13 C
New York
Saturday, March 29, 2025
Home Blog Page 3839

Direct remark of electron switch in solids achieved

codesanitize
-
0
Direct remark of electron switch in solids achieved


Direct remark of electron switch in solids achieved

by Riko Seibo

Tokyo, Japan (SPX) Jun 05, 2024






Electron switch (ET) is a course of the place an electron strikes from one atom or molecule to a different, basic to electrochemical reactions with purposes throughout numerous fields. Nanoscale ET, involving electron switch within the 1-100 nanometer vary inside solids, is essential for designing multifunctional supplies however stays not absolutely understood.



Nanotubes, with distinctive cylindrical nanostructures, exhibit various ET properties by electron and gap injections, making them very best for learning nanoscale ET. Nevertheless, carbon-based nanotubes current challenges in controlling form and measurement as a consequence of excessive synthesis circumstances.



A bottom-up fabrication method for non-covalent nanotubes, generally leading to crystalline types, presents an answer. Non-covalent nanotubes, fashioned by engaging non-covalent interactions, will not be sturdy sufficient to face up to electron and gap injections, which may break their construction.



Researchers from the Division of Utilized Chemistry at Tokyo College of Science, led by Professor Junpei Yuasa and together with Dr. Daiji Ogata, Mr. Shota Koide, and Mr. Hiroyuki Kishi, have developed a novel method to straight observe solid-state ET. Prof. Yuasa acknowledged, “We have now developed crystalline nanotubes with a particular double-walled construction.



By incorporating electron donor molecules into the pores of those crystalline nanotubes by a solid-state oxidation response, we succeeded in straight observing the electron switch response within the stable utilizing X-ray crystal construction evaluation.” Their findings had been revealed within the journal Nature Communications on Might 23, 2024.



The workforce employed a novel supramolecular crystallization methodology, involving oxidation-based crystallization, to manufacture zinc-based double-walled crystalline nanotubes. This construction, with giant home windows within the nanotube partitions, is powerful and versatile sufficient to keep up its crystalline state throughout ET oxidation processes.



The nanotubes absorbed electron donor molecules, corresponding to ferrocene and tetrathiafulvalene, by these home windows, facilitating solid-state ET oxidation reactions and creating holes within the donors throughout the nanotube. The robustness of the crystals allowed direct remark of this ET oxidation course of utilizing X-ray crystal construction evaluation, revealing key insights.



This method is efficacious for straight observing ET in stable nanomaterials. Prof. Yuasa emphasised, “Understanding ET can result in the event of novel useful supplies, which in flip can result in the design of extra environment friendly semiconductors, transistors, and different digital units. Optoelectronic units, corresponding to photo voltaic cells, rely closely on ET. Therefore, direct remark of ET might help enhance these units’ efficiency. Moreover, this method can result in developments in vitality storage, nanotechnology, and supplies science analysis.”



This examine exemplifies the direct remark of solid-state ET, doubtlessly increasing to watch ET and associated phenomena in different nanomaterials.



Analysis Report:Direct remark of electron switch in solids by X-ray crystallography


Associated Hyperlinks

Tokyo College of Science

Understanding Time and Area



Hydrogen on the excessive seas: Crusing vessel secures £4.65 million seed capital

codesanitize
-
0
Hydrogen on the excessive seas: Crusing vessel secures £4.65 million seed capital



Hydrogen on the excessive seas: Crusing vessel secures £4.65 million seed capital
Picture credit score: Drift Power.

The UK startup behind a system to make inexperienced vitality at sea utilizing hi-tech crusing vessels has secured £4.65 million in seed capital, enabling it to scale and realise its ambition to start out vessel manufacturing subsequent 12 months.

The seed funding spherical for DRIFT Power was led by enterprise capital agency Octopus Ventures, with assist from Blue Motion Accelerator.

DRIFT mentioned it’s creating renewable vitality partnerships that may profit coastal and island communities world wide. Ben Medland, Founder and CEO, just lately attended the United Nations’ 4th Worldwide Convention on Small Island Growing States, the place he mentioned he noticed big alternative for the corporate to assist the vitality transition for the 65+ million people who dwell throughout greater than 1000 islands on the planet.

He mentioned the funding “allows us to drive with momentum into the subsequent part of our mission. We are going to work intently with Octopus and our advisory groups to deliver our imaginative and prescient of ‘Oceans of Power’ to life with that all-important first net-positive ship.”

Mat Munro, Investor at Octopus Ventures, mentioned: “We’re extremely enthusiastic about DRIFT and the staff’s potential to cleared the path in creating a really revolutionary supply of renewable vitality. At Octopus Ventures, we’re backing the businesses constructing a sustainable planet, and DRIFT’s ambitions are precisely what we’re on the lookout for. We will’t anticipate the day its first vessel units out on its maiden voyage.”

George Northcott, Co-Founding father of Blue Motion Accelerator added: “Blue Motion Accelerator’s mission is to assist scale groundbreaking applied sciences that protect marine environments and assist coastal-dependent communities. DRIFT is the final word instance of that – creating a brand new class of cell renewable vitality from the world’s seas and delivering it to the place it’s wanted – from island nation communities to energy hungry ports. We’re thrilled to be supporting them as they construct their first vessels and produce a imaginative and prescient to life.”

DRIFT Power has additionally just lately been awarded funding from Innovate UK, the UK’s innovation company, by its Investor Partnership Programme, which is designed to drive funding into high- progress, revolutionary UK corporations engaged on cutting-edge know-how. The grant will help the analysis and growth programme and speed up the design technique of the primary vessel.

Keyboard shortcuts for Export Unmodified Authentic in Images for Mac – Ole Begemann

codesanitize
-
0
Keyboard shortcuts for Export Unmodified Authentic in Images for Mac – Ole Begemann


Drawback

  1. The Images app on macOS doesn’t present a keyboard shortcut for the Export Unmodified Authentic command.
  2. macOS means that you can add your individual app-specific keyboard shortcuts by way of System Settings > Keyboard > Keyboard Shortcuts > App Shortcuts. It is advisable enter the precise spelling of the menu merchandise you need to invoke.
  3. Images renames the command relying on what’s chosen: Export Unmodified Authentic For 1 Photograph“ turns into ”… Authentics For two Videos” turns into “… For 3 Objects” (for blended choices), and so forth. Argh!
  4. The System Settings UI for assigning keyboard shortcuts is extraordinarily tedious to make use of if you wish to add a couple of or two shortcuts.

Keyboard shortcuts for Export Unmodified Authentic in Images for Mac – Ole Begemann
Dynamically renaming menu instructions is cute, nevertheless it turns into an issue whenever you need to assign keyboard shortcuts.

Resolution: shell script

Right here’s a Bash script that assigns Ctrl + Decide + Cmd + E to Export Unmodified Originals for as much as 20 chosen gadgets:

#!/bin/bash

# Assigns a keyboard shortcut to the Export Unmodified Originals
# menu command in Images.app on macOS.

# @ = Command
# ^ = Management
# ~ = Choice
# $ = Shift
shortcut='@~^e'

# Set shortcut for 1 chosen merchandise
echo "Setting shortcut for 1 merchandise"
defaults write com.apple.Images NSUserKeyEquivalents -dict-add "Export Unmodified Authentic For 1 Photograph" "$shortcut"
defaults write com.apple.Images NSUserKeyEquivalents -dict-add "Export Unmodified Authentic For 1 Video" "$shortcut"

# Set shortcut for 2-20 chosen gadgets
objects=(Images Movies Objects)
for i in {2..20}
do
  echo "Setting shortcut for $i gadgets"
  for object in "${objects[@]}"
  do
    defaults write com.apple.Images NSUserKeyEquivalents -dict-add "Export Unmodified Originals For $i $object" "$shortcut"
  completed
completed

# Use this command to confirm the consequence:
# defaults learn com.apple.Images NSUserKeyEquivalents

The script is additionally accessible on GitHub.

Utilization:

  1. Stop Images.app.
  2. Run the script. Be at liberty to alter the important thing combo or rely increased than 20.
  3. Open Images.app.

Screenshot of the Keyboard Shortcuts window in System Settings in macOS 13.2, listing a bunch of custom keyboard shortcuts for Photos.app.

Be aware: There’s a bug in Images.app on macOS 13.2 (and not less than some earlier variations). Customized keyboard shortcuts don’t work till you’ve opened the menu of the respective command not less than as soon as. So you could manually open the File > Export as soon as earlier than the shortcut will work. (For Apple of us: FB11967573.)

Phishing focusing on Polish SMBs continues by way of ModiLoader

codesanitize
-
0
Phishing focusing on Polish SMBs continues by way of ModiLoader


ESET Analysis

ESET researchers detected a number of, widespread phishing campaigns focusing on SMBs in Poland throughout Could 2024, distributing varied malware households

Jakub Kaloč

30 Jul 2024
 • 
,
8 min. learn

Phishing targeting Polish SMBs continues via ModiLoader

Only a few months again, ESET Analysis printed a blogpost about large phishing campaigns throughout Central and Jap Europe carried out through the second half of 2023. In these campaigns Rescoms malware (often known as Remcos), protected by AceCryptor, was delivered to potential victims with the targets of credential theft and potential acquire of preliminary entry to firm networks.

Phishing campaigns focusing on the area didn’t cease in 2024. On this blogpost we current what latest phishing campaigns appeared like and the way the selection of supply mechanism shifted away from AceCryptor to ModiLoader.

Key factors of this blogpost:

  • ESET detected 9 notable ModiLoader phishing campaigns throughout Could 2024 in Poland, Romania, and Italy.
  • These campaigns focused small and medium-sized companies.
  • Seven of the campaigns focused Poland, the place ESET merchandise protected over 21,000 customers.
  • Attackers deployed three malware households by way of ModiLoader: Rescoms, Agent Tesla, and Formbook.
  • Attackers used beforehand compromised e-mail accounts and firm servers, not solely to unfold malicious emails but in addition to host malware and accumulate stolen knowledge.

Overview

Regardless that the phishing campaigns have been ongoing all through the primary half of 2024, this blogpost focuses simply on Could 2024, as this was an eventful month. Throughout this era, ESET merchandise protected over 26,000 customers, over 21,000 (80%) of whom had been in Poland. Along with Poland, the place over 80% of potential victims had been situated, Italy and Romania had been additionally focused by the phishing campaigns. In complete we registered 9 phishing campaigns, seven of which focused Poland all through Could, as could be seen in Determine 1.

figure1_ModiLoader hits by date chart
Determine 1. Hits of ModiLoader phishing campaigns in Poland throughout Could 2024

Compared with the campaigns that passed off through the finish of 2023, we see a shift away from utilizing AceCryptor as a device of selection to guard and efficiently ship the malware. As an alternative, in all 9 campaigns, attackers used ModiLoader (aka DBatLoader) as the popular supply device of selection. The ultimate payload to be delivered and launched on the compromised machines diverse; we’ve detected campaigns delivering:

  • Formbook – info stealing malware found in 2016,
  • Agent Tesla – a distant entry trojan and knowledge stealer, and
  • Rescoms RAT – distant management and surveillance software program, in a position to steal delicate info.

Campaigns

On the whole, all campaigns adopted an identical situation. The focused firm obtained an e-mail message with a enterprise supply that might be so simple as “Please present your greatest value supply for the hooked up order no. 2405073”, as could be seen in Determine 2.

Figure 2. Example of a phishing email containing ModiLoader in the attachment
Determine 2. Instance of a phishing e-mail containing ModiLoader within the attachment

In different campaigns, e-mail messages had been extra verbose, such because the phishing e-mail in Determine 3, which could be translated as follows:

Hello,

We want to buy your product for our consumer.

Please discover the hooked up inquiry for step one of this buy.

The hooked up sheet comprises goal costs for many merchandise. I highlighted 10 components to concentrate on pricing – the remainder of the gadgets are elective to cost (we are going to apply related value degree primarily based on different costs).

Please get again to me earlier than 28/05/2024

In the event you want extra time, please let me know the way a lot you will want.

When you’ve got any questions, please additionally let me know.

Figure 3. A more verbose phishing email example containing ModiLoader in the attachment
Determine 3. A extra verbose phishing e-mail instance containing ModiLoader within the attachment

As within the phishing campaigns of H2 2023, attackers impersonated current firms and their staff because the strategy of selection to extend marketing campaign success fee. On this approach, even when the potential sufferer appeared for the same old pink flags (apart from potential translation errors), they had been simply not there, and the e-mail appeared as reputable because it may have.

Contained in the attachments

Emails from all campaigns contained a malicious attachment that the potential sufferer was incentivized to open, primarily based on the textual content of the e-mail. These attachments had names like RFQ8219000045320004.tar (as in Request for Citation) or ZAMÓWIENIE_NR.2405073.IMG (translation: ORDER_NO) and the file itself was both an ISO file or archive.

In campaigns the place an ISO file was despatched as an attachment, the content material was the ModiLoader executable (named equally or the identical because the ISO file itself) that might be launched if a sufferer tried to open the executable.

Within the different case, when a RAR archive was despatched as an attachment, the content material was a closely obfuscated batch script, with the identical title because the archive and with the .cmd file extension. This file additionally contained a base64-encoded ModiLoader executable, disguised as a PEM-encoded certificates revocation record. The script is accountable for decoding and launching the embedded ModiLoader (Determine 4).

Figure 4. File with .cmd extension containing heavily obfuscated batch script (top) that decodes base64-encoded ModiLoader binary (bottom)
Determine 4. File with .cmd extension containing closely obfuscated batch script (prime) that decodes base64-encoded ModiLoader binary (backside)

When ModiLoader is launched

ModiLoader is a Delphi downloader with a easy process – to obtain and launch malware. In two of the campaigns, ModiLoader samples had been configured to obtain the next-stage malware from a compromised server belonging to a Hungarian firm. In the remainder of the campaigns ModiLoader downloaded the following stage from Microsoft’s OneDrive cloud storage. We noticed 4 accounts the place second-stage malware was hosted. The entire chain of compromise from receiving the malicious e-mail till launching the ultimate payload is summarized in Determine 5.

Figure 5. Chain of compromise of ModiLoader phishing campaigns in Poland during May 2024
Determine 5. Chain of compromise of ModiLoader phishing campaigns in Poland throughout Could 2024

Knowledge exfiltration

Three completely different malware households had been used as a closing payload: Agent Tesla, Rescoms, and Formbook. All these households are able to info stealing and thus enable attackers not solely to increase their datasets of stolen info, but in addition to organize the bottom for his or her subsequent campaigns. Regardless that the exfiltration mechanisms differ between malware households and campaigns, it’s price mentioning two examples of those mechanisms.

In a single marketing campaign, info was exfiltrated by way of SMTP to an handle utilizing a site just like that of a German firm. Notice that typosquatting was a preferred approach used within the Rescoms campaigns from the tip of final yr. These older campaigns used typosquatted domains for sending phishing emails. One of many new campaigns used a typosquatted area for exfiltrating knowledge. When somebody tried to go to net pages of this typosquatted area, they’d be instantly redirected to the online web page of the reputable (impersonated) firm.

In one other marketing campaign, we noticed knowledge being exfiltrated to an internet server of a visitor home situated in Romania (a rustic focused now and up to now by such campaigns). On this case, the online server appears reputable (so no typosquatting) and we imagine that the lodging’s server had been compromised throughout earlier campaigns and abused for malicious actions.

Conclusion

Phishing campaigns focusing on small and medium-sized companies in Central and Jap Europe are nonetheless going sturdy within the first half of 2024. Moreover, attackers make the most of beforehand profitable assaults and actively use compromised accounts or machines to additional unfold malware or accumulate stolen info. In Could alone, ESET detected 9 ModiLoader phishing campaigns, and much more outdoors this timeframe. Not like the second half of 2023, when Rescoms packed by AceCryptor was the popular malware of selection of the attackers, they didn’t hesitate to vary the malware they use to be extra profitable. As we introduced, there are a number of different malware households like ModiLoader or Agent Tesla within the arsenal of those attackers, prepared for use.

ESET Analysis provides personal APT intelligence studies and knowledge feeds. For any inquiries about this service, go to the ESET Menace Intelligence web page.

IoCs

A complete record of indicators of compromise (IoCs) could be present in our GitHub repository.

Recordsdata

SHA-1

Filename

Detection

Description

E7065EF6D0CF45443DEF
30D3A3A35FD7300C4A56

doc023561361500.img

Win32/TrojanDownloader.
ModiLoader.ACM

Malicious attachment from phishing marketing campaign carried out in Poland throughout Could 2024.

31672B52259B4D514E68
DA5D199225FCFA72352B

doc023561361500__
079422732__202410502__
000023.pdf.exe

Win32/TrojanDownloader.
ModiLoader.ACM

ModiLoader executable from phishing marketing campaign carried out in Poland throughout Could 2024.

B71070F9ADB17C942CB6
92566E6020ACCA93726A

N/A

MSIL/Spy.Agent.CVT

Agent Tesla executable from phishing marketing campaign carried out in Poland throughout Could 2024.

D7561594C7478C4FE37C
26684005268EB582E13B

ZAMÓWIENIE_NR.2405073.
IMG

Win32/TrojanDownloader.
ModiLoader.ACR

Malicious attachment from phishing marketing campaign carried out in Poland throughout Could 2024.

47AF4CFC9B250AC4AE8C
DD0A2D2304D7CF60AACE

ZAMÓWIENIE_NR.2405073.
exe

Win32/TrojanDownloader.
ModiLoader.ACR

ModiLoader executable from phishing marketing campaign carried out in Poland throughout Could 2024.

2963AF32AB4D497CB41F
C85E54A9E5312D28BCDE

N/A

Win32/Formbook.AA

Formbook executable from phishing marketing campaign carried out in Poland throughout Could 2024.

5DAB001A2025AA91D278
163F39E7504004354F01

RFQ8219000045320004.
tar

Win32/TrojanDownloader.
ModiLoader.ACP.Gen

Malicious attachment from phishing marketing campaign carried out in Poland throughout Could 2024.

D88B10E4FD487BFCCA6A
711A9E33BB153674C757

RFQ8219000045320004.
cmd

Win32/TrojanDownloader.
ModiLoader.ACP.Gen

Malicious batch script from phishing marketing campaign carried out in Poland throughout Could 2024.

F0295F2E46CEBFFAF789
2A5B33BA54122781C20B

N/A

Win32/TrojanDownloader.
ModiLoader.ADB

ModiLoader executable from phishing marketing campaign carried out in Poland throughout Could 2024.

3C0A0EC8FE9EB3E5DAB2
018E94CEB4E29FD8DD33

N/A

Win32/Rescoms.B

Rescoms executable from phishing marketing campaign carried out in Poland throughout Could 2024.

9B5AF677E565FFD4B15D
EE283D46C2E60E1E31D8

DOCUMENT_BT24PDF.IMG

Win32/TrojanDownloader.
ModiLoader.ADB

Malicious attachment from phishing marketing campaign carried out in Romania throughout Could 2024.

738CFBE52CFF57098818
857930A7C1CF01DB0519

DOCUMENT_BT24PDF.exe

Win32/TrojanDownloader.
ModiLoader.ADB

ModiLoader executable from phishing marketing campaign carried out in Romania throughout Could 2024.

843CE8848BCEEEF16D07
041A97417882DBACB93F

N/A

Win32/Formbook.AA

Formbook executable from phishing marketing campaign carried out in Romania throughout Could 2024.

MITRE ATT&CK strategies

This desk was constructed utilizing model 15 of the MITRE ATT&CK framework.

Tactic

ID

Identify

Description

Reconnaissance

T1589.002

Collect Sufferer Id Info: E-mail Addresses

E-mail addresses and speak to info (both purchased or gathered from publicly out there sources) had been utilized in phishing campaigns to focus on firms throughout a number of nations.

Useful resource Growth

T1586.002

Compromise Accounts: E-mail Accounts

Attackers used compromised e-mail accounts to ship malicious emails in phishing campaigns to extend their phishing e-mail’s credibility.

T1588.001

Get hold of Capabilities: Malware

Attackers purchased licenses and used a number of malware households for phishing campaigns.

T1583.006

Purchase Infrastructure: Net Providers

Attackers used Microsoft OneDrive to host malware.

T1584.004

Compromise Infrastructure: Server

Attackers used beforehand compromised servers to host malware and retailer stolen info.

Preliminary Entry

T1566

Phishing

Attackers used phishing messages with malicious attachments to compromise computer systems and steal info from firms in a number of European nations.

T1566.001

Phishing: Spearphishing Attachment

Attackers used spearphishing messages to compromise computer systems and steal info from firms in a number of European nations.

Execution

T1204.002

Consumer Execution: Malicious File

Attackers relied on customers opening archives containing malware and launching a ModiLoader executable.

Credential Entry

T1555.003

Credentials from Password Shops: Credentials from Net Browsers

Attackers tried to steal credential info from browsers and e-mail shoppers.

macos – Methods to add AAAA flag (IPv6) to DNS resolver configuration on Sierra?

codesanitize
-
0
macos – Methods to add AAAA flag (IPv6) to DNS resolver configuration on Sierra?


This was a large trouble to determine, so I wrote up just a little information in hopes that others would discover it useful:

The Drawback

macOS’s area identify resolver will solely return IPv6 addresses (from AAAA data) when it thinks that you’ve a legitimate routable IPv6 tackle. For bodily interfaces like Ethernet or Wi-Fi it is sufficient to set or be assigned an IPv6 tackle, however for tunnels (equivalent to these utilizing utun interfaces) there are some additional annoying steps that have to be taken to persuade the system that sure, you certainly have an IPv6 tackle, and sure, you’d wish to get IPv6 addresses again for DNS lookups.

I take advantage of wg-quick to determine a WireGuard tunnel between my laptop computer and a Linode digital server. WireGuard makes use of a utun user-space tunnel machine to make the connection. This is how that machine will get configured:

utun1: flags=8051 mtu 1420
    inet 10.75.131.2 --> 10.75.131.2 netmask 0xffffff00
    inet6 fe80::a65e:60ff:fee1:b1bfpercentutun1 prefixlen 64 scopeid 0xc
    inet6 2600:3c03::de:d002 prefixlen 116
    nd6 choices=201

And here is a number of related traces from my routing desk:

Web:
Vacation spot        Gateway            Flags        Refs      Use   Netif Expire
0/1                utun1              USc             0        0   utun1
default            10.20.4.4          UGSc            0        0     en3
10.20.4/24         hyperlink#14            UCS             3        0     en3      !
10.75.131.2        10.75.131.2        UH              0        0   utun1
50.116.51.30       10.20.4.4          UGHS            7  2629464     en3
128.0/1            utun1              USc             5        0   utun1

Internet6:
Vacation spot                             Gateway                         Flags         Netif Expire
::/1                                    utun1                           USc           utun1
2600:3c03::de:d000/116                  fe80::a65e:60ff:fee1:b1bfpercentutun1 Uc            utun1
8000::/1                                utun1                           USc           utun1
  • 10.20.4/24 is my native ethernet community.
  • 10.20.4.5 is my laptop computer’s LAN IP tackle.
  • 10.20.4.4 is my gateway’s LAN IP tackle.
  • 10.75.131.2 is the IPv4 tackle of my finish of the WireGuard point-to-point tunnel.
  • 2600:3c03::de:d002 is the IPv6 tackle of my finish of the WireGuard point-to-point tunnel.
  • 50.116.51.30 is the general public tackle of my Linode server.

This must be sufficient to have IPv6 connectivity, proper? Effectively, identify decision works when host talks on to my identify server:

sam@shiny ~> host ipv6.whatismyv6.com
ipv6.whatismyv6.com has IPv6 tackle 2607:f0d0:3802:84::128

Pinging by IPv6 tackle works:

sam@shiny ~> ping6 -c1 2607:f0d0:3802:84::128
PING6(56=40+8+8 bytes) 2600:3c03::de:d002 --> 2607:f0d0:3802:84::128
16 bytes from 2607:f0d0:3802:84::128, icmp_seq=0 hlim=55 time=80.991 ms

--- 2607:f0d0:3802:84::128 ping6 statistics ---
1 packets transmitted, 1 packets acquired, 0.0% packet loss
round-trip min/avg/max/std-dev = 80.991/80.991/80.991/0.000 ms

And HTTP connections by IPv6 tackle work:

sam@shiny ~> curl -s 'http://[2607:f0d0:3802:84::128]' -H 'Host: ipv6.whatismyv6.com' | html2text | head -3
                 This web page reveals your IPv6 and/or IPv4 tackle
                          You're connecting with an IPv6 Handle of:
                                             2600:3c03::de:d002

Nevertheless, HTTP connections by IPv6-only hostname do not work:

sam@shiny ~> curl 'http://ipv6.whatismyv6.com'
curl: (6) Couldn't resolve host: ipv6.whatismyv6.com

The end result is similar in wget in addition to in GUI apps like Firefox: connecting by a literal IPv6 tackle works positive, however connecting by a hostname that solely has an AAAA file (and no A file) related to it doesn’t.

Curiously, ping6 is in a position to do a DNS lookup and get an IPv6 tackle again:

sam@shiny ~ [6]> ping6 -c1 ipv6.whatismyv6.com
PING6(56=40+8+8 bytes) 2600:3c03::de:d002 --> 2607:f0d0:3802:84::128
16 bytes from 2607:f0d0:3802:84::128, icmp_seq=0 hlim=55 time=49.513 ms

--- ipv6.whatismyv6.com ping6 statistics ---
1 packets transmitted, 1 packets acquired, 0.0% packet loss
round-trip min/avg/max/std-dev = 49.513/49.513/49.513/0.000 ms

Why can ping6 do that when nothing else can? It seems that when ping6 calls getaddrinfo it overwrites the default flags. One of many default flags is AI_ADDRCONFIG, which tells the resolver to solely return addresses in tackle households that the system has an IP tackle for. (That’s, do not return IPv6 addresses except the system has a (not link-local) IPv6 tackle.) Most different applications add to the default flags reasonably than clobbering them, which I suppose is wise.

In the event you run scutil --dns it can let you know how the resolver is about up. This is the output on my system (minus a bunch of mdns stuff that does not matter):

DNS configuration

resolver #1
  search area[0] : dwelling.munkynet.org
  nameserver[0] : 10.20.4.4
  if_index : 14 (en3)
  flags    : Request A data
  attain    : 0x00020002 (Reachable,Immediately Reachable Handle)

DNS configuration (for scoped queries)

resolver #1
  search area[0] : dwelling.munkynet.org
  nameserver[0] : 10.20.4.4
  if_index : 14 (en3)
  flags    : Scoped, Request A data
  attain    : 0x00020002 (Reachable,Immediately Reachable Handle)

Notice that underneath flags, it says Request A data however not Request AAAA data. So it is left to us to attempt to persuade macOS’s resolver that we do the truth is have a legitimate IPv6 tackle, despite the fact that it is on a tunnel interface.

SystemConfiguration

The “proper” manner for this to occur is for no matter program units up the tunnel to make use of the weird and largely undocumented SystemConfiguration API to register the community “service” and its IPv6 properties. The Viscosity app does this. Tunnelblick doesn’t, the official OpenVPN Consumer doesn’t, and wg-quick certain as hell would not.

The scutil Kludge

We will create the identical SystemConfiguration “service” strucures manually utilizing the scutil command:

First we create the IPv4 a part of the service:

sam@shiny ~> sudo scutil
> d.init
> d.add Addresses * 10.75.131.2
> d.add DestAddresses * 10.75.131.2
> d.add InterfaceName utun1
> set State:/Community/Service/my_ipv6_tunnel_service/IPv4
> set Setup:/Community/Service/my_ipv6_tunnel_service/IPv4

After which we create the IPv6 half:

> d.init
> d.add Addresses * fe80::a65e:60ff:fee1:b1bf 2600:3c03::de:d002
> d.add DestAddresses * ::ffff:ffff:ffff:ffff:0:0 ::
> d.add Flags * 0 0
> d.add InterfaceName utun1
> d.add PrefixLength * 64 116
> set State:/Community/Service/my_ipv6_tunnel_service/IPv6
> set Setup:/Community/Service/my_ipv6_tunnel_service/IPv6
> give up

As soon as that is carried out, the output of scutil --dns (once more modulo mdns stuff) adjustments:

DNS configuration

resolver #1
  search area[0] : dwelling.munkynet.org
  nameserver[0] : 10.20.4.4
  if_index : 14 (en3)
  flags    : Request A data, Request AAAA data
  attain    : 0x00020002 (Reachable,Immediately Reachable Handle)

DNS configuration (for scoped queries)

resolver #1
  search area[0] : dwelling.munkynet.org
  nameserver[0] : 10.20.4.4
  if_index : 14 (en3)
  flags    : Scoped, Request A data
  attain    : 0x00020002 (Reachable,Immediately Reachable Handle)

Now we see Request AAAA data within the flags! I am not likely certain what “scoped queries” are or why the DNS configuration for them did not change, however issues appear to work now so no matter:

sam@shiny ~> curl -s 'http://ipv6.whatismyv6.com' | html2text | head -3
                 This web page reveals your IPv6 and/or IPv4 tackle
                          You're connecting with an IPv6 Handle of:
                                             2600:3c03::de:d002

When disconnecting from the tunnel, all you need to do is take away the SystemConfiguration keys you added:

sam@shiny ~> sudo scutil
> take away State:/Community/Service/my_ipv6_tunnel_service/IPv4
> take away Setup:/Community/Service/my_ipv6_tunnel_service/IPv4
> take away State:/Community/Service/my_ipv6_tunnel_service/IPv6
> take away Setup:/Community/Service/my_ipv6_tunnel_service/IPv6
> give up

A pair issues to notice:

  • The identify my_ipv6_tunnel_service is completely arbitrary.
  • Based on info I gleaned from the up/down scripts within the Mullvad .ovpn profile, you need to create each the Setup: and State: keys. I did not confirm this as a result of I’m lazy.
  • I’ve no clue the place the IPv6 DestAddresses come from. I copied these from Viscosity as a result of they appeared to work there. ::ffff:ffff:ffff:ffff:0:0 for the link-local tackle and :: for the general public
  • I do not even actually know what DestAddresses means or what it is used for.

A pleasant script

I wrote a python script that gleans addresses and prefix lengths from ifconfig output. It requires Python 3.6 or later so be sure to’ve bought that in your path. It is known as wg-updown and calls its SystemConfiguration service wg-updown-utun#, nevertheless it’s not likely WireGuard-specific. You may name it as a post-up/pre-down script for any previous VPN tunnel or run it manually. Name it like this:

# After tunnel comes up
wg-updown up IFACE

# Earlier than tunnel goes down
wg-updown down IFACE

change IFACE with the identify of the interface that your tunnel/VPN shopper is utilizing, e.g. utun1. It would print the instructions that it is sending to scutil so you’ll be able to see what it is doing intimately.

#!/usr/bin/env python3

import re
import subprocess
import sys

def service_name_for_interface(interface):
    return 'wg-updown-' + interface

v4pat = re.compile(r'^s*inets+(S+)s+-->s+(S+)s+netmasks+S+')
v6pat = re.compile(r'^s*inet6s+(S+?)(?:%S+)?s+prefixlens+(S+)')
def get_tunnel_info(interface):
    ipv4s = dict(Addresses=[], DestAddresses=[])
    ipv6s = dict(Addresses=[], DestAddresses=[], Flags=[], PrefixLength=[])
    ifconfig = subprocess.run(["ifconfig", interface], capture_output=True,
                              verify=True, textual content=True)
    for line in ifconfig.stdout.splitlines():
        v6match = v6pat.match(line)
        if v6match:
            ipv6s['Addresses'].append(v6match[1])
            # That is cribbed from Viscosity and possibly fallacious.
            if v6match[1].startswith('fe80'):
                ipv6s['DestAddresses'].append('::ffff:ffff:ffff:ffff:0:0')
            else:
                ipv6s['DestAddresses'].append('::')
            ipv6s['Flags'].append('0')
            ipv6s['PrefixLength'].append(v6match[2])
            proceed
        v4match = v4pat.match(line)
        if v4match:
            ipv4s['Addresses'].append(v4match[1])
            ipv4s['DestAddresses'].append(v4match[2])
            proceed
    return (ipv4s, ipv6s)

def run_scutil(instructions):
    print(instructions)
    subprocess.run(['scutil'], enter=instructions, verify=True, textual content=True)

def up(interface):
    service_name = service_name_for_interface(interface)
    (ipv4s, ipv6s) = get_tunnel_info(interface)
    run_scutil('n'.be part of([
        f"d.init",
        f"d.add Addresses * {' '.join(ipv4s['Addresses'])}",
        f"d.add DestAddresses * {' '.be part of(ipv4s['DestAddresses'])}",
        f"d.add InterfaceName {interface}",
        f"set State:/Community/Service/{service_name}/IPv4",
        f"set Setup:/Community/Service/{service_name}/IPv4",
        f"d.init",
        f"d.add Addresses * {' '.be part of(ipv6s['Addresses'])}",
        f"d.add DestAddresses * {' '.be part of(ipv6s['DestAddresses'])}",
        f"d.add Flags * {' '.be part of(ipv6s['Flags'])}",
        f"d.add InterfaceName {interface}",
        f"d.add PrefixLength * {' '.be part of(ipv6s['PrefixLength'])}",
        f"set State:/Community/Service/{service_name}/IPv6",
        f"set Setup:/Community/Service/{service_name}/IPv6",
    ]))

def down(interface):
    service_name = service_name_for_interface(interface)
    run_scutil('n'.be part of([
        f"remove State:/Network/Service/{service_name}/IPv4",
        f"remove Setup:/Network/Service/{service_name}/IPv4",
        f"remove State:/Network/Service/{service_name}/IPv6",
        f"remove Setup:/Network/Service/{service_name}/IPv6",
    ]))

def important():
    operation = sys.argv[1]
    interface = sys.argv[2]
    if operation == 'up':
        up(interface)
    elif operation == 'down':
        down(interface)
    else:
        increase NotImplementedError()

if __name__ == "__main__":
    important()

1...3,8383,8393,840...3,915Page 3,839 of 3,915

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved