News

Tor has now been recompiled for iOS9, tested by Dasy (thanks Dasy) and version 2.6.10 has been pushed to BigBoss repo and should appear in your Cydia stores soon. If you are not willing to wait, you can add our own repository to Cydia and install the org.grimore.tor.

Shortnote

We went ahead and made the impossible possible by porting tor to the iOS platform. The deb file has been submitted to Optimo and the gang and is ready to be downloaded in a while from Cydia.

Download

Overview

Here is a very rough sketch of the flow of data concerning apps and proxies on iOS:

With the following remarks:

  1. Applications can poll the system proxy settings in order to receive proxy information.
  2. However, applications can bypass any proxy setting (just not request it from the system) and thereby make the connection directly. The OS does not force the applications to use the system proxy! This is why some applications may bypass tor entirely.
  3. The system proxy settings can be queried by applications - whether they respect the settings is up to them.
  4. Our tor daemon is launched in the background on iOS.
  5. Some applications (for example, Safari) use the system proxy settings and go though tor to the Internet whilst others like Facebook do not use the proxy and connect directly (surprise surprise).

Utilities such as ShadowSocks or ProxyManager allow you to manipulate the operating system settings and provide a convenient way of switching the proxy on or off.

You should not be confident that by installing tor and setting the system proxy that your traffic will be obfuscated - applications can bypass those settings entirely if they so choose.

Setup

Set-up Type Wireless Cellular Network iOS
Out-of-The-Box Yes No 3+
ProxyManager Yes No 5+
ShadowSocks Yes Yes 5+

Thanks to Chris L. for the supplying the information relating to ProxyManager and ShadowSocks.

Out-of-The-Box

There are several steps you have to perform in order to set-up tor with your iOS Device:

  1. install tor from Cydia.
  2. go to the Settings app and turn tor on.
  3. go to your wireless settings and select your Wireless network
  4. at the bottom you will have three panels: Off, Manual and Auto.
  5. you will need to select Auto and punch in:
    file:///etc/tor/proxy.pac

Using ProxyManager

ProxyManager will allow you to manage proxies without having to type in the URL to the proxy.pac file every time.

  1. ProxyManager can be downloaded from Cydia (not the BigBoss repo).
  2. select Automatic Proxy Configuration.
  3. add a proxy with URL:
    file:///etc/tor/proxy.pac
  4. select the created proxy.
  5. enable Tor in Settings.app→Tor.

Using ShadowSocks

ShadowSocks allows you to use a proxy per application.

  1. ShadowSocks can be downloaded from Cydia.
  2. switch Enable Proxy to On.
  3. switch Auto Proxy to On.
  4. punch in the PAC File field
    /etc/tor/proxy.pac

Reference Settings

In case the auto-configuration fails with ShadowSocks, you can make the settings manually (settings provided and confirmed by Crazybanditt):

Video

Soundtrack: The Lost Vikings - Factory Beat

Troubleshooting and Debugging

Soundtrack: Chaos Engine

Notes

  • When testing, always use Safari to make sure that the tor part of your setup works alright.
  • Google Chrome is by default configured to reduce data usage by routing the traffic through Google's servers and compressing it. You will have to disable this feature from Chrome's settings such that Chrome will not ignore the proxy settings on your device.

Shutting Down

There are a number of ways to do this, the best would be, if temporary, to just switch the proxy setting to Off in the Wireless Network setting. Otherwise, if a full shutdown is necessary, turning both the proxy setting to Off and turning tor off from the Settings app should do the trick.

Optimizing

In essence, optimizing Tor on iOS would involve launching MobileTerminal (or ssh-ing to the device) and then editing the /etc/tor/torrc file.

The default configuration is a vanilla "what should work for everybody"-dish that is served pretty cold:

SocksPort 9050
SocksListenAddress 127.0.0.1
SocksPolicy accept 127.0.0.1
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
RunAsDaemon 1

### Speed Tweaks
HardwareAccel 1
LearnCircuitBuildTimeout 1
NumEntryGuards 8
SafeSocks 1
LongLivedPorts 80,443
NumCPUs 2

We have our own tips on optimizing tor and they are summarized on the tor FUSS page.

Development Notes

The following development steps can be used to reproduce the libevent.deb and tor.deb packages.

Compiling Libevent

Libevent v1.4.3-stable compiles on iOS4 using:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-static=no --enable-shared=yes

and is required for getting tor to run.

Tor Patch for iOS

The following patch is applied against tor version 0.2.3.25:

--- ./src/common/compat.c.orig	2012-11-19 23:24:54.000000000 +0200
+++ ./src/common/compat.c	2013-10-05 02:11:14.000000000 +0300
@@ -483,10 +483,6 @@
 tor_memmem(const void *_haystack, size_t hlen,
            const void *_needle, size_t nlen)
 {
-#if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2)
-  tor_assert(nlen);
-  return memmem(_haystack, hlen, _needle, nlen);
-#else
   /* This isn't as fast as the GLIBC implementation, but it doesn't need to
    * be. */
   const char *p, *end;
@@ -506,7 +502,6 @@
     ++p;
   }
   return NULL;
-#endif
 }
 
 /**
--- ./src/or/rendcommon.c.orig	2012-11-19 23:24:39.000000000 +0200
+++ ./src/or/rendcommon.c	2013-10-05 02:07:04.000000000 +0300
@@ -588,7 +588,7 @@
     else
       protocol_versions_string[0]= '\0';
     /* Assemble complete descriptor. */
-    desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
+    desc_len = smartlist_len(desc->intro_nodes); /* far too long,
                                                                   but okay.*/
     enc->desc_str = desc_str = tor_malloc_zero(desc_len);
     result = tor_snprintf(desc_str, desc_len,

and tor has to be configured with the following flags:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-transparent --disable-asciidoc --disable-nat-pmp --disable-upnp

Configure Flags

  • We disable transparent firewall support with –disable-transparent because we do not have that on iOS. Although, it may perhaps be interesting to explore some NAT-ing with ipfw in the future.
  • We disable the ASCII documentation because most packages in Cydia repositories aim to be as small as possible - this is due to bandwidth and due to the fact that most users are not really developers and it is easier to look-up the documentation on the web.
  • NatPMP and UPnP are technologies that are used to punch holes in router firewalls automatically. The technology seems unnecessary or rather counter-intuitive when it comes to the privacy context of tor - you do not really want your machine to send requests to routers to open up a ports for you: "hello, I'm using tor, open up a port or me!". In any case, iOS does not have the necessary PMP or UPnP libraries, nor can they be found in Cydia.

Setting an iOS SOCKS Proxy

By default, iOS allows setting only a HTTP proxy, yet tor is by definition a SOCKS proxy. In order to go around that the proxy.pac file that the deb file creates at /etc/tor/proxy.pac contains the following code:

function FindProxyForURL(url, host) {
  return "SOCKS 127.0.0.1:9050";
}

that instructs iOS to use a SOCKS proxy on the loopback address and on port 9050 where tor is listening for connections.


ios/tor.txt · Last modified: 2022/04/19 08:28 by 127.0.0.1

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.