Abacwaningi abavela eNyuvesi yaseMaryland njengengxenye yephrojekthi izame ukudala ukwenza ngokuzenzakalelayo ukutholwa kwezindlela ezisetshenziselwa ukuvala ukufinyelela kokuqukethwe. Ukuzama mathupha ukubala ubungozi obungaba khona ezinhlelweni zokuhlola iphakethe elijulile (DPI) kuyinqubo enzima futhi edla isikhathi, kodwa i-Geneva izamile ukuyisebenzisa. ukuhlola izici ze-DPI, ukuhlonza amaphutha okusebenzisa, nokuthuthukisa isu elilungile lokudlula ukuvinjwa kohlangothi lweklayenti. Ikhodi yephrojekthi ngolimi lwePython.
Imishini esetshenziselwa ukuvinjwa kwe-DPI ineyayo , okukuvumela ukuthi ufihle ukufinyelela kusisetshenziswa esinqatshelwe noma ugweme ukuvinjwa. Isibonelo, esimweni esilula, lapho uhlela ukuvimbela ngokufaka impendulo ye-dummy (esetshenziswa i-DPI ye-passive), kwanele ohlangothini lweklayenti. Impendulo eyimbumbulu ethunyelwe yi-DPI. Uma usebenzisa i-DPI esebenzayo, ungazama ukufihla iqiniso lokuthi ufinyelela isayithi elivinjiwe ngokushintsha kancane imingcele yesicelo se-HTTP (isibonelo, ngokungeza isikhala esengeziwe ngemva kokuthi "GET"), uhlukanise idatha yengxoxo yokuxhumana ye-TLS ibe amaphakethe amaningi, noma ukwenza ukuhlasela kwe-TCB Teardown ne-TCB Desync. Lokhu kuhlasela kuhilela ukuthi iklayenti ekuqaleni lithumele iphakethe le-dummy elinedatha noma amafulegi e-RST/ACK. Leli phakethe ngeke lamukelwe umsingathi oqondiwe, kodwa i-DPI izoyibona, yenze isinqumo esisekelwe kuyo, futhi ngeke ihlaziye iphakethe elilandelayo ngesicelo sangempela (isibonelo, ungacacisa i-SNI ehlukile kuphakethe lokuqala le-dummy, futhi ukuze ufihle leli phakethe kumsingathi oqondisiwe, ungasetha i-TTL ephansi, kanye nesheke lesheke elingalungile, inombolo yokulandelanisa, noma i-TT).
Geneva Ukuthuthukisa indlela yokudlula ye-DPI esebenzayo usebenzisa izinto zokuqala ezine eziyisisekelo zokukhohlisa iphakethe lenethiwekhi: ukuwa, ukuguqulwa kwesihloko, ukuphindaphinda, nokuhlukanisa. Ukuze ukhethe isu elilungile, kusetshenziswa i-algorithm yofuzo, kulingisa izinqubo ezifanayo nokukhetha kwemvelo ngokuhlanganiswa okungahleliwe kwezinketho ezihlukahlukene zokukhohlisa iphakethe. Ekugcineni, ama-primitives ahlanganiswa abe "isihlahla sesenzo" esichaza i-DPI bypass algorithm.
I-Geneva ihlolwe ngempumelelo ukuze idlule izindlela zokuhlola ezisetshenziswa e-China, India, naseKazakhstan. Ubungozi obuningana obengaziwa ngaphambilini nabo bakhonjwe kusetshenziswa i-Geneva. Nokho, i-Geneva isebenza kuphela ngokumelene nokuvimbela okusekelwe ku-DPI; akusizi ekuvimbeni okusekelwe ekhelini le-IP, futhi i-VPN iyadingeka. Ngesikhathi sokuhlolwa, Kunamasu ambalwa ajwayelekile okudlula i-DPI angahlolwa ngokushesha ngaphandle kokuhlaziya okugcwele, isibonelo:
python3 engine.py --server-port 80 --strategy "[TCP:flags:PA]-duplicate(tamper{TCP:dataofs:replace:10} tamper{TCP:chksum:corrupt},),)-|" --log ukulungisa iphutha
2020-01-24 20:54:41 DEBUG:[INJINI] Injini idalwe ngesu \/ (ID bm3kdw3r) ukuze itheku 80
2020-01-24 20:54:41 DEBUG:[INJINI] Ilungiselela imithetho ye-iptables
2020-01-24 20:54:41 DEBUG:[INJINI] iptables -A OUTPUT -p tcp --sport 80 -j NFQUEUE --queue-num 1
2020-01-24 20:54:41 DEBUG:[INJINI] iptables -A INPUT -p tcp --dport 80 -j NFQUEUE --queue-num 2
2020-01-24 20:54:41 DEBUG:[INJINI] iptables -A OUTPUT -p udp --sport 80 -j NFQUEUE --queue-num 1
2020-01-24 20:54:41 DEBUG:[INJINI] iptables -A INPUT -p udp --dport 80 -j NFQUEUE --queue-num 2
Source: opennet.ru
