Skip to content

Commit ebca650

Browse files
kodxkodx
committed
fix(cmd): add windivert rules, add new variants, add 4pda.to tls payload
1 parent 7c88d10 commit ebca650

11 files changed

+116
-73
lines changed

config/lists.txt

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@ DIS_LIST="%LIST_PATH%\list-discord.txt"
33
CF_IPSET="%LIST_PATH%\ipset-cloudflare.txt"
44
CUSTOM_LIST="%LIST_PATH%\list-custom.txt"
55
CUSTOM_IPSET="%LIST_PATH%\ipset-custom.txt"
6-
GAME_LIST="%LIST_PATH%\list-game.txt"
7-
GAME_IPSET="%LIST_PATH%\ipset-game.txt"
86
BLACK_LIST="%LIST_PATH%\list-blacklist.txt"
97
AUTO_LIST="%LIST_PATH%\list-auto.txt"
108
EXCLUDE_LIST="%LIST_PATH%\list-exclude.txt"

config/params.txt

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ p[40]=--dpi-desync=fake,multisplit --dpi-desync-fooling=md5sig --dpi-desync-auto
4141
p[41]=--dpi-desync=fake,multisplit --dpi-desync-split-seqovl=1 --dpi-desync-split-pos=midsld-1 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=%TLS_IANA% --dpi-desync-autottl
4242
p[42]=--dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-cutoff=d2 --dpi-desync-fake-unknown-udp=0x00
4343
p[43]=--filter-l7=discord,stun --dpi-desync=fake --dpi-desync-repeats=6
44-
p[44]=--dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-repeats=6 --dpi-desync-fooling=md5sig,badseq
44+
p[44]=--dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-repeats=6 --dpi-desync-fooling=badseq,md5sig
4545
p[45]=--dpi-desync=fake,fakedsplit --dpi-desync-autottl=5 --dpi-desync-repeats=6 --dpi-desync-fooling=badseq --dpi-desync-fake-tls=%TLS_GOOGLE%
4646
p[46]=--filter-l3=ipv4 --dpi-desync=syndata
4747
p[47]=--dpi-desync=fake --dpi-desync-fooling=md5sig --dpi-desync-fake-tls-mod=rnd,rndsni,padencap
@@ -57,3 +57,12 @@ p[56]=--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi
5757
p[57]=--dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig
5858
p[58]=--dpi-desync=fake --dpi-desync-autottl=2 --dpi-desync-repeats=10 --dpi-desync-any-protocol=1 --dpi-desync-fake-unknown-udp=%QUIC_GOOGLE% --dpi-desync-cutoff=n2
5959
p[59]=--dpi-desync=multisplit --dpi-desync-repeats=2 --dpi-desync-split-seqovl=681 --dpi-desync-split-pos=1 --dpi-desync-split-seqovl-pattern=%TLS_GOOGLE%
60+
p[60]=--methodeol
61+
p[61]=--dpi-desync=fakedsplit --dpi-desync-fooling=badseq --dpi-desync-split-pos=1 --dpi-desync-fakedsplit-mod=altorder=1
62+
p[62]=--dpi-desync=fakedsplit --dpi-desync-fooling=ts --dpi-desync-split-pos=1
63+
p[63]=--dpi-desync=fakedsplit --dpi-desync-fooling=md5sig --dup=1 --dup-cutoff=n2 --dup-fooling=md5sig --dpi-desync-split-pos=1 --dpi-desync-fakedsplit-mod=altorder=1
64+
p[64]=--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic=%QUIC_VK%
65+
p[65]=--dpi-desync=fake,multisplit --dpi-desync-fooling=badseq --dpi-desync-badseq-increment=0 --dpi-desync-split-pos=1
66+
p[66]=--ip-id=zero --dpi-desync=multisplit --dpi-desync-split-seqovl=681 --dpi-desync-split-pos=1 --dpi-desync-split-seqovl-pattern=%TLS_GOOGLE%
67+
p[67]=--ip-id=zero --dpi-desync=multisplit --dpi-desync-split-seqovl=652 --dpi-desync-split-pos=2 --dpi-desync-split-seqovl-pattern=%TLS_GOOGLE%
68+
p[68]=--dpi-desync=multisplit --dpi-desync-split-seqovl=568 --dpi-desync-split-pos=1 --dpi-desync-split-seqovl-pattern=%TLS_4PDA%

config/payloads.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@ QUIC_GOOGLE="%PAYLOAD_PATH%\quic_initial_www_google_com.bin"
33
QUIC_VK="%PAYLOAD_PATH%\quic_initial_vk_com.bin"
44
QUIC_SHORT="%PAYLOAD_PATH%\quic_short.bin"
55
TLS_IANA="%PAYLOAD_PATH%\tls_clienthello_iana_org.bin"
6+
TLS_4PDA="%PAYLOAD_PATH%\tls_clienthello_4pda_to.bin"

config/variants.csv

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,24 @@
1-
YT_HTTP,DIS_HTTP,CF_HTTP,CUSTOM_HTTP,GAME_HTTP,BLACK_HTTP,AUTO_HTTP,YT_HTTPS,DIS_HTTPS,CF_HTTPS,CUSTOM_HTTPS,GAME_HTTPS,BLACK_HTTPS,AUTO_HTTPS,YT_UDP,DIS_UDP,CF_UDP,CUSTOM_UDP,GAME_UDP,AUTO_UDP,DIS_PORT,GAME_PORT
2-
1,1,1,1,1,1,1,12,7,7,7,7,7,7,13,8,8,8,8,8,43,57
3-
1,1,1,1,1,1,1,4,7,7,7,7,7,7,6,8,8,8,8,8,43,57
4-
1,1,1,1,1,1,1,12,3,3,3,3,3,11,13,14,13,13,13,13,43,57
5-
1,1,1,1,1,1,1,26,26,44,44,44,44,44,18,18,18,18,18,18,43,57
6-
1,1,1,1,1,1,1,45,45,45,45,45,45,45,18,18,18,18,18,18,43,57
7-
1,1,1,1,1,1,1,16,16,16,16,16,16,16,18,18,18,18,18,18,43,57
8-
1,1,1,1,1,1,1,20,20,20,20,20,20,20,18,18,18,18,18,18,43,57
9-
1,1,1,1,1,1,1,21,21,21,21,21,21,21,18,18,18,18,18,18,43,57
10-
1,1,1,1,1,1,1,46,46,46,46,46,46,46,18,18,18,18,18,18,43,57
11-
1,1,1,1,1,1,1,47,47,47,47,47,47,47,18,18,18,18,18,18,43,57
12-
1,1,1,1,1,1,1,48,48,48,48,48,48,48,18,18,18,18,18,18,43,57
13-
50,50,50,50,50,50,50,51,51,51,51,51,51,51,52,52,52,52,52,52,43,57
14-
1,1,1,1,1,1,1,24,24,24,24,24,24,24,18,18,18,18,18,18,43,57
15-
1,1,1,1,1,1,1,27,27,27,27,27,27,27,18,18,18,18,18,18,43,57
16-
55,55,55,55,55,55,55,56,54,54,54,54,54,54,17,17,17,17,17,17,43,57
17-
1,1,1,1,1,1,1,4,7,7,7,7,7,7,6,8,8,8,8,8,10,57
18-
1,1,1,1,1,1,1,12,3,3,2,2,41,11,13,14,13,13,13,13,15,57
19-
53,53,53,53,53,53,53,54,54,54,54,54,54,54,18,18,18,18,18,18,19,57
20-
1,1,1,1,1,1,1,12,20,20,20,20,20,20,13,31,13,12,12,12,43,57
21-
1,1,1,1,1,1,1,59,59,59,59,59,59,59,18,18,18,18,18,18,43,57
1+
YT_HTTP,DIS_HTTP,CF_HTTP,CUSTOM_HTTP,YT_HTTPS,DIS_HTTPS,CF_HTTPS,CUSTOM_HTTPS,YT_QUIC,DIS_QUIC,CF_QUIC,CUSTOM_QUIC,DIS_UDP,DIS_MEDIA
2+
1,1,1,1,12,7,7,7,13,8,8,8,43,26
3+
1,1,1,1,4,7,7,7,6,8,8,8,43,26
4+
1,1,1,1,12,3,3,3,13,14,13,13,43,26
5+
1,1,1,1,26,26,44,44,18,18,18,18,43,26
6+
1,1,1,1,45,45,45,45,18,18,18,18,43,26
7+
1,1,1,1,16,16,16,16,18,18,18,18,43,26
8+
1,1,1,1,20,20,20,20,18,18,18,18,43,26
9+
1,1,1,1,21,21,21,21,18,18,18,18,43,26
10+
1,1,1,1,46,46,46,46,18,18,18,18,43,26
11+
1,1,1,1,47,47,47,47,18,18,18,18,43,26
12+
1,1,1,1,48,48,48,48,18,18,18,18,43,26
13+
50,50,50,50,51,51,51,51,52,52,52,52,43,26
14+
1,1,1,1,24,24,24,24,18,18,18,18,43,26
15+
1,1,1,1,27,27,27,27,18,18,18,18,43,26
16+
55,55,55,55,56,54,54,54,17,17,17,17,43,26
17+
1,1,1,1,4,7,7,7,6,8,8,8,10,26
18+
1,1,1,1,12,3,3,2,13,14,13,13,15,26
19+
53,53,53,53,54,54,54,54,18,18,18,18,19,26
20+
1,1,1,1,12,20,20,20,13,31,13,12,43,26
21+
1,1,1,1,59,59,59,59,18,18,18,18,43,26
22+
60,60,60,60,59,65,65,65,18,64,64,64,43,26
23+
60,60,60,60,66,68,68,68,18,18,18,18,43,26
24+
60,60,60,60,67,16,16,16,18,18,18,18,43,26

config/windivert.filter/README.txt

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
Цель этих фильтров - отсекать полезную нагрузку в режиме ядра, не насилуя процессор перенаправлением целого потока на winws.
2+
Задействуются через `winws --wf-raw-part=@filename`. Может быть несколько частичных фильтров. Они могут сочетаться с --wf-tcp и --wf-udp.
3+
Однако, язык фильтров windivert не содержит операций с битовыми полями, сдвигов и побитовой логики.
4+
Поэтому фильтры получились более слабыми, способными передавать неправильную нагрузку.
5+
Дофильтрация производится силами winws.
6+
7+
Описание языка фильтров : https://reqrypt.org/windivert-doc.html#filter_language
8+
Пример инстанса для пробития медиапотоков в discord : `winws --wf-raw-part=@windivert_part.discord_media.txt --wf-raw-part=@windivert_part.stun.txt --filter-l7=stun,discord --dpi-desync=fake`
9+
10+
11+
These filters are invoked using `winws --wf-raw-part=@filename`. Multiple filter parts are supported. They can be combined with --wf-tcp and --wf-udp.
12+
Filters are kernel mode and save great amount of CPU.
13+
However windivert cannot filter by bit fields, lacks shift and bitwise logic operations.
14+
Filters are relaxed and can pass wrong payloads. Finer filtering is done by winws.

config/windivert.filter/windivert_part.discord_media.txt

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
outbound and ip and
2+
udp.DstPort>=50000 and udp.DstPort<=50099 and
3+
udp.PayloadLength=74 and
4+
udp.Payload32[0]=0x00010046 and
5+
udp.Payload32[2]=0 and
6+
udp.Payload32[3]=0 and
7+
udp.Payload32[4]=0 and
8+
udp.Payload32[5]=0 and
9+
udp.Payload32[6]=0 and
10+
udp.Payload32[7]=0 and
11+
udp.Payload32[8]=0 and
12+
udp.Payload32[9]=0 and
13+
udp.Payload32[10]=0 and
14+
udp.Payload32[11]=0 and
15+
udp.Payload32[12]=0 and
16+
udp.Payload32[13]=0 and
17+
udp.Payload32[14]=0 and
18+
udp.Payload32[15]=0 and
19+
udp.Payload32[16]=0 and
20+
udp.Payload32[17]=0

config/windivert.filter/windivert_part.quic_initial_ietf.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
outbound and
2+
udp.PayloadLength>=256 and
3+
udp.Payload[0]>=0xC0 and udp.Payload[0]<0xD0 and
4+
udp.Payload[1]=0 and udp.Payload16[1]=0 and udp.Payload[4]=1

config/windivert.filter/windivert_part.stun.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
outbound and
2+
udp.PayloadLength>=20 and
3+
udp.Payload32[1]=0x2112A442 and udp.Payload[0]<0x40

config/windivert.filter/windivert_part.wireguard.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
outbound and
2+
udp.PayloadLength=148 and
3+
udp.Payload[0]=0x01

payloads/tls_clienthello_4pda_to.bin

284 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)