Slide 1
Slide 1 text
Kishikawa Katsumi
Network ExtensionͰiOSσόΠε্Ͱಈ͘
ύέοτΩϟϓνϟΛ࡞Δ
Slide 2
Slide 2 text
Agenda
• Network Extension͓ΑͼύέοτΩϟϓνϟͷ֓ཁ
• VPNͷΈ
• Network ExtensionΛͬͯ؆қVPNΫϥΠΞϯτΛ࣮͢Δ
• ύέοτͷߏͱղੳ
• ύέοτΩϟϓνϟΛར༻࣮ͨ͠༻తͳπʔϧͷ࡞
Slide 3
Slide 3 text
Introduction
• Network Extensionͱʁ
• ύέοτΩϟϓνϟͱʁ
Slide 4
Slide 4 text
Network Extensionͱ
Slide 5
Slide 5 text
Network Extensionͱ
• macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI
• Wi-Fiઃఆͷมߋ
• ΧϑΣͷWiFiʹࣗಈతʹଓ͢ΔɺͳͲ
• γεςϜɺ·ͨΧελϜVPNϓϩτίϧΛ༻ͨ͠VPNߏͷ࡞ͱཧ
• ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮
• γεςϜશମͷDNSߏͷ࡞ͱཧ
Slide 6
Slide 6 text
Network Extensionͱ
• macOS/iOSͷωοτϫʔΫؔ࿈ͷػೳΛ֦ுɾΧελϚΠζͰ͖ΔAPI
• Wi-Fiઃఆͷมߋ
• ΧϑΣͷWiFiʹࣗಈతʹଓ͢ΔɺͳͲ
• γεςϜɺ·ͨΧελϜVPNϓϩτίϧΛ༻ͨ͠VPNߏͷ࡞ͱཧ
• ΦϯσόΠεͷίϯςϯπϑΟϧλͷ࣮
• γεςϜશମͷDNSߏͷ࡞ͱཧ
Slide 7
Slide 7 text
Network Extensionͱ
NetworkExtension.framework͕ఏڙ͢ΔAPIʢൈਮʣ
• WiFiઃఆ
• NEHotspotCon
fi
gurationManager
• NEHotspotHelper
• ΧελϜVPN
• NEPacketTunnelProvider
• ίϯςϯπϑΟϧλ
• NEFilterDataProvider
• NEFilterControlProvider
Slide 8
Slide 8 text
ύέοτΩϟϓνϟͱ
Slide 9
Slide 9 text
ύέοτΩϟϓνϟͱ
ωοτϫʔΫΛྲྀΕΔ௨৴σʔλʢύέοτʣΛσόοάͳͲͷͨΊ
ʹऔಘʢΩϟϓνϟʣͯ͠Θ͔Γ͘͢දࣔͨ͠Γ͢ΔιϑτΣΞ
Slide 10
Slide 10 text
ύέοτΩϟϓνϟͱ
Wireshark
Slide 11
Slide 11 text
ύέοτΩϟϓνϟͱ
Charles Proxy
Slide 12
Slide 12 text
ύέοτΩϟϓνϟͱ
Charles Proxy
Slide 13
Slide 13 text
No content
Slide 14
Slide 14 text
Charles Proxy for iOSͷΑ͏ͳύέο
τΩϟϓνϟΞϓϦΛ࡞Δʹʁ
Slide 15
Slide 15 text
Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹʁ
• Network ExtensionΛͬͯVPNΫϥΠΞϯτΛ࣮͢Δ
• ʢΦϓγϣϯʣσόΠε୯ମͰ݁ͤ͞ΔͨΊʹVPNαʔόʔ࣮͢Δ
• औಘͨ͠௨৴ͷ༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ
खॱ
Slide 16
Slide 16 text
Charles Proxy for iOSͷΑ͏ͳύέοτΩϟϓνϟΛ࡞Δʹʁ
• Network ExtensionΛͬͯVPNΫϥΠΞϯτΛ࣮͢Δ
• ʢΦϓγϣϯʣσόΠε୯ମͰ݁ͤ͞ΔͨΊʹVPNαʔόʔ࣮͢Δ
• औಘͨ͠௨৴ͷ༰ΛຊମΞϓϦʹసૹͯ͠UIʹදࣔ͢Δ
खॱ
Slide 17
Slide 17 text
VPNͱ
Slide 18
Slide 18 text
VPNͱ
VPNͷΈ
ԾΠϯλʔϑΣʔε
VPNΫϥΠΞϯτ
tun0
҉߸Խ
ϦϞʔτVPN
ೝূ
෮߸ɾ
҉߸Խ
Slide 19
Slide 19 text
VPNͱ
VPNͷΈ
ԾΠϯλʔϑΣʔε
VPNΫϥΠΞϯτ
tun0
҉߸Խ
ϦϞʔτVPN
ೝূ
෮߸ɾ
҉߸Խ
Slide 20
Slide 20 text
VPNͱ
VPNͷΈ
ԾΠϯλʔϑΣʔε
VPNΫϥΠΞϯτ
tun0
҉߸Խ
ϦϞʔτVPN
ೝূ
෮߸ɾ
҉߸Խ
Slide 21
Slide 21 text
VPN্ΛྲྀΕΔσʔλ
σʔλ
IP
HTTP
TCP
Slide 22
Slide 22 text
VPN্ΛྲྀΕΔσʔλ
σʔλ
IP
HTTP
TCP
VPN
Slide 23
Slide 23 text
VPN্ΛྲྀΕΔσʔλ
σʔλ
IP
HTTP
TCP
VPN
IP
TCP
Slide 24
Slide 24 text
Network ExtensionͰ؆қVPNΫ
ϥΠΞϯτͱαʔόʔΛ࣮͢Δ
Slide 25
Slide 25 text
Network ExtensionΛͬͯVPNΛ࣮͢Δ
Packet Tunnel Provider
• Personal VPN
• Packet Tunnel Provider
• App Proxy Provider
Slide 26
Slide 26 text
App Proxy Provider
Supervised devices only
Slide 27
Slide 27 text
No content
Slide 28
Slide 28 text
Content Filter Provider
Slide 29
Slide 29 text
NEFilterDataProvider
• NEFilterDataProvider
• TCP/UDPʢϨΠϠʔ̐ʣͷใ͕औಘͰ͖ΔͷͰVPNΛ࡞ΔΑΓ؆୯
• ❌ Content FilterΛͬͯऔಘͨ͠௨৴ͷ༰ϑΝΠϧʹॻ͍ͨΓ֎෦ʹૹ
৴͢Δ͜ͱ͕Ͱ͖ͳ͍
❌ Content FilterΛͬͯύέοτΩϟϓνϟΛ࣮͢Δ
Slide 30
Slide 30 text
Network ExtensionΛͬͯVPNΛ࣮͢Δ
Packet Tunnel Provider
• Personal VPN
• Packet Tunnel Provider
• App Proxy Provider
Slide 31
Slide 31 text
No content
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
No content
Slide 34
Slide 34 text
No content
Slide 35
Slide 35 text
EntitlementΛՃ͢Δ
Slide 36
Slide 36 text
No content
Slide 37
Slide 37 text
No content
Slide 38
Slide 38 text
No content
Slide 39
Slide 39 text
NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ
Slide 40
Slide 40 text
NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ
Slide 41
Slide 41 text
No content
Slide 42
Slide 42 text
NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ
Slide 43
Slide 43 text
No content
Slide 44
Slide 44 text
NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ
Slide 45
Slide 45 text
No content
Slide 46
Slide 46 text
NEPacketTunnelProviderΛಈ͘Α͏ʹ͢Δ
Slide 47
Slide 47 text
No content
Slide 48
Slide 48 text
σόοάϩάग़ྗͰ
Slide 49
Slide 49 text
No content
Slide 50
Slide 50 text
σόοάϩάग़ྗͰ
Slide 51
Slide 51 text
σόοάϩάग़ྗͰ
Slide 52
Slide 52 text
ύέοτΛऔಘ͢Δ
Slide 53
Slide 53 text
ύέοτΛऔಘ͢Δ
packetFlowϓϩύςΟ
Slide 54
Slide 54 text
ύέοτΛऔಘ͢Δ
packetFlowϓϩύςΟ
Slide 55
Slide 55 text
No content
Slide 56
Slide 56 text
No content
Slide 57
Slide 57 text
No content
Slide 58
Slide 58 text
No content
Slide 59
Slide 59 text
ύέοτΛऔಘͰ͖ΔΑ͏ʹ͢Δ
Slide 60
Slide 60 text
No content
Slide 61
Slide 61 text
No content
Slide 62
Slide 62 text
Hex Packet Decoder - https://hpd.gasmi.net/
Slide 63
Slide 63 text
No content
Slide 64
Slide 64 text
VPNαʔόʔͷ௨৴Λ࣮͢Δ
Slide 65
Slide 65 text
VPNαʔόʔͷ௨৴Λ࣮͢Δ
ԾΠϯλʔϑΣʔε
VPNΫϥΠΞϯτ
tun0
҉߸Խ
ϦϞʔτVPN
ೝূ
෮߸ɾ
҉߸Խ
Slide 66
Slide 66 text
VPNαʔόʔͷ௨৴Λ࣮͢Δ
σʔλ
IP
HTTP
TCP
VPN
IP
TCP
Slide 67
Slide 67 text
VPNαʔόʔͷ௨৴Λ࣮͢Δ
ԾΠϯλʔϑΣʔε
NEPacketTunnelProvider
Slide 68
Slide 68 text
VPNαʔόʔͷ௨৴Λ࣮͢Δ
σʔλ
IP
HTTP
TCP
Slide 69
Slide 69 text
PacketTunnelProvider = TUN Interface + VPN Client
• TUN, namely network TUNnel, simulates a network layer device and operates
in layer 3 carrying IP packets.
• TAP, namely network TAP, simulates a link layer device and operates in layer
2 carrying Ethernet frames.
• TUN is used with routing. TAP can be used to create a user space network
bridge.
Slide 70
Slide 70 text
No content
Slide 71
Slide 71 text
No content
Slide 72
Slide 72 text
No content
Slide 73
Slide 73 text
No content
Slide 74
Slide 74 text
No content
Slide 75
Slide 75 text
No content
Slide 76
Slide 76 text
Handle TCP Packet
3 Way Handshake
Wikipedia - https://commons.wikimedia.org/wiki/File:TCP_Three-Way_Handshake.svg
Slide 77
Slide 77 text
No content
Slide 78
Slide 78 text
No content
Slide 79
Slide 79 text
No content
Slide 80
Slide 80 text
ʢผղʣϩʔΧϧProxyαʔόʔͰ
ॲཧ͢ΔʢHTTP/HTTPSͷΈʣ
Slide 81
Slide 81 text
No content
Slide 82
Slide 82 text
ύέοτΩϟϓνϟΛར༻ͨ͠
πʔϧͷ࡞ʢσϞʣ
Slide 83
Slide 83 text
ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞
σϞ
Slide 84
Slide 84 text
ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞
σϞ
https://github.com/codyphobe/among-us-protocol
Slide 85
Slide 85 text
ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞
σϞ
https://amongus-debugger.vercel.app
Slide 86
Slide 86 text
ύέοτΩϟϓνϟΛར༻ͨ͠πʔϧͷ࡞
σϞ
Slide 87
Slide 87 text
Wrap up
• Network ExtensionΛ͏ͱVPNΫϥΠΞϯτ͕࡞ΕΔ
• VPNΫϥΠΞϯτͦͷੑ্࣭ύέοτΛݟΔඞཁ͕͋Δ
• Charles Proxy for iOSVPNΛར༻ͯ͠ύέοτΩϟϓνϟΛ͍ͯ͠Δ
• αϯϓϧ͕গͳ͘ɺͱ͔͔ͬΓ͍͕ͬͯ͠ΈΔͱָ͍͠
• ήʔϜΛαϙʔτ͢ΔπʔϧΛ࡞Δͱ͍͍͔ʁ
Slide 88
Slide 88 text
References
• AUCaptureʢઆ໌ʹ༻ͨ͠ΞϓϦͷιʔείʔυʣ
https://github.com/kishikawakatsumi/AUCapture
• Network Extension, Part 1 - Introduction
https://kean.blog/post/network-extensions-into
• How Does VPN Work?
https://kean.blog/post/networking-101
• VPN, Part 1: VPN Pro
fi
les
https://kean.blog/post/vpn-con
fi
guration-manager
• VPN, Part 2: Packet Tunnel Provider
https://kean.blog/post/packet-tunnel-provider
Slide 89
Slide 89 text
References
• Network Extensions for the Modern Mac - WWDC19 - Videos - Apple
Developer
https://developer.apple.com/videos/play/wwdc2019/714
• What's New in Network Extension and VPN - WWDC15 - Videos - Apple
Developer
https://developer.apple.com/videos/play/wwdc2015/717
• OpenVPNAdapterʢOpenVPNʹଓ͢ΔNetworkExtensionɻΩϟϓνϟͳͲ
ͳ͠ʹಈ͔͚ͩ͢ͳΒ͜Ε͕Ұ൪؆୯ɻʣ
https://github.com/ss-abramchuk/OpenVPNAdapter
Slide 90
Slide 90 text
References
• AmongUsProtocolʢSwiftͰಈ͘Among UsύέοτParserʣ
https://github.com/kishikawakatsumi/AmongUsProtocol
• Hex Packet Decoder
https://hpd.gasmi.net/
• Among Us Protocol Research
https://github.com/codyphobe/among-us-protocol
• Among Us Debugger
https://amongus-debugger.vercel.app/