iPhone 通过safari 获取 udid

公司的积分墙业务需要通过udid来判断手机的唯一性,我们通过safari安装描述文件的方法来获取。
1.    编辑描述文件 unsigned.mobileconfig;
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://www.laoqiange.club/receive</string>
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
        </dict>
        <key>PayloadOrganization</key>
        <string>(www.laoqiange.club)</string>
        <key>PayloadDisplayName</key>
        <string>获取UDID</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadUUID</key>
        <string>4C4DC7D2-E475-3375-489C-0BB8D737A121</string>
        <key>PayloadIdentifier</key>
        <string>com.bazikeji.api.beta</string>
        <key>PayloadDescription</key>
        <string>老千哥帮忙获取UDID</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
    </dict>
</plist>


2. 申请一个域名,申请https证书(ios12下载描述文件需要https)

https://www.laoqiange.club

www.laoqiange.club.crt

www.laoqiange.club.key

www.laoqiange.club_ca.crt

3. 描述文件签名

openssl smime -sign -in unsigned.mobileconfig -out signed.mobileconfig -signer www.laoqiange.club.crt -inkey www.laoqiange.club.key -certfile www.laoqiange.club_ca.crt -outform der -nodetach;

4. 配置网页下载文件 signed.mobileconfig
window.location.href="地址";
5   接受udid信息并解析 (记得一定要是 301 调转)
  

 $data = file_get_contents("php://input");
        $plistBegin = '<dict>';
        $plistEnd = '</dict>';
        $posLen = strlen($plistEnd);
        $pos1 = strpos($data, $plistBegin);
        $pos2 = strpos($data, $plistEnd);
        $data = substr($data, $pos1, $pos2 - $pos1 + $posLen);
   try {
         libxml_disable_entity_loader(true);
         $parameter = json_decode(json_encode(simplexml_load_string($data, 'SimpleXMLElement', LIBXML_NOCDATA)), true);
   } catch (Exception $e) {
         header('HTTP/1.1 301 Moved Permanently');  //这里一定要301跳转,否则设备安装会提示"无效的描述文件"
         header("Location: https://www.laoqiange.club/udidShow.html?udid=xml的格式不正确" );
         return;
   }
   $arr = [];
   foreach ($parameter['key'] as $key => $value) {
       $arr[$value] = $parameter['string'][$key];
   }
   $udid = isset($arr['UDID'])?$arr['UDID']:'错误的UDID';
   header('HTTP/1.1 301 Moved Permanently');  //这里一定要301跳转,否则设备安装会提示"无效的描述文件"
   header("Location: https://www.laoqiange.club/udidShow.html?udid=".$udid );


问题:接口没做校验(苹果返回的数据加了验签,但是不会验证),导致用户通过接口灌假数据(fixed)

错误:安装是提示“无效的描述文件”,原因:重定向时状态码不是 301,不确定的话用fillder抓包看一下。

demo:扫一扫获取udid 点击获取(iPhone下safari有效)

iPhone 通过safari 获取 udid》有1个想法

发表评论

电子邮件地址不会被公开。 必填项已用*标注