Hey all - 

We studied a similar system in Iran earlier this year - might be useful or relevant to you if you're not already familiar! Our technical write-up is here: https://geneva.cs.umd.edu/posts/iran-whitelister 

Best,
Kevin

On May 7, 2020, at 8:37 PM, soncyq47 <soncyq47@protonmail.com> wrote:



Here are my thoughts on Kazakhstan blocking Obfs4


>>kzblocked provided some more information on IRC.

>>But you can bypass it by putting HTTP-like bytes inside the random padding of the obfs4 client handshake. The padding is ordinarily filled with random bytes. Filling the padding with zeroes does not bypass as reliably.


I'm pretty confident I know how it works. DPI research papers merely deal with theoretical attacks, but Brandon Wiley bought copies of physical DPI hardware and knows exactly how it works. The main thing they do is look for signatures in the first 4 bytes of the first packet. The second main thing is look for packet lengths. In this case I believe it is the third most common attack which is to look at how frequently each byte value occurs to measure entropy. https://youtu.be/IfLh3tr2amk?t=1334 (start at 18:20 but 22:14 is where it gets relevant) The solution is to send more of certain byte values than others to decrease entropy. I find it interesting that someone on the ticket said FTE worked.


_______________________________________________
anti-censorship-team mailing list
anti-censorship-team@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/anti-censorship-team