Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Network ExtensionでiOSデバイス上で動くパケットキャプチャを作る

Kishikawa Katsumi
September 18, 2021
Programming
7
6k

Network ExtensionでiOSデバイス上で動くパケットキャプチャを作る

Creating a packet capture app without a remote VPN server with a Network Extension framework.

Network Extensionおよびパケットキャプチャの概要
VPNの仕組み
Network Extensionを使って簡易VPNクライアントを実装する
パケットの構造と解析
パケットキャプチャを利用した実用的なツールの作成

Kishikawa Katsumi

September 18, 2021
Tweet

More Decks by Kishikawa Katsumi

See All by Kishikawa Katsumi
Mastering SwiftSyntax
kishikawakatsumi
3
2k
My SwiftData Review
kishikawakatsumi
7
880
Swift Expression Macros: a practical introduction
kishikawakatsumi
3
1.3k
Xcode Cloudの評価
kishikawakatsumi
2
880
Regular expressions basics/正規表現の基本
kishikawakatsumi
6
510
家のいろいろな数値を計測する
kishikawakatsumi
4
1.7k
GitHub Actionsでテストの結果をわかりやすく表示する
kishikawakatsumi
1
500
GitHub Actionsでテストの結果をわかりやすく表示する
kishikawakatsumi
1
1.2k
Xcode Cloud at a glance
kishikawakatsumi
2
1.6k

Other Decks in Programming

See All in Programming
純SPAでNext.jsに対抗する 〜ページによってmetaタグを切り替える編〜
kiyoshiro
0
220
RDRA, ICONIX, DDDの実践から得た学び
hsawaji
5
780
マイクロサービス環境におけるToilを削減するTerraformの活用 in DMMプラットフォーム
pospome
1
210
理解して導入するWebフレームワーク ~解決すべき課題に着目する~ / Understanding and implementing web frameworks ~focusing on the problems to be solved~
seike460
PRO
3
370
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
330
外部APIとズブズブな開発どうしてますか?
kin29
1
320
ZennにみるCloudRunとBigQueryによるアプリケーション構築 / zenn-cloudrun-bigquery-serverless
wadayusuke
12
3.1k
Kubernetesソースコードリーディング入門
bells17
15
2.8k
RustでWasm Runtimeを書いた in UV_Study
skanehira
1
260
A Practitioner's Journey from Ruby 1.8 to Present
koic
1
710
ブラウザで「今すぐ」gemを読み込む方法 / Load-gem-from-browser-JUST-NOW
lnit
0
500
Managing State Beyond ViewModels and Hilt (Updated)
vrallev
3
630

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
30k
How to Ace a Technical Interview
jacobian
272
22k
In The Pink: A Labor of Love
frogandcode
135
21k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
Rails Girls Zürich Keynote
gr2m
90
12k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
56k
Design by the Numbers
sachag
272
18k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.4k
Ruby is Unlike a Banana
tanoku
93
9.9k
Faster Mobile Websites
deanohume
296
29k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
GraphQLの誤解/rethinking-graphql
sonatard
44
8.5k

Transcript

  1. Kishikawa Katsumi
    Network ExtensionͰiOSσόΠε্Ͱಈ͘
    ύέοτΩϟϓνϟΛ࡞Δ

    View Slide

  2. Agenda
    • Network Extension͓ΑͼύέοτΩϟϓνϟͷ֓ཁ

    • VPNͷ࢓૊Έ

    • Network ExtensionΛ࢖ͬͯ؆қVPNΫϥΠΞϯτΛ࣮૷͢Δ

    • ύέοτͷߏ଄ͱղੳ

    • ύέοτΩϟϓνϟΛར༻࣮ͨ͠༻తͳπʔϧͷ࡞੒

    View Slide

  3. Introduction
    • Network Extensionͱ͸ʁ

    • ύέοτΩϟϓνϟͱ͸ʁ

    View Slide

  4. Network Extensionͱ͸

    View Slide

  5. Network Extensionͱ͸
    • macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI

    • Wi-Fiઃఆͷมߋ

    • ΧϑΣͷWiFiʹࣗಈతʹ઀ଓ͢ΔɺͳͲ

    • γεςϜɺ·ͨ͸ΧελϜVPNϓϩτίϧΛ࢖༻ͨ͠VPNߏ੒ͷ࡞੒ͱ؅ཧ

    • ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮૷

    • γεςϜશମͷDNSߏ੒ͷ࡞੒ͱ؅ཧ

    View Slide

  6. Network Extensionͱ͸
    • macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI

    • Wi-Fiઃఆͷมߋ

    • ΧϑΣͷWiFiʹࣗಈతʹ઀ଓ͢ΔɺͳͲ

    • γεςϜɺ·ͨ͸ΧελϜVPNϓϩτίϧΛ࢖༻ͨ͠VPNߏ੒ͷ࡞੒ͱ؅ཧ

    • ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮૷

    • γεςϜશମͷDNSߏ੒ͷ࡞੒ͱ؅ཧ

    View Slide

  7. Network Extensionͱ͸
    NetworkExtension.framework͕ఏڙ͢ΔAPIʢൈਮʣ
    • WiFiઃఆ

    • NEHotspotCon
    fi
    gurationManager

    • NEHotspotHelper

    • ΧελϜVPN

    • NEPacketTunnelProvider

    • ίϯςϯπϑΟϧλ

    • NEFilterDataProvider

    • NEFilterControlProvider

    View Slide

  8. ύέοτΩϟϓνϟͱ͸

    View Slide

  9. ύέοτΩϟϓνϟͱ͸
    ωοτϫʔΫΛྲྀΕΔ௨৴σʔλʢύέοτʣΛσόοάͳͲͷͨΊ
    ʹऔಘʢΩϟϓνϟʣͯ͠Θ͔Γ΍͘͢දࣔͨ͠Γ͢Διϑτ΢ΣΞ

    View Slide

  10. ύέοτΩϟϓνϟͱ͸
    Wireshark

    View Slide

  11. ύέοτΩϟϓνϟͱ͸
    Charles Proxy

    View Slide

  12. ύέοτΩϟϓνϟͱ͸
    Charles Proxy

    View Slide

  13. View Slide

  14. Charles Proxy for iOSͷΑ͏ͳύέο
    τΩϟϓνϟΞϓϦΛ࡞Δʹ͸ʁ

    View Slide

  15. Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹ͸ʁ
    • Network ExtensionΛ࢖ͬͯVPNΫϥΠΞϯτΛ࣮૷͢Δ

    • ʢΦϓγϣϯʣσόΠε୯ମͰ׬݁ͤ͞ΔͨΊʹVPNαʔόʔ΋࣮૷͢Δ

    • औಘͨ͠௨৴ͷ಺༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ
    खॱ

    View Slide

  16. Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹ͸ʁ
    • Network ExtensionΛ࢖ͬͯVPNΫϥΠΞϯτΛ࣮૷͢Δ

    • ʢΦϓγϣϯʣσόΠε୯ମͰ׬݁ͤ͞ΔͨΊʹVPNαʔόʔ΋࣮૷͢Δ

    • औಘͨ͠௨৴ͷ಺༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ
    खॱ

    View Slide

  17. VPNͱ͸

    View Slide

  18. VPNͱ͸
    VPNͷ࢓૊Έ
    Ծ૝ΠϯλʔϑΣʔε
    VPNΫϥΠΞϯτ
    tun0
    ҉߸Խ
    ϦϞʔτVPN
    ೝূ

    ෮߸ɾ

    ҉߸Խ

    View Slide

  19. VPNͱ͸
    VPNͷ࢓૊Έ
    Ծ૝ΠϯλʔϑΣʔε
    VPNΫϥΠΞϯτ
    tun0
    ҉߸Խ
    ϦϞʔτVPN
    ೝূ

    ෮߸ɾ

    ҉߸Խ

    View Slide

  20. VPNͱ͸
    VPNͷ࢓૊Έ
    Ծ૝ΠϯλʔϑΣʔε
    VPNΫϥΠΞϯτ
    tun0
    ҉߸Խ
    ϦϞʔτVPN
    ೝূ

    ෮߸ɾ

    ҉߸Խ

    View Slide

  21. VPN্ΛྲྀΕΔσʔλ
    σʔλ
    IP
    HTTP
    TCP

    View Slide

  22. VPN্ΛྲྀΕΔσʔλ
    σʔλ
    IP
    HTTP
    TCP
    VPN

    View Slide

  23. VPN্ΛྲྀΕΔσʔλ
    σʔλ
    IP
    HTTP
    TCP
    VPN
    IP
    TCP

    View Slide

  24. Network ExtensionͰ؆қVPNΫ
    ϥΠΞϯτͱαʔόʔΛ࣮૷͢Δ

    View Slide

  25. Network ExtensionΛ࢖ͬͯVPNΛ࣮૷͢Δ
    Packet Tunnel Provider
    • Personal VPN

    • Packet Tunnel Provider

    • App Proxy Provider

    View Slide

  26. App Proxy Provider
    Supervised devices only

    View Slide

  27. View Slide

  28. Content Filter Provider

    View Slide

  29. NEFilterDataProvider
    • NEFilterDataProvider

    • TCP/UDPʢϨΠϠʔ̐ʣͷ৘ใ͕औಘͰ͖ΔͷͰVPNΛ࡞ΔΑΓ؆୯

    • ❌ Content FilterΛ࢖ͬͯऔಘͨ͠௨৴ͷ಺༰͸ϑΝΠϧʹॻ͍ͨΓ֎෦ʹૹ
    ৴͢Δ͜ͱ͕Ͱ͖ͳ͍
    ❌ Content FilterΛ࢖ͬͯύέοτΩϟϓνϟΛ࣮૷͢Δ

    View Slide

  30. Network ExtensionΛ࢖ͬͯVPNΛ࣮૷͢Δ
    Packet Tunnel Provider
    • Personal VPN

    • Packet Tunnel Provider
    • App Proxy Provider

    View Slide

  31. View Slide

  32. View Slide

  33. View Slide

  34. View Slide

  35. EntitlementΛ௥Ճ͢Δ

    View Slide

  36. View Slide

  37. View Slide

  38. View Slide

  39. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

    View Slide

  40. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

    View Slide

  41. View Slide

  42. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

    View Slide

  43. View Slide

  44. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

    View Slide

  45. View Slide

  46. NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ

    View Slide

  47. View Slide

  48. σόοά͸ϩάग़ྗͰ

    View Slide

  49. View Slide

  50. σόοά͸ϩάग़ྗͰ

    View Slide

  51. σόοά͸ϩάग़ྗͰ

    View Slide

  52. ύέοτΛऔಘ͢Δ

    View Slide

  53. ύέοτΛऔಘ͢Δ
    packetFlowϓϩύςΟ

    View Slide

  54. ύέοτΛऔಘ͢Δ
    packetFlowϓϩύςΟ

    View Slide

  55. View Slide

  56. View Slide

  57. View Slide

  58. View Slide

  59. ύέοτΛऔಘͰ͖ΔΑ͏ʹ͢Δ

    View Slide

  60. View Slide

  61. View Slide

  62. Hex Packet Decoder - https://hpd.gasmi.net/

    View Slide

  63. View Slide

  64. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ

    View Slide

  65. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ
    Ծ૝ΠϯλʔϑΣʔε
    VPNΫϥΠΞϯτ
    tun0
    ҉߸Խ
    ϦϞʔτVPN
    ೝূ

    ෮߸ɾ

    ҉߸Խ

    View Slide

  66. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ
    σʔλ
    IP
    HTTP
    TCP
    VPN
    IP
    TCP

    View Slide

  67. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ
    Ծ૝ΠϯλʔϑΣʔε
    NEPacketTunnelProvider

    View Slide

  68. VPNαʔόʔͷ௨৴Λ࣮૷͢Δ
    σʔλ
    IP
    HTTP
    TCP

    View Slide

  69. PacketTunnelProvider = TUN Interface + VPN Client
    • TUN, namely network TUNnel, simulates a network layer device and operates
    in layer 3 carrying IP packets.

    • TAP, namely network TAP, simulates a link layer device and operates in layer
    2 carrying Ethernet frames.

    • TUN is used with routing. TAP can be used to create a user space network
    bridge.

    View Slide

  70. View Slide

  71. View Slide

  72. View Slide

  73. View Slide

  74. View Slide

  75. View Slide

  76. Handle TCP Packet
    3 Way Handshake
    Wikipedia - https://commons.wikimedia.org/wiki/File:TCP_Three-Way_Handshake.svg

    View Slide

  77. View Slide

  78. View Slide

  79. View Slide

  80. ʢผղʣϩʔΧϧProxyαʔόʔͰ
    ॲཧ͢ΔʢHTTP/HTTPSͷΈʣ

    View Slide

  81. View Slide

  82. ύέοτΩϟϓνϟΛར༻ͨ͠
    πʔϧͷ࡞੒ʢσϞʣ

    View Slide

  83. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒
    σϞ

    View Slide

  84. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒
    σϞ
    https://github.com/codyphobe/among-us-protocol

    View Slide

  85. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒
    σϞ
    https://amongus-debugger.vercel.app

    View Slide

  86. ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞੒
    σϞ

    View Slide

  87. Wrap up
    • Network ExtensionΛ࢖͏ͱVPNΫϥΠΞϯτ͕࡞ΕΔ

    • VPNΫϥΠΞϯτ͸ͦͷੑ্࣭ύέοτΛݟΔඞཁ͕͋Δ

    • Charles Proxy for iOS͸VPNΛར༻ͯ͠ύέοτΩϟϓνϟΛ͍ͯ͠Δ

    • αϯϓϧ͕গͳ͘ɺͱ͔͔ͬΓ͸೉͍͕͠΍ͬͯΈΔͱָ͍͠

    • ήʔϜΛαϙʔτ͢ΔπʔϧΛ࡞Δͱ͍͍͔΋ʁ

    View Slide

  88. References
    • AUCaptureʢઆ໌ʹ࢖༻ͨ͠ΞϓϦͷιʔείʔυʣ

    https://github.com/kishikawakatsumi/AUCapture

    • Network Extension, Part 1 - Introduction

    https://kean.blog/post/network-extensions-into

    • How Does VPN Work?

    https://kean.blog/post/networking-101

    • VPN, Part 1: VPN Pro
    fi
    les

    https://kean.blog/post/vpn-con
    fi
    guration-manager

    • VPN, Part 2: Packet Tunnel Provider

    https://kean.blog/post/packet-tunnel-provider

    View Slide

  89. References
    • Network Extensions for the Modern Mac - WWDC19 - Videos - Apple
    Developer

    https://developer.apple.com/videos/play/wwdc2019/714

    • What's New in Network Extension and VPN - WWDC15 - Videos - Apple
    Developer

    https://developer.apple.com/videos/play/wwdc2015/717

    • OpenVPNAdapterʢOpenVPNʹ઀ଓ͢ΔNetworkExtensionɻΩϟϓνϟͳͲ
    ͳ͠ʹಈ͔͚ͩ͢ͳΒ͜Ε͕Ұ൪؆୯ɻʣ

    https://github.com/ss-abramchuk/OpenVPNAdapter

    View Slide

  90. References
    • AmongUsProtocolʢSwiftͰಈ͘Among UsύέοτParserʣ

    https://github.com/kishikawakatsumi/AmongUsProtocol

    • Hex Packet Decoder

    https://hpd.gasmi.net/

    • Among Us Protocol Research

    https://github.com/codyphobe/among-us-protocol

    • Among Us Debugger

    https://amongus-debugger.vercel.app/

    View Slide