I need to find an easy way (few clicks solution) for Mac OS X users to import VPN IPSec connection. I found out that there is a way in Mac OS X to export network connection settings in "System Preferences" -> "Network".
During export of network connection .networkConnect file is creating which contains sensitive data such as ExportedSharedSecret and ExportedPassword encrypted by some algorythm and after this encoded with base46.
I wonder what algorythms are used in order to encrypt this sensitive data and how can i create such .networkConnect files under linux, so users can download generated .networkConnect files from my server and import VPN settings to theis Mac OS X?
Here is an example .networkConnect file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>L2TP</key>
    <dict>
        <key>UserConfigs</key>
        <array>
            <dict>
                <key>EAP</key>
                <dict/>
                <key>IPSec</key>
                <dict>
                    <key>AuthenticationMethod</key>
                    <string>SharedSecret</string>
                    <key>ExportedSharedSecret</key>
                    <data>
                    EPANULrdr4/H5mwY6iBGprwzIYfWG4Ep
                    </data>
                </dict>
                <key>PPP</key>
                <dict>
                    <key>AuthName</key>
                    <string>my_account</string>
                    <key>AuthPasswordEncryption</key>
                    <string>Keychain</string>
                    <key>CommRemoteAddress</key>
                    <string>192.168.1.8</string>
                    <key>ExportedPassword</key>
                    <data>
                    EPANVaLSgprCymwK5iBH0l/KJ1C3wBkh
                    </data>
                    <key>UserDefinedName</key>
                    <string>my_configuration</string>
                </dict>
            </dict>
        </array>
    </dict>
</dict>
</plist>
1- Using Finder Here are the steps: Step 1: Start with connecting the external hard drive with the Mac device or select the internal encoded volume. Step 2: Now launch finder and look for the destined drive in the list. Step 3: Click the storage drove and select the option of Decrypt Drive Name.
It uses XOR with hard-coded key. Below is a simple Python demo.
import base64
cryptotext = base64.b64decode("EPANULrdr4/H5mwY6iBGprwzIYfWG4Ep")
decryption_key = [0x7d, 0x89, 0x52, 0x23, 0xd2, 0xbc, 0xdd, 0xea, 0xa3, 0xb9, 0x1f]
i = 0
cleartext = ""
for ch in cryptotext:
    cleartext += chr(ord(ch) ^ decryption_key[i])
    i += 1
    i = i % len(decryption_key)
print("%s" %(cleartext))
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With