Platypus Smart VPN for Safe passage through filtering
Are you want to using Platypus? If so, let us know! Shoot us an email at PlatypusSec@pm.me
- 1 - Modality of Internet Filtering and the Crossing Solution
- The only available solution for Bypassing the filtering service in Iran and all countries
In this article it is been attempted to examine the method of filtering the Internet in Iran Telecommunication with a scientific and scrap approach, and then in order to train the users and ease the correct use in the labs, the proper way and solution to cross the filtering with the name “Platypus” is described.
Of course, by monitoring censorship events around the world and reviews made on publicly provided data by excellent organizations such as the Open Observatory of Network Interference (OONI) and Internet Outage Detection and Analysis (IODA) show that in Many countries have severe filtering and among them Iran has the highest level of filtering and the possibility of using filter breakers is severely limited. Therefore, this text has set the filtering situation in Iran as a criterion and tries to provide justifiable tips and examples to help make the issue as transparent as possible.
The Platypus solution is actually a client-server software that, as a very new and unrivaled technique, which provided by the Platypus Sed Team, with the aim of passing the censorship and filtering in countries, especially countries like Iran, China, Russia, Saudi Arabia, Kazakhstan, India, Azerbaijan, Armenia, Hong Kong, Myanmar, Cambodia, Indonesia, Malaysia, Philippines, Thailand, Vietnam and etc. designed and implemented.
Platypus is one of the five extant species of monotremes, mammals that lay eggs instead of giving birth to live young. Like other monotremes, it senses prey through electrolocation. It is one of the few species of venomous mammals, as the male platypus has a spur on the hind foot that delivers a venom, capable of causing severe pain to humans. The unusual appearance of this egg-laying, duck-billed, beaver-tailed, otter-footed mammal baffled European naturalists when they first encountered it, and the first scientists to examine a preserved platypus body (in 1799) judged it a fake, made of several animals sewn together. the platypus is a legally protected species in all states where it occurs. The current tool is also a special and rare project, whose function is still difficult for many experts to understand, so we chose the name Platypus.
Iran has been connected to the Internet for university use since 1993, and the Basic Knowledge Research Institute was the first organization that was taken to use the Internet and connected to the Internet through the University of Vienna. Initially, Internet connection services were provided only to academic users, and the general use of the Internet through landlines, on the Dial-up base, was first provided by Neda Computer Company. The Internet was a security issue in Iran since the first day of presentation in Iran and was not interested in the authorities, so Nasser Ali Saadat (former director of Neda Computer Co.), with the support of Mr. Dorri Najaf Abadi (former Minister of Intelligence Service and former Attorney General of the country and the Technology Association in the Islamic Parliament in the fourth and fifth courses) the company's security staff managed to enter this category (although today's official newspaper information is not available for the company) and probably in history, this entry was a way to manage and secure Internet. In June 2001, Mr. Ali Khamenei issued "Committees for general policies of computer information networks." With the announcement of the general policies of computer information networks, Mr. Mohammad Khatami (President of Iran), despite the opposition of telecommunication and his government, with the legislature of the Internet outside the parliament and the Supreme Council of the Cultural Revolution, started to adopts the Internet laws, including filtering and its censorship. As conclusion of approvals, and enactments titled "Regulation and Criteria of Information and Computer Networks" entered the issue of filtering and monitoring Internet service provider companies. In 2002, filtering was taken seriously. The three-member committee gathered to address the Internet situation which included: The representative of the Ministry of Intelligence, the representative of the Ministry of Culture and Islamic Guidance and the representative Seda-va-Sima (National Television). Representative of the Secretariat of the Islamic Council and the representative of the Islamic propaganda organization as two other members later joined the committee. The committee listed 111,000 banned sites and gave the list up to Internet services providers companies for banning.
Filtering in Iran is applied in accordance with the laws approved in the Supreme Council of Cyberspace and the Islamic Parliament and includes a wide range of Internet websites from pornography to political. The institutions involved in the filtering of Iran are widespread and structured, including important institutions to the Supreme Council of Cyberspace, the Committee of Determining the Criminal Content, the Cyber Army of the Islamic Republic of Iran and the FATA Police. In addition, in the private sector, the two filtering contractors of the Filtering are “Yaftar Pazhouhan Pishtaz Rayanesh Co.” and “Dadeh Pardazi Douran Co.”, whose their names are explicitly noted in the leaked emails from the e-mail server of Justice Organization. Meanwhile, the Supreme Council of Cyberspace is the highest institution that is responsible for determining the overall policies of cyberspace against the soft war with Western countries that is established in 2012. The Supreme Council of Cyberspace determines the content of the web that detects illegal. The council determines the list of websites that should be blocked based on considerations such as contrary to the norms of society, contrary to the Islamicization of being, being threatened for national security, and propagating filtering bypassing methods. The council and the Committee of Determining the Criminal Content are a close relationship and have common members. The Attorney General's Office observes filtering committees and communicates the filtering list to Iran Telecom and other data communication services and other related institutions. The Iranian Telecom company uses part of the list directly through the control of the public network of data, and it is responsible for other Internet service conductors that all have to buy their bandwidth through the telecommunication company. On the other hand, Internet governance is all under the supervision of the regulation and radio communication organization, which is legally obliged to implement policies designated by the Committee of Determining the Criminal Content.
Blocking Internet Websites in Iran are with the decision of the Supreme Council of the Cultural Revolution with the presence of representatives of National TV (aka Seda-va-Sima), Telecommunication and the Ministry of Intelligence, and The Data Communication Services Organization is the performer of this committee’s decisions, and some Internet sites or their offices are also individually blocked with the order of the Judiciary Organization. Also, the decision maker about filtering in Iran is the "workgroup determination of criminal content", consisting of thirteen members of the triple Head organizations.
In March 2013, Reporters Without Borders Organization on the International Anti-Censorship Day, published a report which in this report, Iran, along with China, Syria, Bahrain and Vietnam, have called five enemies of the Internet. The Organization for Reporters Without Borders, added the National Center for Iranian Cyberspace in the world Repressive institution of Cyberspace list, and announced its activities "a clear threat to the freedom of opinion and expression stated in Article 19 of the Universal Declaration of Human Rights."
Also, according to the Freedom House Report, which categorizes countries based on access barriers, constraints in terms of content and violations of users' rights, in 2014, the Internet freedom in Iran has been evaluated as the worst in the world. According to the institution, in 2017, technical attacks for manipulating networks, after the arrest of individuals for political-social reasons, are the second major method for Internet control, which are used by the countries of China, Ethiopia, Iran and Syria.
According to the report provided by OONI, only during a short period from September to October, the worst kind of restrictions have been applied in Iran.
Some non-distributive sources announce that the current filtering style and method is based on the old Golden Shield project, which was started in 1998 by the Ministry of Public Security of China, and later led to the production of firewalling equipment with the probable name of Great Firewall, And according to reports of Reporters Without Borders, countries, including Iran, Australia, Russia, Zimbabwe, Cuba, Vietnam, are using at least same version or similar firewall, as far as some of them including Iran, have even more difficult conditions than rather than China. Of course, it is obvious that at that time, the technologies and methods used to have been old, in comparison to very complex technologies of today and in a summary, category includes it includes as below:
- Host-Name, URL, Keywords in HTTP Protocol
- IP Address OR IP Range Address in Layer3
- TCP Port / UDP Port Range in Layer4
- IP Protocol Number in Layer3
- DNS Query Name in DNS Protocol
- SNI / ESNI IN TLS Client Hello
- Layer7 Inspection and Define White List For L7 Protocols
Filtering in Iran at the beginning was on the IPs in the layer 3 and the ports were in the layer 4 and with the closure of the ports for various TCP and UDP protocols primary filtering was applied, and then the addresses were categorized based on their IP and blocked that naturally use of this method made the possibility of bypassing the filtering easier. Furthermore, due to the permanent change of ownership of the IP addresses in the world, it imposed a lot of pressure on their permanent observation and correcting filtering lists to the authorities. However, this method is still used in order of blocking access to unsafe addresses (rather than filtering) in all firewalls in the world and has been modified to the IP reputation in a more specialized way.
In the next phase, for more accurate filtering, measures were performed on the HTTP protocol, and in two parts of one website including Host and URL, and eventually applied to the specific keywords that were searched in search engines, and by matching with a specific word in a URL address, the filtering is applied;
The filtering method based on URLs to complete its database was relied on a Crawler that crawls the websites visited by users and weighs these sites and special keywords, and if this Weigh reaches to a certain value and number, it will store the name of the site in this database, and for subsequent access it blocks them; most of the sites which are identified with this method had the content of pornography, and mostly the websites which were against the Iranian government system are also identified manually and also Manually added and recorded to this database, which it is known as the National Filtering Database.
Due to the weakness in implementing and using poor parsers on the HTTP protocol, the Internet filtering system in Iran for many years was easily allowed to bypass the filtering; As if HTTP requests were changed slightly and instead of their lining as \r\n, only be as \n and has \n\n- at its end, it can easily be able to deceive the filtering system and cause the filtering to bypassed.
Over time and by expanding the SSL protocol, and migrating most of the internet websites to the SSL protocol, the filtering system also added control over the DNS protocol to its basket in order to prevent access to sites, so that DNS requests are after analysis of the Hostname value and conformity of it with the Blacklist of words and prohibited addresses, are filtered on the very first step on the DNS protocol, and to complete these lists, a series of sites were blocked based on their IPs.
But after the emergence and inclusion of the TLS and the existence of SNI in Client Hello associated with this protocol, the filtering system has started working on the TLS protocol, and all SNIs that matched the black list of banned sites in the TLS layer and in the very first packet was blocked. Of course, in the TLS1.3 protocol, there is no access to SNI, and the encrypted value of the Encrypted SNI is used, but the interesting point is that blocking ESNI as a code is even easier than blocking SNI.
Also, in the next steps and while software and anti-filtering services became more pervasive, the filtering service tried to block the famous VPN protocols based on the protocol number or destination port number, and for example, GRE, ESP, IPIPI and etc., blocked based on the protocol number, and protocols such as IKE, L2TP, PPTP and etc., were blocked according to the port number. However, it must be noted that VPN solutions in the world are not designed only with the purpose of bypassing filtering and their main purpose is to secure and proprietary the specific communication of individuals and organizations to ensure the connections more secure.
But anti-filtering systems with the change of ports number or using protocols used from anonymous ports (non-famous) provided the circumstances of bypassing the filtering, for instance, protocols such as Tor, V2Ray, and etc., were provided with the goal of circumventing filtering.
Therefore, after many ups and downs in filtering, with the knowledge expansion, and ability to analyze communication and protocols, the Iran filtering system is currently using the latest solution of Inspecting in Layer 7, which is sometimes introduced as DEEP Packet Inspection and in its effective phase, only permits specific protocols, and now protocols that have access to outside Iran are only include PING, HTTP, DNS, SSL, TLS, Radius, RDP, FTP and some other protocols. Of course, these protocols are inspected independently of their port and independent of what port they use, they are Open, and other than these protocols, other protocols are blocked; it should be noted that, during the recent days, we have seen the shut off of the whole protocols in many infrastructure and data centers of the country.
In the latest filtering solution, it has recently been observed that in many cases, the traffic has been slowed down or in a worse case, government removed (DROP) the packets randomly on the famous protocols which are exchanging on non-standard ports. For instance, SSL packets that are not sent on port 443 are removed in random, which naturally causes the blockage of a huge part of sites and services and sequentially in the most commonly used anti-filters, and obviously there is no difference between free version or paid version of the VPNs.
On the other hand, there were rumors that, by using IPv6, the DPI can be bypassed, but due to the full support of new firewalls from IPv6, this method is also unusable and easy to detect and restriction and in operators like IRANCELL, all attempts to connect to IPv6 addresses have failed, and Cloudflare's radar data has also reported a severe drop in IPv6 traffic.
Also, the HTTP/3 protocol, which is the latest version of the HTTP protocol, and as a new protocol, it was thought that filtering equipment would not be able to effectively block it, because it uses a completely different network stack, and instead of using the traditional TCP and TLS protocols for the transmission and security is based on UDP and QUIC, it is also easily filtered and according to Cloudflare Radar reports, its traffic was close to zero.
This strongly suggests that QUIC, which HTTP/3 relies on, was blocked entirely, perhaps by blocking UDP port 443. It is possible that network operators in Iran found it easier to block all QUIC traffic than to effectively implement targeted filtering on the newer QUIC protocol. This is supported by previous research that shows a difference in blocking for HTTP/3 vs HTTPS traffic.
According to the OONI report, many software and VPN service providers are no longer accessible in Iran.
In addition, the University of Maryland (in Washington, United States), provided a series of strategies called a genetic model aka Geneva, which is automatically learns how to evade the censorship of governments, claiming to pass through the filtering system For Chinese governments, Iran, India, and Kazakhstan, and in recent years have also had experiences in India (Airtel), but it should be noted that the proposed strategies are due to being Server Less, and only has the purpose of dodging the filtering system to continue communication and not used for Tunneling information, hence user’s information is visible to government authorities. As a result, there is the possibility of following-up and observation of viewed sites for the government; there is also another filtering barrier in Iran and its filtering is one step further and harder, because Geneva's operation is on TCP and initial requests should be able to resolved by the DNS protocol, and since DNS requests are filtered in Iran, therefore, the Geneva algorithm in Iran is unusable. Its documentation and photos are attached below in this section.
According to the above and understanding the fact that the passage routines of bypassing the filter dam have been very hard and complex, the final question is whether there is still a solution to bypass this system?
The answer is YES.
Due to our business approach in attracting investors, it is currently not possible to publish the main method on this page, and if you are interested in this product and such solutions and intend to have a business relationship with us, you can officially email us (PlatypusSec@proton.me) to get additional and technical explanations about this product in online sessions.
Currently, the server section of this solution is provided on the FreeBSD Unix operating system, and the Agent section or its APP is provided only on the Microsoft Windows operating system. Therefore, in the next phase, the server section can be installed on various operating systems, including Linux, MAC and Windows, and the Agent version or the App can be uses on various operating systems, including Linux, Unix, Mac, Android, and iOS.
Obviously, for the development of servers that provide services based on the given method, there is the need for revenue methods:
- Buying the full source of the product and then selling monthly accounts to customers: in this method, which is also common with other VPN services, VPN account sellers can buy the full source of the server part of this product and set up n! number of different servers globally and users will have the ability to bypass through filtering by purchasing monthly accounts and downloading the Agent free of charge.
- Selling the product to a NGO as a general endowment: In this way, a NGO may buy full source of the product in a whole package and publish the installation file version of the server for free on the Internet, so that everyone can install it and by Agent installation for free, they provide the anti-filtering solution for others.
Email us to view the product demo in online sessions.
At the end, it should be noted that the methods presented for bypassing the filtering barriers are in the general phase only have an educational aspect and in the commercial phase at the moment of writing this text, it is the most definitive method that cannot be monitored and blockage, unless by science and presenting new strategies and solutions by specialists, it would be possible to block the current solution. Additionally, by disclaimer of the wrong use of this tool by others, we are highly remark that prevent from any mistakenly use of this tool and it only used in the field of scientific and educational goals.