From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Cc: Eddie <stunnel@attglobal.net>, Anatoli <me@anatoli.ws>,
Roopesh Chander S <roop@roopc.net>,
Miguel Arroz <miguel.arroz@gmail.com>,
Alan Graham <alan@meshify.app>,
oss@jacobwilder.org
Subject: Re: WireGuard Configurations Gone After iOS 15 Upgrade
Date: Wed, 22 Sep 2021 20:49:24 -0600 [thread overview]
Message-ID: <CAHmME9r8cCPM39mM=oAFgA0nDGAbiEghnkD8m_Y_g76FV_PBOg@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9reWG3UiHQm1fBvyQUoUF5_oJv6YiBGaOE2AUgLt-nK3w@mail.gmail.com>
Hi again,
I'm afraid the situation is somewhat bad...
It appears that iOS 15 has completely deleted the iOS 14's WireGUard
keychain items, at least as far as the WireGuard app can see. I've yet
to jailbreak or look at an image dump to see if it's still hiding
somewhere, but it also doesn't matter, because from the app's
perspective, the keychain appears totally empty.
Digging in just on the surface, it looks like the keychain references
from iOS 14 are something like "67656e7000000000000000f7", with that
f7 incrementing, while the ones from iOS 15 are
"67656e700167269751a94355a004bfa75f951cec" -- same prefix, but the
suffix is longer and seemingly random. Did the migration from one
format to the other go bad on upgrade? Did something else happen? I
don't really know much yet about the guts of this bug, but it does
seem like something is going on. We've never had any issues with the
keychain being emptied between iOS versions before.
So now we need to figure out what to do. I'm still holding out a tiny
sliver of hope that there's a mistake somewhere and this can all be
fixed by the app, but so far I've come up dry when looking around for
that. What if this really is an iOS 15 bug? I'll report it to Apple,
of course, but that doesn't help the immediate issue that people's
configs are being deleted. The behavior is at least detectable, so I
could detect the migration, delete all of the orphaned network
profiles (as before), and pop up a message box (resembling a
ransomware screen!) saying "Where Have All Your Configurations Gone?",
followed by an apologetic explanation. That's kind of unsatisfactory,
though. I'm all ears on other ideas if you've got any.
And if any Apple developers are hanging out on this list and want to
try their hand at a solution, that'd be much appreciated. (Plus, my
entreaty from March [1] remains.)
Jason
[1] https://lists.zx2c4.com/pipermail/wireguard/2021-March/006455.html
next prev parent reply other threads:[~2021-09-23 2:52 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 0:23 Eddie
2021-09-22 0:28 ` Eddie
2021-09-22 0:45 ` Miguel Arroz
2021-09-22 3:14 ` Jason A. Donenfeld
2021-09-22 4:04 ` Anatoli
2021-09-22 4:50 ` Jason A. Donenfeld
2021-09-22 5:17 ` Jason A. Donenfeld
[not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com>
2021-09-22 13:59 ` Jason A. Donenfeld
2021-09-22 14:47 ` Andrew Fried
2021-09-22 15:23 ` Eddie
2021-09-22 16:50 ` Miguel Arroz
2021-09-22 19:28 ` Jason A. Donenfeld
2021-09-22 19:58 ` Jeffrey Walton
2021-09-22 22:15 ` Jason A. Donenfeld
2021-09-22 22:31 ` Miguel Arroz
2021-09-22 22:35 ` Jason A. Donenfeld
2021-09-22 22:42 ` Miguel Arroz
2021-09-22 22:43 ` Jason A. Donenfeld
2021-09-22 22:45 ` Eddie
2021-09-22 22:55 ` Eddie
2021-09-22 22:55 ` Jason A. Donenfeld
[not found] ` <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net>
[not found] ` <CAHmME9p5C3bGT=gXV6WQ5HNOBTtitXdGwKm7EaOv_bnVVvX5vA@mail.gmail.com>
2021-09-22 22:56 ` Eddie
2021-09-23 1:34 ` Jason A. Donenfeld
2021-09-23 2:49 ` Jason A. Donenfeld [this message]
2021-09-23 2:54 ` Miguel Arroz
2021-09-23 3:06 ` Miguel Arroz
2021-09-23 3:09 ` Jason A. Donenfeld
2021-09-23 3:19 ` Miguel Arroz
2021-09-23 3:22 ` Jason A. Donenfeld
2021-09-23 3:57 ` Jason A. Donenfeld
2021-09-23 4:13 ` Jason A. Donenfeld
2021-09-23 4:21 ` Miguel Arroz
2021-09-23 14:41 ` Anatoli
2021-09-23 17:26 ` Jason A. Donenfeld
2021-09-24 2:17 ` Jason A. Donenfeld
2021-09-24 8:05 ` Alan Graham
2021-09-22 22:24 ` Anatoli
2021-09-22 22:26 ` Jason A. Donenfeld
2021-09-22 23:12 ` Anatoli
2021-09-22 23:53 ` Alan Graham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9r8cCPM39mM=oAFgA0nDGAbiEghnkD8m_Y_g76FV_PBOg@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=alan@meshify.app \
--cc=me@anatoli.ws \
--cc=miguel.arroz@gmail.com \
--cc=oss@jacobwilder.org \
--cc=roop@roopc.net \
--cc=stunnel@attglobal.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).