[tor-dev] iObfs: obfs4proxy on iOS

Mike Tigas mike at tig.as
Mon Apr 4 04:04:45 UTC 2016 

[again, cross-posted to tor-dev and guardian-dev.]

A quick status report on this: it works! Hit a big epiphany, figured out
how to get `gomobile` to emit the necessary bits, then went wild.

Some example stdout from Onion Browser connecting to Tor via obfs4,
meek_lite (google), and scramblesuit:
https://gist.github.com/mtigas/f1b9a3a8befa6f60d517eb2340f3cdd4

There are trivial forks of obfs4[1] and goptlib[2] that simply hard-code
some options that are normally sent as environment variables because
obfs4proxy runs in managed mode[3]. (It's the best I have right now
until I can figure out a better way to communicate between obfs4proxy
and the iOS bits.) I’ve tacked a few other quick thoughts at the bottom
of the iObfs readme[4]. As a quick test I've started building it into
Onion Browser (iobfs branch[5]), which is what got the output linked above.

[1]:
https://github.com/mtigas/obfs4/compare/1df5c8ffe8f4aa2614323698e8008f1ab1fb7a18...mtigas:iObfs-201604-dev
[2]:
https://github.com/mtigas/goptlib/compare/f17a5f239f705d7e39a8bccbebdf9927cc99dbeb...mtigas:iObfs-201604-dev
[3]: https://github.com/mtigas/iObfs/blob/master/notes/obfs4-nonmanaged.md
[4]: https://github.com/mtigas/iObfs/
[5]: https://github.com/OnionBrowser/iOS-OnionBrowser/tree/iobfs

There’s quite a bit to clean up and document. We also might want a more
minimal testcase than full-blown (and cruft-filled) Onion Browser?

Though the iObfs repo[4] *does* contain an Xcode project which builds an
“iObfs.app” that can successfully link and executes obfs4proxy as a
thread[6] (as long as the framework has been built with the
`buildobfs4.sh` script). stdout on that app properly shows the transport
“CMETHOD” lines, though that’s all that app does.

[6]: https://github.com/mtigas/iObfs/blob/master/iObfs/iObfs/ObfsWrapper.m

This is probably near some "maximum viable bad idea", having the iOS
browser app *and* Tor *and* go-powered obfs4proxy within the same
process. (But of course, there's no easy way to get around the
restriction against subprocesses on iOS.) It seems to work really well
in my limited testing so far. Will continue working on it in the coming
weeks and keep y’all posted.

Best,

Mike Tigas
@mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160404/567583bf/attachment-0001.sig>

More information about the tor-dev mailing list