Comment by bigfish24
8 months ago
For something like AirDrop this will need to be sorted out, but already work occurred to reverse engineer this: https://github.com/seemoo-lab/opendrop
Would be cool if an open standard on auth forms on top of this.
8 months ago
For something like AirDrop this will need to be sorted out, but already work occurred to reverse engineer this: https://github.com/seemoo-lab/opendrop
Would be cool if an open standard on auth forms on top of this.
For this to succeed I think we need a C implementation that can be used by many languages and runtimes.
Not in C, please, since this is something that by definition will handle at least some unauthenticated low-level protocol traffic.
I'm impressed you managed to not use the R-word
The AWDL part is in C:
https://github.com/seemoo-lab/owl
How would an open implementation be compatible with this, given that Apple's implementation is based on an Apple-operated PKI?
Note that this is only a conversation about sender identification, which allows sending to a "non-world-visible" receiving device and confirmation-less sending to devices with the same iCloud account on them. Anonymous sending isn't cryptographically gated by Apple, to my knowledge.
Their documentation suggests that is only needed by contacts only mode and they wrote some code to get the needed certificates from macOS:
https://github.com/seemoo-lab/airdrop-keychain-extractor
That still requires you to have (access to) a Mac and an iCloud account.
It might be possible to reimplement the required Apple API, but as demonstrated by the iMessage/Beeper saga, they usually shut such things down pretty quickly.