The author begins by sharing their experience using Logic Pro and discovering Logic Remote, a tool for controlling recording sessions from an iPhone. Their curiosity led them to investigate the communication between the tools and they discovered a custom TCP protocol used by the Multipeer Connectivity Framework. They reverse engineered the network packets and identified vulnerabilities in Apple’s parsers. They describe the various phases of the protocol, including the discovery phase using multicast DNS, the handshake phase with Hello and Ack packets, the authorization phase with spoofable invites, and the data exchange phase. They also mention the use of STUN for NAT traversal and briefly touch on the Logic Pro specific protocol. The author concludes by expressing gratitude to other researchers and emphasizing the unexplored attack surface in Apple’s network protocols.
https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/