Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Diagnostics.app?

A

appleguru1

macrumors 6502
Original poster
Mar 13, 2003
307
4
So I've been poking around a bit inside the new iOS 4.1 firmware; not sure if this is something new or not but I haven't seen it before so I figured I'd ask...

There is a new (hidden on the springboard) app present called "iOS Diagnostics.app". It has links to iosdiags.apple.com, (which you can go to, I didn't try logging in, seems like an internal site). It also seemingly submits logs to apple via https at https://iosdiags.apple.com/MR3Server/MR3Post.

It also has references to "Mobile BehaviorScan" and utilizes the "diags://" URL schema. It's principal class is MobileBehaviorScanAppDelegate

Extracting its English Strings yields these:


/* Privacy Information */
"By clicking "Send to Apple" you agree that Apple may periodically collect diagnostic data from this device, including the device serial number, device name and daily count of call attempts. This data will be used to troubleshoot issues with your device and to improve our products and services. For information on Apple s Privacy Policy, see <a href=\"http://www.apple.com/legal/privacy\">http://www.apple.com/legal/privacy</a>." = "By clicking "Send to Apple" you agree that Apple may periodically collect diagnostic data from this device, including the device serial number, device name and daily count of call attempts. This data will be used to troubleshoot issues with your device and to improve our products and services. For information on Apple s Privacy Policy, see <a href=\"http://www.apple.com/legal/privacy\">http://www.apple.com/legal/privacy</a>.";

/* Cancel */
"Cancel" = "Cancel";

/* Done */
"Done" = "Done";

/* App Title */
"iOS Diagnostics" = "iOS Diagnostics";

/* Last Sent: */
"Last Sent:" = "Last Sent:";

/* Never */
"Never" = "Never";

/* Next */
"Next" = "Next";

/* OK */
"OK" = "OK";

/* Send to Apple */
"Send to Apple" = "Send to Apple";

/* Sending to Apple... */
"Sending to Apple..." = "Sending to Apple...";

/* Ticket number is not valid error message */
"The ticket number was not found. Verify the number and try again." = "The ticket number was not found. Verify the number and try again.";

/* Submission error message */
"There was an issue with your submission. Please make sure you are connected to the internet and try again." = "There was an issue with your submission. Please make sure you are connected to the internet and try again.";

/* Ticket Number Placeholder */
"Ticket Number" = "Ticket Number";

/* Ticket Number: */
"Ticket Number:" = "Ticket Number:";

/* Ticket validation server is unavailable error message */
"Ticket validation has failed. Please make sure you are connected to the internet and try again." = "Ticket validation has failed. Please make sure you are connected to the internet and try again.";

/* Enter Ticket Number */
"To receive support services, enter the ticket number you were given." = "To receive support services, enter the ticket number you were given.";

/* Submission success message */
"Your information has been received by Apple." = "Your information has been received by Apple.";

Any ideas what this is all about? Seems to be something like CrashReporter on the Mac, allowing you to sumbit logs to apple on the go.. except that there are ticket numbers involved, implying someone at apple would get back to you RE resolving the issue... Perhaps this is a way for geniuses/etc to perform usage tests with end users for? IDK! What do you guys think?
 
...here's the ticket checking UI:
 

Attachments

  • iOSDiag.PNG
    iOSDiag.PNG
    168.6 KB · Views: 1,335
Interesting find, I know that geniuses can already access diagnostic information about your iPhone if they plug the device into their computer with a special program. This might just help for over-the-phone assistance and to verify that people aren't possibly faking an issue for a free replacement.
 
Quite interesting... Looking forward to see what apple's plans are for this!
 
appleguru1 said:
Quite interesting... Looking forward to see what apple's plans are for this!
Click to expand...

Agreed.

I had an iPhone performance issue and the genius told me I was low on application memory and to close the applications on my Recently Used Application list and turn off my phone nightly. If I could have ran the diagnostic I could have done it myself and not burned a trip into the store.
 
I managed to do a little MITM between the iPhone and Apple's servers, what I discovered was a little interesting, the most interesting part probably being the logs that are sent to Apple.

  1. iOS requests the Opt-in Text from https://iosdiags.apple.com/MR3Server/GetOptinText
  2. iOS checks that the ticket exists at https://iosdiags.apple.com/MR3Server/ValidateTicket?ticket_number=XXXXX
  3. If it does, then iOS posts the following information to https://iosdiags.apple.com/MR3Server/MR3Post

CycleCount: 249
DesignCapacity: 1420
properties: {
"battery": {
"designCapacity": 1420,
"cycleCount": 249,
"fullChargeCapacity": 1420
},
"aggd": {},
"basic": {
"backlightLevel": 0.6308901,
"deviceType": "iPhone3,1",
"systemUptime": 9110.153260083334,
"serialNumber": "00000XXXA4S",
"deviceName": "Someones iPhone",
"batteryLevel": 100,
"deviceVersion": "X.X"
}
}
result: okay
device_type: iPhone3,1
device_version: X.X
serial_number: 00000XXXA4S
FullChargeCapacity: 1420
ticket_number: 55555
battery_level: 100
device_name: Someones iPhone
application_version: 1.0
log_archive: com.apple.behaviorscan.XXXXXXXX


There are two logs that are sent, if you are jailbroken you maybe able to read them yourself:
  • /private/var/logs/AppleSupport/general.log
  • /private/var/mobile/Library/Logs/AppleSupport/general.log

The header for the first log looks a little something like this:

Device Software Diagnostic Log
Version: 3
OS-Version: iPhone OS X.X (9A5220p)
Model: iPhone3,1
Serial Number: 00000XXXA4S
Created: 6/7/2011 22:11:35 -0700

Followed by some diagnostic information. From what I could tell the first log is about apps, and the second log about the Kernel (though I may be wrong). What is everybody's thoughts?
 
There's some funky stuff in that iosdiags.apple.com. You can log in with a normal Apple ID, but you get different stuff depending on what type of account it is
 
chembox said:
Interesting find, I know that geniuses can already access diagnostic information about your iPhone if they plug the device into their computer with a special program. This might just help for over-the-phone assistance and to verify that people aren't possibly faking an issue for a free replacement.
Click to expand...


It's not a special program, it's just a developer/employee version of iTunes ;)

also, the diags:// string works by navigating to Safari and typing in: diags://TICKETNUMBER (eg: diags://27736) they actually have many hidden features such as this.
 
how to do the MITM between the iPhone and Apple's servers?

i'm interesting how to do the MITM between the iPhone and Apple's servers. i try it with Wireshark, but failed. could you please tell me which tools & method you used?

another question, how to send the following info to "https:// iosdiags.apple.com/ MR3Server/MR3Post"? i can send a file to web, but i don't know how to send the following to server. i checked the website, there was no any program to receive it.

thanks.:)

codyc1515 said:
I managed to do a little MITM between the iPhone and Apple's servers, what I discovered was a little interesting, the most interesting part probably being the logs that are sent to Apple.

  1. If it does, then iOS posts the following information to https://iosdiags.apple.com/MR3Server/MR3Post

CycleCount: 249
DesignCapacity: 1420
properties: {
"battery": {
"designCapacity": 1420,
"cycleCount": 249,
"fullChargeCapacity": 1420
},
"aggd": {},
"basic": {
"backlightLevel": 0.6308901,
"deviceType": "iPhone3,1",
"systemUptime": 9110.153260083334,
"serialNumber": "00000XXXA4S",
"deviceName": "Someones iPhone",
"batteryLevel": 100,
"deviceVersion": "X.X"
}
}
result: okay
device_type: iPhone3,1
device_version: X.X
serial_number: 00000XXXA4S
FullChargeCapacity: 1420
ticket_number: 55555
battery_level: 100
device_name: Someones iPhone
application_version: 1.0
log_archive: com.apple.behaviorscan.XXXXXXXX



Followed by some diagnostic information. From what I could tell the first log is about apps, and the second log about the Kernel (though I may be wrong). What is everybody's thoughts?
Click to expand...
 
again, how to do the MITM between the iPhone and Apple's servers?

Hello codyc1515

i used the Wireshark to capture the info between Iphone & Apple's servers. but the info was encrypted. so, i can't find any valued info. how do you know it works as the following 3 steps, it send many info to server, and it send 2files to server?

do you have decrypted the info? how to decrypted?

thanks.

1 iOS requests the Opt-in Text from https://iosdiags.apple.com/MR3Server/GetOptinText
2 iOS checks that the ticket exists at https://iosdiags.apple.com/MR3Server...t_number=XXXXX
3 If it does, then iOS posts the following information to https://iosdiags.apple.com/MR3Server/MR3Post

a: /private/var/logs/AppleSupport/general.log
b: /private/var/mobile/Library/Logs/AppleSupport/general.log

----------

is there anyone who can answer my queation? :confused:

if yes, i appreciate you can send a mail to me (vtct121@163.com).

thanks.
 
I've done some more research on the iOS Diagnostics. There are some instructions on my website: http://www.lyonanderson.org/blog/2014/02/06/ios-power-diagnostics/

alanzhu said:
Hello codyc1515

i used the Wireshark to capture the info between Iphone & Apple's servers. but the info was encrypted. so, i can't find any valued info. how do you know it works as the following 3 steps, it send many info to server, and it send 2files to server?

do you have decrypted the info? how to decrypted?

thanks.

1 iOS requests the Opt-in Text from https://iosdiags.apple.com/MR3Server/GetOptinText
2 iOS checks that the ticket exists at https://iosdiags.apple.com/MR3Server...t_number=XXXXX
3 If it does, then iOS posts the following information to https://iosdiags.apple.com/MR3Server/MR3Post

a: /private/var/logs/AppleSupport/general.log
b: /private/var/mobile/Library/Logs/AppleSupport/general.log

----------

is there anyone who can answer my queation? :confused:

if yes, i appreciate you can send a mail to me (vtct121@163.com).

thanks.
Click to expand...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back