Skip to content

seemoo-lab/apple-continuity-tools

BranchesTags

Repository files navigation

Apple Continuity Reverse Engineering Toolkit

This reverse engineering toolkit for macOS was used by the Open Wireless Link Project to analyze several services in Apple's wireless ecosystem such as AirDrop, Wi-Fi Password Sharing, Handoff, and Offline Finding.

Requirements

Module Dependencies

The toolkit uses both Python and Node.js modules. To use them, first create a virtual Python environment and then install all dependencies (Python and Node.js) by running:

make venv
source venv/bin/activate
make install

To uninstall, simply delete the repository folder.

Disabled System Integrity Protection

Some of the tools require you to (partly) disable macOS' System Integrity Protection (SIP). Please be aware of the security implications. We indicate this requirement in the table below. To (partly) disable SIP, boot into recovery mode by restarting macOS and holding ⌘+R. In recovery mode, open the terminal, enter one of the following commands, and reboot macOS.

# Disable only certain SIP features ...
csrutil enable --without <FEATURE>
# ... or fully disable SIP
csrutil disable

To restore full SIP later, reboot in macOS' recovery mode again (⌘+R) and run

csrutil enable

Tools

We provide a brief overview of the included tools. Please read the respective README.md in the subfolders for more information.

Tool Description Disable SIP features
process_recon scan system logs find processes involved in a certain service
keychain_access monitor process access to any keychain items and export them all (for system processes)
continuity_messages record Continuity messages of the rapportd daemon debugging

Authors

  • Alexander Heinrich
  • Milan Stute

Related Publications

  • Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick. Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi. 30th USENIX Security Symposium (USENIX Security ’21), August 11–13, 2021, Vancouver, B.C., Canada. Link
  • Milan Stute. Availability by Design: Practical Denial-of-Service-Resilient Distributed Wireless Networks. Dissertation, Technical University of Darmstadt, February 14, 2020. doi:10.25534/tuprints-00011457
  • Milan Stute, Sashank Narain, Alex Mariotto, Alexander Heinrich, David Kreitschmann, Guevara Noubir, and Matthias Hollick. A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link. 28th USENIX Security Symposium (USENIX Security ’19), August 14–16, 2019, Santa Clara, CA, USA. Link

License

This toolkit is licensed under the GNU General Public License v3.0.

About

Reverse engineering toolkit for Apple's wireless ecosystem

Topics

macos ios apple reverse-engineering frida

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

63 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages