An attempt will be made to request the SMS in another way is failing when correct OTP is entered

[sijintv]

An attempt will be made to request the SMS in another way.). Is sending SMS. when I type in 2FA

2025-12-12 16:50:19,564 - INFO - Sending SMS via id 1
Enter SMS 2FA code:143546
Traceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 177, in <module>
    apple_cryptography.registerDevice()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/app/endpoint/register/apple_cryptography.py", line 71, in registerDevice
    getAuth(regenerate=True)
    ~~~~~~~^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/apple_cryptography.py", line 44, in getAuth
    mobileme = icloud_login_mobileme(
        username=mh_config.getUser(), password=mh_config.getPass())
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 45, in icloud_login_mobileme
    g = gsa_authenticate(username, password)
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 126, in gsa_authenticate
    sms_second_factor(spd["adsid"], spd["GsIdmsToken"])
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 301, in sms_second_factor
    resp.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.14/site-packages/requests/models.py", line 1026, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://gsa.apple.com/auth/verify/phone/securitycode

[PoleTransformer]

Not able to recreate. Please start from scratch, delete all volume data for anisette-v3 and macless-haystack. Provide debug logs.

[Sudo-null7]

I've got the same error,
2025-12-24 01:49:03,660 - INFO - Sending SMS via id 3 Traceback (most recent call last): File "/app/endpoint/mh_endpoint.py", line 177, in <module> apple_cryptography.registerDevice() ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^ File "/app/endpoint/register/apple_cryptography.py", line 71, in registerDevice getAuth(regenerate=True) ~~~~~~~^^^^^^^^^^^^^^^^^ File "/app/endpoint/register/apple_cryptography.py", line 44, in getAuth mobileme = icloud_login_mobileme( username=mh_config.getUser(), password=mh_config.getPass()) File "/app/endpoint/register/pypush_gsa_icloud.py", line 45, in icloud_login_mobileme g = gsa_authenticate(username, password) File "/app/endpoint/register/pypush_gsa_icloud.py", line 126, in gsa_authenticate sms_second_factor(spd["adsid"], spd["GsIdmsToken"]) ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/endpoint/register/pypush_gsa_icloud.py", line 289, in sms_second_factor code = request_code(headers,sms_id) File "/app/endpoint/register/pypush_gsa_icloud.py", line 331, in request_code req.raise_for_status() ~~~~~~~~~~~~~~~~~~~~^^ File "/usr/local/lib/python3.14/site-packages/requests/models.py", line 1026, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 401 Client Error: for url: https://idmsa.apple.com/appleauth/auth/verify/phone
deleted all data and restarted but still got same issue

how can I pull debug logs for you that won't contain sensitive infomation

[giovannitarter]

I also had the same error, and can provide the full logs.

- INFO - Sending SMS via id 1
Enter SMS 2FA code:784362
Traceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 177, in <module>
    apple_cryptography.registerDevice()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/app/endpoint/register/apple_cryptography.py", line 71, in registerDevice
    getAuth(regenerate=True)
    ~~~~~~~^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/apple_cryptography.py", line 44, in getAuth
    mobileme = icloud_login_mobileme(
        username=mh_config.getUser(), password=mh_config.getPass())
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 45, in icloud_login_mobileme
    g = gsa_authenticate(username, password)
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 126, in gsa_authenticate
    sms_second_factor(spd["adsid"], spd["GsIdmsToken"])
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 301, in sms_second_factor
    resp.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.14/site-packages/requests/models.py", line 1026, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://gsa.apple.com/auth/verify/phone/securitycode

[Sudo-null7]

Mine doesn't send a SMS number, so it's not the same error

[PoleTransformer]

Lets try collecting some info from Apple's endpoint. Go to https://account.apple.com/sign-in, open developer options and go to network tab to monitor all requests, enter email and password, select Can’t get to your devices?, and then Text code to .... In developer options find the request to https://idmsa.apple.com/appleauth/auth/verify/phone and comment the request and response from this endpoint.

Request:

{"phoneNumber":{"id":2},"mode":"sms"}

Response:

{
  "trustedPhoneNumbers" : [ {
    "nonFTEU" : false,
    "numberWithDialCode" : "redacted"
    "obfuscatedNumber" : "redacted"
    "pushMode" : "sms",
    "lastTwoDigits" : "redacted"
    "id" : 2
  } ],
  "phoneNumber" : {
    "nonFTEU" : false,
    "numberWithDialCode" : "redacted"
    "obfuscatedNumber" : "redacted"
    "pushMode" : "sms",
    "lastTwoDigits" : "redacted"
    "id" : 2
  },
  "securityCode" : {
    "length" : 6,
    "tooManyCodesSent" : false,
    "tooManyCodesValidated" : false,
    "securityCodeLocked" : false,
    "securityCodeCooldown" : false
  },
  "mode" : "sms",
  "type" : "verification",
  "authenticationType" : "hsa2",
  "autoVerified" : false,
  "showAutoVerificationUI" : false,
  "supportsCustodianRecovery" : false,
  "hideSendSMSCodeOption" : false,
  "supervisedChangePasswordFlow" : false,
  "enableNonFTEU" : false,
  "content" : {
    "enterCodeDescription" : "Enter the verification code sent to your Apple devices.",
    "sendCodeDescription" : "Apple can send another verification code to your other Apple devices.",
    "resendCodeLink" : "Resend code to devices",
    "canNotGetCodeLink" : "Can’t get to your devices?",
    "canNotGetCodeTitle" : "Can’t get to your devices?"
  },
  "trustedPhoneNumber" : {
    "nonFTEU" : true,
    "numberWithDialCode" : "redacted"
    "obfuscatedNumber" : "redacted"
    "pushMode" : "sms",
    "lastTwoDigits" : "redacted"
    "id" : 2
  },
  "hsa2Account" : true,
  "restrictedAccount" : false,
  "supportsRecovery" : true,
  "managedAccount" : true
}

Verify that "restrictedAccount" : false and none of the SecurityCode flags are triggered, such as "tooManyCodesSent" : true. Confirm that you are able to login via SMS 2FA to iCloud on browser. Leave out the recovery URLs as those contain your account email address.

[giovannitarter]

Thanks!

Here is the request:

{"phoneNumber":{"id":1},"mode":"sms"}

and here the response:

{
  "trustedPhoneNumbers" : [ {
    "numberWithDialCode" : "+39 ••• ••• ••48",
    "nonFTEU" : true,
    "lastTwoDigits" : "48",
    "pushMode" : "sms",
    "obfuscatedNumber" : "••• ••• ••48",
    "id" : 1
  } ],
  "phoneNumber" : {
    "numberWithDialCode" : "••• ••• ••• ••48",
    "nonFTEU" : true,
    "lastTwoDigits" : "48",
    "pushMode" : "sms",
    "obfuscatedNumber" : "••• ••• ••48",
    "id" : 1
  },
  "securityCode" : {
    "length" : 6,
    "tooManyCodesSent" : false,
    "tooManyCodesValidated" : false,
    "securityCodeLocked" : false,
    "securityCodeCooldown" : false
  },
  "mode" : "sms",
  "type" : "verification",
  "authenticationType" : "hsa2",
  "recoveryUrl" : "https://iforgot.apple.com/phone/add?prs_account_nm=*********&autoSubmitAccount=true&appId=142",
  "cantUsePhoneNumberUrl" : "https://iforgot.apple.com/iforgot/phone/add?context=cantuse&prs_account_nm=*****&autoSubmitAccount=true&appId=142",
  "recoveryWebUrl" : "https://iforgot.apple.com/password/verify/appleid?prs_account_nm=******&autoSubmitAccount=true&appId=142",
  "repairPhoneNumberUrl" : "https://gsa.apple.com/appleid/account/manage/repair/verify/phone",
  "repairPhoneNumberWebUrl" : "https://appleid.apple.com/widget/account/repair?#!repair",
  "aboutTwoFactorAuthenticationUrl" : "https://support.apple.com/kb/HT204921",
  "autoVerified" : false,
  "showAutoVerificationUI" : false,
  "supportsCustodianRecovery" : false,
  "hideSendSMSCodeOption" : false,
  "supervisedChangePasswordFlow" : false,
  "enableNonFTEU" : true,
  "content" : {
    "enterCodeDescription" : "Enter the verification code sent to your iPhone.",
    "sendCodeDescription" : "Apple can send another verification code to your iPhone.",
    "resendCodeLink" : "Resend code to iPhone",
    "canNotGetCodeLink" : "Can’t get to your iPhone?",
    "canNotGetCodeTitle" : "Can’t get to your iPhone?"
  },
  "trustedPhoneNumber" : {
    "numberWithDialCode" : "+39 ••• ••• ••48",
    "nonFTEU" : true,
    "lastTwoDigits" : "48",
    "pushMode" : "sms",
    "obfuscatedNumber" : "••• ••• ••48",
    "id" : 1
  },
  "hsa2Account" : true,
  "restrictedAccount" : false,
  "managedAccount" : false,
  "supportsRecovery" : true
}

Edit:
I deleted the first comment because I found some more occurrences of my email address... It's not an account that I use but still...

[PoleTransformer]

Thanks @giovannitarter. I don't see anything out of the ordinary. Can you test this PR? #226

Its an update to the POST SMS URL to https://idmsa.apple.com/appleauth/auth/verify/phone/securitycode. For some reason I still can't recreate your issue. This might be something to due with phone number country codes? Anyways report your findings.

[Ninoverstraeten2003]

I got in the same situation where I did not get a sms and needed to click enter. After that I got the same error. Using inspiration from PR: #226.

I got around the issue by logging in iCloud by email and pass and pressing the 'can't get to your devices' and using sms as 2FA after which I used the code I received via sms in the container.

Maybe #46 (comment) would fix it but I did not try that at the moment.

[giovannitarter]

Hi @PoleTransformer, thanks!
I tried with the new endpoint but

1. the sms is still not sent with the first method

2. after 60s I type Enter
   => it immediately fails with error:

2025-12-30 07:25:13,044 - INFO - Using phone with id 1 for SMS2FA
Enter SMS 2FA code (If you do not receive a code, wait 60s and press Enter. An attempt will be made to request the SMS in another way.):
2025-12-30 07:26:33,561 - DEBUG - {******}
2025-12-30 07:26:33,561 - INFO - Sending SMS via id 1
Traceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 177, in <module>
    apple_cryptography.registerDevice()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/app/endpoint/register/apple_cryptography.py", line 71, in registerDevice
    getAuth(regenerate=True)
    ~~~~~~~^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/apple_cryptography.py", line 44, in getAuth
    mobileme = icloud_login_mobileme(
        username=mh_config.getUser(), password=mh_config.getPass())
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 45, in icloud_login_mobileme
    g = gsa_authenticate(username, password)
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 126, in gsa_authenticate
    sms_second_factor(spd["adsid"], spd["GsIdmsToken"])
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 289, in sms_second_factor
    code = request_code(headers,sms_id)
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 331, in request_code
    req.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.14/site-packages/requests/models.py", line 1026, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://idmsa.apple.com/appleauth/auth/verify/phone

[mehrlich69]

Hi!

The same problem as with Giovannitarter [(https://github.com//issues/224#issuecomment-3698544630)]
Could you tell me whether Apple has destroyed the project or whether there will be a solution? Thank you very much for your work!

Traceback (most recent call last):
  File "/app/endpoint/mh_endpoint.py", line 177, in <module>
    apple_cryptography.registerDevice()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/app/endpoint/register/apple_cryptography.py", line 71, in registerDevice
    getAuth(regenerate=True)
    ~~~~~~~^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/apple_cryptography.py", line 44, in getAuth
    mobileme = icloud_login_mobileme(
        username=mh_config.getUser(), password=mh_config.getPass())
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 45, in icloud_login_mobileme
    g = gsa_authenticate(username, password)
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 126, in gsa_authenticate
    sms_second_factor(spd["adsid"], spd["GsIdmsToken"])
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/endpoint/register/pypush_gsa_icloud.py", line 301, in sms_second_factor
    resp.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.14/site-packages/requests/models.py", line 1026, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://gsa.apple.com/auth/verify/phone/securitycode