[guardian-dev] iObfs: obfs4proxy on iOS

Nathan of Guardian nathan at guardianproject.info
Mon Apr 4 10:46:22 EDT 2016


On Mon, Apr 4, 2016, at 12:04 AM, Mike Tigas wrote:
> A quick status report on this: it works! Hit a big epiphany, figured out
> how to get `gomobile` to emit the necessary bits, then went wild.

"Tigas Gone Wild!", now only $19.99 on VHS! :)

Thanks for this great news to start the week.

> Some example stdout from Onion Browser connecting to Tor via obfs4,
> meek_lite (google), and scramblesuit:
> https://gist.github.com/mtigas/f1b9a3a8befa6f60d517eb2340f3cdd4
> 
> There are trivial forks of obfs4[1] and goptlib[2] that simply hard-code
> some options that are normally sent as environment variables because
> obfs4proxy runs in managed mode[3]. (It's the best I have right now
> until I can figure out a better way to communicate between obfs4proxy
> and the iOS bits.)

I think the generation of interfaces for shared libraries using gomobile
is pretty straightforward, but admittedly I haven't done it myself. This
is also where the new proposed Pluggable Transport API interface that is
being discussed (somewhere... can't find a link ATM), might be a good
next step to take, since we can implement that in Go, and that have it
used for future efforts.

> There’s quite a bit to clean up and document. We also might want a more
> minimal testcase than full-blown (and cruft-filled) Onion Browser?

Well, I am glad we jumped to the actual working application test case,
but yeah, I think something more minimal is still useful (see below).

> Though the iObfs repo[4] *does* contain an Xcode project which builds an
> “iObfs.app” that can successfully link and executes obfs4proxy as a
> thread[6] (as long as the framework has been built with the
> `buildobfs4.sh` script). stdout on that app properly shows the transport
> “CMETHOD” lines, though that’s all that app does.

I would love for this to perhaps be the basis for the Obfs4 bridge Apple
TV app... but for now, I think this qualifies as the unit testable setup
perhaps.

> This is probably near some "maximum viable bad idea", having the iOS
> browser app *and* Tor *and* go-powered obfs4proxy within the same
> process. (But of course, there's no easy way to get around the
> restriction against subprocesses on iOS.) It seems to work really well
> in my limited testing so far. Will continue working on it in the coming
> weeks and keep y’all posted.

Happy to put this blame on Apple. There is a better solution underway
(iCepa) but we all know the issues there, so until then, this is a great
step forward. 

Now we just need to get the app store SEO work done to put you up to the
top!

-- 
  Nathan of Guardian
  nathan at guardianproject.info


More information about the guardian-dev mailing list