[anti-censorship-team] Kazakhstan and Obfs4
soncyq47
soncyq47 at protonmail.com
Fri May 8 00:30:57 UTC 2020
Here are my thoughts on Kazakhstan blocking Obfs4
>>kzblocked provided some more information on IRC.
>>But you can bypass it by putting HTTP-like bytes inside the random padding of the obfs4 client handshake. The padding is ordinarily filled with random bytes. Filling the padding with zeroes does not bypass as reliably.
I'm pretty confident I know how it works. DPI research papers merely deal with theoretical attacks, but Brandon Wiley bought copies of physical DPI hardware and knows exactly how it works. The main thing they do is look for signatures in the first 4 bytes of the first packet. The second main thing is look for packet lengths. In this case I believe it is the third most common attack which is to look at how frequently each byte value occurs to measure entropy. https://youtu.be/IfLh3tr2amk?t=1334 (start at 18:20 but 22:14 is where it gets relevant) The solution is to send more of certain byte values than others to decrease entropy. I find it interesting that someone on the ticket said FTE worked.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20200508/c73c8373/attachment.htm>
More information about the anti-censorship-team
mailing list