2FA not working

[maximushugus]

I have an apple account with 2FA enabled made for this project. I was already using openhaystack on a MacOS VM.
I was able to set up the docker containers.
But after lanching the docker with docker run -it --restart unless-stopped --name macless-haystack -p 6176:6176 --volume mh_data:/app/endpoint/data --network mh-network christld/macless-haystack and login with my appleID and password, it keeps asking for 2FA.
I don't receive SMS when it asks for 2FA so I launched my MacOS VM and on settings I clicked on "verification code", so I get a 6 digit code. But putting this one doesn't do the trick and it keeps asking for 2FA.

I tried connecting to icloud.com, and requesting my 2FA via SMS, and not putting this code in my browser for icloud.com but instead putting when macless-haystack asks but the same problem, it keep asking for 2FA.

Does someone know why ?

[dchristl]

Hello @maximushugus ,

could you please try out the authentication with Biemster's project. This all based on this. If this will work I can dig deeper.

Kind Regards,
Danny

[maximushugus]

Ok, so here is what I did :

1. I lauched anisette on docker with docker run -d --restart always --name anisette -p 6969:6969 --volume anisette-v3_data:/home/Alcoholic/.config/anisette-v3/lib/ --network mh-network dadoum/anisette-v3-server. I verified it seems to be working because If I do curl localhost:6969 I get an answer.
2. Then I git clone https://github.com/biemster/FindMy and cd FindMy
3. To make it work I had to install pip install cryptography and pip install pbkdf2 and pip install srp and pip install pycryptodome
4. I run ./request_reports.py

Here is my output :

ubuntu@vm:~/FindMy$ ./request_reports.py
Apple ID: myappleid@mail.com
Password:
pyprovision is not installed, querying http://localhost:6969 for an anisette server
pyprovision is not installed, querying http://localhost:6969 for an anisette server
2FA required, requesting code
pyprovision is not installed, querying http://localhost:6969 for an anisette server
Enter 2FA code:

At this point I do not receive SMS nor I have a prompr on my MacOS VM for a verification code as when I try to connect to icloud.com for exemple.
I tried to put the 2FA code I obtain by manually clicking on "obtain a verification code" on MacOS VM, but it does'nt work and the prompt above starts again
I also tried to go to icloud.com and ask for an SMS 2FA, not using it on icloud.com but instead putting it on the program, but the same result.
If I just press enter, leaving the 2FA, the same result.

[dchristl]

Ok, then it seems to be more of an issue with the account rather than with the code from the project. Can you possibly create an additional Apple account (which can also use the same phone number) and try again?

[maximushugus]

I tried but it didn't work.
Is it normal that I see nothing in anisette logs when I'm tring to log in ?

docker logs anisette -f
app INFO 2024-02-21T12:05:41.773 anisette-v3-server v2.1.0
app INFO 2024-02-21T12:05:41.796 Creating machine...
app INFO 2024-02-21T12:05:41.798 Machine creation done!
app INFO 2024-02-21T12:05:41.798 Machine requires provisioning...
app INFO 2024-02-21T12:05:43.222 Provisioning done!
[main(----) INF] Listening for requests on http://0.0.0.0:6969/

[dchristl]

The behavior is strange, and I'm afraid I can't really help further. Otherwise, I would recommend removing everything and starting fresh. You can check if the Anisette server is running correctly by accessing the URL. There, you should see a JSON.

[supaeasy]

[main(----) INF] Listening for requests on http://0.0.0.0:6969/

The IP looks wrong to me. Are you sure you setup mh-network correctly?

[maximushugus]

@supaeasy Anisette seems to be working properly because if I do :
curl http://localhost:6969 I get this JSON (modified) :

{"X-Apple-I-Client-Time":"2024-03-04T17:42:21Z","X-Apple-I-MD":"AAAABQAXXXXXXZQJt/q2Pt1YMw7dcyqV/7AAAABA==","X-Apple-I-MD-LU":"5011D56E92AFD6A880XXXXXXXBC697D23C45985E9A1987F50B6D0CC8D7ADB9","X-Apple-I-MD-M":"z6xuBAi6XXXXXXXqJ+f3We0gJUoXb+jrbDQhkP0HtlvAd0qV87nyf+fVdZCm1aTu3/qy+Be7BBgHyS","X-Apple-I-MD-RINFO":"17996176","X-Apple-I-SRL-NO":"0","X-Apple-I-TimeZone":"UTC","X-Apple-Locale":"en_US","X-MMe-Client-Info":"<MacBookPro13,2> <macOS;13.1;22C65> <com.apple.AuthKit/1 (com.apple.dt.Xcode/3594.4.19)>","X-Mme-Device-Id":"AAXXXXXXA-773B-4AFC-866F-948E97F875FA

Also when lanching macless-haystack, if I check the logs of anisette I see :

app INFO 2024-03-04T17:59:33.530 [<<] anisette-v1 request

And a response so the 2 containers are communicating

[maximushugus]

When lauching macless-haystack I see a strange behavior, maybe this is related :

remote: Enumerating objects: 88, done.
remote: Counting objects: 100% (88/88), done.
remote: Compressing objects: 100% (47/47), done.
remote: Total 75 (delta 37), reused 56 (delta 25), pack-reused 0
Unpacking objects: 100% (75/75), 3.62 MiB | 18.26 MiB/s, done.
From https://github.com/dchristl/macless-haystack
branch main -> FETCH_HEAD
32ab133..e2ad25c main -> origin/main
2024-03-04 17:46:54,267 - INFO - No auth-token found.
2024-03-04 17:46:54,268 - INFO - Trying to register new device.
Apple ID: apple@example.com
Password:
2024-03-04 17:47:20,772 - INFO - 2FA required, requesting code
2024-03-04 17:47:22,892 - INFO - 2FA required, requesting code
Enter 2FA code: 326094
2024-03-04 17:48:02,547 - INFO - 2FA successful
2024-03-04 17:48:04,620 - INFO - 2FA required, requesting code
Enter 2FA code:

Here is what is strange :

1. As you can see there are 2 lines saying its requesting 2FA. Maybe this is why even if I enter the 2FA, it's still asking for the 2nd 2FA ?
2. Even if I enter a random 2FA I get at least one line saying 2FA successful

[dchristl]

The output is very strange and each line should be there only once.
It seems like the server in the container is starting twice. Have you tried resetting everything as I suggested before? Do you have an auth.json file in the data folder (usually /var/lib/docker/volumes/mh_data/_data)?
Which operating system are you using as the host? Do you have another computer to try it out there?

[maximushugus]

Yes it's strange, because as you can see each line appears only once until I give my password. Then you can see two lines for 2FA..
I tried resetting everything but it did'nt change anyting.
I'm testing this on an aarch64 plateform (my test server is on Oracle Free Tier), maybe this is causing the issue. I will try to find the version of the container, maybe this isn't the latest version for aarch64 compared to x86. But I'm almost certain I tried it on my VPS x86-64bit with the exact same result.

[dchristl]

Maybe the architecture is the issue, although there is no reason for it. I also have my endpoint running on an Oracle Free Tier, but with x86.

Output of uname -a:
Linux headless-haystack 5.15.0-1052-oracle #58-Ubuntu SMP Tue Feb 13 19:43:43 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

It works without problems since weeks. It is really hard to help you here. Have you can tried to change your terminal application for the ssh-session?

[YupengLai4]

Hi, @dchrist. I also encountered the same problem. After submitting 2FA it succeeded, but then kept asking for a new 2FA auth.

I'm using ubuntu on x86, it's a home service. Should I open 6969 or 6176 port?

[a-camacho]

Same problem

[coopeeo]

same issue

[dchristl]

Hello @YupengLai4 ,

I'm using ubuntu on x86, it's a home service. Should I open 6969 or 6176 port?

There is no need to open any port. Your output looks like it works in general.

Could you try to register your device with Biemsters version . If this will work, I can go deeper or you can transfer the auth.json to macless-haystack.

[YupengLai4]

Could you try to register your device with Biemsters version . If this will work, I can go deeper or you can transfer the auth.json to macless-haystack.

Thanks for your response! I tried both macless-haystack and the Biemster one but unfortunately the issue persisted :(

[dchristl]

Then I think it is a problem with your account (Apple-ID). Maybe you can create a new one and try again. Some accounts work while others don't, but nobody has really figured out why that is yet.

[trueVinton]

I had the same issue, as @dchristl mentioned the culprit was in the Apple ID account. I didn't get a 2FA SMS because the Apple ID was using an outdated phone number.
To fix:

1. Go to icloud.com and log in with your AppleId.
2. click your profile picture > Manage AppleId
3. click Account Security > Enable 2FA and make sure the trusted phone number is correct.

[mrx23dot]

2FA works for me, it sends out sms
sudo docker run -it --restart unless-stopped --name macless-haystack -p 6176:6176 --volume mh_data:/app/endpoint/data --network mh-network christld/macless-haystack
make sure it works from official apple website first.

[a-camacho]

Hi guys,

Still does not work for me.
I'm using in on a Macbook Pro 2019, with Mac OS 14.3.1 Sonoma. Should it work ?

When asking for 2FA, I receive no message or device alert.
But I can generate manually a 2FA code from my iCloud settings.

What is weird, is that any code that I enter (correct or incorrect one, like 0000) the system always says "2FA successful" and then start procedure again asking me Apple ID again.

Do you have any clue what I'm doing wrong ?
Should I even be able to run it correctly ?

Thanks a lot

[mrx23dot]

What's the tail of your console look like?

I was wondering how to get SMS 2FA after I added an iPhone and apple prefers device alert on website.
I might not have access to the iPhone after added.

[fachinformatiker]

I get the messages multiple times too

[dchristl]

I would like to help, but I cannot reproduce the double output issue. I have tried it on x86 (Linux, various derivatives) and on Armv8, and I always receive only one prompt for SMS2FA. Unfortunately, I do not have a Mac (which is also the reason for the project ;) ), so I cannot test it here. Statements like "I have the same problem" do not really help here. I need at least the host OS and which shell is being used, to narrow down the error.
An alternative would be to try running the endpoint natively, without Docker (python3 have to be installed).

git clone https://github.com/dchristl/macless-haystack.git
cd macless-haystack/endpoint/
pip install --no-cache-dir -r requirements.txt
python3 mh_endpoint.py

That is the same thing the container is doing.

@a-camacho

Normally it should work, but you can also follow my instructions and try again. Although I don't think the errors are related (Apple's account management is extremely opaque, determining which account works and which doesn't), it might help to narrow down the issue.

[fachinformatiker]

Statements like "I have the same problem" do not really help here. I need at least the host OS and which shell is being used, to narrow down the error. An alternative would be to try running the endpoint natively, without Docker (python3 have to be installed).

Sorry, I was on the go, so I couldn't provide more informations.
I'm using Debian 12 on a server with the default bash shell.
Running your container on this server outputs the multiple lines of text.

the code for running it local gives me also an error. :(

ModuleNotFoundError: No module named 'Crypto'

[dchristl]

I'm using Debian 12 on a server with the default bash shell.
Running your container on this server outputs the multiple lines of text.

Thank you for your answer. I'm using several Debians or Ubuntu Server, because this is my preferred system. I will install a fresh one and retry it.
Are you connected to this server by ssh or directly (with a physical keyboard). If with ssh, what shell/client are you using for connecting? Ist this system virtualized (VMWare, VirtualBox)? Is this system up to date (latest updates, docker)?

ModuleNotFoundError: No module named 'Crypto'

This will be normally imnstalled by pip install --no-cache-dir -r requirements.txt. Was there an error by this command? Are there multiple python installations on your system? Alternatively you can try python3 -m pip install --no-cache-dir -r requirements.txt

[dchristl]

I was only able to replicate the problem by entering an incorrect 2FA code or if Apple didn't accept it. I believe the issue is likely related to the account, as usual. I've added some additional logging and better error handling to the dev branch to narrow down the error. For this, it's best to reset everything and start fresh. The 3rd command just needs to be slightly modified (different tag of the container):

docker run -it --restart unless-stopped --name macless-haystack -p 6176:6176 --volume mh_data:/app/endpoint/data --network mh-network christld/macless-haystack:latest-dev

The entire requests and responses to Apple are being outputted. At least this way, we might be able to deduce the actual problem.

[JJTech0130]

macless-haystack/endpoint/mh_endpoint.py

Line 98 in 335675d

r = requests.post("https://gateway.icloud.com/acsnservice/fetch", auth=getAuth(regenerate=False, second_factor='sms'),

This line is where he hardcodes it to 'sms', you'll have to edit it inside the Docker container, change it to 'trusted_device'

[fachinformatiker]

This line is where he hardcodes it to 'sms', you'll have to edit it inside the Docker container, change it to 'trusted_device'

I stopped the container, changed the line, rerun it and I'm still not getting the Token =(
I've tried the default image and the dev-image

[dchristl]

I stopped the container, changed the line, rerun it and I'm still not getting the Token =(
I've tried the default image and the dev-image

Why don't you simply add a mobile number to your account?

[fachinformatiker]

Why don't you simply add a mobile number to your account?

been there, done that.
I have a mobile number linked to my account, but I never get a SMS

[aaronjamt]

I'm having the same issue. I tried the patch @JJTech0130 suggested but still didn't get a code. I was able to log in by cloning https://github.com/biemster/FindMy, pip installing pbkdf2 and srp, then running python3 request_reports.py -t. When that completed, I copied the auth.json file into the macless-haystack container at /app/endpoint/data/auth.json, and restarted the container. I used the same anisette container, using the command in the README.md, so that eliminates that as the issue. However, I also did not receive an SMS using that method (before I added -t for authentication using a trusted device), so I don't think the SMS issue is the fault of this repo. I'd still suggest adding a flag to use trusted devices and trying to fix that, but the main point of this issue (the SMS error) seems to be upstream.

[JJTech0130]

The one thing that I see is that we assume you always want to send the SMS to the first phone number registered to the account: you don't happen to have multiple phone numbers attached to your account, do you?

[aaronjamt]

The one thing that I see is that we assume you always want to send the SMS to the first phone number registered to the account: you don't happen to have multiple phone numbers attached to your account, do you?

I can't speak for others but I have exactly one phone number on my account.

[dchristl]

Is it possible for any of you to login at https://appleid.apple.com/ and manually select the sms as second factor? Does this text reach you?

[a-camacho]

Is it possible for any of you to login at https://appleid.apple.com/ and manually select the sms as second factor? Does this text reach you?

Personally, I can login on icloud.com and manually select SMS (saying "I didn't receive the code") and yes, I can get the SMS right. But not from macless-haystack

[mg8x]

i also tried on my ubnutu vps server i dont get the 2FA code SMS.
note:
i have tried on my windows real machine it worked.
my apple id is linked to a phone number.
i reseit in my vps multiple times but the same.
i copied the auth file from my windows to ubnutu but still not working.

[dchristl]

@a-camacho:
This is very strange. I'm sorry, I don't know how to proceed from here and can't do anything about it. I can't reproduce or explain the issue. Please try the workaround eplained at this comment

@mg8x :
could you provide a log, the copy works normally.

[mg8x]

here is the log:
note : i entered my email and password then it asked for 2FA but the sms didnt come so i entered something random first time it asked again i enetered none then asked again i pressed Ctrl+C to exit
i also replaced my email here for security purpose with ***

remote: Enumerating objects: 11, done.
remote: Counting objects: 100% (11/11), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 11 (delta 4), reused 8 (delta 4), pack-reused 0
Unpacking objects: 100% (11/11), 6.82 KiB | 873.00 KiB/s, done.
From https://github.com/dchristl/macless-haystack
 * branch            main       -> FETCH_HEAD
   67a74ff..335675d  main       -> origin/main
2024-04-21 19:06:15,625 - DEBUG - Searching for token at /app/endpoint/data/auth.json
2024-04-21 19:06:15,626 - INFO - No auth-token found.
2024-04-21 19:06:15,626 - INFO - Trying to register new device.
Apple ID: *****@gmail.com
Password:
2024-04-21 19:06:37,468 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:06:37,471 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:06:37,484 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:06:37,487 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:06:38,288 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 1356
2024-04-21 19:06:38,885 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:06:38,886 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:06:38,888 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:06:38,891 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:06:39,724 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 5232
2024-04-21 19:06:39,823 - INFO - 2FA required, requesting code
2024-04-21 19:06:39,831 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:06:39,833 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:06:39,838 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:06:39,840 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:06:40,785 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 1356
2024-04-21 19:06:41,416 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:06:41,417 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:06:41,422 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:06:41,424 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:06:42,435 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 5232
2024-04-21 19:06:42,442 - INFO - 2FA required, requesting code
2024-04-21 19:06:42,442 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:06:42,443 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:06:42,447 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:06:42,451 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:06:43,467 - DEBUG - https://gsa.apple.com:443 "PUT /auth/verify/phone/ HTTP/1.1" 200 None
Enter 2FA code: 123344^H^H
2024-04-21 19:07:00,320 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:01,317 - DEBUG - https://gsa.apple.com:443 "POST /auth/verify/phone/securitycode HTTP/1.1" 200 None
2024-04-21 19:07:01,319 - INFO - 2FA successful
2024-04-21 19:07:01,328 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:01,329 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:01,332 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:01,334 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:02,077 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 1356
2024-04-21 19:07:02,789 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:02,791 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:02,794 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:02,796 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:03,678 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 5232
2024-04-21 19:07:03,681 - INFO - 2FA required, requesting code
2024-04-21 19:07:03,681 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:03,682 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:03,692 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:03,694 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:04,681 - DEBUG - https://gsa.apple.com:443 "PUT /auth/verify/phone/ HTTP/1.1" 200 None
Enter 2FA code: none
2024-04-21 19:07:07,420 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:08,369 - DEBUG - https://gsa.apple.com:443 "POST /auth/verify/phone/securitycode HTTP/1.1" 200 None
2024-04-21 19:07:08,370 - INFO - 2FA successful
2024-04-21 19:07:08,379 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:08,380 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:08,382 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:08,384 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:09,165 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 1356
2024-04-21 19:07:09,760 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:09,761 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:09,772 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:09,774 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:10,696 - DEBUG - https://gsa.apple.com:443 "POST /grandslam/GsService2 HTTP/1.1" 200 5232
2024-04-21 19:07:10,699 - INFO - 2FA required, requesting code
2024-04-21 19:07:10,700 - DEBUG - Querying http://anisette:6969 for an anisette server
2024-04-21 19:07:10,700 - DEBUG - Starting new HTTP connection (1): anisette:6969
2024-04-21 19:07:10,706 - DEBUG - http://anisette:6969 "GET / HTTP/1.1" 200 566
2024-04-21 19:07:10,708 - DEBUG - Starting new HTTPS connection (1): gsa.apple.com:443
2024-04-21 19:07:11,726 - DEBUG - https://gsa.apple.com:443 "PUT /auth/verify/phone/ HTTP/1.1" 200 None
Enter 2FA code: ^CTraceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 158, in <module>
    apple_cryptography.registerDevice()
  File "/app/endpoint/register/apple_cryptography.py", line 76, in registerDevice
    getAuth(regenerate=True, second_factor='trusted_device' 'sms')
  File "/app/endpoint/register/apple_cryptography.py", line 49, in getAuth
    mobileme = icloud_login_mobileme(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 40, in icloud_login_mobileme
    g = gsa_authenticate(username, password, second_factor)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 118, in gsa_authenticate
    return gsa_authenticate(username, password)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 118, in gsa_authenticate
    return gsa_authenticate(username, password)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 118, in gsa_authenticate
    return gsa_authenticate(username, password)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 115, in gsa_authenticate
    sms_second_factor(spd["adsid"], spd["GsIdmsToken"])
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 293, in sms_second_factor
    code = input("Enter 2FA code: ")
           ^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt
From https://github.com/dchristl/macless-haystack
 * branch            main       -> FETCH_HEAD
2024-04-21 19:07:15,979 - DEBUG - Searching for token at /app/endpoint/data/auth.json
2024-04-21 19:07:15,979 - INFO - No auth-token found.
2024-04-21 19:07:15,979 - INFO - Trying to register new device.

[dchristl]

Thanks for the log @mg8x, but it is not the other branch, like suggested. Nevermind, this is in the latest version since today. It seems that some accounts simply not work and I don't know really why. The current workaround is to register it with bimester's project (described here) and copy the auth.json to this project.

[mg8x]

I dont know but i think the problem is im from middle east and my account registered there and my linux vps is in Germany so this might be the problem. Thank you i will try the solution you have suggested.

[mg8x]

just now tried the bimester's it was same i didnt get any sms. i will try later with another apple id. thank you for your hard work

[dchristl]

just now tried the bimester's it was same i didnt get any sms. i will try later with another apple id. thank you for your hard work

You should try with trusteddevice, if you have a real Apple device.

[mg8x]

i will try it later. it would be great if it works on my VPS bcz i'm planning to develop a telegram bot for the reports(its too easy. and i would like to contribute to this project for the bot if you wish) and i think its better for getting notified.

[ramenaru]

im becoming elektronomia sky high, my 2FA setting isn't work lmao.

[poseiso]

I am currently facing the same issue, should i show log as well?

[dchristl]

I am currently facing the same issue, should i show log as well?

Only if you don't get the message: :2FA unsuccessful. Maybe wrong code or wrong number. Check your account details.

[ramenaru]

i after success 2FA with sms, but my apple id is blocked why ?

log:

2024-04-30 10:01:46,307 - INFO - 2FA successful
2024-04-30 10:01:46,333 - INFO - Authentication request initialization
2024-04-30 10:01:48,259 - DEBUG - HTTP-Code: 200

[2024-04-30 10:01:51,966 - DEBUG - Answer from icloud login
2024-04-30 10:01:51,966 - DEBUG - {'dsid': '21623485671', 'delegates': {'com.apple.mobileme': {'status': 1, 'status-message': 'A server problem is blocking Apple ID sign in.]

[dschense]

@ramenaru
do you try to login with enabled VPN?
Apple Login sometimes hates any type of VPN. If you are using, disable, login and enable again after login.

[ramenaru]

@ramenaru do you try to login with enabled VPN? Apple Login sometimes hates any type of VPN. If you are using, disable, login and enable again after login.

no I didn't use any VPN, or kinda like that. that's just say try adding a credit card, but my apple account is already have some credit card. Im from southeast Asia is that any related problem to my region ? or any suggest ?
please help

[thirstyone]

yet another person who doesn't receieve an sms from apple (phone number registered (android phone, if that mattters), 2FA enabled, no vpn is used.. tried ... christld/macless-haystack:latest-dev - no luck ;-(

[maplepy]

No 2FA code is received here either

[dchristl]

If all the tips in the FAQ don't help, then only Apple knows why the accounts aren't working. Sorry, there's nothing I can do here, so I'm closing the issue.

[zerog2k]

The other thing you could possibly do is, if you have a real mac logged into the account, use the anisette headers from the mac to bypass 2FA.

Can someone explain how to do this if we are able to login with 2FA to https://appleid.apple.com/account/manage, but not with macless-openhaystack ?

[Xopher00]

I am having the exact same issue and am very frustrated this has not been resolved. I also have sms set up for 2fa. This still has not been resolved? I was doing my own research and everything I found pointed to here as the easiest way to set things up.
Excerpt from docker logs:

`remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 6 (delta 0), reused 5 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (6/6), 4.43 KiB | 1.11 MiB/s, done.
From https://github.com/dchristl/macless-haystack
 * branch            main       -> FETCH_HEAD
   92d56a0..7fcbea6  main       -> origin/main
2024-09-26 16:53:46,576 - DEBUG - Searching for token at /app/endpoint/data/auth.json
2024-09-26 16:53:46,577 - INFO - No auth-token found.
2024-09-26 16:53:46,577 - INFO - Trying to register new device.
2024-09-26 16:53:46,578 - INFO - Trying to login
Apple ID: pricekr
Password:
2024-09-26 16:53:55,764 - INFO - Authentication request initialization
2024-09-26 16:53:56,545 - DEBUG - HTTP-Code: 200
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Response</key>
    <dict>
        <key>Status</key>
        <dict>
            <key>hsc</key>
            <integer>200</integer>
            <key>ed</key>
            <string></string>
            <key>ec</key>
            <integer>0</integer>
            <key>em</key>
            <string></string>
            <key>tt</key>
            <string></string>
            <key>rsh</key>
            <false/>
        </dict>
        <key>i</key>
        <integer>818</integer>
        <key>s</key>
        <data>5DqZSkLZYQtbiWIDgyV6IQ==</data>
        <key>sp</key>
        <string>s2k_fo</string>
        <key>ptxid</key>
        <string>77315882-3856-4714-ab69-139863107f46</string>
        <key>c</key>
        <string>d-53e-eb437572-7c27-11ef-8f3e-b7525ea82019:RNO</string>
        <key>B</key>
        <data>T1HkpuKbqMnXSy/6dCWtqPLehZxT9LTU/BymhfpIqQIJ8JRYysZEa/jumw7EdXgYHkOHef/Kt/inTDPb/1HpPQa6ufVLHTK8KKkImEjZYmKBRp4qaFxVNWPEnFhXxhLkxX97PCwWVcZe9Irx61w2yTI5IsP6GWgr5t7GeSE+f+8akmTpz75osDXhciFHyRH7emoJfXKPDmDRs4qimHx4K1nNFETJGwcCgknTnt1FWl07aIMV5VAD5Bq8tDd50hBRpknRGFwwcOYxsKcEICIk2FvZw+Z0R3+pLkQecwKCBs+aG1XTq36KQP3QmWeMhiol2WWk956B9w/dOj6Z0XCnqA==</data>
    </dict>
    <key>Header</key>
    <dict>
    </dict>
</dict>
</plist>

2024-09-26 16:53:56,548 - WARNING - This implementation only supports s2k. Server returned s2k_fo
Traceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 159, in <module>
    apple_cryptography.registerDevice()
  File "/app/endpoint/register/apple_cryptography.py", line 77, in registerDevice
    getAuth(regenerate=True)
  File "/app/endpoint/register/apple_cryptography.py", line 50, in getAuth
    mobileme = icloud_login_mobileme(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 41, in icloud_login_mobileme
    pet = g["t"]["com.apple.gs.idms.pet"]["token"]
          ~^^^^^
TypeError: 'NoneType' object is not subscriptable
From https://github.com/dchristl/macless-haystack
 * branch            main       -> FETCH_HEAD
2024-09-26 16:54:00,466 - DEBUG - Searching for token at /app/endpoint/data/auth.json
2024-09-26 16:54:00,467 - INFO - No auth-token found.
2024-09-26 16:54:00,467 - INFO - Trying to register new device.
2024-09-26 16:54:00,467 - INFO - Trying to login`