Initial commit

Author: bendews

.gitignore

@@ -0,0 +1,24 @@
+# Deno
+.cache
+deps
+deno-test-results.xml
+
+# TypeScript
+*.tsbuildinfo
+
+# Node.js
+node_modules
+npm-debug.log
+yarn-error.log
+
+# Editor/IDE
+.vscode
+.idea
+*.sublime-project
+*.sublime-workspace
+
+# Build output
+dist
+
+# Other
+.psd

README.md

@@ -1,2 +1,166 @@
-# apw
-A CLI for Apple Passwords.
+<a name="readme-top"></a>
+<div align="center">
+  <a href="https://github.com/bendews/apw">
+    <img src="icon.png" alt="Logo" width="80" height="80">
+  </a>
+
+  <h3 align="center">Apple Passwords CLI</h3>
+
+  <p align="center">
+    A CLI for access to Apple Passwords. A foundation for enabling integration and automation.
+    <br />
+    <a href="https://github.com/bendews/apw"><strong>Explore the docs »</strong></a>
+    <br />
+    <br />
+    <a href="https://github.com/bendews/apw">View Demo</a>
+    ·
+    <a href="https://github.com/bendews/apw/issues">Report Bug</a>
+    ·
+    <a href="https://github.com/bendews/apw/issues">Request Feature</a>
+  </p>
+
+[![Contributors][contributors-shield]][contributors-url]
+[![Forks][forks-shield]][forks-url]
+[![Stargazers][stars-shield]][stars-url]
+[![Issues][issues-shield]][issues-url]
+[![MIT License][license-shield]][license-url]
+<br />
+</div>
+
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li>
+      <a href="#about-the-project">About The Project</a>
+    </li>
+    <li>
+      <a href="#getting-started">Getting Started</a>
+      <ul>
+        <li><a href="#installation">Installation</a></li>
+      </ul>
+    </li>
+    <li><a href="#usage">Usage</a></li>
+    <li><a href="#contributing">Contributing</a></li>
+    <li><a href="#license">License</a></li>
+    <li><a href="#contact">Contact</a></li>
+    <li><a href="#acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+
+
+<!-- ABOUT THE PROJECT -->
+## About The Project
+
+This project introduces a CLI interface designed to access iCloud passwords and OTP tokens. The core objective is to provide a secure and straightforward way to retrieve iCloud passwords, facilitating integration with other systems or for personal convenience.
+
+It utilises a built in helper tool in macOS 14 and above to facilitate this functionality.
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+## Getting Started
+
+Ensure homebrew is installed or build from source.
+
+### Installation
+
+Installation is via Homebrew:
+
+```
+brew install apw
+```
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+## Usage
+
+Enable the daemon to run on startup:
+
+`brew enable apw`
+
+Authenticate the daemon interactively:
+
+_This is required every time the daemon starts i.e on boot_
+
+`apw auth`
+
+Query for available passwords:
+
+`apw pw list google.com`
+
+View more commands & help:
+
+`apw --help`
+
+```shell
+Options:
+
+  -h, --help     - Show this help.                            
+  -V, --version  - Show the version number for this program.  
+
+Commands:
+
+  auth   - Authenticate CLI with daemon.         
+  pw     - Interactively list accounts/passwords.
+  otp    - Interactively list accounts/OTPs.     
+  start  - Start the daemon.                     
+```
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+<!-- CONTRIBUTING -->
+## Contributing
+
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
+Don't forget to give the project a star! Thanks again!
+
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+## License
+
+Distributed under the GPL V3.0 License. See `LICENSE` for more information.
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+## Contact
+
+Ben Dews - [#](https://bendews.com)
+
+Project Link: [https://github.com/bendews/apw](https://github.com/bendews/apw)
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [au2001 - iCloud Passwords for Firefox](https://github.com/au2001/icloud-passwords-firefox) - their SRP implementation was _so_ much better than mine it's embarassing. It is now based on their far superior implementation.
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+
+<!-- MARKDOWN LINKS & IMAGES -->
+<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
+[contributors-shield]: https://img.shields.io/github/contributors/bendews/apw.svg?style=for-the-badge
+[contributors-url]: https://github.com/bendews/apw/graphs/contributors
+[forks-shield]: https://img.shields.io/github/forks/bendews/apw.svg?style=for-the-badge
+[forks-url]: https://github.com/bendews/apw/network/members
+[stars-shield]: https://img.shields.io/github/stars/bendews/apw.svg?style=for-the-badge
+[stars-url]: https://github.com/bendews/apw/stargazers
+[issues-shield]: https://img.shields.io/github/issues/bendews/apw.svg?style=for-the-badge
+[issues-url]: https://github.com/bendews/apw/issues
+[license-shield]: https://img.shields.io/github/license/bendews/apw.svg?style=for-the-badge
+[license-url]: https://github.com/bendews/apw/blob/master/LICENSE.txt
+[product-screenshot]: images/screenshot.png

icon.png

@@ -0,0 +1,17 @@
+{
+  "name": "apw",
+  "version": "0.1.0",
+  "description": "A CLI for Apple Passwords (APW) on MacOS",
+  "dependencies": {
+    "deno": "^0.1.1"
+  },
+  "devDependencies": {
+    "@typescript-eslint/eslint-plugin": "^6.21.0",
+    "eslint": "^8.57.0",
+    "eslint-config-standard-with-typescript": "^43.0.1",
+    "eslint-plugin-import": "^2.29.1",
+    "eslint-plugin-n": "^16.6.2",
+    "eslint-plugin-promise": "^6.1.1",
+    "typescript": "^5.4.3"
+  }
+}

package.json

@@ -0,0 +1,161 @@
+import {
+  Input,
+  Select,
+} from "https://deno.land/x/[email protected]/prompt/mod.ts";
+import { Command } from "https://deno.land/x/[email protected]/command/mod.ts";
+import { Daemon } from "./daemon.ts";
+import { ApplePasswordManager } from "./client.ts";
+import { readBigInt, toBase64 } from "./utils.ts";
+import { Buffer } from "node:buffer";
+import {
+  type Payload,
+  type RenamedPasswordEntry,
+  type TOTPEntry,
+} from "./types.ts";
+
+const PrintEntries = (payload: Payload) => {
+  const entries = payload.Entries.map((entry) => {
+    if ("USR" in entry) {
+      return {
+        username: entry.USR,
+        domain: entry.sites[0],
+        password: entry.PWD || "Not Included",
+      } as RenamedPasswordEntry;
+    } else if ("code" in entry) {
+      return {
+        username: entry.username,
+        domain: entry.domain,
+        code: entry.code || "Not Included",
+      } as TOTPEntry;
+    }
+  });
+  console.log(JSON.stringify(entries));
+};
+
+const client = new ApplePasswordManager();
+
+const otp = new Command()
+  .description("Interactively list accounts/OTPs.")
+  .action(async () => {
+    const action: string = await Select.prompt({
+      message: "Choose an action: ",
+      options: ["list OTPs", "get OTPs"],
+    });
+    const url = await Input.prompt({
+      message: "Enter URL: ",
+    });
+    if (action === "list OTPs") {
+      PrintEntries(await client.listOTPForURL(url));
+    } else if (action === "get OTPs") {
+      PrintEntries(await client.getOTPForURL(url));
+    }
+  })
+  .command("get", "Get a OTP for a website.")
+  .arguments("<url:string>")
+  .action(async (_, url: string) => {
+    if (!url) {
+      throw new Error("Missing required argument 'url'.");
+    }
+    PrintEntries(await client.getOTPForURL(url));
+  })
+  .command("list", "List available OTPs for a website.")
+  .arguments("<url:string>")
+  .action(async (_, url: string) => {
+    if (!url) {
+      throw new Error("Missing required argument 'url'.");
+    }
+    PrintEntries(await client.listOTPForURL(url));
+  });
+
+const pw = new Command()
+  .description("Interactively list accounts/passwords.")
+  .action(async () => {
+    const action: string = await Select.prompt({
+      message: "Choose an action: ",
+      options: ["list accounts", "get password"],
+    });
+    const url = await Input.prompt({
+      message: "Enter URL: ",
+    });
+    if (action === "list accounts") {
+      PrintEntries(await client.getLoginNamesForURL(url));
+    } else if (action === "get password") {
+      PrintEntries(await client.getPasswordForURL(url));
+    }
+  })
+  .command("get", "Get a password for a website.")
+  .arguments("<url:string> [username:string]")
+  .action(async (_, url: string, username?: string) => {
+    if (!url) {
+      throw new Error("Missing required argument 'url'.");
+    }
+    PrintEntries(await client.getPasswordForURL(url, username));
+  })
+  .command("list", "List available accounts for a website.")
+  .arguments("<url:string>")
+  .action(async (_, url: string) => {
+    if (!url) {
+      throw new Error("Missing required argument 'url'.");
+    }
+    PrintEntries(await client.getLoginNamesForURL(url));
+  });
+
+const daemon = new Command()
+  .description("Start the daemon.")
+  .option("-p, --port <port:number>", "Port to listen on.", { default: 10000 })
+  .action(Daemon);
+
+const auth = new Command()
+  .description("Authenticate CLI with daemon.")
+  .action(async () => {
+    await client.requestChallenge();
+    const password = await Input.prompt({
+      message: "Enter PIN: ",
+      minLength: 6,
+      maxLength: 6,
+    });
+    await client.verifyChallenge(password);
+  })
+  .command("request", "Request a challenge from the daemon.")
+  .action(async () => {
+    await client.requestChallenge();
+    console.log(JSON.stringify({
+      salt: toBase64(client.session.salt),
+      serverKey: toBase64(client.session.serverPublicKey),
+      username: client.session.username,
+      clientKey: toBase64(client.session.clientPrivateKey),
+    }));
+  })
+  .command("response", "Respond to a challenge from the daemon.")
+  .option("-p, --pin <pin>", "challenge-response pin.", { required: true })
+  .option("-s, --salt <salt>", "request salt.", { required: true })
+  .option("-sk, --serverKey <serverKey>", "server public key.", {
+    required: true,
+  })
+  .option("-ck, --clientKey <clientKey>", "client public key.", {
+    required: true,
+  })
+  .option("-u, --username <username>", "client username.", { required: true })
+  .action(async (options) => {
+    const { serverKey, salt, username, clientKey, pin } = options;
+    const serverPublicKey = readBigInt(Buffer.from(serverKey, "base64"));
+    const clientPrivateKey = readBigInt(Buffer.from(clientKey, "base64"));
+    const saltResponse = readBigInt(Buffer.from(salt, "base64"));
+    client.session.username = username;
+    client.session.clientPrivateKey = clientPrivateKey;
+    client.session.salt = saltResponse;
+    client.session.serverPublicKey = serverPublicKey;
+    await client.verifyChallenge(pin);
+    console.log(JSON.stringify({ status: "success" }));
+  });
+
+await new Command()
+  .name("apw-cli")
+  .version("0.1.0")
+  .description("🔑 a CLI for Apple Passwords 🔒")
+  .command("auth", auth)
+  .command("pw", pw)
+  .command("otp", otp)
+  .command("start", daemon)
+  .parse(Deno.args)
+  .finally(() => Deno.exit());