Update Service Trace

This is a trace of a captured / decrypted session from the pre updater client to Palm's updater web service (ps.palmws.com -- presumably PS stands for Patch Server?)

This session was captured via the method described here:  Decrypt_SSL_(trusted_man-in-the-middle_technique)

Requests are from (pre) client to server. Responses are the returned response from the server to the pre.

Note: some formatting issue on the wiki causes the HTTP headers in requests and responses to appear to be seperated by blank lines. They should not be.

Transaction #1 URL: https://ps.palmws.com/palmcsext/services/deviceJ/getAppListForUpdates

Request: (edited - modified to mask MEID and email address.  Token replaced with random hex string of same length in case it contains uniquely identifying information about my account -- yes, the first character before the 32 byte hex string is the letter "O")

POST /palmcsext/services/deviceJ/getAppListForUpdates HTTP/1.1 Host: ps.palmws.com Accept-Encoding: deflate, gzip X-Requested-With: XMLHttpRequest X-$PrototypeBI-Version: 1.6.0.3 User-Agent: Mozilla/5.0 (webOS/1.0; U; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/1.0 Safari/525.27.1 Pre/1.0 Content-type: application/json; charset=UTF-8 Accept: text/javascript, text/html, application/xml, text/xml, */* Accept-Language: en-us,en;q=0.5 X-Palm-Carrier: c019-00 Content-Length: 154

{"AccountTokenInfo": {"token": "O4D88638DE01D99F60E185E487FB6A379", "deviceId": "MEID:00000000000000", "email": "xxxxxxx@yyyyy.com", "carrier": "Sprint"}}

Response:

HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/json Date: Thu, 25 Jun 2009 23:59:56 GMT Content-Length: 335 Connection: Keep-alive

{"OutAppListForUpdates":{"appList":{"appIcon":"http:\/\/cdn.downloads.palm.com\/public\/21\/icon\/icon_22795E.png","appVersion":"0.9.11","id":21,"packageUrl":"https:\/\/cdn.downloads.palm.com\/apps\/21\/0.9.11\/files\/com.palm.pandora_0.9.11_all_signed.ipk","price":0,"publicApplicationId":"com.palm.pandora","title":"Pandora Radio"}}}

Transaction #2 Note that as request this was 80+ kilobytes, I have removed all  tags and their contents for every item between "alsa-plugins" and "zlib":

URL: https://ps.palmws.com/palmcsext/swupdateserver

Request: (edited - modified to remove packages between "alsa-plugins" and "zlib")

POST /palmcsext/swupdateserver HTTP/1.1 Host: ps.palmws.com Cache-Control: private Connection: close User-Agent: HTTP SyncML Client [en] (WinNT; I) Accept: application/vnd.syncml.dm+xml Accept-Language: en Content-Type: application/vnd.syncml.dm+xml Accept-Charset: utf-8 x-syncml-hmac: algorithm=MD5, username="156354238", mac=SF2dMGut4v2Mpmsrs1ydTw== Content-Length: 88175

<![CDATA[1.2]]><![CDATA[DM/1.2]]><![CDATA[2]]><![CDATA[1]]><![CDATA]> <Meta><MaxMsgSize xmlns='syncml:metinf'><![CDATA[300000]]></MaxMsgSize><MaxObjSize xmlns='syncml:metinf'><![CDATA[100000]]></MaxObjSize></Meta></SyncHdr><SyncBody><Alert><CmdID><![CDATA[1]]></CmdID> </Alert><Replace><CmdID><![CDATA[2]]></CmdID><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item></Replace><Final/></SyncBody></SyncML>

Response:

HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-store Content-Type: application/vnd.syncml.dm+xml Date: Thu, 25 Jun 2009 23:59:57 GMT Set-Cookie: JSESSIONID=D3A37EC425461940C39D89FE74AC21D1; Path=/palmcsext; Secure Content-Length: 1675a Connection: close

<?xml version="1.0" encoding="UTF-8"?><SyncML xmlns='SYNCML:SYNCML1.2'> <SyncHdr> DM/1.2</VerProto> 2</SessionID> 1.2</VerDTD> 1</MsgID>  MEID:00000000000000</LocURI> </Target> <RespURI>https://ps.palmws.com/palmcsext/swupdateserver;jsessionid=D3A37EC425461940C39D89FE74AC21D1?sessiontype=1201</RespURI> </SyncHdr> <SyncBody> <Status> <CmdID>1</CmdID> <MsgRef>1</MsgRef> <CmdRef>0</CmdRef> <Cmd>SyncHdr</Cmd> https://ps.palmws.com/palmcsext/swupdateserver</TargetRef> </Status> <Status> <CmdID>2</CmdID> <MsgRef>1</MsgRef> <CmdRef>1</CmdRef> <Cmd>Alert</Cmd> </Status> <Status> <CmdID>3</CmdID> <MsgRef>1</MsgRef> <CmdRef>2</CmdRef> <Cmd>Replace</Cmd> </Status> <Final/> </SyncBody> </SyncML>

Transaction #3 URL: https://ps.palmws.com/palmcsext/swupdateserver

Request: (edited - modified to remove packages between "alsa-plugins" and "zlib")

POST /palmcsext/swupdateserver;jsessionid=D3A37EC425461940C39D89FE74AC21D1?sessiontype=1201 HTTP/1.1 Host: ps.palmws.com Cache-Control: private Connection: close User-Agent: HTTP SyncML Client [en] (WinNT; I) Accept: application/vnd.syncml.dm+xml Accept-Language: en Content-Type: application/vnd.syncml.dm+xml Accept-Charset: utf-8 x-syncml-hmac: algorithm=MD5, username="156354238", mac=hvMeISwxSVUEofF2jHhQjA== Content-Length: 88818

<?xml version="1.0" encoding="UTF-8"?><SyncML xmlns='SYNCML:SYNCML1.2'><SyncHdr><![CDATA[1.2]]></VerDTD><![CDATA[DM/1.2]]></VerProto><![CDATA[2]]></SessionID><![CDATA[2]]></MsgID><![CDATA]></LocURI></Target> <Meta><MaxMsgSize xmlns='syncml:metinf'><![CDATA[300000]]></MaxMsgSize><MaxObjSize xmlns='syncml:metinf'><![CDATA[100000]]></MaxObjSize></Meta></SyncHdr><SyncBody><Status><CmdID><![CDATA[3]]></CmdID><MsgRef><![CDATA[1]]></MsgRef><CmdRef><![CDATA[0]]></CmdRef><Cmd><![CDATA[SyncHdr]]></Cmd><![CDATA[MEID:00000000000000]]></TargetRef> </Status><Alert><CmdID><![CDATA[4]]></CmdID> </Alert><Replace><CmdID><![CDATA[5]]></CmdID><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item><Item> <Meta><Format xmlns='syncml:metinf'><![CDATA[chr]]></Format></Meta> </Item></Replace><Final/></SyncBody></SyncML>

Response:

HTTP/1.1 200 OK Server: Apache-Coyote/1.1 x-syncml-hmac: algorithm=MD5, username="omadm.swupdate.palm.com", mac=rFEH80Pa0KkkI7l0dmKkxQ== Cache-Control: no-store Content-Type: application/vnd.syncml.dm+xml Date: Thu, 25 Jun 2009 23:59:58 GMT Content-Length: 12858 Connection: close

<?xml version="1.0" encoding="UTF-8"?><SyncML xmlns='SYNCML:SYNCML1.2'> <SyncHdr> DM/1.2</VerProto> 2</SessionID> <VerDTD>1.2</VerDTD> <MsgID>2</MsgID> <Target> <LocURI>MEID:00000000000000</LocURI> </Target> <RespURI>https://ps.palmws.com/palmcsext/swupdateserver;jsessionid=D3A37EC425461940C39D89FE74AC21D1?sessiontype=1201</RespURI> </SyncHdr> <SyncBody> <Status> <CmdID>1</CmdID> <MsgRef>2</MsgRef> <CmdRef>0</CmdRef> <Cmd>SyncHdr</Cmd> <TargetRef>https://ps.palmws.com/palmcsext/swupdateserver;jsessionid=D3A37EC425461940C39D89FE74AC21D1?sessiontype=1201</TargetRef> </Status> <Status> <CmdID>2</CmdID> <MsgRef>2</MsgRef> <CmdRef>4</CmdRef> <Cmd>Alert</Cmd> </Status> <Status> <CmdID>3</CmdID> <MsgRef>2</MsgRef> <CmdRef>5</CmdRef> <Cmd>Replace</Cmd> </Status> <Replace> <CmdID>4</CmdID> <Item> <Target> <LocURI>./Software/Package/bootloader/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/pmipclib/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/base-files/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.mail/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.calendar/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/palmcustomizationinfo/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/directfb/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/memchute/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.pimsync/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.backup/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.palm.app.camera/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.palm.app.findapps/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/luna-sysmgr/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/pubsubservice/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/mobitv-sprint-rtspsrc/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/fileindexer/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/powerd/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/browserserver/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/mediaserver/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/palmvideosink-omap34xx/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.pim/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.palm.app.clock/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.motionapps.service.classic/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.telenav.sprintnavigation/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/java-com.palm.contacts/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/upstart-initscripts/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/palmbuildinfo/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/luna-media/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/initscripts/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/browser-adapter/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/gloox/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/luna-webkit/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/sweatshop-sprint-castle/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.palm.app.phone/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Package/com.telenav.app.sprintnavigation/PkgURL</LocURI> </Target> </Item> <Item> <Target> <LocURI>./Software/Build</LocURI> </Target> </Item> </Replace> <Add> <CmdID>5</CmdID> <Item> <Target> <LocURI>./Software/Package/com.palm.app.ondevicedemo</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">node</Format> </Meta> </Item> <Item> <Target> <LocURI>./Software/Package/com.palm.app.ondevicedemo/PkgURL</LocURI> </Target> </Item> </Add> <Exec> <CmdID>6</CmdID> <Correlator>1245974398969</Correlator> <Item> <Target> <LocURI>./Software/DownloadAndInstall</LocURI> </Target> </Item> </Exec> <Final/> </SyncBody> </SyncML>