#define _GNU_SOURCE #include "desync.h" #include #include #ifndef _WIN32 #include #include #include #include #include #include #include #ifndef __linux__ #include #else #include #include #endif #else #include #include #include #endif #define STR_MODE #include "params.h" #include "packets.h" #include "error.h" #define WAIT_LIMIT_MS 500 #define DEFAULT_TTL 8 int setttl(int fd, int ttl) { int ret6 = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (char *)&ttl, sizeof(ttl)); int ret4 = setsockopt(fd, IPPROTO_IP, IP_TTL, (char *)&ttl, sizeof(ttl)); if (ret4 && ret6) { uniperror("setttl"); return -1; } return 0; } #ifdef __linux__ static int get_family(const struct sockaddr_in6 *dst) { static const char map[12] = "\0\0\0\0\0\0\0\0\0\0\xff\xff"; if (dst->sin6_family == AF_INET6 && !memcmp(&dst->sin6_addr, map, sizeof(map))) { return AF_INET; } return dst->sin6_family; } static int drop_sack(int fd) { struct sock_filter code[] = { { 0x30, 0, 0, 0x0000000c }, { 0x74, 0, 0, 0x00000004 }, { 0x35, 0, 3, 0x0000000b }, { 0x30, 0, 0, 0x00000022 }, { 0x15, 0, 1, 0x00000005 }, { 0x6, 0, 0, 0x00000000 }, { 0x6, 0, 0, 0x00040000 }, }; struct sock_fprog bpf = { .len = sizeof(code)/sizeof(*code), .filter = code }; if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, (char *)&bpf, sizeof(bpf)) == -1) { uniperror("setsockopt SO_ATTACH_FILTER"); return -1; } return 0; } static inline void delay(long ms) { struct timespec time = { .tv_nsec = ms * 1e6 }; nanosleep(&time, 0); } static void wait_send_if_support(int sfd) { int i = 0; for (; params.wait_send && i < WAIT_LIMIT_MS; i++) { struct tcp_info tcpi; socklen_t ts = sizeof(tcpi); if (getsockopt(sfd, IPPROTO_TCP, TCP_INFO, (char *)&tcpi, &ts) < 0) { perror("getsockopt TCP_INFO"); break; } if (tcpi.tcpi_state != 1) { LOG(LOG_E, "state: %d\n", tcpi.tcpi_state); break; } if (ts <= offsetof(struct tcp_info, tcpi_notsent_bytes)) { LOG(LOG_E, "tcpi_notsent_bytes not provided\n"); params.wait_send = 0; break; } if (tcpi.tcpi_notsent_bytes == 0) { break; } delay(1); } if (i) LOG(LOG_S, "waiting for send: %d ms\n", i); } #else #define wait_send_if_support(sfd) {} #endif static struct packet get_tcp_fake(const char *buffer, size_t n, struct proto_info *info, const struct desync_params *opt) { struct packet pkt; if (opt->fake_data.data) { pkt = opt->fake_data; } else { if (!info->type) { if (is_tls_chello(buffer, n)) info->type = IS_HTTPS; else if (is_http(buffer, n)) info->type = IS_HTTP; } pkt = info->type == IS_HTTP ? fake_http : fake_tls; } if (opt->fake_offset) { if (pkt.size > opt->fake_offset) { pkt.size -= opt->fake_offset; pkt.data += opt->fake_offset; } else pkt.size = 0; } return pkt; } #ifdef __linux__ static ssize_t send_fake(int sfd, const char *buffer, long pos, const struct desync_params *opt, struct packet pkt) { struct sockaddr_in6 addr; socklen_t addr_size = sizeof(addr); if (opt->md5sig || opt->ip_options) { if (getpeername(sfd, (struct sockaddr *)&addr, &addr_size) < 0) { uniperror("getpeername"); return -1; } } int fds[2]; if (pipe(fds) < 0) { uniperror("pipe"); return -1; } char *p = 0; ssize_t len = -1; while (1) { p = mmap(0, pos, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); if (p == MAP_FAILED) { uniperror("mmap"); p = 0; break; } memcpy(p, pkt.data, pkt.size < pos ? pkt.size : pos); if (setttl(sfd, opt->ttl ? opt->ttl : DEFAULT_TTL) < 0) { break; } if (opt->md5sig) { struct tcp_md5sig md5 = { .tcpm_keylen = 5 }; memcpy(&md5.tcpm_addr, &addr, addr_size); if (setsockopt(sfd, IPPROTO_TCP, TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) { uniperror("setsockopt TCP_MD5SIG"); break; } } if (opt->ip_options && get_family(&addr) == AF_INET && setsockopt(sfd, IPPROTO_IP, IP_OPTIONS, opt->ip_options, opt->ip_options_len) < 0) { uniperror("setsockopt IP_OPTIONS"); break; } struct iovec vec = { .iov_base = p, .iov_len = pos }; len = vmsplice(fds[1], &vec, 1, SPLICE_F_GIFT); if (len < 0) { uniperror("vmsplice"); break; } len = splice(fds[0], 0, sfd, 0, len, 0); if (len < 0) { uniperror("splice"); break; } wait_send_if_support(sfd); memcpy(p, buffer, pos); if (setttl(sfd, params.def_ttl) < 0) { break; } if (opt->ip_options && get_family(&addr) == AF_INET && setsockopt(sfd, IPPROTO_IP, IP_OPTIONS, opt->ip_options, 0) < 0) { uniperror("setsockopt IP_OPTIONS"); break; } if (opt->md5sig) { struct tcp_md5sig md5 = { .tcpm_keylen = 0 }; memcpy(&md5.tcpm_addr, &addr, addr_size); if (setsockopt(sfd, IPPROTO_TCP, TCP_MD5SIG, (char *)&md5, sizeof(md5)) < 0) { uniperror("setsockopt TCP_MD5SIG"); break; } } break; } if (p) munmap(p, pos); close(fds[0]); close(fds[1]); return len; } #endif #ifdef _WIN32 OVERLAPPED ov = { 0 }; static ssize_t send_fake(int sfd, const char *buffer, long pos, const struct desync_params *opt, struct packet pkt) { char path[MAX_PATH], temp[MAX_PATH + 1]; int ps = GetTempPath(sizeof(temp), temp); if (!ps) { uniperror("GetTempPath"); return -1; } if (!GetTempFileName(temp, "t", 0, path)) { uniperror("GetTempFileName"); return -1; } LOG(LOG_L, "temp file: %s\n", path); HANDLE hfile = CreateFileA(path, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE, NULL); if (hfile == INVALID_HANDLE_VALUE) { uniperror("CreateFileA"); return -1; } ssize_t len = -1; while (1) { ov.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (!ov.hEvent) { uniperror("CreateEvent"); break; } DWORD wrtcnt = 0; if (!WriteFile(hfile, pkt.data, pkt.size < pos ? pkt.size : pos, &wrtcnt, 0)) { uniperror("WriteFile"); break; } if (pkt.size < pos) { if (SetFilePointer(hfile, pos, 0, FILE_BEGIN) == INVALID_SET_FILE_POINTER) { uniperror("SetFilePointer"); break; } if (!SetEndOfFile(hfile)) { uniperror("SetFileEnd"); break; } } if (SetFilePointer(hfile, 0, 0, FILE_BEGIN) == INVALID_SET_FILE_POINTER) { uniperror("SetFilePointer"); break; } if (setttl(sfd, opt->ttl ? opt->ttl : DEFAULT_TTL) < 0) { break; } if (!TransmitFile(sfd, hfile, pos, pos, &ov, NULL, TF_USE_KERNEL_APC | TF_WRITE_BEHIND)) { if ((GetLastError() != ERROR_IO_PENDING) && (WSAGetLastError() != WSA_IO_PENDING)) { uniperror("TransmitFile"); break; } } //Sleep(3); if (SetFilePointer(hfile, 0, 0, FILE_BEGIN) == INVALID_SET_FILE_POINTER) { uniperror("SetFilePointer"); break; } if (!WriteFile(hfile, buffer, pos, &wrtcnt, 0)) { uniperror("WriteFile"); break; } if (setttl(sfd, params.def_ttl) < 0) { break; } len = pos; break; } if (!CloseHandle(hfile) || (ov.hEvent && !CloseHandle(ov.hEvent))) { uniperror("CloseHandle"); return -1; } return len; } #endif #ifdef __FreeBSD__ static ssize_t send_fake(int sfd, const char *buffer, long pos, const struct desync_params *opt, struct packet pkt) { int ffd = memfd_create("name", 0); if (ffd < 0) { uniperror("memfd_create"); return -1; } char *p = 0; ssize_t len = -1; while (1) { if (ftruncate(ffd, pos) < 0) { uniperror("ftruncate"); break; } p = mmap(0, pos, PROT_WRITE, MAP_SHARED, ffd, 0); if (p == MAP_FAILED) { uniperror("mmap"); p = 0; break; } memcpy(p, pkt.data, pkt.size < pos ? pkt.size : pos); if (setttl(sfd, opt->ttl ? opt->ttl : DEFAULT_TTL) < 0) { break; } int s = sendfile(ffd, sfd, 0, pos, 0, 0, SF_FLAGS(16, SF_NOCACHE)); if (s < 0) { uniperror("sendfile"); if (errno != EAGAIN) break; } struct timespec time = { .tv_nsec = 5 * 1e6 }; nanosleep(&time, 0); memcpy(p, buffer, pos); if (msync(p, pos, MS_ASYNC) < 0) { uniperror("msync"); break; } if (setttl(sfd, params.def_ttl) < 0) { break; } len = pos; break; } if (p) munmap(p, pos); close(ffd); return len; } #endif static ssize_t send_oob(int sfd, char *buffer, ssize_t n, long pos, const char *c) { if (n <= pos) { return -1; } char rchar = buffer[pos]; buffer[pos] = c[1] ? c[0] : 'a'; ssize_t len = send(sfd, buffer, pos + 1, MSG_OOB); buffer[pos] = rchar; if (len < 0) { uniperror("send"); return -1; } wait_send_if_support(sfd); len--; if (len != pos) { return len; } return len; } static ssize_t send_disorder(int sfd, const char *buffer, long pos) { int bttl = 1; if (setttl(sfd, bttl) < 0) { return -1; } ssize_t len = send(sfd, buffer, pos, 0); if (len < 0) { uniperror("send"); } else wait_send_if_support(sfd); if (setttl(sfd, params.def_ttl) < 0) { return -1; } return len; } static ssize_t send_late_oob(int sfd, char *buffer, ssize_t n, long pos, const char *c) { int bttl = 1; if (setttl(sfd, bttl) < 0) { return -1; } ssize_t len = send_oob(sfd, buffer, n, pos, c); if (len < 0) { uniperror("send"); } if (setttl(sfd, params.def_ttl) < 0) { return -1; } return len; } static void init_proto_info( const char *buffer, size_t n, struct proto_info *info) { if (!info->init) { char *host = 0; if ((info->host_len = parse_tls(buffer, n, &host))) { info->type = IS_HTTPS; } else if ((info->host_len = parse_http(buffer, n, &host, 0))) { info->type = IS_HTTP; } info->host_pos = host ? host - buffer : 0; info->init = 1; } } static long gen_offset(long pos, int flag, const char *buffer, size_t n, long lp, struct proto_info *info) { if (flag & (OFFSET_SNI | OFFSET_HOST)) { init_proto_info(buffer, n, info); if (!info->host_pos || ((flag & OFFSET_SNI) && info->type != IS_HTTPS)) { return -1; } pos += info->host_pos; if (flag & OFFSET_END) pos += info->host_len; else if (flag & OFFSET_MID) pos += (info->host_len / 2); else if (flag & OFFSET_RAND) pos += (rand() % info->host_len); } else if (flag & OFFSET_RAND) { pos += lp + (rand() % (n - lp)); } else if (flag & OFFSET_MID) { pos += (n / 2); } else if (pos < 0 || (flag & OFFSET_END)) { pos += n; } return pos; } static ssize_t tamp(char *buffer, size_t bfsize, ssize_t n, const struct desync_params *dp, struct proto_info *info) { if (dp->mod_http && is_http(buffer, n)) { LOG(LOG_S, "modify HTTP: n=%zd\n", n); if (mod_http(buffer, n, dp->mod_http)) { LOG(LOG_E, "mod http error\n"); } } else if (dp->tlsrec_n && is_tls_chello(buffer, n)) { long lp = 0; struct part part; int i = 0, r = 0, rc = 0; for (; r > 0 || i < dp->tlsrec_n; rc++, r--) { if (r <= 0) { part = dp->tlsrec[i]; r = part.r; i++; } long pos = rc * 5; pos += gen_offset(part.pos, part.flag, buffer, n - pos, lp, info); if (part.pos < 0 || part.flag) { pos -= 5; } pos += (long )part.s * (part.r - r); if (pos < lp) { LOG(LOG_E, "tlsrec cancel: %ld < %ld\n", pos, lp); break; } if (!part_tls(buffer + lp, bfsize - lp, n - lp, pos - lp)) { LOG(LOG_E, "tlsrec error: pos=%ld, n=%zd\n", pos, n); break; } LOG(LOG_S, "tlsrec: pos=%ld, n=%zd\n", pos, n); n += 5; lp = pos + 5; } } return n; } ssize_t desync(int sfd, char *buffer, size_t bfsize, ssize_t n, ssize_t offset, int dp_c) { struct desync_params dp = params.dp[dp_c]; struct proto_info info = { 0 }; if (offset == 0 && params.debug) { init_proto_info(buffer, n, &info); if (info.host_pos) { LOG(LOG_S, "host: %.*s (%d)\n", info.host_len, buffer + info.host_pos, info.host_pos); } else { INIT_HEX_STR(buffer, (n > 16 ? 16 : n)); LOG(LOG_S, "bytes: %s (%zd)\n", HEX_STR, n); } } n = tamp(buffer, bfsize, n, &dp, &info); #ifdef __linux__ if (!offset && dp.drop_sack && drop_sack(sfd)) { return -1; } #endif long lp = 0; struct part part; int i = 0, r = 0; for (; r > 0 || i < dp.parts_n; r--) { if (r <= 0) { part = dp.parts[i]; r = part.r; i++; } long pos = gen_offset(part.pos, part.flag, buffer, n, lp, &info); pos += (long )part.s * (part.r - r); if (!(part.flag & OFFSET_START) && offset && pos <= offset) { LOG(LOG_S, "offset: %zd, skip\n", offset); continue; } if (pos < 0 || pos > n || pos < lp) { LOG(LOG_E, "split cancel: pos=%ld-%ld, n=%zd\n", lp, pos, n); break; } ssize_t s = 0; switch (part.m) { #ifdef FAKE_SUPPORT case DESYNC_FAKE: if (pos != lp) s = send_fake(sfd, buffer + lp, pos - lp, &dp, get_tcp_fake(buffer, n, &info, &dp)); break; #endif case DESYNC_DISORDER: s = send_disorder(sfd, buffer + lp, pos - lp); break; case DESYNC_OOB: s = send_oob(sfd, buffer + lp, bfsize - lp, pos - lp, dp.oob_char); break; case DESYNC_DISOOB: s = send_late_oob(sfd, buffer + lp, bfsize - lp, pos - lp, dp.oob_char); break; case DESYNC_SPLIT: case DESYNC_NONE: s = send(sfd, buffer + lp, pos - lp, 0); wait_send_if_support(sfd); break; default: return -1; } LOG(LOG_S, "split: pos=%ld-%ld (%zd), m: %s\n", lp, pos, s, demode_str[part.m]); if (s < 0) { if (get_e() == EAGAIN) { return lp; } return -1; } else if (s != (pos - lp)) { LOG(LOG_E, "%zd != %ld\n", s, pos - lp); return lp + s; } lp = pos; } // send all/rest if (lp < n) { LOG((lp ? LOG_S : LOG_L), "send: pos=%ld-%zd\n", lp, n); if (send(sfd, buffer + lp, n - lp, 0) < 0) { if (get_e() == EAGAIN) { return lp; } uniperror("send"); return -1; } } return n; } int post_desync(int sfd, int dp_c) { struct desync_params *dp = ¶ms.dp[dp_c]; #ifdef __linux__ if (dp->drop_sack) { if (setsockopt(sfd, SOL_SOCKET, SO_DETACH_FILTER, &dp_c, sizeof(dp_c)) == -1) { uniperror("setsockopt SO_DETACH_FILTER"); return -1; } } #endif return 0; } ssize_t desync_udp(int sfd, char *buffer, ssize_t n, const struct sockaddr *dst, int dp_c) { struct desync_params *dp = ¶ms.dp[dp_c]; if (params.debug) { INIT_HEX_STR(buffer, (n > 16 ? 16 : n)); LOG(LOG_S, "bytes: %s (%zd)\n", HEX_STR, n); } if (dp->udp_fake_count != 0) { struct packet pkt; if (dp->fake_data.data) { pkt = dp->fake_data; } else { pkt = fake_udp; } if (dp->fake_offset) { if (pkt.size > dp->fake_offset) { pkt.size -= dp->fake_offset; pkt.data += dp->fake_offset; } else pkt.size = 0; } int bttl = dp->ttl ? dp->ttl : DEFAULT_TTL; if (setttl(sfd, bttl) < 0) { return -1; } for (int i = 0; i < dp->udp_fake_count; i++) { ssize_t len = sendto(sfd, pkt.data, pkt.size, 0, dst, sizeof(struct sockaddr_in6)); if (len < 0) { uniperror("send"); return -1; } } if (setttl(sfd, params.def_ttl) < 0) { return -1; } } return sendto(sfd, buffer, n, 0, dst, sizeof(struct sockaddr_in6)); }