How exactly Reality works?

[arashammm]

hello there.
I tried understanding the config examples of Reality which are provided.
But it seems confusing to me.
So we use a trusted certficated by GFW and then try to connect to the server with a socks5 proxy?
Basically Reality is a socks proxy with trusted certifactes?
Or Am I wrong?
Can someone please throughly explain how Reality works?

I think a complete understanding of mechanism is necessary for configuring secure proxies using this technique...

[RPRX]

在文章出来前，你可以看代码，服务端代码 只是小改了 crypto/tls 库，客户端代码 就更简单了

[arashammm]

Thanks RPRX for the 24/7/365 support and effort.
I understand the basic concept which we use in Reality and I have successfully configured a working Reality server. I just wanted to know what is the basic method of obfuscation and packet transferring. After the client & server hello we use socks to transfer client data to the server?
and Also what's the use of short ID is that just for client seperation and accounting or it plays a roll in client hello characteristics and expansion?

[RPRX]

I just wanted to know what is the basic method of obfuscation and packet transferring. After the client & server hello we use socks to transfer client data to the server?

Basically，REALITY 只是改了认证方式的 TLSv1.3，所以，它传输载荷的方式与 TLSv1.3 完全相同，毕竟，REALITY 就是 TLSv1.3
Besides，REALITY 服务端可以实时模仿指定 TLSv1.3 服务端的响应模式，REALITY 客户端基于 uTLS，它可以模仿浏览器的指纹

and Also what's the use of short ID is that just for client seperation and accounting or it plays a roll in client hello characteristics and expansion?

Just for client seperation and accounting，防止你把节点分享给很多人后，不知道是谁恶作剧引发 REALITY 服务端不必要的响应
Besides，REALITY 的用途其实非常广泛，可以基于它写其它程序，只需实现核心逻辑，把身份认证与区分等完全交给 REALITY

[RPRX]

其实我很想给它取名 Client ID，为了防止和 VLESS 的 ID 混淆才取名 Short ID

[FransW5]

Can you tell me what is the role of the domain in the Reality? During the TLS handshake, is the domain certificate received by the Reality-server and transferred to the Xray-client for the purpose of simulation?

[Faramarzi123]

I'm sorry
I don't know

[computerscot]

I ran a tcpdump on the server. The client says hello to the server, and the server then says hello to the camouflage website:

packet 1047: Xray Client -> Xray Server: "Client Hello"

packet 1049: Xray Server -> Camouflage: "Client Hello"

packet 1051: Camouflage -> Xray Server: "Server Hello"

packet 1061: Xray Server -> Xray Client: "Server Hello"

Behind this camouflage handshake, the server then communicates with the real destination:

packet 1079: Xray Server -> Real Destination: "Client Hello" 

[us254]

After the initial handshake between the Xray Client and Xray Server, the Xray Server initiates a handshake with the camouflage site, using a specific server name or SNI. This SNI is likely a domain that is trusted or unsuspected by any intervening firewalls or censoring entities.

Once the handshake with the camouflage site is complete, the Xray Server uses the information obtained from this handshake, including the SNI, to establish a connection with the real destination (dest). This process makes the connection to the real destination appear as if it's a standard connection to the camouflage site, adding an extra layer of obfuscation and security.