{"id":823,"date":"2013-05-05T15:00:51","date_gmt":"2013-05-05T14:00:51","guid":{"rendered":"http:\/\/emtunc.org\/blog\/?p=823"},"modified":"2017-02-24T15:39:48","modified_gmt":"2017-02-24T15:39:48","slug":"what-does-the-ios-diagnostics-app-send-to-apple","status":"publish","type":"post","link":"https:\/\/emtunc.org\/blog\/05\/2013\/what-does-the-ios-diagnostics-app-send-to-apple\/","title":{"rendered":"What does the iOS Diagnostics App Send to Apple?"},"content":{"rendered":"<p>I was asked by an Apple rep to send in diagnostic logs via the iOS diagnostics app in an attempt to diagnose a reboot\/battery issue with an iPhone 4S.<\/p>\n<p>Curious as to how this information was collected and more importantly <strong>what<\/strong> was collected, I fired up my new friend Fiddler \ud83d\ude42<\/p>\n<p><!--more--><\/p>\n<p>Below are my main observations of the iOS diagnostics app running on an iTouch with iOS 6.1<\/p>\n<ul>\n<li>To access the diagnostics app, open a browser and type the URL: diags:\/\/1 (the 1 is the ticket number of your support case &#8211; usually it is 5 digits)<\/li>\n<li>When the diagnostics app opens, it pulls in some configuration (such as the validation server to use, where to send the logs to etc) from https:\/\/configuration.apple.com\/configurations\/retail\/mobileBehaviorScan_1.1.plist<\/li>\n<li>Now I enter any random 5 digit ticket number and hit <em>Send<\/em>. The validation to check the ticket number is valid is quite poor as the app only checks that it has received a HTTP 200. An invalid ticket number will return a 401 unauthorised but we can fix this with Fiddler \ud83d\ude42<\/li>\n<li>Below is what the app sends to Apple; it includes a list of the applications on the device (including Cydia so the Apple rep will know whether my device is JailBroken or not!), some battery stats and more<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">POST https:\/\/iosdiags.apple.com:443\/MR3Server\/MR3Post HTTP\/1.1\r\nHost: iosdiags.apple.com:443\r\nProxy-Connection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: multipart\/form-data; boundary=0xKhTmLbOuNdArY\r\nCookie: NSC_MCWT_hey_HEY_JPT_BQQ_80_443=ffffffff122a8e4345525d5f4f58455e445a4a422cd5\r\nAccept-Language: en-us\r\nAccept: *\/*\r\nContent-Length: 9319\r\nConnection: keep-alive\r\nUser-Agent: iOS%20Diagnostics\/1.0 CFNetwork\/609.1.4 Darwin\/13.0.0\r\n\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"CycleCount\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n0\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"DesignCapacity\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n930\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"properties\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n{\"battery\":{\"designCapacity\":930,\"cycleCount\":0,\"fullChargeCapacity\":930},\"aggd\":{\"com.apple.power.wake_reasons.user\":{\"2013-04-23\":2,\"2013-04-21\":5,\"2013-04-30\":1,\"2013-04-24\":1,\"2013-05-04\":1,\"2013-04-25\":2},\"com.apple.power.wake_reasons.other\":{\"2013-05-04\":1},\"netstats.counts.TCP.en0.KBIn.com.apple.AppStore\":{\"2013-04-21\":1673},\"netstats.counts.TCP.en0.KBIn.com.apple.MobileStore\":{\"2013-04-21\":115},\"netstats.counts.TCP.en0.KBIn.com.apple.SpringBoard\":{\"2013-04-21\":10},\"netstats.counts.TCP.en0.KBOut.com.apple.SpringBoard\":{\"2013-04-21\":12},\"netstats.counts.TCP.en0.KBOut.com.apple.MobileStore\":{\"2013-04-21\":2},\"netstats.counts.TCP.en0.KBIn.com.apple.http\":{\"2013-04-21\":1236},\"netstats.counts.TCP.en0.KBIn.com.apple.apsd\":{\"2013-04-21\":6},\"netstats.counts.TCP.en0.KBOut.com.apple.geod\":{\"2013-04-21\":12},\"netstats.counts.TCP.en0.KBIn.com.apple.CFNetworkAgent\":{\"2013-04-21\":4},\"netstats.counts.TCP.en0.KBIn.com.yourcompany.PPClient\":{\"2013-04-21\":104},\"netstats.counts.TCP.en0.KBIn.com.apple.itunesstored\":{\"2013-04-21\":58340},\"netstats.counts.TCP.en0.KBOut.com.apple.itunesstored\":{\"2013-04-21\":65},\"netstats.counts.TCP.en0.KBIn.com.apple.configd\":{\"2013-04-21\":0,\"2013-05-04\":0},\"netstats.counts.TCP.en0.KBIn.com.antoniocalatrava.fakelocation\":{\"2013-04-21\":0},\"netstats.counts.TCP.en0.KBIn.com.apple.unknown\":{\"2013-04-21\":3},\"com.apple.power.wake_reasons.wlan\":{\"2013-04-21\":169},\"netstats.counts.TCP.en0.KBIn.uk.co.bbc.iplayer\":{\"2013-04-21\":0},\"netstats.counts.TCP.en0.KBOut.com.apple.unknown\":{\"2013-04-21\":1},\"netstats.counts.TCP.en0.KBOut.com.yourcompany.PPClient\":{\"2013-04-21\":52},\"com.apple.power.wake_reasons.rtc\":{\"2013-04-28\":8,\"2013-04-21\":25,\"2013-04-23\":29,\"2013-05-02\":28,\"2013-04-25\":37,\"2013-05-04\":19,\"2013-04-20\":28,\"2013-04-29\":29,\"2013-05-01\":28,\"2013-04-22\":28,\"2013-04-24\":27,\"2013-04-30\":27,\"2013-05-03\":26,\"2013-04-26\":11},\"netstats.counts.TCP.en0.KBOut.com.apple.mobilemail\":{\"2013-04-21\":2,\"2013-05-04\":0},\"netstats.counts.TCP.en0.KBIn.com.skype.skype\":{\"2013-04-21\":37},\"netstats.counts.TCP.en0.KBOut.com.apple.CFNetworkAgent\":{\"2013-04-21\":0},\"netstats.counts.TCP.en0.KBOut.uk.co.bbc.iplayer\":{\"2013-04-21\":10},\"netstats.counts.TCP.en0.KBOut.com.apple.configd\":{\"2013-04-21\":0,\"2013-05-04\":0},\"netstats.counts.TCP.en0.KBIn.com.apple.locationd\":{\"2013-04-21\":1893},\"netstats.counts.TCP.en0.KBIn.com.apple.geod\":{\"2013-04-21\":404},\"netstats.counts.TCP.en0.KBOut.com.antoniocalatrava.fakelocation\":{\"2013-04-21\":0},\"netstats.counts.TCP.en0.KBOut.com.apple.locationd\":{\"2013-04-21\":10},\"netstats.counts.TCP.en0.KBOut.com.apple.http\":{\"2013-04-21\":36},\"netstats.counts.TCP.en0.KBIn.com.getdropbox.Dropbox\":{\"2013-04-21\":2},\"netstats.counts.TCP.en0.KBIn.com.saurik.Cydia\":{\"2013-04-21\":2860},\"netstats.counts.TCP.en0.KBIn.com.apple.securityd\":{\"2013-04-21\":24},\"com.apple.power.wake_reasons.usb\":{\"2013-04-26\":1},\"netstats.counts.TCP.en0.KBOut.com.skype.skype\":{\"2013-04-21\":12},\"netstats.counts.TCP.en0.KBOut.com.apple.AppStore\":{\"2013-04-21\":56},\"netstats.counts.TCP.en0.KBOut.com.getdropbox.Dropbox\":{\"2013-04-21\":4},\"netstats.counts.TCP.en0.KBOut.com.apple.securityd\":{\"2013-04-21\":2},\"netstats.counts.TCP.en0.KBOut.com.saurik.Cydia\":{\"2013-04-21\":603},\"netstats.counts.TCP.en0.KBOut.com.apple.apsd\":{\"2013-04-21\":0},\"netstats.counts.TCP.en0.KBIn.com.apple.mobilemail\":{\"2013-04-21\":3,\"2013-05-04\":0}},\"basic\":{\"diskCapacity\":30582988800,\"deviceColor\":\"black\",\"bluetoothAddress\":\"70:56:81:AA:BB:CC\",\"batteryLevel\":80,\"deviceName\":\"emtunc\u2019s iPod\",\"serialNumber\":\"ABCDEFGHIJKL\",\"systemUptime\":723738.9482684167,\"deviceVersion\":\"6.1\",\"wifiAddress\":\"70:56:81:AA:BB:CC\",\"backlightLevel\":0.2031707,\"deviceType\":\"iPod4,1\",\"modelNumber\":\"MC544\",\"currentUsageTime\":4516.095,\"currentStandbyTime\":517082.7},\"icloud\":{\"totalConflictSizeBytes\":0,\"totalConflictCount\":0,\"totalUnresolvedConflictCount\":0,\"totalUnresolvedConflictSizeBytes\":0}}\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"result\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\nokay\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"device_type\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\niPod4,1\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"device_version\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n6.1\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"serial_number\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\nABDEFGHIJKL\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"FullChargeCapacity\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n930\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"ticket_number\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n11111\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"battery_level\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n80\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"device_name\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\nemtunc\u2019s iPod\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"application_version\"\r\nContent-Type: text\/plain; charset=utf-8\r\n\r\n1.0\r\n--0xKhTmLbOuNdArY\r\nContent-Disposition: form-data; name=\"log_archive\"; filename=\"\/tmp\/com.apple.behaviorscan.LO4nKrK0\"\r\nContent-Type: application\/octet-stream\r\n\r\n--a long bunch of binary characters here--<\/pre>\n<ul>\n<li>As you can see in the last few lines, the app also sends some additional diagnostics but I have not been able to find where they are! SSHing to the device to the \/tmp directory provides nothing useful and also doing executing the below command to find files modified under 5 minutes did not give anything useful.<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">find . -mmin -5 -type f -printf \"%-.22T+ %M %n %-8u %-8g %8s %Tx %.8TX %p\\n\" | sort | cut -f 2- -d ' '<\/pre>\n<p>That&#8217;s all for now!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was asked by an Apple rep to send in diagnostic logs via the iOS diagnostics app in an attempt to diagnose a reboot\/battery issue with an iPhone 4S. Curious as to how this information was collected and more importantly what was collected, I fired up my new friend Fiddler \ud83d\ude42<\/p>\n","protected":false},"author":32,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1],"tags":[101,109],"class_list":["post-823","post","type-post","status-publish","format-standard","hentry","category-tech","tag-fiddler","tag-ios"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1trTO-dh","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/comments?post=823"}],"version-history":[{"count":35,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/823\/revisions"}],"predecessor-version":[{"id":2490,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/823\/revisions\/2490"}],"wp:attachment":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/media?parent=823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/categories?post=823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/tags?post=823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}