mdmb is a tool for simulating Apple devices interacting with Apple MDM servers.

Related tags

Network mdmb
Overview

mdmb

mdmb — short for MDM Benchmark, à la ab — is a tool for simulating Apple devices interacting with Apple MDM servers.

mdmb creates sets of fake Apple devices and allows you to enroll in, connect to, and thereby interact with Apple MDM servers. Interactions include receiving and responding to MDM commands and some common device actions like installing profiles and responding to information commands.

The goal of this project is to facilitate testing of Apple MDM servers in various ways. I.e:

  • Load & scalability testing
  • MDM protocol testing & feature development
  • Monitoring & validation
  • CI/CD

Limitations

Device simulation

The device simulation tries to be similar to a real Apple device. As such mdmb simulates a device Keychain, Configuration Profile store, Profile and per-Profile Payload processing (for profile installation & removal), an MDM Client, and more which are used when interacting with Apple MDM servers.

That said, mdmb's device simulation is only meant to serve its ability to test MDM servers. This means many MDM commands, Configuration Profile payloads, and other aspects of simulating devices are missing, incomplete, erroneous, out of scope, or otherwise broken.

APNs

A key component of Apple MDM is Apple's Push Notification service (APNs). However, as we are only simulating devices we cannot authenticate to Apple's APNs service. Therefore this part of the MDM communication channel simply doesn't work. We generate fake push tokens and push magic as we enroll with the MDM server. As such the MDM server attempting to send push notifications to our simulated devices will not succeed. Even if the notifications were processed by Apple's servers mdmb wouldn't be able to receive those notifications anyway.

Because the MDM server can't signal the device to connect to it we instead simulate a device receiving a push notification by specifically requesting that it connect to the MDM server on demand, shown below.

OTA & ADE enrollment

OTA & ADE (DEP) enrollments ostensibly validate the initial enrollment data signature against an Apple CA for which only Apple devices can recieve a certificate. Again becasue were merely simulate Apple devices we cannot obtain one of these certificates that are signed by Apple's Device CA. This means that in order to support OTA or ADE/DEP enrollments the MDM server must not have implemented or have disabled their device certificate validation. Practically this means simulated OTA and ADE enrollments are not supported.

Getting started

Installing & Building

Download one of the release binary zip files, unzip it, and execute the mdmb binary inside.

To build from source: clone the repo, issue a make in the repo dir and you should get an mdmb binary.

Create device(s)

The devices-create subcommand of mdmb will make new devices.

./mdmb devices-create
creating 1 device(s)
B0ECC518-1C7F-4DAF-B726-E7A169DB4CF8

mdmb stores devices in its database file on disk called mdmb.db by default.

Want to make more? Invoke devices-create again. Want to make many more? Use the -n switch and supply the number you want to create.

$ ./mdmb devices-create -n 3
creating 3 device(s)
DFB76ED4-4D29-4CB6-B930-1CAF8635868A
07998A4A-0D12-4818-BF6B-75F6C17B57B6
C432E77F-F167-4051-B3AB-A3B751C20AA9

Enroll device(s)

The devices-profiles-install subcommand of mdmb tries to install profiles, including MDM enrollment profiles. You'll need to provide an Apple MDM enrollment profile of course. We also need to tell mdmb which devices to enroll by specifying the UUID. Note the -uuids argument comes before the subcommand name (devices-profiles-install). Note also you can specify "all" for the UUIDs or "-" to read them from stdin one line at a time.

$ ./mdmb -uuids B0ECC518-1C7F-4DAF-B726-E7A169DB4CF8 devices-profiles-install -f enroll.mobileconfig 
B0ECC518-1C7F-4DAF-B726-E7A169DB4CF8
level=info ts=2021-02-23T22:25:25.763628Z op=GetCACert error=null took=66.028014ms
[...snip...]

Device(s) connect

The devices-connect subcommand of mdmb will direct already-enrolled devices to connect into the MDM server to check their command queue. This is similar to the devices receiving an APNs notification from the MDM server by way of Apple's APNs system.

$ ./mdmb -uuids all devices-connect
2021/03/02 12:08:14 device not enrolled (no identity uuid)
2021/03/02 12:08:14 device not enrolled (no identity uuid)
2021/03/02 12:08:14 device not enrolled (no identity uuid)
starting 1 workers for 1 iterations of 1 devices (1 connects)
.

Total MDM connects                1 (100%)
Errors                            0 (0%)
Total elapsed time                75.194793ms
Min MDM connect elapsed           75.147176ms
Max MDM connect elapsed           75.147176ms
Avg (mean) MDM connect elapsed    75.147176ms
Stddev MDM connect elapsed        0s

Here we see three devices not included in the test (because they were never enrolled) and our one enrolled device complete a checkin.

List devices

The devices-list subcommand of mdmb lists all of the devices created in the above command.

$ ./mdmb devices-list
B0ECC518-1C7F-4DAF-B726-E7A169DB4CF8
DFB76ED4-4D29-4CB6-B930-1CAF8635868A
07998A4A-0D12-4818-BF6B-75F6C17B57B6
C432E77F-F167-4051-B3AB-A3B751C20AA9

Scripting devices

By combining commands you can script queuing device commands (i.e. to be connected to de-queued by the devices-connect subcommand later):

$ mdmb devices-list | xargs -n 1 ./tools/api/commands/device_information
Issues
  • Support profile install from URLs

    Support profile install from URLs

    Currently to install a profile you need to have it downloaded as a file. Add support for calling out to a URL, maybe even with a parameter of the device UUID to retrieve a dynamic profile.

    opened by jessepeterson 0
  • Output consistency for scripting & tooling integration

    Output consistency for scripting & tooling integration

    mdmb is intended to be scriptable and fully automated. This means we should put some planning into how it can be most easily driven from scripts & other tools. This includes input as well as output considering things like the best text-based output for parsing, whether we should support JSON, both options, etc.

    opened by jessepeterson 0
  • Support OTA & ADE enrollment

    Support OTA & ADE enrollment

    Support OTA & ADE (DEP) enrollment. This is of dubious value due to the limitations mentioned in the README, however for those MDM servers which can be tested (i.e. getting past the Apple device CA validation) it may still be of value.

    opened by jessepeterson 0
Owner
Jesse Peterson
Jesse Peterson
Jazigo is a tool written in Go for retrieving configuration for multiple devices, similar to rancid, fetchconfig, oxidized, Sweet.

Table of Contents About Jazigo Supported Platforms Features Requirements Quick Start - Short version Quick Start - Detailed version Global Settings Im

null 179 Jun 26, 2022
Tool for monitoring network devices (mainly using SNMP) - monitoring check plugin

Thola Description A tool for monitoring network devices written in Go. It features a check mode which complies with the monitoring plugins development

inexio 246 Jun 12, 2022
protoCURL is cURL for Protobuf: The command-line tool for interacting with Protobuf over HTTP REST endpoints using human-readable text formats

protoCURL protoCURL is cURL for Protobuf: The command-line tool for interacting with Protobuf over HTTP REST endpoints using human-readable text forma

QAware GmbH 18 Jun 22, 2022
Server-tool - A simple tool to run and create Minecraft servers

Server Tool A simple tool to run and maintain different Minecraft servers. This

Jack 1 Jan 6, 2022
communicate with iOS devices implemented with Golang

Golang-iDevice much more easy to use ?? electricbubble/gidevice-cli Installation go get github.com/electricbubble/gidevice Devices package main impor

雷系泡泡 184 Jun 23, 2022
Automatically compress podcasts to tiny file sizes for bandwidth constrained devices like cellular.

tinycast Automatically compress podcasts to tiny file sizes for bandwidth constrained connections like cellular or satellite.

Stephen Holiday 4 Jan 15, 2022
Connect your devices into a single private WireGuard®-based mesh network.

Wiretrustee A WireGuard®-based mesh network that connects your devices into a single private network. Why using Wiretrustee? Connect multiple devices

null 2.5k Jun 23, 2022
Prometheus exporter for counting connected devices to a network using nmap

nmapprom Prometheus exporter for counting the hosts connected to a network using nmap · Report Bug · Request Feature Table of Contents About The Proje

Oisín Aylward 3 Oct 17, 2021
Manage SwOS devices

swosman Manage SwOS devices This application for management MikroTik devices running of SWoS TODO Link Getting setting Save new setting Getting status

Kirill 0 Nov 4, 2021
Demo of EdgeX Foundry Ireland (or Jakarta) release with real Modbus, SNMP and GPIO pin devices

Ireland Demo This demo shows the Ireland (or Jakarta - it works for both) release of EdgeX with the following devices: Comet Systems T0310 temperature

Jim White 0 Nov 6, 2021
Nomad plugin for reserving device mappings used by ebs devices.

Nomad Skeleton Device Plugin Skeleton project for Nomad device plugins. This project is intended for bootstrapping development of a new device plugin.

Turbine Inc. 0 Jan 5, 2022
User Agents detector for tv, phone, tablet and desktop devices.

gouseragents Accurate and fresh list of desktop, phone, tablet and tv user agents. install go get github.com/emetriq/gouseragents usage import ( "f

emetriq GmbH 2 Apr 26, 2022
Provides communication with USB Human Interface Devices.

This package is discontinued This package does not work with Go1.6+. I won't be updating this package since a better alternative is already available,

Geert-Johan Riemer 53 Apr 8, 2022
A Go library for interacting with the Hypixel API.

gopixel gopixel is a Go library for interacting with the Hypixel API. This software is alpha software and is subject to change, including but not limi

null 3 Apr 1, 2022
Library for directly interacting and controlling an Elgato Stream Deck on Linux.

Stream Deck Library for directly interacting and controlling an Elgato Stream Deck on Linux. This library is designed to take exclusive control over a

Matthew Penner 3 Jan 23, 2022
WebRTC media servers stress testing tool (currently only Janus)

GHODRAT WebRTC media servers stress testing tool (currently only Janus) Architecture Janus media-server under load Deployment ghodrat # update or crea

Snapp Cab Incubators 31 Jun 8, 2022
🚀Gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily build high-performance servers.

gev 中文 | English gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily bui

徐旭 1.4k Jun 26, 2022
llb - It's a very simple but quick backend for proxy servers. Can be useful for fast redirection to predefined domain with zero memory allocation and fast response.

llb What the f--k it is? It's a very simple but quick backend for proxy servers. You can setup redirect to your main domain or just show HTTP/1.1 404

Kirill Danshin 12 Jan 23, 2022
Easy SSH servers in Golang

gliderlabs/ssh The Glider Labs SSH server package is dope. —@bradfitz, Go team member This Go package wraps the crypto/ssh package with a higher-level

Glider Labs 2.6k Jun 21, 2022