hiddify-next icon indicating copy to clipboard operation
hiddify-next copied to clipboard

Published 20 hours ago verified publisher icon hiddify

Fix: Support VPN modes on MacOS without hacks with osascript

Open AlexStrNik opened this issue 9 months ago • 6 comments
trafficstars

I’ve added the SingboxHelper daemon agent, which registers on launch with privileged mode, allowing the VPN service to run smoothly without any hacks. To implement this, I added another SingboxService implementation, which is enabled by default on macOS 13+ (and honestly, I didn’t bother with settings no one’s asked for). macOS 13+ is the minimum supported version for the SMAppService daemons API, and while there’s SMBlessJob, it’s deprecated—so who even cares about supporting outdated macOS versions? Just to be clear, the app still works on earlier macOS versions, I just didn’t feel like writing two different daemon registration flows for those ancient OS versions.

Communication with the daemon is handled by NSXPCConnection, which is type-safe, secure, and fast. The daemon loads the dylib, so now all functions in libcore run with sudo rights, and the VPN mode just works™.

There’s also another thing: since libcore expects a DartDL_API, and Swift didn’t have that out of the box, I went ahead and created one. It’s mostly a bunch of stubs, semi-auto-generated from C++ headers (don’t judge me, I’m too lazy to finish the script and upload it, but it would be super easy, I swear). The only function that’s implemented so far is Dart_PostCObject, which receives different statuses from libcore.

What else, code is type-safe, with all the necessary assertions, checks, and guards. It’s not the most readable thing in the world, but who cares if it solves the problem? And if anyone cares to tidy it up, it should be pretty easy to reorganize.

AlexStrNik avatar Feb 20 '25 05:02 AlexStrNik

awesome work, hope would be merged soon!

For now used automator script but it feels like a crunch.

Demezy avatar Feb 20 '25 08:02 Demezy

@0xConsumer @lymanjre @hiddify-com please take a look when possible

AlexStrNik avatar Feb 21 '25 16:02 AlexStrNik

@hiddify-com can you have a look pelase?)

AlexStrNik avatar Mar 13 '25 13:03 AlexStrNik

That is a great PR. However, We will use network extension in mac soon so i think it is better to not do such hack.

hiddify-com avatar Mar 29 '25 19:03 hiddify-com

@hiddify-com Thank you for your response! In that case, it might not make much sense, depending on how soon it will be ready. However, it might be worth merging as a temporary solution and switching to NE once it's ready.

If you need any help with rewriting to NE, I'd be happy to assist with the Swift/Dart parts

AlexStrNik avatar Mar 31 '25 15:03 AlexStrNik

It would be great if you can make it under network extenstion similar to ios one

hiddify-com avatar Apr 21 '25 10:04 hiddify-com