image.png

origin

Recently, I have heard from many friends that IPv6 has gradually become popular, after more than ten or twenty years of development. So I was just around the corner and tried to run an IPv6 service on my old laptop.

First of all, I will introduce the network situation of my home: the optical cat of Unicom Broadband, because the signal is too poor, is connected to a TP-Link router. Broadband is provided with IPv6, choose to enable IPv6 in the router configuration. The notebook is a Macbook-pro, holding an iPhone, both connected to the same WiFi.

I installed an application called Net Analyzer on my iphone. It is free. You can view IP address information and initiate a ping request. It is very useful. From this application, I can see that the IP address obtained by the mobile phone from WiFi (the following refers to the v6 address) starts with 2048.

On the laptop, through the ifconfig command, I can find that I have an IP address that also starts with 2048 under en0:

 inet6 2408:..:..:..:..:..:..:.. prefixlen 64 autoconf secured  // 安全起见,省略掉具体地址

It is inferred that these two addresses should belong to the same route. prefixlen 64 indicates that the first 64bits of the IP address is the prefix given by routing, autoconf indicates that the address is automatically configured, secured indicates that the address is generated by cryptography (probably using CGA, but I can't find any more info for now).

IPv6 HTTP Server

Next I decided to build a simple HTTP service on the notebook using python:

 import socket
from BaseHTTPServer import HTTPServer
from SimpleHTTPServer import SimpleHTTPRequestHandler

class MyHandler(SimpleHTTPRequestHandler):
  def do_GET(self):
    if self.path == '/ip':
      self.send_response(200)
      self.send_header('Content-type', 'text/html')
      self.end_headers()
      self.wfile.write('Your IP address is %s' % self.client_address[0])
      return
    else:
      return SimpleHTTPRequestHandler.do_GET(self)

class HTTPServerV6(HTTPServer):
  address_family = socket.AF_INET6

def main():
  server = HTTPServerV6(('::', 8080), MyHandler)
  server.serve_forever()

if __name__ == '__main__':
  main()

Code from https://gist.github.com/akorobov/7903307 .

Save the code to a file and execute python [文件名] to start a simple Http server on port 8080.

Next, access the IP address of our notebook on the mobile phone. When accessing from the browser, you need to make some changes to the format:

 http://[2048:..:..:..:..:..:..:..]:8080

The visit was successful!

CGA

Although I found some information on the Internet that Apple implements CGA (cryptographically generated addresses) address generation, I can't find how to get the corresponding private key, so I can't do anything else.

All Apple operating systems support IPv6, implementing several mechanisms to protect the privacy of users and the stability of the networking stack. When Stateless Address Autoconfiguration (SLAAC) is used, the IPv6 addresses of all interfaces are generated in a way that helps prevent tracking devices across networks and at the same time allows for a good user experience by ensuring address stability when no network changes take place. The address generation algorithm is based on cryptographically generated addresses as of RFC 3972, enhanced by an interface-specific modifier to warrant that even different interfaces on the same network eventually have different addresses.

I tried changing the IP address configuration from automatic mode to manual and it works fine. But the secured tag in ifconfig disappeared.

ndp

Use the ndp -w command to see the currently used GCA parameters:

 % ndp -w
Public Key:
30:81:89:02:81:81:00:ce:a1:d9:a8:9b:80:96:9b:d0:cc:2e:d3:d5:0f:58:01:99:ea:32:46:19:7b:2e:31:ee
e0:60:65:fa:56:0a:5a:02:4f:ec:b8:c5:3a:f6:07:77:6c:17:91:fa:16:a9:06:d8:12:8e:c8:3c:31:32:ad:67
51:fb:b9:2c:86:43:7d:d6:8d:97:da:ff:71:fd:b3:c5:11:5a:5c:91:04:93:86:dc:12:61:3f:23:0a:a2:76:10
85:ff:d7:18:1a:27:53:e7:87:5d:d8:14:11:dd:03:c5:dc:d9:b9:8b:c1:5b:08:cc:73:4e:78:85:74:ee:89:cb
bd:16:03:f0:d5:d6:4f:02:03:01:00:01

Modifier:
d4:d6:d7:57:e2:93:9e:f0:c5:9b:09:8f:b4:59:fd:e8

Security Level: 0

sysctl

The latest development is to find out sysctl net.inet6.send.cga_parameters can configure the private key and public key of CGA. But the exact format is unclear.

dhcpclient

The emperor pays off. After searching countless apple open source codes, I finally found the location where the CGA key is saved:

 % sudo cat /var/db/dhcpclient/CGAKeys.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PrivateKey</key>
    <data>
    ...
    </data>
    <key>PublicKey</key>
    <data>
    MIGJAoGBAM6h2aibgJab0Mwu09UPWAGZ6jJGGXsuMe7gYGX6VgpaAk/suMU69gd3bBeR
    +hapBtgSjsg8MTKtZ1H7uSyGQ33WjZfa/3H9s8URWlyRBJOG3BJhPyMKonYQhf/XGBon
    U+eHXdgUEd0DxdzZuYvBWwjMc054hXTuicu9FgPw1dZPAgMBAAE=
    </data>
</dict>
</plist>

You should be able to configure the CGA key by directly modifying it here, hahaha, let me rest for a while.

IPv6 protocol type

IPv6 contains a series of protocols, to better understand them, I installed WireShark, a well-known packet capture tool.

Also at this treasure URL: https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml you can see the meaning of all ipv6 multicast address segments.

Open WireShark, and immediately understand how insecure the wireless network environment is, and all kinds of information can be seen at a glance. The following protocols were captured under the wireless network:

Multicast DNS

sender: my computer; receiver: ff02::fb(mDNSv6) . This is a multicast message that other nodes in the local area network can receive. The content of the message is to query the IP addresses of some local services, such as AirDrop, printers, Airplay, and so on.

DHCPv6 (Dynamic Host Configuration Protocol version 6)

Used to update various configuration information between the host and the router. This is stateful.

ICMPv6 (Internet Control Message Protocol for IPv6)

ICMPv6 is a protocol that defines the command format on which many higher-level protocols are based. For example, NDP (Neighbor Discovery Protocol), NDP includes the following functions:

  • Neighbor Discovery (ND) Neighbor Discovery
  • Router Discovery (RD) route discovery
  • Address Autoconfiguration Address Autoconfiguration
  • Address Resolution
  • Neighbor Unreachability Detection (NUD)
  • Duplicate Address Detection (DAD)
  • Redirection

These functions are implemented using the following types of messages:

  • Router Solicitation (RS)
  • Router Advertisement (RA)
  • Neighbor Solicitation (NS)
  • Neighbor Advertisement (NA)
  • Redirect

NDP can support these options and can be found at IANA .

What we wanted to see was SEND (SEcure Neighbor Discovery) , an extension to NDP using CGA, and it turned out that MacOS didn't support it.

image.png

Implement the SEND protocol yourself

There is no SEND protocol, which means that our desire to bind the pubkey to an IP address, thus implementing an authentication and encryption protocol at the network layer, has failed. But that's okay, I decided to implement one myself.

We hope to finally achieve: under the same wireless network, such as public WiFi in shopping malls, Alice and Bob can use the known pubkey of each other to achieve a secure connection without configuration.


Ljzn
399 声望102 粉丝

网络安全;函数式编程;数字货币;人工智能