Network ExtensionでiOSデバイス上で動くパケットキャプチャを作る

Transcript

1. Kishikawa Katsumi Network ExtensionͰiOSσόΠε্Ͱಈ͘ ύέοτΩϟϓνϟΛ࡞Δ

2. Agenda • Network Extension͓ΑͼύέοτΩϟϓνϟͷ֓ཁ • VPNͷ࢓૊Έ • Network ExtensionΛ࢖ͬͯ؆қVPNΫϥΠΞϯτΛ࣮૷͢Δ •

   ύέοτͷߏ଄ͱղੳ • ύέοτΩϟϓνϟΛར༻࣮ͨ͠༻తͳπʔϧͷ࡞੒

3. Introduction • Network Extensionͱ͸ʁ • ύέοτΩϟϓνϟͱ͸ʁ

4. Network Extensionͱ͸

5. Network Extensionͱ͸ • macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI • Wi-Fiઃఆͷมߋ • ΧϑΣͷWiFiʹࣗಈతʹ઀ଓ͢ΔɺͳͲ • γεςϜɺ·ͨ͸ΧελϜVPNϓϩτίϧΛ࢖༻ͨ͠VPNߏ੒ͷ࡞੒ͱ؅ཧ

   • ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮૷ • γεςϜશମͷDNSߏ੒ͷ࡞੒ͱ؅ཧ

6. Network Extensionͱ͸ • macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI • Wi-Fiઃఆͷมߋ • ΧϑΣͷWiFiʹࣗಈతʹ઀ଓ͢ΔɺͳͲ • γεςϜɺ·ͨ͸ΧελϜVPNϓϩτίϧΛ࢖༻ͨ͠VPNߏ੒ͷ࡞੒ͱ؅ཧ

   • ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮૷ • γεςϜશମͷDNSߏ੒ͷ࡞੒ͱ؅ཧ

7. Network Extensionͱ͸ NetworkExtension.framework͕ఏڙ͢ΔAPIʢൈਮʣ • WiFiઃఆ • NEHotspotCon fi gurationManager •

   NEHotspotHelper • ΧελϜVPN • NEPacketTunnelProvider • ίϯςϯπϑΟϧλ • NEFilterDataProvider • NEFilterControlProvider

8. ύέοτΩϟϓνϟͱ͸

9. ύέοτΩϟϓνϟͱ͸ ωοτϫʔΫΛྲྀΕΔ௨৴σʔλʢύέοτʣΛσόοάͳͲͷͨΊ ʹऔಘʢΩϟϓνϟʣͯ͠Θ͔Γ΍͘͢දࣔͨ͠Γ͢Διϑτ΢ΣΞ

10. ύέοτΩϟϓνϟͱ͸ Wireshark

11. ύέοτΩϟϓνϟͱ͸ Charles Proxy

12. ύέοτΩϟϓνϟͱ͸ Charles Proxy

13. None

14. Charles Proxy for iOSͷΑ͏ͳύέο τΩϟϓνϟΞϓϦΛ࡞Δʹ͸ʁ

15. Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹ͸ʁ • Network ExtensionΛ࢖ͬͯVPNΫϥΠΞϯτΛ࣮૷͢Δ • ʢΦϓγϣϯʣσόΠε୯ମͰ׬݁ͤ͞ΔͨΊʹVPNαʔόʔ΋࣮૷͢Δ •

    औಘͨ͠௨৴ͷ಺༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ खॱ

16. Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹ͸ʁ • Network ExtensionΛ࢖ͬͯVPNΫϥΠΞϯτΛ࣮૷͢Δ • ʢΦϓγϣϯʣσόΠε୯ମͰ׬݁ͤ͞ΔͨΊʹVPNαʔόʔ΋࣮૷͢Δ •

    औಘͨ͠௨৴ͷ಺༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ खॱ

17. VPNͱ͸

18. VPNͱ͸ VPNͷ࢓૊Έ Ծ૝ΠϯλʔϑΣʔε VPNΫϥΠΞϯτ tun0 ҉߸Խ ϦϞʔτVPN ೝূ
 ෮߸ɾ ҉߸Խ

19. VPNͱ͸ VPNͷ࢓૊Έ Ծ૝ΠϯλʔϑΣʔε VPNΫϥΠΞϯτ tun0 ҉߸Խ ϦϞʔτVPN ೝূ
 ෮߸ɾ ҉߸Խ

20. VPNͱ͸ VPNͷ࢓૊Έ Ծ૝ΠϯλʔϑΣʔε VPNΫϥΠΞϯτ tun0 ҉߸Խ ϦϞʔτVPN ೝূ
 ෮߸ɾ ҉߸Խ

21. VPN্ΛྲྀΕΔσʔλ σʔλ IP HTTP TCP

22. VPN্ΛྲྀΕΔσʔλ σʔλ IP HTTP TCP VPN

23. VPN্ΛྲྀΕΔσʔλ σʔλ IP HTTP TCP VPN IP TCP

24. Network ExtensionͰ؆қVPNΫ ϥΠΞϯτͱαʔόʔΛ࣮૷͢Δ

25. Network ExtensionΛ࢖ͬͯVPNΛ࣮૷͢Δ Packet Tunnel Provider • Personal VPN • Packet

    Tunnel Provider • App Proxy Provider

26. App Proxy Provider Supervised devices only

27. None

28. Content Filter Provider

29. NEFilterDataProvider • NEFilterDataProvider • TCP/UDPʢϨΠϠʔ̐ʣͷ৘ใ͕औಘͰ͖ΔͷͰVPNΛ࡞ΔΑΓ؆୯ • ❌ Content FilterΛ࢖ͬͯऔಘͨ͠௨৴ͷ಺༰͸ϑΝΠϧʹॻ͍ͨΓ֎෦ʹૹ ৴͢Δ͜ͱ͕Ͱ͖ͳ͍

    ❌ Content FilterΛ࢖ͬͯύέοτΩϟϓνϟΛ࣮૷͢Δ

30. Network ExtensionΛ࢖ͬͯVPNΛ࣮૷͢Δ Packet Tunnel Provider • Personal VPN • Packet

    Tunnel Provider • App Proxy Provider
31. None
32. None
33. None
34. None

35. EntitlementΛ௥Ճ͢Δ

36. None
37. None
38. None

39. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

40. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

41. None

42. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

43. None

44. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

45. None

46. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

47. None

48. σόοά͸ϩάग़ྗͰ

49. None

50. σόοά͸ϩάग़ྗͰ

51. σόοά͸ϩάग़ྗͰ

52. ύέοτΛऔಘ͢Δ

53. ύέοτΛऔಘ͢Δ packetFlowϓϩύςΟ

54. ύέοτΛऔಘ͢Δ packetFlowϓϩύςΟ

55. None
56. None
57. None
58. None

59. ύέοτΛऔಘͰ͖ΔΑ͏ʹ͢Δ

60. None
61. None

62. Hex Packet Decoder - https://hpd.gasmi.net/

63. None

64. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ

65. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ Ծ૝ΠϯλʔϑΣʔε VPNΫϥΠΞϯτ tun0 ҉߸Խ ϦϞʔτVPN ೝূ
 ෮߸ɾ ҉߸Խ

66. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ σʔλ IP HTTP TCP VPN IP TCP

67. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ Ծ૝ΠϯλʔϑΣʔε NEPacketTunnelProvider

68. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ σʔλ IP HTTP TCP

69. PacketTunnelProvider = TUN Interface + VPN Client • TUN, namely

    network TUNnel, simulates a network layer device and operates in layer 3 carrying IP packets. • TAP, namely network TAP, simulates a link layer device and operates in layer 2 carrying Ethernet frames. • TUN is used with routing. TAP can be used to create a user space network bridge.
70. None
71. None
72. None
73. None
74. None
75. None

76. Handle TCP Packet 3 Way Handshake Wikipedia - https://commons.wikimedia.org/wiki/File:TCP_Three-Way_Handshake.svg

77. None
78. None
79. None

80. ʢผղʣϩʔΧϧProxyαʔόʔͰ ॲཧ͢ΔʢHTTP/HTTPSͷΈʣ

81. None

82. ύέοτΩϟϓνϟΛར༻ͨ͠ πʔϧͷ࡞੒ʢσϞʣ

83. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒ σϞ

84. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒ σϞ https://github.com/codyphobe/among-us-protocol

85. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒ σϞ https://amongus-debugger.vercel.app

86. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒ σϞ

87. Wrap up • Network ExtensionΛ࢖͏ͱVPNΫϥΠΞϯτ͕࡞ΕΔ • VPNΫϥΠΞϯτ͸ͦͷੑ্࣭ύέοτΛݟΔඞཁ͕͋Δ • Charles Proxy

    for iOS͸VPNΛར༻ͯ͠ύέοτΩϟϓνϟΛ͍ͯ͠Δ • αϯϓϧ͕গͳ͘ɺͱ͔͔ͬΓ͸೉͍͕͠΍ͬͯΈΔͱָ͍͠ • ήʔϜΛαϙʔτ͢ΔπʔϧΛ࡞Δͱ͍͍͔΋ʁ

88. References • AUCaptureʢઆ໌ʹ࢖༻ͨ͠ΞϓϦͷιʔείʔυʣ
 https://github.com/kishikawakatsumi/AUCapture • Network Extension, Part 1 -

    Introduction
 https://kean.blog/post/network-extensions-into • How Does VPN Work?
 https://kean.blog/post/networking-101 • VPN, Part 1: VPN Pro fi les
 https://kean.blog/post/vpn-con fi guration-manager • VPN, Part 2: Packet Tunnel Provider
 https://kean.blog/post/packet-tunnel-provider

89. References • Network Extensions for the Modern Mac - WWDC19

    - Videos - Apple Developer
 https://developer.apple.com/videos/play/wwdc2019/714 • What's New in Network Extension and VPN - WWDC15 - Videos - Apple Developer
 https://developer.apple.com/videos/play/wwdc2015/717 • OpenVPNAdapterʢOpenVPNʹ઀ଓ͢ΔNetworkExtensionɻΩϟϓνϟͳͲ ͳ͠ʹಈ͔͚ͩ͢ͳΒ͜Ε͕Ұ൪؆୯ɻʣ
 https://github.com/ss-abramchuk/OpenVPNAdapter

90. References • AmongUsProtocolʢSwiftͰಈ͘Among UsύέοτParserʣ
 https://github.com/kishikawakatsumi/AmongUsProtocol • Hex Packet Decoder
 https://hpd.gasmi.net/

    • Among Us Protocol Research
 https://github.com/codyphobe/among-us-protocol • Among Us Debugger
 https://amongus-debugger.vercel.app/