[tor-talk] Android app: Torrific

CJ tor at tengu.ch
Sat Jul 26 07:33:13 UTC 2014

On 07/26/2014 03:36 AM, Mike Perry wrote:
> CJ:
>> On 07/25/2014 09:24 AM, isis wrote:
>>> CJ transcribed 2.5K bytes:
>>>> On 07/24/2014 03:54 PM, u wrote:
>>>>> CJ:
>>>>>> On 07/24/2014 01:23 PM, u wrote:
>>>>>>> Lunar:
>>>>>>>> CJ:
>>>>>>>>> Just a small announce (not sure if this is the right ML, sorry).
>>>>>>>>> I'm developing an Android app allowing to block all IP traffic, and
>>>>>>>>> force only selected app through Orbot.
>>>>>>>>> This is done because neither Orbot nor AFWall (or other free, opensource
>>>>>>>>> Android iptables managment interface) seem to be able to do that...
>>>>>>>> Orbot is free software. Isn't there a way to add the needed features
>>>>>>>> directly to it?
>>>>>>>> Sorry if it's a naive question, I'm not very knowledgable regarding
>>>>>>>> Android. But I know that asking our users to install 3 different apps or
>>>>>>>> even more is not friendly.
>>>>>>> AFAIK this works in Orbot if you have a rooted Android device.
>>>>>> Not the "block all other output" part in fact :)
>>>>> That said, I am also interested in your answer to Lunar's question :)
>>>>> Why not contribute to Orbot instead?
>>>>> Cheers!
>>>> It's possible I push some pull-request later, yes.
>>>> But, as said in some previous email, I'm not really sure it's Orbot job
>>>> to set up firewall... I rather prefer dedicated app for dedicated task ---
>>>> Orbot main task is, for me, connecting to Tor network... Basically, this
>>>> just doesn't involve the firewall at all.
>>>> But yeah, I know, users like "all-in-one apps" --- who knows, once
>>>> torrific is ready (i.e. no more broken rules, no more bugs like "craps,
>>>> network's broken")... the devs may get some PR ;).
>>>> Torrific is also, for me, a way to play with android without annoying
>>>> other applications.
>>>> To be honest, I'd rather contribute this function in AFWall than Orbot,
>>>> as it already is a firewall manager (and not a bad one).
>>>> Cheers,
>>>> C.
>>> I agree that this should be done outside Orbot, for several reasons that I'm
>>> not going to get dragged into again. And FWIW, Mike's blog post on Android
>>> security specifically recommends setting up DroidWall (a similar AOS
>>> iptables-based firewall app) with some bash scripts to log and deny all leaky
>>> traffic from Orbot.
>>> My primary concern would be regarding whether Torrific's iptables rules are
>>> applied ASAP after Orbot starts Tor, and I actually can't recommend anything
>>> there (short of building a new initramfs which enforces starting the firewall
>>> from there, early during the boot process).
>> torrific works with an init-script blocking all the traffic --- same way
>> droidwall or afwall are working, same problem with older android versions.
>> torrific starts on boot, maybe earlier than orbot, which is a good
>> thing. it also uses orbot uid (as well as app uid) in order to set the
>> redirects and allow orbot to go out.
>>> DroidWall already has a mechanism for running user-specified scripts at
>>> startup... Perhaps the most portable way to do what you're trying to do would
>>> be to add a similar script-sourcing mechanism to AFWall? Then you could simply
>>> maintain a repo of startup scripts which (hopefully) work for any Android
>>> firewall app which supports this mechanism.
>> problems with handmade scripts: how to catch app uid automatically?
>> that's not userfriendly. Not at all...
>> That was the first version of this app: an init-script, a "lib" written
>> in shell, and a script applying the rules, using a shell array as source
>> for application information.

Hello Mike, nice to see you're following this small project, your post
was really inspiring! My nexus7 original ROM didn't see the light, it
was directly erased (though I prefer slimroms over CM). I stumbled on it
a bit after starting my project.
> FWIW, in the shell scripts in my howto[1], I do this UID detection in
> shell with dumpsys. Here's an example script:
> https://people.torproject.org/~mikeperry/android-hardening/android-firewall/firewall-allow-linphone-udp.sh
> The userinit problem I solved in a Cyanogenmod-specific way (I think).
> Cyanogenmod has a special init script location in
> /data/local/userinit.sh. For extra fun, I think it supports that instead
> of more standard Android init-scripts, because the AFWall+ startup
> script hack does not work on my devices. That's the main reason I
> created this userinit hack:
> https://people.torproject.org/~mikeperry/android-hardening/android-firewall/userinit.sh
Also supported on Slimroms, that's how I'm closing all IP network:

>> the app I've done lists the installed application requesting network
>> access, you just have to check those you're wanting to allow network
>> access and they are forced through orbot :).
> That LinPhone example script above also has another neat feature that I
> wish were available by default in a firewall app such as this. It allows
> only the UDP activity of LinPhone to bypass the Tor proxy. This means I
> can make TLS+SIP+ZRTP calls where the call setup and signaling goes over
> Tor, but encrypted voice and video data goes directly peer-to-peer over
> UDP.
Yep, it's on the TODO. This part will be a bit tricky in the UI, but I
think I have a nice way to do that :)
Also, I'll implement the possibility to get "a browser" (the one we
wish) to bypass the whole firewall/Orbot thing for captive portals. You
also added such a script
This will also add support for other SIP applications such as CSipSimple
(the one proposed for Ostel.co services).

> I recognize the UI for supporting this in the general case is a bit
> tricky to create without a lot of clutter, and it's questionable if you
> want to expose this ability for all apps (because for non peer-to-peer
> apps it can mean deanonymization to a central server). However, for this
> specific case it is very handy, at least until Tor is performant enough
> to support live, unbuffered voice+video data.
Sure, that's why I'm wanting to implement it. Plus, it will be a good
exercise with Android UI :). As an option you may activate in the
settings, with some warning regarding security issues and so



> 1. https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

More information about the tor-talk mailing list