What does the iOS Diagnostics App Send to Apple?

I was asked by an Apple rep to send in diagnostic logs via the iOS diagnostics app in an attempt to diagnose a reboot/battery issue with an iPhone 4S.

Curious as to how this information was collected and more importantly what was collected, I fired up my new friend Fiddler 🙂

Below are my main observations of the iOS diagnostics app running on an iTouch with iOS 6.1

  • To access the diagnostics app, open a browser and type the URL: diags://1 (the 1 is the ticket number of your support case – usually it is 5 digits)
  • When the diagnostics app opens, it pulls in some configuration (such as the validation server to use, where to send the logs to etc) from https://configuration.apple.com/configurations/retail/mobileBehaviorScan_1.1.plist
  • Now I enter any random 5 digit ticket number and hit Send. The validation to check the ticket number is valid is quite poor as the app only checks that it has received a HTTP 200. An invalid ticket number will return a 401 unauthorised but we can fix this with Fiddler 🙂
  • Below is what the app sends to Apple; it includes a list of the applications on the device (including Cydia so the Apple rep will know whether my device is JailBroken or not!), some battery stats and more

  • As you can see in the last few lines, the app also sends some additional diagnostics but I have not been able to find where they are! SSHing to the device to the /tmp directory provides nothing useful and also doing executing the below command to find files modified under 5 minutes did not give anything useful.

That’s all for now!

5 thoughts on “What does the iOS Diagnostics App Send to Apple?”

  1. Do apple get back to you when the figure out what is wrong or what happens? I did the diagnostics about an hour ago but nothing happened. Is that normal?

    1. Hey, you actually need to create a support case with Apple first. Then if required, they will ask you to send the diagnostics with the ticket number being the reference to the app. Then they will get back to you and tell you if something is wrong. In my case the support guy wanted to see if something was wrong with the iOS software. It ended up being a hardware issue with the battery but as the phone was just over a year old (Apple warranty = 1 year) they charged for a replacement battery.

  2. Hi there,

    First of all, thank you for making this post!

    I’m “codyc1515” from the post at the MacRumors forum (http://forums.macrumors.com/showthread.php?t=1008756). I looked into this some time ago and looked into it again recently after having to get an iOS repair done again.

    Anyway, the binary code is actually a ZIP file of two log files (/private/var/logs/AppleSupport/general.log & /private/var/mobile/Library/Logs/AppleSupport/general.log). It’s extraordinarily hard to extract their contents due to their nature but I managed to extract it after a little playing around. It’s not that interesting and looks like the following:

    Device Software Diagnostic Log
    Version: 3
    OS-Version: iPhone OS 6.1.3 (10B329)
    Model: iPad3,4
    Serial Number: XXXXX0XXX123
    Created: 3/22/2013 0:53:27 +1300

    2013-03-22 02:07:11 +1300,109,3CC511F2-52AC-426A-946A-5316241DD7D3,0,deadonarrival,KERN_INVALID_ADDRESS at 0x00000001
    2013-03-22 15:53:01 +1300,3,0.000000,0.000000,100,4133,0

    Also like this:
    Device Software Diagnostic Log
    Version: 3
    OS-Version: iPhone OS 6.1.3 (10B329)
    Model: iPad3,4
    Serial Number: XXXXX0XXX123
    Created: 3/22/2013 0:53:27 +1300

    2013-04-03 23:32:04 +1300,198,2067D01D-8992-4D4D-99CA-459CDCF03C5B,GmailHybrid,GmailHybrid,536444928
    2013-04-03 23:32:13 +1300,198,6775552A-5918-4C8A-A1C1-C58205417190,GmailHybrid,GmailHybrid,482787328

    1. Hey, thanks for the update – I was hoping those logs would contain some juicy, sensitive info due to being tricky to find and extract but oh well… maybe next time 😉
      What is wrong with your iOS device? The ‘deadonarrival’ caught my eye.

Comments are closed.