API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 11th, 2017
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.95 KB | None | 0 0
raw download clone embed print report
  1. From b73690688df84282b42fb17b0888e41b62e31496 Mon Sep 17 00:00:00 2001
  2. From: ayaka <ayaka@soulik.info>
  3. Date: Mon, 2 Feb 2015 14:44:17 +0800
  4. Subject: [PATCH 1/2] obfuscation: the xor obfuscation
  5.  
  6. It is not secret encryption but it is enough to cheat GFW.
  7. And it won't take much reasource to do that.
  8. It is possible add some salt in the package.
  9.  
  10. Signed-off-by: ayaka <ayaka@soulik.info>
  11. ---
  12. src/openvpn/Makefile.am | 1 +
  13. src/openvpn/forward.c | 12 ++++---
  14. src/openvpn/options.c | 10 ++++++
  15. src/openvpn/options.h | 2 ++
  16. src/openvpn/xor.c | 45 +++++++++++++++++++++++
  17. src/openvpn/xor.h | 31 ++++++++++++++++
  18. src/openvpn/xor_socket.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++
  19. src/openvpn/xor_socket.h | 48 +++++++++++++++++++++++++
  20. 8 files changed, 238 insertions(+), 4 deletions(-)
  21. create mode 100644 src/openvpn/xor.c
  22. create mode 100644 src/openvpn/xor.h
  23. create mode 100644 src/openvpn/xor_socket.c
  24. create mode 100644 src/openvpn/xor_socket.h
  25.  
  26. diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
  27. index 6d02fea..ee973e9 100644
  28. --- a/src/openvpn/Makefile.am
  29. +++ b/src/openvpn/Makefile.am
  30. @@ -111,6 +111,7 @@ openvpn_SOURCES = \
  31. syshead.h \
  32. tun.c tun.h \
  33. win32.h win32_wfp.h win32.c \
  34. + xor.c xor.h xor_socket.c xor_socket.h \
  35. cryptoapi.h cryptoapi.c
  36. openvpn_LDADD = \
  37. $(top_builddir)/src/compat/libcompat.la \
  38. diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
  39. index d55fa3b..77d9a83 100644
  40. --- a/src/openvpn/forward.c
  41. +++ b/src/openvpn/forward.c
  42. @@ -39,6 +39,7 @@
  43. #include "ps.h"
  44. #include "dhcp.h"
  45. #include "common.h"
  46. +#include "xor_socket.h"
  47.  
  48. #include "memdbg.h"
  49.  
  50. @@ -672,10 +673,12 @@ read_incoming_link (struct context *c)
  51. c->c2.buf = c->c2.buffers->read_link_buf;
  52. ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM_ADJ (&c->c2.frame, FRAME_HEADROOM_MARKER_READ_LINK)));
  53.  
  54. - status = link_socket_read (c->c2.link_socket,
  55. + status = link_socket_read_xor (c->c2.link_socket,
  56. &c->c2.buf,
  57. MAX_RW_SIZE_LINK (&c->c2.frame),
  58. - &c->c2.from);
  59. + &c->c2.from,
  60. + c->options
  61. + );
  62.  
  63. if (socket_connection_reset (c->c2.link_socket, status))
  64. {
  65. @@ -1150,9 +1153,10 @@ process_outgoing_link (struct context *c)
  66. socks_preprocess_outgoing_link (c, &to_addr, &size_delta);
  67. #endif
  68. /* Send packet */
  69. - size = link_socket_write (c->c2.link_socket,
  70. + size = link_socket_write_xor (c->c2.link_socket,
  71. &c->c2.to_link,
  72. - to_addr);
  73. + to_addr,
  74. + c->options);
  75.  
  76. #ifdef ENABLE_SOCKS
  77. /* Undo effect of prepend */
  78. diff --git a/src/openvpn/options.c b/src/openvpn/options.c
  79. index a49a4fb..d537445 100644
  80. --- a/src/openvpn/options.c
  81. +++ b/src/openvpn/options.c
  82. @@ -6635,6 +6635,16 @@ add_option (struct options *options,
  83. options->cert_file_inline = p[2];
  84. }
  85. }
  86. + else if (streq (p[0], "xor-secret") && p[1])
  87. + {
  88. + VERIFY_PERMISSION (OPT_P_GENERAL);
  89. + options->xor_secret = p[1];
  90. + }
  91. + else if (streq (p[0], "padding") && p[1])
  92. + {
  93. + VERIFY_PERMISSION (OPT_P_GENERAL);
  94. + options->padding = p[1];
  95. + }
  96. else if (streq (p[0], "extra-certs") && p[1])
  97. {
  98. VERIFY_PERMISSION (OPT_P_GENERAL);
  99. diff --git a/src/openvpn/options.h b/src/openvpn/options.h
  100. index 26b09ea..6ffc77b 100644
  101. --- a/src/openvpn/options.h
  102. +++ b/src/openvpn/options.h
  103. @@ -521,6 +521,8 @@ struct options
  104. char *priv_key_file_inline;
  105. const char *dh_file_inline;
  106. const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
  107. + const char *xor_secret;
  108. + const char *padding;
  109.  
  110. int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
  111. unsigned remote_cert_ku[MAX_PARMS];
  112. diff --git a/src/openvpn/xor.c b/src/openvpn/xor.c
  113. new file mode 100644
  114. index 0000000..f1412be
  115. --- /dev/null
  116. +++ b/src/openvpn/xor.c
  117. @@ -0,0 +1,45 @@
  118. +/*
  119. + * OpenVPN -- An application to securely tunnel IP networks
  120. + * over a single UDP port, with support for SSL/TLS-based
  121. + * session authentication and key exchange,
  122. + * packet encryption, packet authentication, and
  123. + * packet compression.
  124. + *
  125. + * Copyright (C) 2015 SUMOMO Computer Association ayaka<ayaka@soulik.info>
  126. + *
  127. + * This program is free software; you can redistribute it and/or modify
  128. + * it under the terms of the GNU General Public License version 2
  129. + * as published by the Free Software Foundation.
  130. + *
  131. + * This program is distributed in the hope that it will be useful,
  132. + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  133. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  134. + * GNU General Public License for more details.
  135. + *
  136. + * You should have received a copy of the GNU General Public License
  137. + * along with this program (see the file COPYING included with this
  138. + * distribution); if not, write to the Free Software Foundation, Inc.,
  139. + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  140. + */
  141. +#ifdef HAVE_CONFIG_H
  142. +#include "config.h"
  143. +#elif defined(_MSC_VER)
  144. +#include "config-msvc.h"
  145. +#endif
  146. +#include "syshead.h"
  147. +
  148. +#include "xor.h"
  149. +
  150. +void
  151. +xor_encode(char *buf, size_t buf_size, const char *key)
  152. +{
  153. + int i;
  154. + size_t keylen;
  155. +
  156. + if(NULL == key)
  157. + return;
  158. + keylen = strlen(key);
  159. +
  160. + for(i = 0; i < buf_size; i++)
  161. + buf[i] = buf[i] ^ key[i % keylen];
  162. +}
  163. diff --git a/src/openvpn/xor.h b/src/openvpn/xor.h
  164. new file mode 100644
  165. index 0000000..5672324
  166. --- /dev/null
  167. +++ b/src/openvpn/xor.h
  168. @@ -0,0 +1,31 @@
  169. +/*
  170. + * OpenVPN -- An application to securely tunnel IP networks
  171. + * over a single UDP port, with support for SSL/TLS-based
  172. + * session authentication and key exchange,
  173. + * packet encryption, packet authentication, and
  174. + * packet compression.
  175. + *
  176. + * Copyright (C) 2015 SUMOMO Computer Association ayaka<ayaka@soulik.info>
  177. + *
  178. + * This program is free software; you can redistribute it and/or modify
  179. + * it under the terms of the GNU General Public License version 2
  180. + * as published by the Free Software Foundation.
  181. + *
  182. + * This program is distributed in the hope that it will be useful,
  183. + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  184. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  185. + * GNU General Public License for more details.
  186. + *
  187. + * You should have received a copy of the GNU General Public License
  188. + * along with this program (see the file COPYING included with this
  189. + * distribution); if not, write to the Free Software Foundation, Inc.,
  190. + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  191. + */
  192. +
  193. +#ifndef OPENVPN_XOR_H
  194. +#define OPENVPN_XOR_H
  195. +#include "common.h"
  196. +
  197. +void xor_encode(char *buf, size_t buf_size, const char *key);
  198. +
  199. +#endif
  200. diff --git a/src/openvpn/xor_socket.c b/src/openvpn/xor_socket.c
  201. new file mode 100644
  202. index 0000000..f60ecbe
  203. --- /dev/null
  204. +++ b/src/openvpn/xor_socket.c
  205. @@ -0,0 +1,93 @@
  206. +/*
  207. + * OpenVPN -- An application to securely tunnel IP networks
  208. + * over a single UDP port, with support for SSL/TLS-based
  209. + * session authentication and key exchange,
  210. + * packet encryption, packet authentication, and
  211. + * packet compression.
  212. + *
  213. + * Copyright (C) 2015 SUMOMO Computer Association ayaka<ayaka@soulik.info>
  214. + *
  215. + * This program is free software; you can redistribute it and/or modify
  216. + * it under the terms of the GNU General Public License version 2
  217. + * as published by the Free Software Foundation.
  218. + *
  219. + * This program is distributed in the hope that it will be useful,
  220. + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  221. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  222. + * GNU General Public License for more details.
  223. + *
  224. + * You should have received a copy of the GNU General Public License
  225. + * along with this program (see the file COPYING included with this
  226. + * distribution); if not, write to the Free Software Foundation, Inc.,
  227. + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  228. + */
  229. +#ifdef HAVE_CONFIG_H
  230. +#include "config.h"
  231. +#elif defined(_MSC_VER)
  232. +#include "config-msvc.h"
  233. +#endif
  234. +
  235. +#include "syshead.h"
  236. +
  237. +#include "buffer.h"
  238. +#include "xor.h"
  239. +#include "xor_socket.h"
  240. +
  241. +static void
  242. +append_padding(struct buffer *buf, const char *padding)
  243. +{
  244. + const char *data = BPTR(buf);
  245. +
  246. + if (NULL == padding)
  247. + return;
  248. + const int32_t length = strlen(padding);
  249. +
  250. + memcpy(data + BLEN(buf), padding, length);
  251. + buf->len += length;
  252. +}
  253. +
  254. +static void
  255. +remove_padding(struct buffer *buf, const char *padding)
  256. +{
  257. + if (NULL == padding)
  258. + return;
  259. +
  260. + const int32_t length = strlen(padding);
  261. + buf->len -= length;
  262. +}
  263. +
  264. +int
  265. +link_socket_write_xor (struct link_socket *sock,
  266. + struct buffer *buf,
  267. + struct link_socket_actual *to,
  268. + const struct options opt)
  269. +{
  270. + const char *xor_key = opt.xor_secret;
  271. + const char *padding = opt.padding;
  272. +
  273. + append_padding(buf, padding);
  274. + xor_encode(BPTR(buf), BLEN(buf), xor_key);
  275. +
  276. + return link_socket_write(sock, buf, to);
  277. +}
  278. +
  279. +
  280. +
  281. +int
  282. +link_socket_read_xor (struct link_socket *sock,
  283. + struct buffer *buf,
  284. + int maxsize,
  285. + struct link_socket_actual *from,
  286. + const struct options opt)
  287. +{
  288. + const char *xor_key = opt.xor_secret;
  289. + const char *padding = opt.padding;
  290. + int size;
  291. +
  292. + size = link_socket_read(sock, buf, maxsize, from);
  293. + remove_padding(buf, padding);
  294. + xor_encode(BPTR(buf), BLEN(buf), xor_key);
  295. +
  296. + return BLEN(buf);
  297. +}
  298. +
  299. diff --git a/src/openvpn/xor_socket.h b/src/openvpn/xor_socket.h
  300. new file mode 100644
  301. index 0000000..2a4c671
  302. --- /dev/null
  303. +++ b/src/openvpn/xor_socket.h
  304. @@ -0,0 +1,48 @@
  305. +/*
  306. + * OpenVPN -- An application to securely tunnel IP networks
  307. + * over a single UDP port, with support for SSL/TLS-based
  308. + * session authentication and key exchange,
  309. + * packet encryption, packet authentication, and
  310. + * packet compression.
  311. + *
  312. + * Copyright (C) 2015 SUMOMO Computer Association ayaka<ayaka@soulik.info>
  313. + *
  314. + * This program is free software; you can redistribute it and/or modify
  315. + * it under the terms of the GNU General Public License version 2
  316. + * as published by the Free Software Foundation.
  317. + *
  318. + * This program is distributed in the hope that it will be useful,
  319. + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  320. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  321. + * GNU General Public License for more details.
  322. + *
  323. + * You should have received a copy of the GNU General Public License
  324. + * along with this program (see the file COPYING included with this
  325. + * distribution); if not, write to the Free Software Foundation, Inc.,
  326. + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  327. + */
  328. +
  329. +#ifndef OPENVPN_XOR_SOCKET_H
  330. +#define OPENVPN_XOR_SOCKET_H
  331. +#include "buffer.h"
  332. +#include "common.h"
  333. +#include "socket.h"
  334. +#include "options.h"
  335. +
  336. +int
  337. +link_socket_write_xor (struct link_socket *sock,
  338. + struct buffer *buf,
  339. + struct link_socket_actual *to,
  340. + const struct options opt);
  341. +
  342. +
  343. +
  344. +int
  345. +link_socket_read_xor (struct link_socket *sock,
  346. + struct buffer *buf,
  347. + int maxsize,
  348. + struct link_socket_actual *from,
  349. + const struct options opt);
  350. +
  351. +
  352. +#endif
  353. --
  354. 2.5.5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!