for this. i work around will be found
11-14-2011, 11:28 PM #4
there is no way apple will blacklist individual iphones. it would be a pr nightmare. first all the iphones in any retail store will be "cloned" next some one will come out with an id generator. what would apple do then? block random innocent peoples iphones?
on another note i think apple is paying off the hackers or something. ive never seen such pussified excuses given out by real hackers.
Last edited by firebrain21; 11-14-2011 at 11:38 PM.
11-14-2011, 11:37 PM #5
It does not use the UDID. I wish it were that simple. It uses a new kind of unique identifier that can only be retrieved by spoofing the Siri domain name with a fake DNS server and intercepting requests from the phone.
11-14-2011, 11:44 PM #6
and how hard is it to doo that you could probably edit the hosts file (or routing tables) or write a simple script and 2nd it doesnt look like thats how applidium did it. according to them they used tcpdump. the id was sent in plaintext in a header
Last edited by firebrain21; 11-14-2011 at 11:51 PM.
11-15-2011, 12:00 AM #7
11-15-2011, 12:33 AM #8
Speed increase is nice but it isn't something I am actually really noticing
11-15-2011, 01:44 AM #9
It's not actually a 4S UDID it needs, but some sort of new key generated by iOS for use with only the Siri servers. This might be because using the UDID to identify devices is now deprecated in iOS 5.
But someone'll probably eventually make a tweak that redirects Siri requests to a similar online third-party service. I wonder if the server address can be redirected by changing an internal function in the headers...
11-15-2011, 02:36 AM #10
Siri runs on older devices...yeah...on the 4...now on the 3GS and now It can be ported to Android! Can't hear that no more!!!!
If you want Siri so badly then get a 4S! If you want a jailbroken device with Siri then wait for the DevTeam!!!
11-15-2011, 03:40 AM #11
"anyone cold now write" little typing error
11-15-2011, 04:56 AM #12
Apple isn't getting another dime from my pocket. We already pay too much just to be told we can't play with the toy how we want to. It'd be nice to see a dev team that wasn't so concerned with wearing a halo and white wings when dealing with certain grey area matters to do with "property" and "rights" if there even is such a thing anymore. We need a grey or black hat dev team. I wouldn't loose any sleep that's for sure. PS I know the rules but the truth is just that and should be openly discussed.
11-15-2011, 05:18 AM #13
Siri is... ok... its obvious that it is still in Beta. Its also obvious that Siri is the first AI product that has been available to the public. It/she just doesn't work the way I want her to. There are major limitations on what functions she can actually execute on the phone, she doesn't understand what I say some of the time, and her responses can be rather delayed... especially when using a hands free device.If Siri is the only thing that you envy when you look at a 4S... then thats pretty sad.I just updated from a 3GS and I'm loving all the other hardware based updates - Siri is more of a gimmick at this point in time.tim
11-15-2011, 06:46 AM #14
I want Siri but once i tried it ill probably never use it. So w/e.. Its cool but not that cool.
11-15-2011, 07:05 AM #15
11-15-2011, 07:29 AM #16
Why should apple release siri FREE for the 3GS or i4 when they can charge you for it? You think they care for the consumer? Um... NO! They want your money!
The Following User Says Thank You to hogcia For This Useful Post:
11-15-2011, 07:44 AM #17
fine, charge for it
Last edited by jeffhesser; 11-15-2011 at 07:50 AM. Reason: tone change!
11-15-2011, 08:08 AM #18
There is a very Siri like application available in the App store. It's called Voice Actions. While it's not free ($4.99), it does work pretty well.
11-15-2011, 08:31 AM #19
So...it's not that they would have had to put in extra effort to make Siri work in legacy devices. They actually put in extra effort to block those devices. I'm trying to think of an analogous or similar situation with another product, but I can't right now.
11-15-2011, 10:45 AM #20
They are a corporation in a free market area. Of course they are trying to profit. Stop buying their stuff if you're so hot and bothered by their policies.
Last edited by Simon; 11-15-2011 at 10:52 AM.