search

Waujito / youtubeUnblock

Bypasses Deep Packet Inspection (DPI) systems that rely on SNI
GNU General Public License v3.0
796 stars 62 forks source link

major regression with my malicious ISP's new SPTU strategies in Crimea #44

Closed irulanCorrino closed 3 months ago

irulanCorrino commented 3 months ago

hi. i tried ver-0-1 and it was totally fine until it has stopped working at 10AM this morning (after i had watched one video).
i had uninstalled it and had installed ver-0.2.1-2 but i have nothing in my terminal output:

Using TCP segmentation
Fake SNI will be sent before each googlevideo request, Ack-Seq strategy will be used
GSO is enabled
Queue 437 started!

it just stops there, but unlike issue #43 i DO HAVE youtube loading video's thumbnail, it just shows rotating 'Loading' wheel on that thumbnail forever.
my command was alias split437="sudo iptables -A OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 437 --queue-bypass && sudo youtubeUnblock 437 --sni-domains=googlevideo.com,ggpht.com,ytimg.com,l.google.com,youtube.com,play.google.com"
i had changed it to "sudo iptables -A OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 437 --queue-bypass && sudo youtubeUnblock 437 --sni-domains=all" --no progress.
then i had changed it to "sudo iptables -A OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 437 --queue-bypass && sudo youtubeUnblock 437 --sni-domains=all --fake-sni=ttl" --no progress.
i had modified my settings in browser: network.http.http{2,3}.enable(d) => false (about:config in Firefox) --no progress.
then i had added a delay to my command's flags --seg2delay=400 --i still have nothing.

i am a beginner programmer, what if i should not redefine iptables -A OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 437 --queue-bypass with each new call after a termination of stalled previous command?

system info: Artix [no systemd, i use openRC], zen kernel.

P.S.: my biggest concern is that they may had blocked me manually, i am very active online and all village's locals here know i am a hacker... i had installed wireshark yesterday, [three packages from arch repos --gui, cli and alternative cli]. i can dump&debug packets if you needed, but i had no time yet to learn how to work with gui, so little guidance will be very nice, thanks!

Waujito commented 3 months ago

omg I love the title Can you try this patch? Use it with --fake-sni=ttl

diff --git a/youtubeUnblock.c b/youtubeUnblock.c
index 118553b..70b9e86 100644
--- a/youtubeUnblock.c
+++ b/youtubeUnblock.c
@@ -505,7 +505,6 @@ static int process_packet(const struct packet_data packet, struct queue_data qda
        goto fallback;
    }

-
    struct verdict vrd = analyze_tls_data(data, dlen);

    verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
@@ -532,21 +531,47 @@ static int process_packet(const struct packet_data packet, struct queue_data qda
            (struct tcphdr *)tcph, (struct iphdr *)iph);

        if (config.fake_sni_strategy != FKSN_STRAT_NONE) {
-           uint8_t fake_sni[MNL_SOCKET_BUFFER_SIZE];
-           uint32_t fsn_len = MNL_SOCKET_BUFFER_SIZE;
+           uint8_t rfsiph[60];
+           uint8_t rfstcph[60];

-           ret = gen_fake_sni(iph, tcph, fake_sni, &fsn_len);
-           if (ret < 0) {
-               errno = -ret;
-               perror("gen_fake_sni");
-               goto fallback;
-           }
+           memcpy(rfsiph, iph, iph_len);
+           memcpy(rfstcph, tcph, tcph_len);
+
+           struct iphdr *fsiph = (void *)rfsiph;
+           struct tcphdr *fstcph = (void *)rfstcph;
+
+           for (int i = 0; i < 10; i++) {
+               uint8_t fake_sni[MNL_SOCKET_BUFFER_SIZE];
+               uint32_t fsn_len = MNL_SOCKET_BUFFER_SIZE;
+               ret = gen_fake_sni(fsiph, fstcph, fake_sni, &fsn_len);
+               if (ret < 0) {
+                   errno = -ret;
+                   perror("gen_fake_sni");
+                   goto fallback;
+               }
+
+               printf("%d\n", i);
+               ret = send_raw_socket(fake_sni, fsn_len);
+               if (ret < 0) {
+                   errno = -ret;
+                   perror("send fake sni");
+                   goto fallback;
+               }
+
+               uint32_t iph_len;
+               uint32_t tcph_len;
+               uint32_t plen;
+               tcp4_payload_split(fake_sni, fsn_len, &fsiph, &iph_len, &fstcph, &tcph_len, NULL, &plen);
+
+
+               printf("%d\t", ntohl(fstcph->seq));
+               fstcph->seq = htonl(ntohl(tcph->seq) + plen * (i + 1));
+               printf("%d\n", ntohl(fstcph->seq));
+               memcpy(rfsiph, fsiph, iph_len);
+               memcpy(rfstcph, fstcph, tcph_len);
+               fsiph = (void *)rfsiph;
+               fstcph = (void *)rfstcph;

-           ret = send_raw_socket(fake_sni, fsn_len);
-           if (ret < 0) {
-               errno = -ret;
-               perror("send fake sni");
-               goto fallback;
            }
        }
irulanCorrino commented 3 months ago

Oh.My.God!!! it is working back again! thank you Vadim.

sov-x550cc:[sov-thade-tage]:~$ bashnew
sov-x550cc:[sov-thade-tage]:~$ split437
[sudo] password for sov-thade-tage: 
Using TCP segmentation
Fake SNI will be sent before each googlevideo request, TTL strategy will be used with TTL 8
GSO is enabled
Queue 437 started!
SNI target detected
0
-157516579  -1642113167
1
-157516579  -1642111931
2
-157516579  -1642110695
3
-157516579  -1642109459
4
-157516579  -1642108223
5
-157516579  -1642106987
6
-157516579  -1642105751
7
-157516579  -1642104515
8
-157516579  -1642103279
9
-157516579  -1642102043
Packet split in portion 132 1101
SNI target detected
0

p.s.: i wish i will accomplish with my C learning to understand coding with that ease you do. thank you!

irulanCorrino commented 3 months ago

next video has failed to load (from 'deutsche welle'), there was some traffic and reports from youtubeUnblock like Packet split in portion 141 540 SNI target detected 0 -157516579 764091729 1 -157516579 764092965 but after some five minutes of waiting i have given up anf tried another video, but without any success again, sadly.

and btw i see no thumbnail of the loading video --a black player with controls and rotating 'Loading' wheel. [EDIT: oh, the thumbnail is absent is because youtube loads it only for old browser tabs, not for newly chosen videos, so that is irrelevant for our case]

EDIT: i've done it!!! this video Ukraine UNSTOPPABLE: INCREDIBLE Territory Gains - Ukraine War Map Update 08/Aug/2024 [Ukraine Matters](https://www.youtube.com/@UkraineMatters)
after first attempt with it has staled and i had entered word 'example' into URL bar to leave from video page, then i'd returned to it and this second attempt has staled too, i had refreshed the page [so, naturally, youtube player has paused the playback] and after some two-three minutes i had tried to play it and it has worked.
but it fails with 'non-stop playing' of youtube. also are there different cache servers for 'deutsche welle' and 'Ukraine Matters' videos? does it matter i mean?