Friday, 18 November 2011

Hackers Crack open Siri’s Protocol to use on any Device including Androids, Macs and PCs

Siri is to Apple what Kinect is to Microsoft. It’s fun, it’s natural and has a great social and, technical potential in it. Hackers are loving to play with it, we have already seen it ported to iPhone 4, iPhone 3GS, iPad and iPod Touch and still talking to Apple’s servers just perfectly and even working with app store apps. But there’s more to that, the ever adventurous hackers are not stopping there and amazing guys from Applidium have gone deep into the science behind Siri. In their adventure of knowing about Siri, they managed to crack open Siri’s protocol and understand how it works, converts voice to text, talks to Apple’s servers and almost everything else.

Apple folks have been clever enough to take every measure to make sure that nobody ever gets his hands on Siri’s protocol. The HTTP requests which Siri makes to Apple’s server are not only secure (i.e HTTPS) but also in binary (whoa!!) so that no human ever understands them, but they did add some texts like a word bplist00 and that’s where Applidium folks got the clue that the content of the HTTP header was actually a plist in binary format. The rest was easy, they translated the binary plists using ‘plutil’ command-line tool for Mac and CFPropertyList with Ruby.

During the course of their Siri conquer, the interesting stuff they found was that address of Apple’s Siri server was guzzoni.apple.com and the length of the content Siri communicates could be as big as 2GB. Siri doesn’t even understand your voice locally, rather sends raw audio data to Apple’s servers and gets the recognized text in return.

After their huge success with understanding Siri’s protocol, Applidium guys have gone ahead to write some tools which any developer can use to write Siri enabled apps on ANY platform. Yes, I mean it! Their tools are written in Ruby, C and Objective C and developers can use them to write Apps for Android, Mac OS and other platforms. For starters, these apps would rip off Siri’s functionality by taking voice commands from a user, translate them to text with iPhone 4S’ perfection and reply to those commands exactly as Siri would, as they would actually connect to Apple’s Siri servers. This all is very exciting with only one complication that a unique iPhone 4S ID (UDID) is checked by Apple’s servers before it replies to Siri queries. In theory a single iPhone 4S UDID can be used on multiple devices to ditch Siri servers but Apple can always block a specific UDID if they find a suspicious behavior.

Applidium guys have created a demo Speech recognition which according to them was done by Apple’s Siri servers without ever going through an iPhone 4S.

PS, no jailbreak was involved in all of this Siri hack!

Update 1: Applidium has released the tools for Siri’s development on all platforms. Grab them on their GitHub.

Update 2: Just a reminder that hackers already had success using custom commands in Siri, reverse engineering of Siri protocol would open new doors to such interesting things.

Update 3: There’s an amazing possibility! In theory, a private Siri server can also be built if one can run a voice recognition system on it. Custom commands + private Siri server = problem solved!

No comments:

Post a Comment