finally figured it out! its a very weird process.
facetime process is below:
you will need charles proxy installed on your mac. make sure mac os x proxy is selected in the proxy menu. enable ssl proxying with *.ess.apple.com and setup.icloud.com. install the root certificate into the system keychain. trust the certificate.
1. compose a new request in charles
2. https://setup.icloud.com/setup/iosbuddy/loginDelegates as the url, POST method, text/plist in content type
3. go to the raw tab at the bottom
4. select all the text (cmd a), then paste in the following:
POST /setup/iosbuddy/loginDelegates HTTP/1.1
Host: setup.icloud.com
Proxy-Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: text/plist
Accept-Language: en-us
X-MMe-Country: US
X-MMe-Client-Info: <iPod4,1> <iPhone OS;6.1.6;10B500> <com.apple.AppleAccount/1.0 (com.apple.Accounts/113)>
Connection: keep-alive
User-Agent: Accounts/113 CFNetwork/609.1.4 Darwin/13.0.0
Content-Length: 546
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>apple-id</key>
<string>YOUR ID HERE</string>
<key>client-id</key>
<string></string>
<key>delegates</key>
<dict>
<key>com.apple.facetime</key>
<dict/>
<key>com.apple.gamecenter</key>
<dict/>
<key>com.apple.madrid</key>
<dict/>
<key>com.apple.mobileme</key>
<dict/>
</dict>
<key>password</key>
<string>YOUR PASSWORD HERE</string>
</dict>
</plist>
5. replace the YOUR ID HERE and YOUR PASSWORD HERE with your apple id and password
6. click execute
7. a code should be sent to your other devices
8. add the 6-digit code to the end of your password you entered in the YOUR PASSWORD HERE space
9. make sure charles is recording at this point, you will need it
10. click execute once more
11. go to the logindelegates response and copy the long string inside the auth-token key underneath the com.apple.facetime label, from start to finish, paste it in notes or somewhere else
12. press cmd shift e in charles
13. enable rewrite, new set, set locations to *.ess.apple.com
14. make a new rule for body type (select response)
15. put <key>retry-interval</key><integer>3600</integer> into the match value box and hit ok
16. make a new rule for body type (select response)
17. put <key>message</key> into the match value box and hit ok
18. new body rule (response)
19. put <string>SED:3:VEN-PROD:.+:EM</string> into the match value box, check the regex box (crucial step) and press ok
20. make new body rule (response)
21. put <key>status</key><integer>5068</integer> into the match value box
22. open up system preferences, navigate to icloud pane
23. if already logged in to icloud, check the box next to keychain and enter password
24. if not logged in, enter your id and password then continue
25. you will receive a code, do not use it in preferences
26. make sure charles is recording and that you havent attempted to sign in through the facetime app within the last 30 minutes or so, go into facetime and log in normally but add the 6 digit code at the end of the pw
27. in charles, you will see https://profile.ess.apple.com/WebObjects/VCProfileService.woa/wa/authenticateUser, click the first one, or keep going down the list until you see your profile id and handle in the response xml text
28. copy everything inside the first dict from <key>profile-id</key> all the way to </string>
29. go back to the rewrite rule and paste this into the replace value box
30. finally, replace the token inside this string with the other token you saved from earlier (i would recommend using notes to easily paste it in)
31. click ok on the rewrite rule and click ok on the rewrite tool
32. finally, go back into facetime and log in normally without a code at the end
33. it should log you in, but i would highly recommend disabling (or even deleting) this rewrite set immediately after you log in, as it allows anyone to use your account regardless of what credentials they enter in the facetime app (because you just basically hardcoded the login to use your token)
for game center, its mostly the same, except copy everything inside <key>service-data</key>, which is inside the com.apple.gamecenter section:
make a new rewrite set, and a new body response rule:
<key>status</key><integer>5012</integer> inside the match value, leave replace value blank
new body response rule:
place <key>message</key><string>status = 5012, INVALID NAME OR PASSWORD</string> into the match value box, then paste everything you copied into the replace value box
it should log you in now, once again i recommend you disable/delete the rewrite set
facetime process is below:
you will need charles proxy installed on your mac. make sure mac os x proxy is selected in the proxy menu. enable ssl proxying with *.ess.apple.com and setup.icloud.com. install the root certificate into the system keychain. trust the certificate.
1. compose a new request in charles
2. https://setup.icloud.com/setup/iosbuddy/loginDelegates as the url, POST method, text/plist in content type
3. go to the raw tab at the bottom
4. select all the text (cmd a), then paste in the following:
POST /setup/iosbuddy/loginDelegates HTTP/1.1
Host: setup.icloud.com
Proxy-Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: text/plist
Accept-Language: en-us
X-MMe-Country: US
X-MMe-Client-Info: <iPod4,1> <iPhone OS;6.1.6;10B500> <com.apple.AppleAccount/1.0 (com.apple.Accounts/113)>
Connection: keep-alive
User-Agent: Accounts/113 CFNetwork/609.1.4 Darwin/13.0.0
Content-Length: 546
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>apple-id</key>
<string>YOUR ID HERE</string>
<key>client-id</key>
<string></string>
<key>delegates</key>
<dict>
<key>com.apple.facetime</key>
<dict/>
<key>com.apple.gamecenter</key>
<dict/>
<key>com.apple.madrid</key>
<dict/>
<key>com.apple.mobileme</key>
<dict/>
</dict>
<key>password</key>
<string>YOUR PASSWORD HERE</string>
</dict>
</plist>
5. replace the YOUR ID HERE and YOUR PASSWORD HERE with your apple id and password
6. click execute
7. a code should be sent to your other devices
8. add the 6-digit code to the end of your password you entered in the YOUR PASSWORD HERE space
9. make sure charles is recording at this point, you will need it
10. click execute once more
11. go to the logindelegates response and copy the long string inside the auth-token key underneath the com.apple.facetime label, from start to finish, paste it in notes or somewhere else
12. press cmd shift e in charles
13. enable rewrite, new set, set locations to *.ess.apple.com
14. make a new rule for body type (select response)
15. put <key>retry-interval</key><integer>3600</integer> into the match value box and hit ok
16. make a new rule for body type (select response)
17. put <key>message</key> into the match value box and hit ok
18. new body rule (response)
19. put <string>SED:3:VEN-PROD:.+:EM</string> into the match value box, check the regex box (crucial step) and press ok
20. make new body rule (response)
21. put <key>status</key><integer>5068</integer> into the match value box
22. open up system preferences, navigate to icloud pane
23. if already logged in to icloud, check the box next to keychain and enter password
24. if not logged in, enter your id and password then continue
25. you will receive a code, do not use it in preferences
26. make sure charles is recording and that you havent attempted to sign in through the facetime app within the last 30 minutes or so, go into facetime and log in normally but add the 6 digit code at the end of the pw
27. in charles, you will see https://profile.ess.apple.com/WebObjects/VCProfileService.woa/wa/authenticateUser, click the first one, or keep going down the list until you see your profile id and handle in the response xml text
28. copy everything inside the first dict from <key>profile-id</key> all the way to </string>
29. go back to the rewrite rule and paste this into the replace value box
30. finally, replace the token inside this string with the other token you saved from earlier (i would recommend using notes to easily paste it in)
31. click ok on the rewrite rule and click ok on the rewrite tool
32. finally, go back into facetime and log in normally without a code at the end
33. it should log you in, but i would highly recommend disabling (or even deleting) this rewrite set immediately after you log in, as it allows anyone to use your account regardless of what credentials they enter in the facetime app (because you just basically hardcoded the login to use your token)
for game center, its mostly the same, except copy everything inside <key>service-data</key>, which is inside the com.apple.gamecenter section:
make a new rewrite set, and a new body response rule:
<key>status</key><integer>5012</integer> inside the match value, leave replace value blank
new body response rule:
place <key>message</key><string>status = 5012, INVALID NAME OR PASSWORD</string> into the match value box, then paste everything you copied into the replace value box
it should log you in now, once again i recommend you disable/delete the rewrite set
Last edited: