umux2007: iPhone USB tethering under Linux

What

umux2007 allows a Linux PC to connect to the Internet through an iPhone running PdaNet in USB mode.

Where

You need

Jailbroke iPhone
PdaNet
Twisted
usbmuxd (Ubuntu packages)
umux2007 (contents: pppd peer pty script)

Installation

Install the dependencies, unpack umux2007 and run the install script. Connect iPhone through USB and run umux2007.py to verify installation:

pahan@bile:~/temp/umux2007-0.0.1$ sudo ./install
pahan@bile:~/temp/umux2007-0.0.1$ umux2007.py
2009-12-02 11:26:55-0800 [-] Log opened.
2009-12-02 11:26:56-0800 [-] usbmux connected (fd 7, pid 1934)
161t?~

Exit with ctrl-c. "pon umux2007" should now establish an Internet connection through your iPhone. "poff" tears the connection down.

Important protip

PdaNet ignores AAAA DNS queries. This causes long timeouts. Ubuntu sends AAAA queries for two reasons:

glibc thinks the system has real IPv6 interfaces. Try "ip addr del ::1/128 dev lo" as root
Application is trying to use IPv6. For firefox, go to about:config and enable "network.dns.disableIPv6"

Huh

Questions? w_umux2007@xzrq.net

How

The iPhone part of PdaNet listens on port 2007. PdaNet Windows client is a fake modem driver. The driver connects to port 2007 on the iPhone through iTunes's USB multiplexor on one end and to the standard Windows PPP driver on the other end. The protocol is simple: upon connection, PdaNet server responds with a version banner (1.61 in the example above) and then sends and receives PPP frames. umux2007 takes place of the fake modem driver. It pipes packets between pppd and usbmuxd, the open source iPhone USB multiplexor.

Due to a mental deficiency on the part of PdaNet developers, the server expects every PPP frame to begin and end with the Flag character (0x7E) and to be sent in a single packet. umux2007 adds the extra Flags if required and tries to use one write() per frame. On my system, Twisted, the UNIX socket driver, usbmuxd and iPhone TCP stack happen to preserve packet boundaries. Hooray.