Question: current state of iCepa project and Tor.framework for integration to iOS app
ealymbaev opened this issue · 13 comments
Hi, iCepa team,
I am looking for a solution in order to use Tor network in my iOS app (crypto wallet) and have faced iCepa project. I have also read the following article:
https://benjaminerhart.com/2018/03/state-of-the-onion-ios/
It has already been 2 years from that time and I see that only iCepa/Tor.framework is being developed actively. What about other repos (iCepa, tun2tor)? Are you planning to develop and support them as well?
Also I have tried to run iCepa example app, but unfortunately have faced the already reported issue: iCepa/iCepa#33
So the main question is - is there any complete and working solution for integrating Tor into iOS app? I guess that Tor.framework is being actively developed for OnionBrowser, then how it is used in iOS app?
iCepa was a first shot at packaging Tor inside a network extension. As long as you don't plan to provide an app which provides Tor as a system-wide "VPN" for iOS, you're wrong here.
But if you do, I very much urge you to share your insights, as I'm currently stuck again with this...
Here is my latest effort: https://github.com/OnionBrowser/OnionBrowser/tree/WKWebView
tun2tor is buggy, and there's currently no one who has time and understands the Rust code enough to fix it. Again, you would only need it if you'd plan to create a Tor Network Extension.
If you just want to run Tor inside your app, Onion Browser is the app you should look at.
Most important class, which shows how to configure and use Tor.framework: https://github.com/OnionBrowser/OnionBrowser/blob/2.X/OnionBrowser/OnionManager.swift
If you need Tor to capture traffic of a UIWebView, you're going to need to dive deeper and get yourself acquainted with everything in here:
https://github.com/OnionBrowser/OnionBrowser/tree/2.X/Psiphon
If you just want to tunnel REST API requests via Tor, you just need to get a Tor-enabled URLSession like shown in the docs of Tor.framework:
https://github.com/iCepa/Tor.framework
Hope, that helps!
Thank you for your reply. Everything seems to be getting clear now.
I don't plan to use Tor as a system-wide "VPN" for iOS, I need Tor inside my app only, so network extension and tun2tor are not what I need.
I have researched your implementation of Onion Browser and see that you are registering class to NSURLProtocol in order to capture URLRequest and add some kind of proxy to it. I guess you did it in order to catch the traffic from UIWebView and it is correct for your needs, as you are making a Web Browser. This option is not suitable for my task, because in my app I do make regular HTTP requests and socket connections.
So let's get back to Tor.framework. I see that TorController can provide URLSessionConfiguration that can be used for my HTTP requests. No questions here.
But what about socket connections and GRPC requests? In our app we have the following socket connection:
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, host as CFString, port, &readStream, &writeStream)
inputStream = readStream!.takeUnretainedValue()
outputStream = writeStream!.takeUnretainedValue()
As you may see, it uses CFStream and I cannot apply URLSessionConfiguration here. I guess that GRPC also uses CFStream.
Uuuuh-oooh. You want to use the very low level CoreFoundation networking code.
See, iOS has a huge stack of networking libraries, URLSession being one of the newer parts.
I can't help you a lot with that, but there are older versions of Onion Browser, where we used code which worked on the CoreFoundation level.
Have a look at this:
https://github.com/OnionBrowser/OnionBrowser/blob/v2.2.1/External/CKHTTPConnection.m
@ealymbaev You can't use UIWebView for new apps, so keep that in mind.
For lower level SOCKS proxying over Tor, you might want to check out: https://github.com/chrisballinger/ProxyKit
Second to do similar as @ealymbaev. As far as I know, Casa's mobile app wallet and https://github.com/Fonta1n3/FullyNoded use Tor.framework to connect to a user's Bitcoin core node.
What I'd really like to do is consume this framework with Xamarin as a Native binding. But I haven't been able to get this repo's unit tests, rewritten in c# which consume Tor.framework as a fat binary wrapped in a binding library, to pass. For some reason the control_auth_cookie isn't being written anywhere I can find in the simulator data. Should I be using LLDB or something similar to see what's happening once called inside the binary?
@DanGould I could not find source code for Casa's mobile app, but I have reviewed FullyNoded app source code. And I see that they use Tor.framework for making RPC calls, saying they use the same NSURLSession, not socket connection. https://github.com/Fonta1n3/FullyNoded/blob/master/BitSense/Helpers/Tor/MakeRPCCall.swift
@tladesignz writing our own "low-level" implementation for Tor would be quite difficult and time-consuming, so it is not an option for now.
@chrisballinger that repo was last updated like 3 years ago, and also quite low-level for us.
So it seems like Tor support for CFStream (socket connection) has not been implemented yet.
For some reason the
control_auth_cookieisn't being written anywhere I can find in the simulator data. Should I be using LLDB or something similar to see what's happening once called inside the binary?
@DanGould, you define where that is written to.
See https://github.com/OnionBrowser/OnionBrowser/blob/2.X/OnionBrowser/OnionManager.swift#L68-L86
and
https://github.com/OnionBrowser/OnionBrowser/blob/2.X/OnionBrowser/OnionManager.swift#L116-L122
@tladesignz writing our own "low-level" implementation for Tor would be quite difficult and time-consuming, so it is not an option for now.
So it seems like Tor support for
CFStream(socket connection) has not been implemented yet.
I'm sorry, until now I could avoid tackling CoreFoundation networking stuff. Happy to do it, though, if you want to fund the Guardian Project for it. :-)
@tladesignz writing our own "low-level" implementation for Tor would be quite difficult and time-consuming, so it is not an option for now.
So it seems like Tor support forCFStream(socket connection) has not been implemented yet.I'm sorry, until now I could avoid tackling
CoreFoundationnetworking stuff. Happy to do it, though, if you want to fund the Guardian Project for it. :-)
Sounds interesting, what kind of funding/timeframe are we looking at? :)
Sounds interesting, what kind of funding/timeframe are we looking at? :)
Well, the easiest way is to fund hours to work on this.
Without looking into it, I guess this should take something between 10 and 100 hours, depending on the problems we encounter and the final scope.
I suggest meetings once per week or something, so you have a good idea of where we're standing. You can stop anytime, if you're dissatisfied or it turns out, that for some reason it will be infeasible.
If you want something more nailed down, you can have that, but please understand that all work has to be paid in the end, so it will not become cheaper, effectively.
Regarding time, I guess I can work at least a day per week on this, currently, maybe more. Depends on your timeframe and other projects.
Sounds interesting, what kind of funding/timeframe are we looking at? :)
Well, the easiest way is to fund hours to work on this.
Without looking into it, I guess this should take something between 10 and 100 hours, depending on the problems we encounter and the final scope.
I suggest meetings once per week or something, so you have a good idea of where we're standing. You can stop anytime, if you're dissatisfied or it turns out, that for some reason it will be infeasible.
If you want something more nailed down, you can have that, but please understand that all work has to be paid in the end, so it will not become cheaper, effectively.
Regarding time, I guess I can work at least a day per week on this, currently, maybe more. Depends on your timeframe and other projects.
Thanks, the terms are good enough. We are currently implementing full tor networking in android version of the decentralized app we are building. It doesn't seem to have the issues that we have stumbled upon on iOS.
We expect to have it finished in the next couple of weeks. if there are no issues on Android side getting it on iOS will become a priority. Will followup, thank you for your time.
Will followup, thank you for your time.
Since there was no activity for over a month, I'll close this.
I just released a new version containing the latest Tor version. You might want to check it out!