From 46c4f36de8a292a40c032f79f7d06f3fa665bbdb Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Wed, 29 Dec 2021 02:01:51 +0300 Subject: [PATCH] Add Fake Packet maximum TTL limit to Auto TTL mode This patchset adds maximum TTL size of the fake packet to be sent, to further improve compatibility with asymmertic routing and non-standard TTL value set on servers. --- README.md | 5 +++-- src/goodbyedpi.c | 37 ++++++++++++++++++++++++++----------- src/ttltrack.c | 7 ++++++- src/ttltrack.h | 3 ++- 4 files changed, 37 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 9111141..15e4eca 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,11 @@ Usage: goodbyedpi.exe [OPTION...] This option can be supplied multiple times. --set-ttl activate Fake Request Mode and send it with supplied TTL value. DANGEROUS! May break websites in unexpected ways. Use with care. - --auto-ttl [a1-a2] activate Fake Request Mode, automatically detect TTL and decrease + --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease it based on a distance. If the distance is shorter than a2, TTL is decreased by a2. If it's longer, (a1; a2) scale is used with the distance as a weight. - Default (if set): --auto-ttl 1-4, also sets --min-ttl 3. + If the resulting TTL is more than m(ax), set it to m. + Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3. --min-ttl minimum TTL distance (128/64 - TTL) for which to send Fake Request in --set-ttl and --auto-ttl modes. --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum. diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 5bf4e87..9a51bb0 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -110,14 +110,15 @@ WINSOCK_API_LINKAGE INT WSAAPI inet_pton(INT Family, LPCSTR pStringBuf, PVOID pA TCP_HANDLE_OUTGOING_TTL_PARSE_PACKET_IF() { \ if (do_auto_ttl) { \ /* If Auto TTL mode */ \ - ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, auto_ttl_1, auto_ttl_2, ttl_min_nhops); \ + ttl_of_fake_packet = tcp_get_auto_ttl(tcp_conn_info.ttl, auto_ttl_1, auto_ttl_2, \ + ttl_min_nhops, auto_ttl_max); \ if (do_tcp_verb) { \ printf("Connection TTL = %d, Fake TTL = %d\n", tcp_conn_info.ttl, ttl_of_fake_packet); \ } \ } \ else if (ttl_min_nhops) { \ /* If not Auto TTL mode but --min-ttl is set */ \ - if (tcp_get_auto_ttl(tcp_conn_info.ttl, 0, 0, ttl_min_nhops)) { \ + if (tcp_get_auto_ttl(tcp_conn_info.ttl, 0, 0, ttl_min_nhops, 0)) { \ /* Send only if nhops > min_ttl */ \ should_send_fake = 0; \ } \ @@ -552,6 +553,7 @@ int main(int argc, char *argv[]) { BYTE ttl_min_nhops = 0; BYTE auto_ttl_1 = 0; BYTE auto_ttl_2 = 0; + BYTE auto_ttl_max = 0; uint32_t dnsv4_addr = 0; struct in6_addr dnsv6_addr = {0}; struct in6_addr dns_temp_addr = {0}; @@ -604,7 +606,7 @@ int main(int argc, char *argv[]) { http_fragment_size = https_fragment_size = 2; do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; do_fake_packet = 1; - do_auto_ttl = 4; + do_auto_ttl = 1; } while ((opt = getopt_long(argc, argv, "123456prsaf:e:mwk:n", long_options, NULL)) != -1) { @@ -636,7 +638,7 @@ int main(int argc, char *argv[]) { http_fragment_size = https_fragment_size = 2; do_fragment_http_persistent = do_fragment_http_persistent_nowait = 1; do_fake_packet = 1; - do_auto_ttl = 4; + do_auto_ttl = 1; break; case '6': do_fragment_http = do_fragment_https = 1; @@ -796,6 +798,12 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } auto_ttl_2 = atoub(autottl_current, "Set Auto TTL parameter error!"); + autottl_current = strtok(NULL, "-"); + if (!autottl_current) { + puts("Set Auto TTL parameter error!"); + exit(EXIT_FAILURE); + } + auto_ttl_max = atoub(autottl_current, "Set Auto TTL parameter error!"); } else { // single digit parser @@ -847,11 +855,13 @@ int main(int argc, char *argv[]) { " supplied text file (HTTP Host/TLS SNI).\n" " This option can be supplied multiple times.\n" " --set-ttl activate Fake Request Mode and send it with supplied TTL value.\n" - " DANGEROUS! May break websites in unexpected ways. Use with care.\n" - " --auto-ttl [a1-a2] activate Fake Request Mode, automatically detect TTL and decrease\n" + " DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n" + " --auto-ttl [a1-a2-m] activate Fake Request Mode, automatically detect TTL and decrease\n" " it based on a distance. If the distance is shorter than a2, TTL is decreased\n" " by a2. If it's longer, (a1; a2) scale is used with the distance as a weight.\n" - " Default (if set): --auto-ttl 1-4, also sets --min-ttl 3.\n" + " If the resulting TTL is more than m(ax), set it to m.\n" + " Default (if set): --auto-ttl 1-4-10. Also sets --min-ttl 3.\n" + " DANGEROUS! May break websites in unexpected ways. Use with care (or --blacklist).\n" " --min-ttl minimum TTL distance (128/64 - TTL) for which to send Fake Request\n" " in --set-ttl and --auto-ttl modes.\n" " --wrong-chksum activate Fake Request Mode and send it with incorrect TCP checksum.\n" @@ -887,8 +897,12 @@ int main(int argc, char *argv[]) { auto_ttl_1 = 1; if (!auto_ttl_2) auto_ttl_2 = 4; - if (do_auto_ttl && !ttl_min_nhops) - ttl_min_nhops = 3; + if (do_auto_ttl) { + if (!ttl_min_nhops) + ttl_min_nhops = 3; + if (!auto_ttl_max) + auto_ttl_max = 10; + } printf("Block passive: %d\n" /* 1 */ "Fragment HTTP: %u\n" /* 2 */ @@ -904,7 +918,7 @@ int main(int argc, char *argv[]) { "HTTP Persistent Nowait: %d\n" /* 12 */ "DNS redirect: %d\n" /* 13 */ "DNSv6 redirect: %d\n" /* 14 */ - "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu, min distance: %hu)\n" /* 15 */ + "Fake requests, TTL: %s (fixed: %hu, auto: %hu-%hu-%hu, min distance: %hu)\n" /* 15 */ "Fake requests, wrong checksum: %d\n" /* 16 */ "Fake requests, wrong SEQ/ACK: %d\n", /* 17 */ do_passivedpi, /* 1 */ @@ -922,7 +936,8 @@ int main(int argc, char *argv[]) { do_dnsv4_redirect, /* 13 */ do_dnsv6_redirect, /* 14 */ ttl_of_fake_packet ? "fixed" : (do_auto_ttl ? "auto" : "disabled"), /* 15 */ - ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0, ttl_min_nhops, + ttl_of_fake_packet, do_auto_ttl ? auto_ttl_1 : 0, do_auto_ttl ? auto_ttl_2 : 0, + do_auto_ttl ? auto_ttl_max : 0, ttl_min_nhops, do_wrong_chksum, /* 16 */ do_wrong_seq /* 17 */ ); diff --git a/src/ttltrack.c b/src/ttltrack.c index ba1a931..acac061 100644 --- a/src/ttltrack.c +++ b/src/ttltrack.c @@ -220,7 +220,8 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4], } int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, - const uint8_t autottl2, const uint8_t minhops) { + const uint8_t autottl2, const uint8_t minhops, + const uint8_t maxttl) { uint8_t nhops = 0; uint8_t ttl_of_fake_packet = 0; @@ -243,5 +244,9 @@ int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, ttl_of_fake_packet = nhops - autottl1 - trunc((autottl2 - autottl1) * ((float)nhops/10)); } + if (maxttl && ttl_of_fake_packet > maxttl) { + ttl_of_fake_packet = maxttl; + } + return ttl_of_fake_packet; } \ No newline at end of file diff --git a/src/ttltrack.h b/src/ttltrack.h index 0563298..2836a71 100644 --- a/src/ttltrack.h +++ b/src/ttltrack.h @@ -22,5 +22,6 @@ int tcp_handle_outgoing(uint32_t srcip[4], uint32_t dstip[4], uint8_t is_ipv6); int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1, - const uint8_t autottl2, const uint8_t minhops); + const uint8_t autottl2, const uint8_t minhops, + const uint8_t maxttl); #endif