WireGuard Configurations Gone After iOS 15 Upgrade

Jason A. Donenfeld Jason at zx2c4.com
Thu Sep 23 03:57:48 UTC 2021

Hi Miguel,

On Wed, Sep 22, 2021 at 9:22 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> Interesting... Alright then, new theory: the keychain references are
> accessible in the old 12-byte format, but are presented when iterating
> in the new 20-byte format. The deleteReferences(except: refs) function
> iterates through all, removes everything in the except list, and then
> deletes what remains. If the iteration reference doesn't match with
> the except reference, despite pointing to the same object, then it'll
> delete them incorrectly. ...restoring to iOS 14 now to test that
> theory.

Good news! The theory holds. Thanks for bringing that behavior to my
attention. I think this should be fixable.

iOS changing persistent keychain refs to be non-bijective I guess is a
bit of a shocker, but I'm glad we've gotten to the bottom of it.


More information about the WireGuard mailing list