tunnelkit icon indicating copy to clipboard operation
tunnelkit copied to clipboard

Published 20 hours ago verified publisher icon passepartoutvpn

Add Complete XOR Patch Functionality

Open tmthecoder opened this issue 2 years ago • 4 comments

This PR adds complete XOR patch functionality (building on the existing single-byte scramble xormask statement).

This feature adds the following specifically:

  • scramble xormask [password]: Same as existing, but with added support for multibyte passwords
  • scramble xorptrpos: XORs the byte of each packet with its position in the array
  • scramble reverse: Keeps the first byte but reverses the remaining ('abcde' becomes 'aedcb')
  • scramble obfuscate [password]: Performs a combination of the three above with the given passphrase on the mask stage. For reading it goes in this order: xormask -> xorptrpos -> reverse -> xorptrpos. Writing is the opposite

All of these implementations are done following Tunnelblick's XOR patch and their small article on it here (Header titled "Scramble Option Syntax")

I've found myself needed the full extent of this functionality, specifically the scramble obfuscate option with a multu-byte password, hence my decision to write an implementation for it. I believe I've followed the guidelines outlined as well as the code structure already defined. Looking forward to hearing your insight!

tmthecoder avatar May 26 '22 00:05 tmthecoder

Also, please note that this does change the xorMask type to a Data as opposed to a UInt8 since we've added support for multibyte values to be used as the xormask or obfuscate arguments

tmthecoder avatar May 26 '22 18:05 tmthecoder

@keeshux Just looking here again, should I add in a commit to update the README with the complete XOR functionality?

tmthecoder avatar Jul 25 '22 14:07 tmthecoder

@keeshux Just looking here again, should I add in a commit to update the README with the complete XOR functionality?

Hey, yes you can go ahead with that. Sorry that I won't be able to review this until I release Passepartout 2.0

keeshux avatar Aug 05 '22 17:08 keeshux

Okay, time has finally come to look into this.

keeshux avatar Sep 30 '22 19:09 keeshux

@tmthecoder sorry for the long delay!

First of all, thanks again for your dedication, this is great work and I'm sincerely glad for your contribution.

I could finally take some time to review this and I refactored your code to fit it better into the library. It's all about simplifying and moving things around, but the purpose and algorithms should be 100% unaffected.

Since I understand you are using all these in your server, please do some stress tests with this updated code of mine. Meanwhile, I'll try to at least add some unit tests of the XOR processing routines, to make sure e.g. that packets are correctly reversible (p1 -> scramble -> p2 -> scramble -> p1).

Cheers

keeshux avatar Nov 04 '22 18:11 keeshux

@keeshux Sounds good, I'll run some tests on my setups

tmthecoder avatar Nov 04 '22 18:11 tmthecoder

@keeshux Couldn't find any issues in local tests against VPN servers

tmthecoder avatar Nov 05 '22 00:11 tmthecoder

@keeshux Couldn't find any issues in local tests against VPN servers

Awesome. Have you also ensured continued operation in UDP/TCP without any XOR option enabled?

keeshux avatar Nov 05 '22 09:11 keeshux

Tested myself, and Passepartout beta will be another testbed. Merged!

keeshux avatar Nov 06 '22 16:11 keeshux