How China Detects and Blocks Shadowsocks about bbs HOT 7 OPEN

Since this report, we've made a few improvements to Outline to address some possible issues:

• We added replay protection to servers. That has been running for a few months. It has short memory, but it should be good enough for replays within a few hours or days.

• On the server-side, we now merge the salt and the initial data in one packet. This makes the size of the first server packet variable: Jigsaw-Code/outline-ss-server#69. This change has been in production for about a month.

• On the client-side, we merge the salt, SOCKS address and the initial data. This also makes the size of the first client packet variable: Jigsaw-Code/outline-ss-server#73
  The client change is available in version 1.4.0. The releases for Android and iOS are still under way.

I don't know the impact of those changes on server detection yet. If anyone measures, please let me know! I'd be happy to collaborate.

from bbs.

According to our recent survey, nearly one years past, some popular shadowsocks implementation:

• ss-rust
• v2ray - they fixed a simillar problem in vmess part (mentioned in #36) and forgot it's shadowsocks part
• ss-java - not so popular, I was busy at other implementation and forgot to notify it...
• gost - not confuse with https://en.wikipedia.org/wiki/GOST_(block_cipher), this project is a v2ray-like tool
• glider
• brook - although it's not exactly shadowsocks

were still vulnerable, they just didn't know this problem. We notified most of them and they've fixed it. They're listed here because we only investigated them and ALL of them has exactly same problem. (See shadowsocks/shadowsocks-rust#292 (in Chinese)).

There's only one true obfs4. But There are just too many shadowsocks. Most of them never know this place. Most of them never known by this place.

from bbs.

If you run a Shadowsocks server, you can check for evidence of active probing in the log. In the shadowsocks-libev implementation, look for log messages like this:

crypto: stream: repeat IV detected
ERROR: failed to handshake with X.X.X.X: invalid address type
crypto: AEAD: repeat salt detected
ERROR: failed to handshake with X.X.X.X: authentication error

The repeat IV and repeat salt lines come from "1. Identical replay" probes. shadowsocks-libev has a filter to prevent identical replay, but other implementations do not. invalid address type and authentication error will result from non-identical replay or random probes. invalid address type is from Stream ciphers (aes-128-ctf, aes-128-cfb, etc.); it means that the Shadowsocks server tried to decrypt the active probe, but after decryption it was not a well-formed proxy request. (Sometimes, by pure chance, a probe does decrypt to a well-formed proxy request, and the log contains a connect to message with an apparently random IP address and port number.) authentication error comes from AEAD ciphers (chacha20-ietf-poly1305, aes-128-gcm, etc.); it happens because the active probers do not know the Shadowsocks server password and cannot accidentally produce a valid ciphertext.

from bbs.

some popular shadowsocks implementation ... were still vulnerable, they just didn't know this problem.

Thank you for reporting this, @studentmain. We have been preparing a short post to better convey our research findings to both users and developers. And we hope it will help.

Most of them never know this place. Most of them never known by this place.

We agreed. And that's why we sincerely appreciate people like you who have been helping strengthen the communications in our community. We will do our part as well and let's see.

from bbs.

We (Qv2ray project) are planning a user-friendly vulnerability scanner. We think if frightened user can check problem easily, developer will know it.

from bbs.

We (Qv2ray project) are planning a user-friendly vulnerability scanner.

That's awesome! FYI, we have released a prober simulator that can simulate replay-based and random probes sent by the GFW.

from bbs.

For Outline we wrote unit tests that does the probing, which I found very useful: https://github.com/Jigsaw-Code/outline-ss-server/blob/4f3ce4d267289789f2441ac6f93cd5ac765efbf8/service/tcp_test.go#L376

from bbs.