@sskaje

Unity Package Manager 协议分析

By @sskaje
Link: https://sskaje.me/2019/08/unity-package-manager-%e5%8d%8f%e8%ae%ae%e5%88%86%e6%9e%90/

Unity Package Manager 的 Windows 版不认系统的证书设置，直接配置代理走 Charles Proxy 没法抓到请求的包。懒得去搭反向代理，直接使用 Charles Proxy 的 Map Remote 功能，在 manifest.json 里随便设置一个地址，用 Charles Proxy 修改请求到 https://packages.unity.com 上，就可以抓包了。

请求逻辑是这样的：

1 请求 /com.unity.package-manager.metadata ，官方地址 https://packages.unity.com/com.unity.package-manager.metadata

2 根据 1 的响应里的searchablePackages，拼接 https://packages.unity.com/{PACKAGE} 获取包信息，例如 https://packages.unity.com/com.unity.xiaomi

3 从 2 的响应里读取包下载地址，从 dist.tarball 里获取下载地址。例如 https://download.packages.unity.com/com.unity.xiaomi/-/com.unity.xiaomi-1.0.3.tgz

根据这个协议，自己写个服务端，甚至用nginx搭建一个，还是比较简单的。此外 nexus 是个好选择，不用处理 3 里域名的问题，具体看 https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

Unity Package Manager 协议分析 by @sskaje: https://sskaje.me/2019/08/unity-package-manager-%e5%8d%8f%e8%ae%ae%e5%88%86%e6%9e%90/

Sonatype Nexus 3 as Unity Package Mirror

By @sskaje
Link: https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

Unity Package Manager 使用了 npm 的协议，配置起来比较简单。安装好nexus 3之后，直接创建一个 npm 的 proxy，Remote Storage 设置成 https://packages.unity.com 就行。国内服务器有条件设置一个代理也好，毕竟unity 的服务器被墙的概率挺高的。

然而，有几个坑。

1 Unity Package Manager 启动的时候会发无数个 HEAD 请求，而 nexus 3 并不支持HEAD，直接返回了404，于是 UPM 里一片红色的报警，但是不影响安装。

2 UPM 不支持加密认证，所以要想使用本地的镜像仓库，或者用 nexus 来管理自己的包，只能开启匿名访问。而公司场景的 nexus，最好从比 http 更底层的方式控制访问，例如各层加来源 IP 控制。官方说 2020.1 才会加认证的支持 https://forum.unity.com/threads/setup-for-scoped-registries-private-registries.573934/ 。

3 墙的问题太严重。

Sonatype Nexus 3 as Unity Package Mirror by @sskaje: https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

MacOS VPN Auto Add Routes

By @sskaje
Link: https://sskaje.me/2019/04/macos-vpn-auto-add-routes/

I tested on macOS 10.14, L2TP VPN.

I connect to my office VPN to work remotely, but I don’t want to send all traffic to VPN interface. Usually, I open a Terminal.app and execute commands after VPN connected:

$ sudo su
# route add -net 192.168.2.0/24 192.168.100.1

1 2	$ sudo su # route add -net 192.168.2.0/24 192.168.100.1

192.168.2.0/24 is address block used in my office, 192.168.100.1 is VPN gateway address.

It’s really inconvenient. But I have a new solution: networksetup.

Usage: networksetup -setadditionalroutes <networkservice> [ <dest> <mask> <gateway> ]*
Set additional IPv4 routes associated with <networkservice>
by specifying one or more [ <dest> <mask> <gateway> ] tuples.
Remove additional routes by specifying no arguments.
If <gateway> is “”, the route is direct to the interface

First, find your service name.

$ networksetup -listallnetworkservices

1	$ networksetup -listallnetworkservices

Find your VPN connection name, in my case ‘My Office’.

# networksetup -setadditionalroutes 'My Office' 192.168.2.0 255.255.255.0 ""

1	# networksetup -setadditionalroutes 'My Office' 192.168.2.0 255.255.255.0 ""

If you have multiple route entries to add,

networksetup -setadditionalroutes 'My Office' 172.16.0.0 255.255.240.0 "" 192.168.2.0 255.255.255.0 ""

1	networksetup -setadditionalroutes 'My Office' 172.16.0.0 255.255.240.0 "" 192.168.2.0 255.255.255.0 ""

L2TP is a Point-to-Point VPN, the gateway address is not that important, that’s why I use “” instead of 192.168.100.1.

MacOS VPN Auto Add Routes by @sskaje: https://sskaje.me/2019/04/macos-vpn-auto-add-routes/

Protected: 歌华电视在线看

By @sskaje
Link: https://sskaje.me/2019/04/%e6%ad%8c%e5%8d%8e%e7%94%b5%e8%a7%86%e5%9c%a8%e7%ba%bf%e7%9c%8b/

Protected: 歌华电视在线看 by @sskaje: https://sskaje.me/2019/04/%e6%ad%8c%e5%8d%8e%e7%94%b5%e8%a7%86%e5%9c%a8%e7%ba%bf%e7%9c%8b/

Hijack DnsPod HttpDNS

By @sskaje
Link: https://sskaje.me/2019/04/hijack-dnspod-httpdns/

劫持DNS是个很简单的工作，家用路由器基本都自带dnsmasq，直接加解析就行。

之前某次尝试劫持某视频App的广告接口解析到一个空的本地服务器上，发现该App使用了DnsPod的HttpDNS服务，所以传统的DNS劫持方案不好用。而EdgeRouter的DPI功能也没有对外开放墙一般的高级接口，所以这次用NAT来实现。

Continue reading “Hijack DnsPod HttpDNS” »

Hijack DnsPod HttpDNS by @sskaje: https://sskaje.me/2019/04/hijack-dnspod-httpdns/