How to make my bundle run when an agent system tries screen sharing or remote management, so that I can provide second step verification by using my custom bundle?

Question

manumanasakanumareddy OP

Created Jul ’23

Replies 3

Boosts 1

Participants 2

I'm a beginner in swift. Ways I tried:

Tried adding a command line tool DNC observer to call a function when any screen sharing notification triggers, but later came to know that screen sharing doesn’t give any notifications.

import OSLog
import Foundation

os_log("TecMFA:: Starting screen sharing finder.")
let dnc = DistributedNotificationCenter.default()

dnc.addObserver(
  forName: .init("com.apple.screensharing.server"), // tried many notification names like com.apple.screensharing.curtain etc. 
  object: nil,
  queue: .main
) { notification in
    os_log("TecMFA:: Started screen sharing deamon.")
}

dispatchMain()

Created a server using vapor as following

//configure.swift
import Vapor

func routes(_ app: Application) throws {
    // Define a route to handle POST requests to "/login"
    app.post("login") { req -> HTTPStatus in
        // Read the username and password from the request body
        guard let loginData = try? req.content.decode(LoginData.self) else {
            // Failed to parse request body or invalid data
            return .badRequest
        }
        
        let username = loginData.username
        let password = loginData.password
        print(username)
        print(password)
        
        // Do something with the username and password
        print("Received login request with username: \(username) and password: \(password)")
        
        // Return a success response
        return .ok
    }
}

// Define a struct to represent the request body data
struct LoginData: Content {
    let username: String
    let password: String
}

// routes.swift
import Vapor
import Foundation

func getLocalIPAddress() -> String? {
    let task = Process()
    task.launchPath = "/usr/sbin/ipconfig"
    task.arguments = ["getifaddr", "en0"] // Use "en0" for Wi-Fi, "en1" for Ethernet

    let pipe = Pipe()
    task.standardOutput = pipe
    task.launch()

    let data = pipe.fileHandleForReading.readDataToEndOfFile()
    let output = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines)

    return output
}


// Called before your application initializes.
public func configure(_ app: Application) throws {
    // Register routes
    try routes(app)

    // Get the local IP address
    guard let localIPAddress = getLocalIPAddress() else {
        fatalError("Unable to get the local IP address.")
    }

    // Update the server configuration to bind to the local IP address and desired port
    app.http.server.configuration.hostname = localIPAddress
    app.http.server.configuration.port = 8080
}

It didn't work when same port numbers. I tried using different port numbers but the request comes through port 5900, so 8080 cannot access it, so it didn't work either. Any corrections and suggestions are welcome.

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’23

tried many notification names like com.apple.screensharing.curtain etc.

So this is a concern. Apple’s general rule for stringly-typed APIs, like our notification centres, is that keys are only considered API if they have a symbolic constant or are otherwise documented. Other keys are considered implementation details, and you don’t want to rely on them.

As to what you should be doing here, that depends on your high-level goals and I’m not sure what those are. You wrote:

How to make my bundle run when an agent system tries screen sharing or remote management, so that I can provide second step verification by using my custom bundle?

Can you provide more insight into this goal? To start, is this a product you want to deploy to a wide range of users? Or something for yourself?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

manumanasakanumareddy OP

Jul ’23

I am glad that you have responded. Here is the detailed information. I am currently working on creating an application that provides 2 step verification for Screen Sharing application on MacOS. So when we get a request from the agent/client system they get connected without a small notification. So at the time when they get connected if we can prompt a second step verification it will alert the user. So that is what I am trying to do. I tried to find notifications so that I can add a DNC Observer. I have gone through all the logs but couldn’t find any. There is not even a single documentation related to this. So I have gone through VNC protocol and I tried to add a server program using Vapor, which can read username and password from the incoming request and I have already given the details of what happened. I want to read the data of the request so that I can request for second step authentication with the given credentials and provide the 2FA with our product. I cannot alter the request coming from the client. So I want to change it on the server.

Thank you for your response, Hoping to hear from you soon. Manasa

0

Answer 3

DTS Engineer OP

Apple

Jul ’23

I don’t think there’s an specific API that’ll help you here. Your idea of creating a proxy for the screen sharing connection is an interesting one, but even it has significant challenges. Ideally you want your proxy to listen on the screen sharing port, but there’s no supported way to move screen sharing to a different port.

I have gone through VNC protocol and I tried to add a server program using Vapor

I’m not sure how Vapor factors into this. It implements the HTTP protocol, and VNC is its own protocol (RFB) that’s distinct from HTTP. See here.

Apple does not have an API that implements this protocol, so you’ll have to either write or acquire your own library for that.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0