Implementing the AirDrop protocol

petschekr picture petschekr · May 22, 2012 · Viewed 14.1k times · Source

I am interested in implementing AirDrop as a client on a device such as an iPad or Windows computer. Can anyone point me in the right direction for implementing the AirDrop protocol in either Python or C. Any help on this would be greatly appreciated. Thanks in advance.

Answer

jroith picture jroith · Aug 3, 2012

For the benefit of you or anyone who will try to reverse-engineer and implement Airdrop, here is what I found and what you will have to do to get started:

There are two steps involved and they can be done in independently or in parallel.

  1. Reverse-engineer the way the physical WLAN ad-hoc network is created and named

To do this, get iStumbler from here http://istumbler.net/ and try to see if an additional ad-hoc network shows up when airdrop is running. I have briefly tried and there seems to be an unencrypted, ad-hoc 802.11b network, its name starting with an "H". (But I could be wrong, try this yourself.) Try to find the pattern used by Airdrop to name or identify the network. Try from multiple Macs to find this.

  1. Reverse-engineer the protocols

Once clients have joined the WiFi network, Airdrop will detect other clients using Bonjour.

First, as described at http://osxdaily.com/2011/09/16/enable-airdrop-ethernet-and-unsupported-macs/ , run this in your Terminal to get things working without the hidden ad-hoc network:

defaults write com.apple.NetworkBrowser BrowseAllInterfaces 1

Then restart Finder.

Get the Bonjour Browser from here: tildesoft.com

When starting Airdrop you will find that your mac advertises a service "_airdrop._tcp". It also publishes the various IP adresses of the host and the port (a new one is created each time Airdrop is opened in Finder) that your mac is listening on. It also publishes the name of the Computer as well as a two keys "ehash" and "phash" and one key "flags" that has a value of 1. You would have to look how these two hashes are generated and if they are required. Probably they are. Try to publish your own data on a second computer using one of the Bonjour libraries available and look if they show up in Airdrop (in Finder).

I have found that the TCP service exposed by each client is using an SSL connection. The server certificate seems to be linked to your Apple ID. You can find the certificate in the Keychain. A client certificate is also requested by the server. This is probably just the same Apple ID certificate from the other computer. You will have to experiment with this.

I don't know what protocol is used inside that SSL connection and don't have access to a second Mac to investigate currently. You will have to MITM the connection to find out (try Charles and Wireshark). In any case it will be used to transfer the user icon as well as negotiate the transfer and possibly also to move the actual data.

I think an open implementation of this would be of great benefit, even if it would turn out in the end to be limited to users with an Apple ID - they are free after all.

Good luck!