Update faking strategies

Use random ip4 id for frags, use sequential ip4 id for fakes
Waujito · Oct 12, 2024 · e9b033c · e9b033c
1 parent 30bc3a8
commit e9b033c
Show file tree

Hide file tree

Showing 14 changed files with 393 additions and 266 deletions.
diff --git a/README.md b/README.md
@@ -85,7 +85,7 @@ For nftables on OpenWRT rules comes out-of-the-box and stored under `/usr/share/
 
 Now we go to the configuration. For OpenWRT here is configuration via [UCI](https://openwrt.org/docs/guide-user/base-system/uci) and [LuCI](https://openwrt.org/docs/guide-user/luci/start) available (CLI and GUI respectively).
 
-For **LuCI** aka **GUI** aka **web-interface of router** you should install luci-app-youtubeUnblock package like you did it with the normal youtubeUnblock package. Note, that lists of official opkg feeds should be loaded (**Do it with Update lists option**).
+For **LuCI** aka **GUI** aka **web-interface of router** you should install **luci-app-youtubeUnblock** package like you did it with the normal youtubeUnblock package. Note, that lists of official opkg feeds should be loaded (**Do it with Update lists option**).
 
 LuCI configuration lives in **Services->youtubeUnblock** section. It is self descriptive, with description for each flag. Note, that after you push `Save & Apply` button, the configuration is applied automatically and the service is restarted.
 
@@ -183,6 +183,10 @@ Available flags:
 
 - `--fake-sni-seq-len=<length>` This flag specifies **youtubeUnblock** to build a complicated construction of fake client hello packets. length determines how much fakes will be sent. Defaults to **1**.
 
+- `--fake-sni-type={default|custom|random}` This flag specifies which faking messages should use fake packets. If you pass random, the message of random length and random payload will be sent. For default the default payload is used. And for custom the payload from `--fake-custom-payload` is used. Default to `default`.
+
+- `--fake-custom-payload=<payload>` Usable with `--fake-sni-type=custom`. You should specify the payload for fake message manually. Use hex format: `--fake-custom-payload=0001020304` mean that 5 bytes sequence: `0x00`, `0x01`, `0x02`, `0x03`, `0x04` used as fake.
+
 - `--faking-strategy={randseq|ttl|tcp_check|pastseq|md5sum}` This flag determines the strategy of fake packets invalidation. Defaults to `randseq`
   - `randseq` specifies that random sequence/acknowledgemend random will be set. This option may be handled by provider which uses *conntrack* with drop on invalid *conntrack* state firewall rule enabled. 
   - `ttl` specifies that packet will be invalidated after `--faking-ttl=n` hops. `ttl` is better but may cause issues if unconfigured. 

diff --git a/args.c b/args.c
@@ -8,6 +8,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include "types.h"
+#include "args.h"
 
 static char custom_fake_buf[MAX_FAKE_SIZE];
 
@@ -20,7 +21,6 @@ struct config_t config = {
 	.faking_ttl = FAKE_TTL,
 	.fake_sni = 1,
 	.fake_sni_seq_len = 1,
-	.fake_sni_seq_type = FAKE_PAYLOAD_DEFAULT,
 	.fake_sni_type = FAKE_PAYLOAD_DEFAULT,
 	.frag_middle_sni = 1,
 	.frag_sni_pos = 1,
@@ -69,7 +69,6 @@ struct config_t config = {
 #define OPT_FAKING_TTL		3
 #define OPT_FAKING_STRATEGY	10
 #define OPT_FAKE_SNI_SEQ_LEN	11
-#define OPT_FAKE_SNI_SEQ_TYPE	26
 #define OPT_FAKE_SNI_TYPE	27
 #define OPT_FAKE_CUSTOM_PAYLOAD	28
 #define OPT_FRAG    		4
@@ -103,7 +102,6 @@ static struct option long_opt[] = {
 	{"synfake",		1, 0, OPT_SYNFAKE},
 	{"synfake-len",		1, 0, OPT_SYNFAKE_LEN},
 	{"fake-sni-seq-len",	1, 0, OPT_FAKE_SNI_SEQ_LEN},
-	{"fake-sni-seq-type",	1, 0, OPT_FAKE_SNI_SEQ_TYPE},
 	{"fake-sni-type",	1, 0, OPT_FAKE_SNI_TYPE},
 	{"fake-custom-payload", 1, 0, OPT_FAKE_CUSTOM_PAYLOAD},
 	{"faking-strategy",	1, 0, OPT_FAKING_STRATEGY},
@@ -162,7 +160,6 @@ void print_usage(const char *argv0) {
 	printf("\t--exclude-domains=<comma separated domain list>\n");
 	printf("\t--fake-sni={1|0}\n");
 	printf("\t--fake-sni-seq-len=<length>\n");
-	printf("\t--fake-sni-seq-type={default|random|custom}\n");
 	printf("\t--fake-sni-type={default|random|custom}\n");
 	printf("\t--fake-custom-payload=<hex payload>\n");
 	printf("\t--fake-seq-offset=<offset>\n");
@@ -337,18 +334,6 @@ int parse_args(int argc, char *argv[]) {
 			}
 
 			config.fake_sni_seq_len = num;
-			break;
-		case OPT_FAKE_SNI_SEQ_TYPE:
-			if (strcmp(optarg, "default") == 0) {
-				config.fake_sni_seq_type = FAKE_PAYLOAD_DEFAULT;
-			} else if (strcmp(optarg, "random") == 0) {
-				config.fake_sni_seq_type = FAKE_PAYLOAD_RANDOM;
-			} else if (strcmp(optarg, "custom") == 0) {
-				config.fake_sni_seq_type = FAKE_PAYLOAD_CUSTOM;
-			} else {
-				goto invalid_opt;
-			}
-
 			break;
 		case OPT_FAKE_SNI_TYPE:
 			if (strcmp(optarg, "default") == 0) {
@@ -553,3 +538,4 @@ void print_welcome() {
 	}
 
 }
+
diff --git a/args.h b/args.h
@@ -1,3 +1,6 @@
+#include "utils.h"
+#include "tls.h"
+
 #ifndef ARGS_H
 #define ARGS_H
 
@@ -8,4 +11,5 @@ int parse_args(int argc, char *argv[]);
 /* Prints starting messages */
 void print_welcome();
 
+
 #endif /* ARGS_H */
diff --git a/config.h b/config.h
@@ -10,7 +10,7 @@ typedef int (*raw_send_t)(const unsigned char *data, unsigned int data_len);
  * Sends the packet after delay_ms. The function should schedule send and return immediately
  * (for example, open daemon thread)
  */
-typedef void (*delayed_send_t)(const unsigned char *data, unsigned int data_len, unsigned int delay_ms);
+typedef int (*delayed_send_t)(const unsigned char *data, unsigned int data_len, unsigned int delay_ms);
 
 struct instance_config_t {
 	raw_send_t send_raw_packet;
@@ -37,7 +37,6 @@ struct config_t {
 #define FAKE_PAYLOAD_CUSTOM	1
 // In default mode all other options will be skipped.
 #define FAKE_PAYLOAD_DEFAULT	2
-	int fake_sni_seq_type;
 	int fake_sni_type;
 
 #define VERBOSE_INFO	0

diff --git a/kargs.c b/kargs.c
@@ -23,7 +23,6 @@ struct config_t config = {
 	.mark = DEFAULT_RAWSOCKET_MARK,
 	.synfake = 0,
 	.synfake_len = 0,
-	.fake_sni_seq_type = FAKE_PAYLOAD_DEFAULT,
 	.fake_sni_type = FAKE_PAYLOAD_DEFAULT,
 
 	.sni_detection = SNI_DETECTION_PARSE,

diff --git a/kytunblock.c b/kytunblock.c
@@ -217,19 +217,22 @@ static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
 
 	int ipvx = netproto_version(pkt, pktlen);
 
-	if (ipvx == IP4VERSION) 
+	if (ipvx == IP4VERSION) {
 		return send_raw_ipv4(pkt, pktlen);
-
-	else if (ipvx == IP6VERSION) 
+	} else if (ipvx == IP6VERSION) {
 		return send_raw_ipv6(pkt, pktlen);
+	} else {
+		printf("proto version %d is unsupported\n", ipvx);
+		return -EINVAL;
+	}
 
-	printf("proto version %d is unsupported\n", ipvx);
-	return -EINVAL;
+	lgtrace_addp("raw_sock_send: %d", ret);
+	return ret;
 }
 
-static void delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
+static int delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
 	pr_info("delay_packet_send won't work on current youtubeUnblock version");
-	send_raw_socket(data, data_len);
+	return send_raw_socket(data, data_len);
 }
 
 struct instance_config_t instance_config = {