WireGuard Configurations Gone After iOS 15 Upgrade

Jason A. Donenfeld Jason at zx2c4.com
Thu Sep 23 02:49:24 UTC 2021

Hi again,

I'm afraid the situation is somewhat bad...

It appears that iOS 15 has completely deleted the iOS 14's WireGUard
keychain items, at least as far as the WireGuard app can see. I've yet
to jailbreak or look at an image dump to see if it's still hiding
somewhere, but it also doesn't matter, because from the app's
perspective, the keychain appears totally empty.

Digging in just on the surface, it looks like the keychain references
from iOS 14 are something like "67656e7000000000000000f7", with that
f7 incrementing, while the ones from iOS 15 are
"67656e700167269751a94355a004bfa75f951cec" -- same prefix, but the
suffix is longer and seemingly random. Did the migration from one
format to the other go bad on upgrade? Did something else happen? I
don't really know much yet about the guts of this bug, but it does
seem like something is going on. We've never had any issues with the
keychain being emptied between iOS versions before.

So now we need to figure out what to do. I'm still holding out a tiny
sliver of hope that there's a mistake somewhere and this can all be
fixed by the app, but so far I've come up dry when looking around for
that. What if this really is an iOS 15 bug? I'll report it to Apple,
of course, but that doesn't help the immediate issue that people's
configs are being deleted. The behavior is at least detectable, so I
could detect the migration, delete all of the orphaned network
profiles (as before), and pop up a message box (resembling a
ransomware screen!) saying "Where Have All Your Configurations Gone?",
followed by an apologetic explanation. That's kind of unsatisfactory,
though. I'm all ears on other ideas if you've got any.

And if any Apple developers are hanging out on this list and want to
try their hand at a solution, that'd be much appreciated. (Plus, my
entreaty from March [1] remains.)


[1] https://lists.zx2c4.com/pipermail/wireguard/2021-March/006455.html

More information about the WireGuard mailing list