摘要
Apple Wireless Direct Link (AWDL) 是一个专有的、未公开的、基于 IEEE 802.11 的自组网(ad hoc)协议。Apple 于 2014 年左右首次引入 AWDL,此后将其集成到整个产品线中,包括 iPhone 和 Mac。我们发现 AWDL 驱动着超过十亿终端设备上的流行应用,如 AirPlay 和 AirDrop。然而,该协议本身以及潜在的安全和 Wi-Fi 共存问题尚未被研究。在本文中,我们通过二进制分析和运行时分析,揭示了该协议的工作原理。简而言之,每个 AWDL 节点会宣布一系列可用性窗口(Availability Windows, AWs),表明其与其他 AWDL 节点通信的准备状态。一个被选举出的主节点(master)负责同步这些序列。在 AW 之外,节点可以将其 Wi-Fi 无线电调谐到不同信道以与接入点通信,或关闭无线电以节省能源。基于我们的分析,我们进行了实验,研究了主节点选举过程、同步精度、跳频动态和可实现的吞吐量。我们还进行了初步安全评估,并发布了一个开源的 AWDL Wireshark 解析器,以促进未来的研究。
关键词: AWDL, 逆向工程, 自组网, IEEE 802.11, 专有协议, Apple, macOS, iOS
This article is translated from: https://arxiv.org/pdf/1808.03156
Abstract
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented IEEE 802.11-based ad hoc protocol. Apple first introduced AWDL around 2014 and has since integrated it into its entire product line, including iPhone and Mac. While we have found that AWDL drives popular applications such as AirPlay and AirDrop on more than one billion end-user devices, neither the protocol itself nor potential security and Wi-Fi coexistence issues have been studied. In this paper, we present the operation of the protocol as the result of binary and runtime analysis. In short, each AWDL node announces a sequence of Availability Windows (AWs) indicating its readiness to communicate with other AWDL nodes. An elected master node synchronizes these sequences. Outside the AWs, nodes can tune their Wi-Fi radio to a different channel to communicate with an access point, or could turn it off to save energy. Based on our analysis, we conduct experiments to study the master election process, synchronization accuracy, channel hopping dynamics, and achievable throughput. We conduct a preliminary security assessment and publish an open source Wireshark dissector for AWDL to nourish future work.
Keywords: AWDL, Reverse engineering, Ad hoc networks, IEEE 802.11, Proprietary protocol, Apple, macOS, iOS


大黑山