Skip to content

Commit

Permalink
test
Browse files Browse the repository at this point in the history
  • Loading branch information
@breakwa11
breakwa11 committed Jul 3, 2017
0 parents commit 4844e61
Show file tree
Hide file tree
Showing 10 changed files with 1,434 additions and 0 deletions.
11 changes: 11 additions & 0 deletions .github/issue_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
之所以写中文,本issue是写给打算写给乱发中文问题的人看的

1. 不欢迎小白,不回答诸如软件如何使用,如何搭建,如何配置,使用速度不快,如何提速等等和软件问题无关的问题,或把开发者当成客服的问题
2. 这里用于反馈软件可能的Bug,软件潜在的问题,和软件功能需求及讨论
3. 同一个issue不得在不同repo重复发,除非你发现发错地方(这种情况下你自行删除错误的issue),否则直接关闭且不回答问题,严重者拉黑名单
4. 建议你把问题事先在其它社区或和其它使用者讨论过,以确认不是密码错误,协议或插件错误,或服务器防火墙没关诸如此类本来应该自己解决的问题
5. 在你确认你需要发问题时,请尽可能提供详细的信息,包括服务端客户端具体版本,及相应log,及相应服务端客户端协议混淆等等的配置。如信息明显过少,则直接close不理踩

确认你读完以上内容后,请删除以上所有内容,然后写下你的问题

Please remove all above then write down your issue
99 changes: 99 additions & 0 deletions auth_aes128.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# auth_aes128_md5

### TCP

#### 1. The structure of a handshake request (before encryption)
```
whole request
+--------+--------+----------+
| part 1 | part 2 | part 3 |
+--------+--------+----------+
| 7 | 24 | Variable |
+--------+--------+----------+
part 1
+--------+----------+
| Random | HMAC-MD5 |
+--------+----------+
| 1 | 6 |
+--------+----------+
part 2
+-----+----------------------------+----------+
| UID | AES-128-CBC encrypted data | HMAC-MD5 |
+-----+----------------------------+----------+
| 4 | 16 | 4 |
+-----+----------------------------+----------+
part 3
+--------------+------------------+----------+
| Random bytes | Origin SS stream | HMAC-MD5 |
+--------------+------------------+----------+
| Variable | Variable | 4 |
+--------------+------------------+----------+
AES-128-CBC encrypted data (before encryption)
+-----+-----+---------------+-------------+---------------------+
| UTC | CID | Connection ID | pack length | Random bytes length |
+-----+---------------------+-------------+---------------------+
| 4 | 4 | 4 | 2 | 2 |
+-----+-----+---------------+-------------+---------------------+
The key of AES128 encryption is:
Base64(encrypt_key) + salt
salt is "auth_aes128_md5"
The IV of AES128 encryption is: "\x00" * 16
UTC, Connection ID, pack length, Random bytes length are little-endian
Connection ID is an unsigned 32bit integer, it must +1 after each handshake request sent
CID is randomly generated by SSR client. And Connection ID need to be initialized with a random integer between 0~0xFFFFFF when generate a new CID
Client must keep the CID value until Connection ID exceed 0xFF000000
The encrypt_key is user definition or stream encryption key
```
Notice: The HMAC key in part 1 and part 2 is:
IV + key

The HMAC key in part 3 is user customized or stream encryption key

The HMAC input in part 1 is the Random byte in part 1

The HMAC input in part 2 is whole data in part 2 except HMAC itself

The HMAC input in part 3 is whole data of the handshake request

#### 2. The structure of any other packet
```
+------+----------+--------------+-------------------------+----------+
| size | HMAC-MD5 | Random bytes | Payload | HMAC-MD5 |
+------+----------+--------------+-------------------------+----------+
| 2 | 2 | Variable | size - Random bytes - 8 | 4 |
+------+----------+--------------+-------------------------+----------+
The "size" is the whole packet size, little-endian
```
Random bytes:
If the first byte is 255 then `bytes[1] | bytes[2] << 8` is the length of the Random bytes, otherwise bytes[0] is the length of the Random bytes

The HMAC key is user customized key + Chunk ID. Chunk ID is a 32bit unsigned integer counted from 1 and must be converted to little-endian.

### UDP
1.Client to server
```
+----------+-----+----------+
| Payload | UID | HMAC-MD5 |
+----------+-----+----------+
| Variable | 4 | 4 |
+----------+-----+----------+
```
The HMAC key is user customized or stream encryption key

2.Server to client
```
+----------+----------+
| Payload | HMAC-MD5 |
+----------+----------+
| Variable | 4 |
+----------+----------+
```
The HMAC key is user customized or stream encryption key



# auth_aes128_sha1

Instead of MD5, the HMAC function for `auth_aes128_sha1` is SHA1, and salt is "`auth_aes128_sha1`", rest are the same.
99 changes: 99 additions & 0 deletions doc/auth_aes128.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# auth_aes128_md5

### TCP

#### 1. The structure of a handshake request (before encryption)
```
whole request
+--------+--------+----------+
| part 1 | part 2 | part 3 |
+--------+--------+----------+
| 7 | 24 | Variable |
+--------+--------+----------+
part 1
+--------+----------+
| Random | HMAC-MD5 |
+--------+----------+
| 1 | 6 |
+--------+----------+
part 2
+-----+----------------------------+----------+
| UID | AES-128-CBC encrypted data | HMAC-MD5 |
+-----+----------------------------+----------+
| 4 | 16 | 4 |
+-----+----------------------------+----------+
part 3
+--------------+------------------+----------+
| Random bytes | Origin SS stream | HMAC-MD5 |
+--------------+------------------+----------+
| Variable | Variable | 4 |
+--------------+------------------+----------+
AES-128-CBC encrypted data (before encryption)
+-----+-----+---------------+-------------+---------------------+
| UTC | CID | Connection ID | pack length | Random bytes length |
+-----+---------------------+-------------+---------------------+
| 4 | 4 | 4 | 2 | 2 |
+-----+-----+---------------+-------------+---------------------+
The key of AES128 encryption is:
Base64(encrypt_key) + salt
salt is "auth_aes128_md5"
The IV of AES128 encryption is: "\x00" * 16
UTC, Connection ID, pack length, Random bytes length are little-endian
Connection ID is an unsigned 32bit integer, it must +1 after each handshake request sent
CID is randomly generated by SSR client. And Connection ID need to be initialized with a random integer between 0~0xFFFFFF when generate a new CID
Client must keep the CID value until Connection ID exceed 0xFF000000
The encrypt_key is user definition or stream encryption key
```
Notice: The HMAC key in part 1 and part 2 is:
IV + key

The HMAC key in part 3 is user customized or stream encryption key

The HMAC input in part 1 is the Random byte in part 1

The HMAC input in part 2 is whole data in part 2 except HMAC itself

The HMAC input in part 3 is whole data of the handshake request

#### 2. The structure of any other packet
```
+------+----------+--------------+-------------------------+----------+
| size | HMAC-MD5 | Random bytes | Payload | HMAC-MD5 |
+------+----------+--------------+-------------------------+----------+
| 2 | 2 | Variable | size - Random bytes - 8 | 4 |
+------+----------+--------------+-------------------------+----------+
The "size" is the whole packet size, little-endian
```
Random bytes:
If the first byte is 255 then `bytes[1] | bytes[2] << 8` is the length of the Random bytes, otherwise bytes[0] is the length of the Random bytes

The HMAC key is user customized key + Chunk ID. Chunk ID is a 32bit unsigned integer counted from 1 and must be converted to little-endian.

### UDP
1.Client to server
```
+----------+-----+----------+
| Payload | UID | HMAC-MD5 |
+----------+-----+----------+
| Variable | 4 | 4 |
+----------+-----+----------+
```
The HMAC key is user customized or stream encryption key

2.Server to client
```
+----------+----------+
| Payload | HMAC-MD5 |
+----------+----------+
| Variable | 4 |
+----------+----------+
```
The HMAC key is user customized or stream encryption key



# auth_aes128_sha1

Instead of MD5, the HMAC function for `auth_aes128_sha1` is SHA1, and salt is "`auth_aes128_sha1`", rest are the same.
103 changes: 103 additions & 0 deletions doc/auth_chain_a.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# auth_chain_a

### TCP

#### 1. The structure of a handshake request (before encryption)
```
whole request
+--------+--------+
| part 1 | part 2 |
+--------+--------+
| 12 | 24 |
+--------+--------+
part 1
+--------+----------+
| Random | HMAC-MD5 |
+--------+----------+
| 4 | 8 |
+--------+----------+
part 2
+-----+----------------------------+----------+
| UID | AES-128-CBC encrypted data | HMAC-MD5 |
+-----+----------------------------+----------+
| 4 | 16 | 4 |
+-----+----------------------------+----------+
AES-128-CBC encrypted data (before encryption)
+-----+-----+---------------+----------+---------+
| UTC | CID | Connection ID | overhead | reserve |
+-----+---------------------+----------+---------+
| 4 | 4 | 4 | 2 | 2 |
+-----+-----+---------------+----------+---------+
part 1 HMAC is client_hash
part 2 HMAC is server_hash
UID is xor with client_hash from 9th byte to 12nd byte
All length or size or timer are little-endian
The key of AES128 encryption is:
Base64(user_key) + salt
salt is "auth_chain_a"
The IV of AES128 encryption is: "\x00" * 16
Connection ID is an unsigned 32bit integer, it must +1 after each handshake request sent
CID is randomly generated by SSR client. And Connection ID need to be initialized with a random integer between 0~0xFFFFFF when generate a new CID
Client must keep the CID value until Connection ID exceed 0xFF000000
overhead is protocol overhead size + obfs overhead size
The user_key is user definition or stream encryption key
```
Notice: The HMAC key in part 1:
IV + key

The HMAC key in part 2:
user\_key

The HMAC input in part 1 is the Random byte in part 1

The HMAC input in part 2 is whole data in part 2 except HMAC itself

#### 2. The structure of any other packet
```
+------+--------------+---------+--------------+----------+
| size | Random bytes | Payload | Random bytes | HMAC-MD5 |
+------+--------------+---------+--------------+----------+
| 2 | Variable | size | Variable | 2 |
+------+--------------+---------+--------------+----------+
The "size" is the Payload size, little-endian
```
size is xor with client\_hash or server\_hash last 2 bytes
Random bytes length is genarated by xorshift128plus which init with client\_hash & size if send to server or with server\_hash & size if send to client

Payload encrypted by RC4 method with key Base64(user\_key)+Base64(client\_hash)

The HMAC key is user\_key + Chunk ID. Chunk ID is a 32bit unsigned integer counted from 1 and must be converted to little-endian. The HMAC result become new client\_hash or server_hash for next chunk.

Notice:
first 2 bytes of the Payload of the first packet which server sent is TCP_MSS

### UDP
1.Client to server
```
+---------+--------------+--------+-----+----------+
| Payload | Random bytes | Random | UID | HMAC-MD5 |
+---------+--------------+--------+-----+----------+
|Variable | Variable | 3 | 4 | 1 |
+---------+--------------+--------+-----+----------+
```
let mac\_code is HMAC(Random, stream\_encryption\_key)
UID is xor with mac\_code from 1st byte to 4th byte
Random bytes length is genarated by xorshift128plus which init with mac_code
Payload encrypted by RC4 method with key Base64(user\_key)+Base64(mac\_code)
The final HMAC key is user\_key

2.Server to client
```
+---------+--------------+--------+----------+
| Payload | Random bytes | Random | HMAC-MD5 |
+---------+--------------+--------+----------+
|Variable | Variable | 7 | 1 |
+---------+--------------+--------+----------+
```
let mac\_code is HMAC(Random, stream\_encryption\_key)
Random bytes length is genarated by xorshift128plus which init with mac_code
Payload encrypted by RC4 method with key Base64(user\_key)+Base64(mac\_code)
The final HMAC key is user\_key

Binary file added img/ssie.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 4844e61

Please sign in to comment.