How to decrypt apple app attestation object in Java ( iOS 14 and above )?

Hey! I spent hours to figure this out. Let’s keep it short and quick now.

This package is the thing: https://github.com/google/cbortree

Add the dependency in pom.xml.

<dependency>
    <groupId>com.google.iot.cbor</groupId>
    <artifactId>cobra</artifactId>
    <version>0.01.01</version>
</dependency>

Compile the code to fetch the new dependency

mvn compile

Add the following code anywhere you find suitable

.
.
.

import com.google.iot.cbor.CborParseException;
import com.google.iot.cbor.CborMap;

import java.util.Base64;

.
.
.
public String getDecodedAppAttestObject(String encryptedAppAttestObjectBase64) throws CborParseException {

    var decodedByteArray = Base64.getDecoder().decode(encryptedAppAttestObjectBase64);
    
    CborMap decodedAppAttestObjectByteArray = CborMap.createFromCborByteArray(decodedByteArray);
    
    var decodedAppAttestObject = decodedAppAttestObjectByteArray.toString();
    
    return decodedAppAttestObject;
}
.
.
.

That’s it! The function can now decode your attestation object. Hope it helps, thank you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s