diff --git a/.github/ISSUE_TEMPLATE/bug-report-en.md b/.github/ISSUE_TEMPLATE/bug-report-en.md
new file mode 100644
index 000000000..5390a49fc
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug-report-en.md
@@ -0,0 +1,22 @@
+---
+name: 'Bug Report'
+about: 'Please troubleshoot server-side issues and upgrade to the latest client before raising a question.'
+title: 'BUG: '
+labels: ''
+assignees: ''
+
+---
+
+## Describe the problem
+
+Expected behavior:
+
+Actual behavior:
+
+## How to reproduce
+
+Provide helpful screenshots, videos, text descriptions, subscription links, etc.
+
+## log
+
+If you have logs, please upload them. Please see the detailed steps for exporting logs in the documentation.
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/bug-report-zh_cn.md b/.github/ISSUE_TEMPLATE/bug-report-zh_cn.md
index d9bbafdf8..232e6a56a 100644
--- a/.github/ISSUE_TEMPLATE/bug-report-zh_cn.md
+++ b/.github/ISSUE_TEMPLATE/bug-report-zh_cn.md
@@ -1,22 +1,22 @@
 ---
-name: Bug Report zh_CN
-about: 问题反馈，在提出问题前请先自行排除服务器端问题和升级到最新客户端。
-title: ''
+name: '问题反馈'
+about: '在提出问题前请先自行排除服务器端问题和升级到最新客户端。'
+title: 'BUG: '
 labels: ''
 assignees: ''
 
 ---
 
-**描述问题**
+## 描述问题
 
 预期行为：
 
 实际行为：
 
-**如何复现**
+## 如何复现
 
 提供有帮助的截图，录像，文字说明，订阅链接等。
 
-**日志**
+## 日志
 
 如果有日志，请上传。请在文档内查看导出日志的详细步骤。
diff --git a/.github/ISSUE_TEMPLATE/feature_request-en.md b/.github/ISSUE_TEMPLATE/feature_request-en.md
new file mode 100644
index 000000000..e688400c3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request-en.md
@@ -0,0 +1,12 @@
+---
+name: 'Feature Request'
+about: 'Make suggestions for new features of the software'
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Description suggestions
+
+## Necessity of recommendations
diff --git a/.github/ISSUE_TEMPLATE/feature_request-zh_cn.md b/.github/ISSUE_TEMPLATE/feature_request-zh_cn.md
index b8a79e8d5..93baf216d 100644
--- a/.github/ISSUE_TEMPLATE/feature_request-zh_cn.md
+++ b/.github/ISSUE_TEMPLATE/feature_request-zh_cn.md
@@ -1,12 +1,12 @@
 ---
-name: Feature Request zh_CN
-about: 功能请求，提出建议。
+name: '功能请求'
+about: '对软件的新功能提出建议。'
 title: ''
 labels: ''
 assignees: ''
 
 ---
 
-**描述建议**
+## 描述建议
 
-**建议的必要性**
+## 建议的必要性
diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
new file mode 100644
index 000000000..a6df3a164
--- /dev/null
+++ b/.github/workflows/preview.yml
@@ -0,0 +1,69 @@
+name: Preview Build
+on:
+  workflow_dispatch:
+    inputs:
+jobs:
+  libcore:
+    name: Native Build (LibCore)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Golang Status
+        run: find buildScript libcore/*.sh | xargs cat | sha1sum > golang_status
+      - name: Libcore Status
+        run: git ls-files libcore | xargs cat | sha1sum > libcore_status
+      - name: LibCore Cache
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            app/libs/libcore.aar
+          key: ${{ hashFiles('.github/workflows/*', 'golang_status', 'libcore_status') }}
+      - name: Install Golang
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/setup-go@v5
+        with:
+          go-version: ^1.25
+      - name: Native Build
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: ./run lib core
+  build:
+    name: Build OSS APK
+    runs-on: ubuntu-latest
+    needs:
+      - libcore
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Golang Status
+        run: find buildScript libcore/*.sh | xargs cat | sha1sum > golang_status
+      - name: Libcore Status
+        run: git ls-files libcore | xargs cat | sha1sum > libcore_status
+      - name: LibCore Cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            app/libs/libcore.aar
+          key: ${{ hashFiles('.github/workflows/*', 'golang_status', 'libcore_status') }}
+      - name: Gradle cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.gradle
+          key: gradle-oss-${{ hashFiles('**/*.gradle.kts') }}
+      - name: Gradle Build
+        env:
+          BUILD_PLUGIN: none
+        run: |
+          echo "sdk.dir=${ANDROID_HOME}" > local.properties
+          echo "ndk.dir=${ANDROID_HOME}/ndk/25.0.8775105" >> local.properties
+          export LOCAL_PROPERTIES="${{ secrets.LOCAL_PROPERTIES }}"
+          ./run init action gradle
+          ./gradlew app:assemblePreviewRelease
+          APK=$(find app/build/outputs/apk -name '*arm64-v8a*.apk')
+          APK=$(dirname $APK)
+          echo "APK=$APK" >> $GITHUB_ENV
+      - uses: actions/upload-artifact@v4
+        with:
+          name: APKs
+          path: ${{ env.APK }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e8f61485e..7aecc1c05 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,16 +3,13 @@ on:
   workflow_dispatch:
     inputs:
       tag:
-        description: 'Release Tag'
+        description: "Release Tag"
         required: true
-      upload:
-        description: 'Upload: If want ignore'
-        required: false
       publish:
-        description: 'Publish: If want ignore'
+        description: "Publish: If want ignore"
         required: false
       play:
-        description: 'Play: If want ignore'
+        description: "Play: If want ignore"
         required: false
 jobs:
   libcore:
@@ -20,27 +17,26 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Golang Status
         run: find buildScript libcore/*.sh | xargs cat | sha1sum > golang_status
       - name: Libcore Status
         run: git ls-files libcore | xargs cat | sha1sum > libcore_status
       - name: LibCore Cache
         id: cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             app/libs/libcore.aar
           key: ${{ hashFiles('.github/workflows/*', 'golang_status', 'libcore_status') }}
-      - name: Golang Cache
+      - name: Install Golang
         if: steps.cache.outputs.cache-hit != 'true'
-        uses: actions/cache@v3
+        uses: actions/setup-go@v5
         with:
-          path: build/golang
-          key: go-${{ hashFiles('.github/workflows/*', 'golang_status') }}
+          go-version: ^1.25
       - name: Native Build
         if: steps.cache.outputs.cache-hit != 'true'
-        run: ./run init action go && ./run lib core
+        run: ./run lib core
   build:
     name: Build OSS APK
     runs-on: ubuntu-latest
@@ -48,19 +44,19 @@ jobs:
       - libcore
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Golang Status
         run: find buildScript libcore/*.sh | xargs cat | sha1sum > golang_status
       - name: Libcore Status
         run: git ls-files libcore | xargs cat | sha1sum > libcore_status
       - name: LibCore Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             app/libs/libcore.aar
           key: ${{ hashFiles('.github/workflows/*', 'golang_status', 'libcore_status') }}
       - name: Gradle cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.gradle
           key: gradle-oss-${{ hashFiles('**/*.gradle.kts') }}
@@ -76,7 +72,7 @@ jobs:
           APK=$(find app/build/outputs/apk -name '*arm64-v8a*.apk')
           APK=$(dirname $APK)
           echo "APK=$APK" >> $GITHUB_ENV
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: APKs
           path: ${{ env.APK }}
@@ -87,9 +83,9 @@ jobs:
     needs: build
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Donwload Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: APKs
           path: artifacts
@@ -101,36 +97,6 @@ jobs:
           mkdir apks
           find artifacts -name "*.apk" -exec cp {} apks \;
           ./ghr -delete -t "${{ github.token }}" -n "${{ github.event.inputs.tag }}" "${{ github.event.inputs.tag }}" apks
-  upload:
-    name: Upload Release
-    if: github.event.inputs.upload != 'y'
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Donwload Artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: APKs
-          path: artifacts
-      - name: Release
-        run: |
-          mkdir apks
-          find artifacts -name "*.apk" -exec cp {} apks \;
-
-          function upload() {
-            for apk in $@; do
-              echo ">> Uploading $apk"
-              curl https://api.telegram.org/bot${{ secrets.TELEGRAM_TOKEN }}/sendDocument \
-                -X POST \
-                -F chat_id="${{ secrets.TELEGRAM_CHANNEL }}" \
-                -F document="@$apk" \
-                --silent --show-error --fail >/dev/null &
-            done
-            for job in $(jobs -p); do
-              wait $job || exit 1
-            done
-          }
-          upload apks/*
   play:
     name: Build Play Bundle
     if: github.event.inputs.play != 'y'
@@ -139,19 +105,19 @@ jobs:
       - libcore
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Golang Status
         run: find buildScript libcore/*.sh | xargs cat | sha1sum > golang_status
       - name: Libcore Status
         run: git ls-files libcore | xargs cat | sha1sum > libcore_status
       - name: LibCore Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             app/libs/libcore.aar
           key: ${{ hashFiles('.github/workflows/*', 'golang_status', 'libcore_status') }}
       - name: Gradle cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.gradle
           key: gradle-play-${{ hashFiles('**/*.gradle.kts') }}
diff --git a/README.md b/README.md
index dfdc0c515..b1322451e 100644
--- a/README.md
+++ b/README.md
@@ -6,17 +6,20 @@
 
 sing-box / universal proxy toolchain for Android.
 
-## 下载 / Downloads
+一款使用 sing-box 的 Android 通用代理软件.
 
-### GitHub Releases
+## 下载 / Downloads
 
 [![GitHub All Releases](https://img.shields.io/github/downloads/Matsuridayo/NekoBoxForAndroid/total?label=downloads-total&logo=github&style=flat-square)](https://github.com/Matsuridayo/NekoBoxForAndroid/releases)
 
-[下载](https://github.com/Matsuridayo/NekoBoxForAndroid/releases)
+[GitHub Releases 下载](https://github.com/Matsuridayo/NekoBoxForAndroid/releases)
 
-[Google Play](https://play.google.com/store/apps/details?id=moe.nb4a)
+**Google Play 版本自 2024 年 5 月起已被第三方控制，为非开源版本，请不要下载。**
 
-## 更改记录 & 发布频道 / Changelog & Telegram channel
+**The Google Play version has been controlled by a third party since May 2024 and is a non-open
+source version. Please do not download it.**
+
+## 更新日志 & Telegram 发布频道 / Changelog & Telegram Channel
 
 https://t.me/Matsuridayo
 
@@ -24,34 +27,53 @@ https://t.me/Matsuridayo
 
 https://matsuridayo.github.io
 
-## 代理 / Proxy
+## 支持的代理协议 / Supported Proxy Protocols
 
 * SOCKS (4/4a/5)
 * HTTP(S)
 * SSH
 * Shadowsocks
 * VMess
+* Trojan
 * VLESS
+* AnyTLS
+* ShadowTLS
+* TUIC
+* Hysteria 1/2
 * WireGuard
-* Trojan
-* Trojan-Go ( trojan-go-plugin )
-* NaïveProxy ( naive-plugin )
-* Hysteria ( hysteria-plugin )
+* Trojan-Go (trojan-go-plugin)
+* NaïveProxy (naive-plugin)
+* Mieru (mieru-plugin)
+
+请到[这里](https://matsuridayo.github.io/nb4a-plugin/)下载插件以获得完整的代理支持.
+
+Please visit [here](https://matsuridayo.github.io/nb4a-plugin/) to download plugins for full proxy
+supports.
+
+## 支持的订阅格式 / Supported Subscription Format
 
-请到[项目主页](https://matsuridayo.github.io)下载插件。
+* 一些广泛使用的格式 (如 Shadowsocks, ClashMeta 和 v2rayN)
+* sing-box 出站
 
-Please go to the [project homepage](https://matsuridayo.github.io) to download plugins.
+仅支持解析出站，即节点。分流规则等信息会被忽略。
 
-## 订阅 / Subscription
+* Some widely used formats (like Shadowsocks, ClashMeta and v2rayN)
+* sing-box outbound
 
-* Raw: some widely used formats (like shadowsocks, clash and v2rayN)
-* 原始格式：一些广泛使用的格式（如 shadowsocks、clash 和 v2rayN）
+Only resolving outbound, i.e. nodes, is supported. Information such as diversion rules are ignored.
 
 ## 捐助 / Donate
 
-欢迎捐赠以支持项目开发。
+<details>
 
-您也可以通过 [Google Play](https://play.google.com/store/apps/details?id=moe.nb4a) 购买捐赠
+如果这个项目对您有帮助, 可以通过捐赠的方式帮助我们维持这个项目.
+
+捐赠满等额 50 USD 可以在「[捐赠榜](https://mtrdnt.pages.dev/donation_list)」显示头像, 如果您未被添加到这里,
+欢迎联系我们补充.
+
+Donations of 50 USD or more can display your avatar on
+the [Donation List](https://mtrdnt.pages.dev/donation_list). If you are not added here, please
+contact us to add it.
 
 USDT TRC20
 
@@ -61,13 +83,19 @@ XMR
 
 `49bwESYQjoRL3xmvTcjZKHEKaiGywjLYVQJMUv79bXonGiyDCs8AzE3KiGW2ytTybBCpWJUvov8SjZZEGg66a4e59GXa6k5`
 
+</details>
+
 ## Credits
 
 Core:
+
 - [SagerNet/sing-box](https://github.com/SagerNet/sing-box)
-- [Matsuridayo/sing-box-extra](https://github.com/MatsuriDayo/sing-box-extra)
 
 Android GUI:
+
 - [shadowsocks/shadowsocks-android](https://github.com/shadowsocks/shadowsocks-android)
 - [SagerNet/SagerNet](https://github.com/SagerNet/SagerNet)
-- [Matsuridayo/Matsuri](https://github.com/MatsuriDayo/Matsuri)
+
+Web Dashboard:
+
+- [Yacd-meta](https://github.com/MetaCubeX/Yacd-meta)
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 054a79591..a8ba7b0e2 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -1,7 +1,9 @@
+@file:Suppress("UnstableApiUsage")
+
 plugins {
     id("com.android.application")
     id("kotlin-android")
-    id("kotlin-kapt")
+    id("com.google.devtools.ksp")
     id("kotlin-parcelize")
 }
 
@@ -11,8 +13,8 @@ android {
     compileOptions {
         isCoreLibraryDesugaringEnabled = true
     }
-    kapt.arguments {
-        arg("room.incremental", true)
+    ksp {
+        arg("room.incremental", "true")
         arg("room.schemaLocation", "$projectDir/schemas")
     }
     bundle {
@@ -21,9 +23,19 @@ android {
         }
     }
     buildFeatures {
+        buildConfig = true
         viewBinding = true
+        aidl = true
     }
     namespace = "io.nekohasekai.sagernet"
+    packaging {
+        jniLibs {
+            useLegacyPackaging = true
+        }
+    }
+    androidResources {
+        generateLocaleConfig = true
+    }
 }
 
 dependencies {
@@ -33,7 +45,7 @@ dependencies {
     implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.6.4")
     implementation("androidx.core:core-ktx:1.9.0")
     implementation("androidx.recyclerview:recyclerview:1.3.0")
-    implementation("androidx.activity:activity-ktx:1.7.0")
+    implementation("androidx.activity:activity-ktx:1.10.1")
     implementation("androidx.fragment:fragment-ktx:1.5.6")
     implementation("androidx.browser:browser:1.5.0")
     implementation("androidx.swiperefreshlayout:swiperefreshlayout:1.1.0")
@@ -65,15 +77,12 @@ dependencies {
         exclude(group = "androidx.recyclerview")
         exclude(group = "androidx.appcompat")
     }
-    implementation("org.smali:dexlib2:2.5.2") {
-        exclude(group = "com.google.guava", module = "guava")
-    }
 
-    implementation("androidx.room:room-runtime:2.5.1")
-    kapt("androidx.room:room-compiler:2.5.1")
-    implementation("androidx.room:room-ktx:2.5.1")
+    implementation("androidx.room:room-runtime:2.6.1")
+    ksp("androidx.room:room-compiler:2.6.1")
+    implementation("androidx.room:room-ktx:2.6.1")
     implementation("com.github.MatrixDev.Roomigrant:RoomigrantLib:0.3.4")
-    kapt("com.github.MatrixDev.Roomigrant:RoomigrantCompiler:0.3.4")
+    ksp("com.github.MatrixDev.Roomigrant:RoomigrantCompiler:0.3.4")
 
     coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.0.3")
 }
diff --git a/app/executableSo/.gitignore b/app/executableSo/.gitignore
new file mode 100644
index 000000000..140f8cf80
--- /dev/null
+++ b/app/executableSo/.gitignore
@@ -0,0 +1 @@
+*.so
diff --git a/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/3.json b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/3.json
new file mode 100644
index 000000000..491eb6f81
--- /dev/null
+++ b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/3.json
@@ -0,0 +1,360 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 3,
+    "identityHash": "cff00d0142d9e53d2ca24a6a55cd213c",
+    "entities": [
+      {
+        "tableName": "proxy_groups",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `userOrder` INTEGER NOT NULL, `ungrouped` INTEGER NOT NULL, `name` TEXT, `type` INTEGER NOT NULL, `subscription` BLOB, `order` INTEGER NOT NULL, `isSelector` INTEGER NOT NULL, `frontProxy` INTEGER NOT NULL, `landingProxy` INTEGER NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ungrouped",
+            "columnName": "ungrouped",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "subscription",
+            "columnName": "subscription",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "order",
+            "columnName": "order",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "isSelector",
+            "columnName": "isSelector",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "frontProxy",
+            "columnName": "frontProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "landingProxy",
+            "columnName": "landingProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "proxy_entities",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `groupId` INTEGER NOT NULL, `type` INTEGER NOT NULL, `userOrder` INTEGER NOT NULL, `tx` INTEGER NOT NULL, `rx` INTEGER NOT NULL, `status` INTEGER NOT NULL, `ping` INTEGER NOT NULL, `uuid` TEXT NOT NULL, `error` TEXT, `socksBean` BLOB, `httpBean` BLOB, `ssBean` BLOB, `vmessBean` BLOB, `trojanBean` BLOB, `trojanGoBean` BLOB, `mieruBean` BLOB, `naiveBean` BLOB, `hysteriaBean` BLOB, `tuicBean` BLOB, `sshBean` BLOB, `wgBean` BLOB, `shadowTLSBean` BLOB, `chainBean` BLOB, `nekoBean` BLOB, `configBean` BLOB)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "groupId",
+            "columnName": "groupId",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "tx",
+            "columnName": "tx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "rx",
+            "columnName": "rx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "status",
+            "columnName": "status",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ping",
+            "columnName": "ping",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "uuid",
+            "columnName": "uuid",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "error",
+            "columnName": "error",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "socksBean",
+            "columnName": "socksBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "httpBean",
+            "columnName": "httpBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "ssBean",
+            "columnName": "ssBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "vmessBean",
+            "columnName": "vmessBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanBean",
+            "columnName": "trojanBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanGoBean",
+            "columnName": "trojanGoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "mieruBean",
+            "columnName": "mieruBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "naiveBean",
+            "columnName": "naiveBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "hysteriaBean",
+            "columnName": "hysteriaBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "tuicBean",
+            "columnName": "tuicBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "sshBean",
+            "columnName": "sshBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "wgBean",
+            "columnName": "wgBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "shadowTLSBean",
+            "columnName": "shadowTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "chainBean",
+            "columnName": "chainBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "nekoBean",
+            "columnName": "nekoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "configBean",
+            "columnName": "configBean",
+            "affinity": "BLOB",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "groupId",
+            "unique": false,
+            "columnNames": [
+              "groupId"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `groupId` ON `${TABLE_NAME}` (`groupId`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "rules",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `name` TEXT NOT NULL, `userOrder` INTEGER NOT NULL, `enabled` INTEGER NOT NULL, `domains` TEXT NOT NULL, `ip` TEXT NOT NULL, `port` TEXT NOT NULL, `sourcePort` TEXT NOT NULL, `network` TEXT NOT NULL, `source` TEXT NOT NULL, `protocol` TEXT NOT NULL, `outbound` INTEGER NOT NULL, `packages` TEXT NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "enabled",
+            "columnName": "enabled",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domains",
+            "columnName": "domains",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ip",
+            "columnName": "ip",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "port",
+            "columnName": "port",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sourcePort",
+            "columnName": "sourcePort",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "network",
+            "columnName": "network",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "source",
+            "columnName": "source",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "protocol",
+            "columnName": "protocol",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "outbound",
+            "columnName": "outbound",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "packages",
+            "columnName": "packages",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'cff00d0142d9e53d2ca24a6a55cd213c')"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/4.json b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/4.json
new file mode 100644
index 000000000..4f9fe2659
--- /dev/null
+++ b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/4.json
@@ -0,0 +1,360 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 4,
+    "identityHash": "cff00d0142d9e53d2ca24a6a55cd213c",
+    "entities": [
+      {
+        "tableName": "proxy_groups",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `userOrder` INTEGER NOT NULL, `ungrouped` INTEGER NOT NULL, `name` TEXT, `type` INTEGER NOT NULL, `subscription` BLOB, `order` INTEGER NOT NULL, `isSelector` INTEGER NOT NULL, `frontProxy` INTEGER NOT NULL, `landingProxy` INTEGER NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ungrouped",
+            "columnName": "ungrouped",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "subscription",
+            "columnName": "subscription",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "order",
+            "columnName": "order",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "isSelector",
+            "columnName": "isSelector",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "frontProxy",
+            "columnName": "frontProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "landingProxy",
+            "columnName": "landingProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "proxy_entities",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `groupId` INTEGER NOT NULL, `type` INTEGER NOT NULL, `userOrder` INTEGER NOT NULL, `tx` INTEGER NOT NULL, `rx` INTEGER NOT NULL, `status` INTEGER NOT NULL, `ping` INTEGER NOT NULL, `uuid` TEXT NOT NULL, `error` TEXT, `socksBean` BLOB, `httpBean` BLOB, `ssBean` BLOB, `vmessBean` BLOB, `trojanBean` BLOB, `trojanGoBean` BLOB, `mieruBean` BLOB, `naiveBean` BLOB, `hysteriaBean` BLOB, `tuicBean` BLOB, `sshBean` BLOB, `wgBean` BLOB, `shadowTLSBean` BLOB, `chainBean` BLOB, `nekoBean` BLOB, `configBean` BLOB)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "groupId",
+            "columnName": "groupId",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "tx",
+            "columnName": "tx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "rx",
+            "columnName": "rx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "status",
+            "columnName": "status",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ping",
+            "columnName": "ping",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "uuid",
+            "columnName": "uuid",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "error",
+            "columnName": "error",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "socksBean",
+            "columnName": "socksBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "httpBean",
+            "columnName": "httpBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "ssBean",
+            "columnName": "ssBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "vmessBean",
+            "columnName": "vmessBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanBean",
+            "columnName": "trojanBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanGoBean",
+            "columnName": "trojanGoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "mieruBean",
+            "columnName": "mieruBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "naiveBean",
+            "columnName": "naiveBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "hysteriaBean",
+            "columnName": "hysteriaBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "tuicBean",
+            "columnName": "tuicBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "sshBean",
+            "columnName": "sshBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "wgBean",
+            "columnName": "wgBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "shadowTLSBean",
+            "columnName": "shadowTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "chainBean",
+            "columnName": "chainBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "nekoBean",
+            "columnName": "nekoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "configBean",
+            "columnName": "configBean",
+            "affinity": "BLOB",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "groupId",
+            "unique": false,
+            "columnNames": [
+              "groupId"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `groupId` ON `${TABLE_NAME}` (`groupId`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "rules",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `name` TEXT NOT NULL, `userOrder` INTEGER NOT NULL, `enabled` INTEGER NOT NULL, `domains` TEXT NOT NULL, `ip` TEXT NOT NULL, `port` TEXT NOT NULL, `sourcePort` TEXT NOT NULL, `network` TEXT NOT NULL, `source` TEXT NOT NULL, `protocol` TEXT NOT NULL, `outbound` INTEGER NOT NULL, `packages` TEXT NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "enabled",
+            "columnName": "enabled",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domains",
+            "columnName": "domains",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ip",
+            "columnName": "ip",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "port",
+            "columnName": "port",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sourcePort",
+            "columnName": "sourcePort",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "network",
+            "columnName": "network",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "source",
+            "columnName": "source",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "protocol",
+            "columnName": "protocol",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "outbound",
+            "columnName": "outbound",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "packages",
+            "columnName": "packages",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'cff00d0142d9e53d2ca24a6a55cd213c')"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/5.json b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/5.json
new file mode 100644
index 000000000..b5af39f95
--- /dev/null
+++ b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/5.json
@@ -0,0 +1,366 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 5,
+    "identityHash": "1dbf667053726c13d139a4d83c41f895",
+    "entities": [
+      {
+        "tableName": "proxy_groups",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `userOrder` INTEGER NOT NULL, `ungrouped` INTEGER NOT NULL, `name` TEXT, `type` INTEGER NOT NULL, `subscription` BLOB, `order` INTEGER NOT NULL, `isSelector` INTEGER NOT NULL, `frontProxy` INTEGER NOT NULL, `landingProxy` INTEGER NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ungrouped",
+            "columnName": "ungrouped",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "subscription",
+            "columnName": "subscription",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "order",
+            "columnName": "order",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "isSelector",
+            "columnName": "isSelector",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "frontProxy",
+            "columnName": "frontProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "landingProxy",
+            "columnName": "landingProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "proxy_entities",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `groupId` INTEGER NOT NULL, `type` INTEGER NOT NULL, `userOrder` INTEGER NOT NULL, `tx` INTEGER NOT NULL, `rx` INTEGER NOT NULL, `status` INTEGER NOT NULL, `ping` INTEGER NOT NULL, `uuid` TEXT NOT NULL, `error` TEXT, `socksBean` BLOB, `httpBean` BLOB, `ssBean` BLOB, `vmessBean` BLOB, `trojanBean` BLOB, `trojanGoBean` BLOB, `mieruBean` BLOB, `naiveBean` BLOB, `hysteriaBean` BLOB, `tuicBean` BLOB, `sshBean` BLOB, `wgBean` BLOB, `shadowTLSBean` BLOB, `anyTLSBean` BLOB, `chainBean` BLOB, `nekoBean` BLOB, `configBean` BLOB)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "groupId",
+            "columnName": "groupId",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "tx",
+            "columnName": "tx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "rx",
+            "columnName": "rx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "status",
+            "columnName": "status",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ping",
+            "columnName": "ping",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "uuid",
+            "columnName": "uuid",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "error",
+            "columnName": "error",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "socksBean",
+            "columnName": "socksBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "httpBean",
+            "columnName": "httpBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "ssBean",
+            "columnName": "ssBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "vmessBean",
+            "columnName": "vmessBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanBean",
+            "columnName": "trojanBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanGoBean",
+            "columnName": "trojanGoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "mieruBean",
+            "columnName": "mieruBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "naiveBean",
+            "columnName": "naiveBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "hysteriaBean",
+            "columnName": "hysteriaBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "tuicBean",
+            "columnName": "tuicBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "sshBean",
+            "columnName": "sshBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "wgBean",
+            "columnName": "wgBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "shadowTLSBean",
+            "columnName": "shadowTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "anyTLSBean",
+            "columnName": "anyTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "chainBean",
+            "columnName": "chainBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "nekoBean",
+            "columnName": "nekoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "configBean",
+            "columnName": "configBean",
+            "affinity": "BLOB",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "groupId",
+            "unique": false,
+            "columnNames": [
+              "groupId"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `groupId` ON `${TABLE_NAME}` (`groupId`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "rules",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `name` TEXT NOT NULL, `userOrder` INTEGER NOT NULL, `enabled` INTEGER NOT NULL, `domains` TEXT NOT NULL, `ip` TEXT NOT NULL, `port` TEXT NOT NULL, `sourcePort` TEXT NOT NULL, `network` TEXT NOT NULL, `source` TEXT NOT NULL, `protocol` TEXT NOT NULL, `outbound` INTEGER NOT NULL, `packages` TEXT NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "enabled",
+            "columnName": "enabled",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domains",
+            "columnName": "domains",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ip",
+            "columnName": "ip",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "port",
+            "columnName": "port",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sourcePort",
+            "columnName": "sourcePort",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "network",
+            "columnName": "network",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "source",
+            "columnName": "source",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "protocol",
+            "columnName": "protocol",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "outbound",
+            "columnName": "outbound",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "packages",
+            "columnName": "packages",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '1dbf667053726c13d139a4d83c41f895')"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/6.json b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/6.json
new file mode 100644
index 000000000..11b6e58a2
--- /dev/null
+++ b/app/schemas/io.nekohasekai.sagernet.database.SagerDatabase/6.json
@@ -0,0 +1,373 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 6,
+    "identityHash": "3d3db9106a89d6f20ef3fde6e81dbaa9",
+    "entities": [
+      {
+        "tableName": "proxy_groups",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `userOrder` INTEGER NOT NULL, `ungrouped` INTEGER NOT NULL, `name` TEXT, `type` INTEGER NOT NULL, `subscription` BLOB, `order` INTEGER NOT NULL, `isSelector` INTEGER NOT NULL, `frontProxy` INTEGER NOT NULL, `landingProxy` INTEGER NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ungrouped",
+            "columnName": "ungrouped",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "subscription",
+            "columnName": "subscription",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "order",
+            "columnName": "order",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "isSelector",
+            "columnName": "isSelector",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "frontProxy",
+            "columnName": "frontProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "landingProxy",
+            "columnName": "landingProxy",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "proxy_entities",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `groupId` INTEGER NOT NULL, `type` INTEGER NOT NULL, `userOrder` INTEGER NOT NULL, `tx` INTEGER NOT NULL, `rx` INTEGER NOT NULL, `status` INTEGER NOT NULL, `ping` INTEGER NOT NULL, `uuid` TEXT NOT NULL, `error` TEXT, `socksBean` BLOB, `httpBean` BLOB, `ssBean` BLOB, `vmessBean` BLOB, `trojanBean` BLOB, `trojanGoBean` BLOB, `mieruBean` BLOB, `naiveBean` BLOB, `hysteriaBean` BLOB, `tuicBean` BLOB, `sshBean` BLOB, `wgBean` BLOB, `shadowTLSBean` BLOB, `anyTLSBean` BLOB, `chainBean` BLOB, `nekoBean` BLOB, `configBean` BLOB)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "groupId",
+            "columnName": "groupId",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "tx",
+            "columnName": "tx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "rx",
+            "columnName": "rx",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "status",
+            "columnName": "status",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ping",
+            "columnName": "ping",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "uuid",
+            "columnName": "uuid",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "error",
+            "columnName": "error",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "socksBean",
+            "columnName": "socksBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "httpBean",
+            "columnName": "httpBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "ssBean",
+            "columnName": "ssBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "vmessBean",
+            "columnName": "vmessBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanBean",
+            "columnName": "trojanBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "trojanGoBean",
+            "columnName": "trojanGoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "mieruBean",
+            "columnName": "mieruBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "naiveBean",
+            "columnName": "naiveBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "hysteriaBean",
+            "columnName": "hysteriaBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "tuicBean",
+            "columnName": "tuicBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "sshBean",
+            "columnName": "sshBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "wgBean",
+            "columnName": "wgBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "shadowTLSBean",
+            "columnName": "shadowTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "anyTLSBean",
+            "columnName": "anyTLSBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "chainBean",
+            "columnName": "chainBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "nekoBean",
+            "columnName": "nekoBean",
+            "affinity": "BLOB",
+            "notNull": false
+          },
+          {
+            "fieldPath": "configBean",
+            "columnName": "configBean",
+            "affinity": "BLOB",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "groupId",
+            "unique": false,
+            "columnNames": [
+              "groupId"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `groupId` ON `${TABLE_NAME}` (`groupId`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "rules",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `name` TEXT NOT NULL, `config` TEXT NOT NULL DEFAULT '', `userOrder` INTEGER NOT NULL, `enabled` INTEGER NOT NULL, `domains` TEXT NOT NULL, `ip` TEXT NOT NULL, `port` TEXT NOT NULL, `sourcePort` TEXT NOT NULL, `network` TEXT NOT NULL, `source` TEXT NOT NULL, `protocol` TEXT NOT NULL, `outbound` INTEGER NOT NULL, `packages` TEXT NOT NULL)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "config",
+            "columnName": "config",
+            "affinity": "TEXT",
+            "notNull": true,
+            "defaultValue": "''"
+          },
+          {
+            "fieldPath": "userOrder",
+            "columnName": "userOrder",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "enabled",
+            "columnName": "enabled",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domains",
+            "columnName": "domains",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "ip",
+            "columnName": "ip",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "port",
+            "columnName": "port",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sourcePort",
+            "columnName": "sourcePort",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "network",
+            "columnName": "network",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "source",
+            "columnName": "source",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "protocol",
+            "columnName": "protocol",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "outbound",
+            "columnName": "outbound",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "packages",
+            "columnName": "packages",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '3d3db9106a89d6f20ef3fde6e81dbaa9')"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 4607b16ed..def29c24c 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -13,6 +13,7 @@
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
     <uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED" />
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
     <uses-permission android:name="android.permission.WAKE_LOCK" />
@@ -21,7 +22,9 @@
 
     <uses-permission
         android:name="android.permission.QUERY_ALL_PACKAGES"
-        tools:ignore="QueryAllPackagesPermission" />
+        tools:ignore="PackageVisibilityPolicy" />
+    <uses-permission android:name="com.android.permission.GET_INSTALLED_APPS" />
+
     <uses-permission android:name="android.permission.CAMERA" />
     <uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS" />
 
@@ -50,7 +53,6 @@
         android:autoRevokePermissions="allowed"
         android:banner="@mipmap/ic_launcher"
         android:dataExtractionRules="@xml/backup_rules"
-        android:extractNativeLibs="true"
         android:fullBackupContent="@xml/backup_descriptor"
         android:fullBackupOnly="true"
         android:hardwareAccelerated="true"
@@ -164,6 +166,9 @@
         <activity
             android:name="io.nekohasekai.sagernet.ui.profile.TrojanGoSettingsActivity"
             android:configChanges="uiMode" />
+        <activity
+            android:name="io.nekohasekai.sagernet.ui.profile.MieruSettingsActivity"
+            android:configChanges="uiMode" />
         <activity
             android:name="io.nekohasekai.sagernet.ui.profile.NaiveSettingsActivity"
             android:configChanges="uiMode" />
@@ -186,7 +191,7 @@
             android:name="moe.matsuri.nb4a.proxy.shadowtls.ShadowTLSSettingsActivity"
             android:configChanges="uiMode" />
         <activity
-            android:name="moe.matsuri.nb4a.proxy.neko.NekoSettingActivity"
+            android:name="moe.matsuri.nb4a.proxy.anytls.AnyTLSSettingsActivity"
             android:configChanges="uiMode" />
         <activity
             android:name="moe.matsuri.nb4a.proxy.config.ConfigSettingActivity"
@@ -252,14 +257,18 @@
         <service
             android:name="io.nekohasekai.sagernet.bg.ProxyService"
             android:exported="false"
-            android:process=":bg" />
+            android:foregroundServiceType="systemExempted"
+            android:process=":bg"
+            tools:ignore="ForegroundServicePermission" />
 
         <service
             android:name="io.nekohasekai.sagernet.bg.VpnService"
             android:exported="false"
+            android:foregroundServiceType="systemExempted"
             android:label="@string/app_name"
             android:permission="android.permission.BIND_VPN_SERVICE"
-            android:process=":bg">
+            android:process=":bg"
+            tools:ignore="ForegroundServicePermission">
 
             <intent-filter>
                 <action android:name="android.net.VpnService" />
@@ -269,10 +278,12 @@
         <service
             android:name="io.nekohasekai.sagernet.bg.TileService"
             android:exported="true"
+            android:foregroundServiceType="systemExempted"
             android:icon="@drawable/ic_service_active"
             android:label="@string/tile_title"
             android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
             android:process=":bg"
+            tools:ignore="ForegroundServicePermission"
             tools:targetApi="n">
             <intent-filter>
                 <action android:name="android.service.quicksettings.action.QS_TILE" />
@@ -297,6 +308,18 @@
             android:authorities="${applicationId}.androidx-startup"
             tools:node="remove" />
 
+        <receiver
+            android:name="io.nekohasekai.sagernet.BootReceiver"
+            android:enabled="false"
+            android:exported="true"
+            android:process=":bg">
+            <intent-filter>
+                <action android:name="android.intent.action.BOOT_COMPLETED" />
+                <action android:name="android.intent.action.LOCKED_BOOT_COMPLETED" />
+                <action android:name="android.intent.action.MY_PACKAGE_REPLACED" />
+            </intent-filter>
+        </receiver>
+
         <service
             android:name="androidx.room.MultiInstanceInvalidationService"
             android:process=":bg" />
diff --git a/app/src/main/aidl/io/nekohasekai/sagernet/aidl/ISagerNetServiceCallback.aidl b/app/src/main/aidl/io/nekohasekai/sagernet/aidl/ISagerNetServiceCallback.aidl
index f0382acc1..cb41c2bd7 100644
--- a/app/src/main/aidl/io/nekohasekai/sagernet/aidl/ISagerNetServiceCallback.aidl
+++ b/app/src/main/aidl/io/nekohasekai/sagernet/aidl/ISagerNetServiceCallback.aidl
@@ -6,7 +6,7 @@ import io.nekohasekai.sagernet.aidl.TrafficData;
 oneway interface ISagerNetServiceCallback {
   void stateChanged(int state, String profileName, String msg);
   void missingPlugin(String profileName, String pluginName);
-  void routeAlert(int type, String routeName);
   void cbSpeedUpdate(in SpeedDisplayData stats);
   void cbTrafficUpdate(in TrafficData stats);
+  void cbSelectorUpdate(long id);
 }
diff --git a/app/src/main/assets/analysis.txt b/app/src/main/assets/analysis.txt
deleted file mode 100644
index a4f7cc732..000000000
--- a/app/src/main/assets/analysis.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-domain:appcenter.ms
-domain:app-measurement.com
-domain:firebase.io
-domain:crashlytics.com
-domain:google-analytics.com
\ No newline at end of file
diff --git a/app/src/main/assets/proxy_packagename.txt b/app/src/main/assets/proxy_packagename.txt
new file mode 100644
index 000000000..28768cf02
--- /dev/null
+++ b/app/src/main/assets/proxy_packagename.txt
@@ -0,0 +1,390 @@
+amanita_design.samorost3.gp
+android
+au.com.shiftyjelly.pocketcasts
+bbc.mobile.news.ww
+be.mygod.vpnhotspot
+ch.protonmail.android
+cm.aptoide.pt
+co.wanqu.android
+com.alphainventor.filemanager
+com.amazon.kindle
+com.amazon.mshop.android.shopping
+com.android.chrome
+com.android.providers.downloads
+com.android.providers.downloads.ui
+com.android.providers.telephony
+com.android.settings
+com.android.vending
+com.android6park.m6park
+com.apkpure.aegon
+com.apkupdater
+com.app.pornhub
+com.arthurivanets.owly
+com.asahi.tida.tablet
+com.authy.authy
+com.avmovie
+com.ballistiq.artstation
+com.binance.dev
+com.bitly.app
+com.brave.browser
+com.brave.browser_beta
+com.breel.wallpapers18
+com.bvanced.android.youtube
+com.chrome.beta
+com.chrome.canary
+com.chrome.dev
+com.cl.newt66y
+com.cradle.iitc_mobile
+org.exarhteam.iitc_mobile
+com.cygames.shadowverse
+com.dcard.freedom
+com.devhd.feedly
+com.devolver.reigns2
+com.discord
+com.downloader.video.tumblr
+com.driverbrowser
+com.dropbox.android
+com.duolingo
+com.duckduckgo.mobile.android
+com.dv.adm
+com.estrongs.android.pop
+com.estrongs.android.pop.pro
+com.evernote
+com.facebook.katana
+com.facebook.lite
+com.facebook.mlite
+com.facebook.orca
+com.facebook.services
+com.facebook.system
+com.fastaccess.github
+com.felixfilip.scpae
+com.fireproofstudios.theroom4
+com.firstrowria.pushnotificationtester
+com.flyersoft.moonreaderp
+com.fooview.android.fooview
+com.fvd.eversync
+com.gameloft.android.anmp.glofta8hm
+com.gameloft.android.anmp.glofta9hm
+com.gianlu.aria2app
+com.github.yeriomin.yalpstore
+com.google.android.apps.adm
+com.google.android.apps.books
+com.google.android.apps.docs
+com.google.android.apps.docs.editors.sheets
+com.google.android.apps.docs.editors.docs
+com.google.android.apps.docs.editors.slides
+com.google.android.apps.fitness
+com.google.android.apps.googleassistant
+com.google.android.apps.googlevoice
+com.google.android.apps.hangoutsdialer
+com.google.android.apps.inbox
+com.google.android.apps.magazines
+com.google.android.apps.maps
+com.google.android.apps.nbu.files
+com.google.android.apps.paidtasks
+com.google.android.apps.pdfviewer
+com.google.android.apps.photos
+com.google.android.apps.plus
+com.google.android.apps.translate
+com.google.android.gm
+com.google.android.gms
+com.google.android.gms.setup
+com.google.android.googlequicksearchbox
+com.google.android.gsf
+com.google.android.gsf.login
+com.google.android.ims
+com.google.android.inputmethod.latin
+com.google.android.instantapps.supervisor
+com.google.android.keep
+com.google.android.music
+com.google.android.ogyoutube
+com.google.android.partnersetup
+com.google.android.play.games
+com.google.android.street
+com.google.android.syncadapters.calendar
+com.google.android.syncadapters.contacts
+com.google.android.talk
+com.google.android.tts
+com.google.android.videos
+com.google.android.youtube
+com.google.ar.lens
+com.google.android.apps.authenticator2
+com.hochan.coldsoup
+com.ifttt.ifttt
+com.imgur.mobile
+com.innologica.inoreader
+com.instagram.android
+com.instagram.lite
+com.instapaper.android
+com.jarvanh.vpntether
+com.kapp.youtube.final
+com.klinker.android.twitter_l
+com.lastpass.lpandroid
+com.linecorp.linelite
+com.lingodeer
+com.ltnnews.news
+com.mediapods.tumbpods
+com.mgoogle.android.gms
+com.microsoft.emmx
+com.microsoft.office.powerpoint
+com.microsoft.skydrive
+com.mixplorer
+com.msd.consumerchinese
+com.msd.professionalchinese
+com.mss2011c.sharehelper
+com.netflix.mediaclient
+com.newin.nplayer.pro
+com.nianticlabs.ingress.prime.qa
+com.nianticproject.ingress
+com.ninefolders.hd3
+com.ninegag.android.app
+com.nintendo.zara
+com.nytimes.cn
+com.oasisfeng.island
+com.ocnt.liveapp.hw
+com.orekie.search
+com.patreon.android
+com.paypal.android.p2pmobile
+com.perol.asdpl.pixivez
+com.pinterest
+com.popularapp.periodcalendar
+com.popularapp.videodownloaderforinstagram
+com.pushbullet.android
+com.quoord.tapatalkpro.activity
+com.quora.android
+com.rayark.cytus2
+com.rayark.implosion
+com.rayark.pluto
+com.reddit.frontpage
+com.resilio.sync
+com.rhmsoft.edit
+com.rubenmayayo.reddit
+com.sec.android.app.sbrowser
+com.sec.android.app.sbrowser.beta
+com.shanga.walli
+com.simplehabit.simplehabitapp
+com.slack
+com.snaptube.premium
+com.sololearn
+com.sonelli.juicessh
+com.sparkslab.dcardreader
+com.spotify.music
+com.spotify.lite
+com.tencent.huatuo
+com.termux
+com.teslacoilsw.launcher
+com.theinitium.news
+com.thomsonreuters.reuters
+com.thunkable.android.hritvik00.freenom
+com.topjohnwu.magisk
+com.tripadvisor.tripadvisor
+com.tumblr
+com.twitter.android
+com.u91porn
+com.u9porn
+com.ubisoft.dance.justdance2015companion
+com.udn.news
+com.utopia.pxview
+com.valvesoftware.android.steam.community
+com.vanced.manager
+com.vanced.android.youtube
+com.vanced.android.apps.youtube.music
+com.mgoogle.android.gms
+com.vimeo.android.videoapp
+com.vivaldi.browser
+com.vivaldi.browser.snapshot
+com.vkontakte.android
+com.whatsapp
+com.wire
+com.wuxiangai.refactor
+com.xda.labs
+com.xvideos.app
+com.yahoo.mobile.client.android.superapp
+com.yandex.browser
+com.yandex.browser.beta
+com.yandex.browser.alpha
+com.z28j.feel
+com.zhiliaoapp.musically
+con.medium.reader
+de.apkgrabber
+de.robv.android.xposed.installer
+dk.tacit.android.foldersync.full
+es.rafalense.telegram.themes
+es.rafalense.themes
+flipboard.app
+fm.moon.app
+fr.gouv.etalab.mastodon
+github.tornaco.xposedmoduletest
+idm.internet.download.manager
+idm.internet.download.manager.plus
+io.github.javiewer
+io.github.skyhacker2.magnetsearch
+io.va.exposed
+it.mvilla.android.fenix2
+jp.bokete.app.android
+jp.naver.line.android
+jp.pxv.android
+luo.speedometergpspro
+m.cna.com.tw.App
+mark.via.gp
+me.tshine.easymark
+net.teeha.android.url_shortener
+net.tsapps.appsales
+onion.fire
+org.fdroid.fdroid
+org.freedownloadmanager.fdm
+org.kustom.widget
+org.mozilla.fennec_aurora
+org.mozilla.fenix
+org.mozilla.fenix.nightly
+org.mozilla.firefox
+org.mozilla.firefox_beta
+org.mozilla.focus
+org.schabi.newpipe
+org.telegram.messenger
+org.telegram.multi
+org.telegram.plus
+org.thunderdog.challegram
+org.torproject.android
+org.torproject.torbrowser_alpha
+org.wikipedia
+org.xbmc.kodi
+pl.zdunex25.updater
+tv.twitch.android.app
+tw.com.gamer.android.activecenter
+videodownloader.downloadvideo.downloader
+uk.co.bbc.learningenglish
+com.ted.android
+de.danoeh.antennapod
+com.kiwibrowser.browser
+nekox.messenger
+com.nextcloud.client
+com.aurora.store
+com.aurora.adroid
+chat.simplex.app
+im.vector.app
+network.loki.messenger
+eu.siacs.conversations
+xyz.nextalone.nagram
+de.danoeh.antennapod
+net.programmierecke.radiodroid2
+im.fdx.v2ex
+ml.docilealligator.infinityforreddit
+com.bytemyth.ama
+app.vanadium.browser
+com.cakewallet.cake_wallet
+org.purplei2p.i2pd
+dk.tacit.android.foldersync.lite
+com.nononsenseapps.feeder
+com.m2049r.xmrwallet
+com.paypal.android.p2pmobile
+com.google.android.apps.googlevoice
+com.readdle.spark
+org.torproject.torbrowser
+com.deepl.mobiletranslator
+com.microsoft.bing
+com.keylesspalace.tusky
+com.ottplay.ottplay
+ru.iptvremote.android.iptv.pro
+jp.naver.line.android
+com.xmflsct.app.tooot
+com.forem.android
+app.revanced.android.youtube
+app.rvx.android.youtube
+app.rvx.android.apps.youtube.music
+com.mgoogle.android.gms
+com.pionex.client
+vip.mytokenpocket
+im.token.app
+com.linekong.mars24
+com.feixiaohao
+com.aicoin.appandroid
+com.binance.dev
+com.kraken.trade
+com.okinc.okex.gp
+com.authy.authy
+air.com.rosettastone.mobile.CoursePlayer
+com.blizzard.bma
+com.amazon.kindle
+com.google.android.apps.fitness
+net.tsapps.appsales
+com.wemesh.android
+com.google.android.apps.googleassistant
+allen.town.focus.reader
+me.hyliu.fluent_reader_lite
+com.aljazeera.mobile
+com.ft.news
+de.marmaro.krt.ffupdater
+myradio.radio.fmradio.liveradio.radiostation
+com.google.earth
+eu.kanade.tachiyomi.j2k
+com.audials
+com.microsoft.skydrive
+com.mb.android.tg
+com.melodis.midomiMusicIdentifier.freemium
+com.foxnews.android
+ch.threema.app
+com.briarproject.briar.android
+foundation.e.apps
+com.valvesoftware.android.steam.friendsui
+com.imback.yeetalk
+so.onekey.app.wallet
+com.xc3fff0e.xmanager
+meditofoundation.medito
+com.picol.client
+com.streetwriters.notesnook
+shanghai.panewsApp.com
+org.coursera.android
+com.positron_it.zlib
+com.blizzard.messenger
+com.javdb.javrocket
+com.picacomic.fregata
+com.fxl.chacha
+me.proton.android.drive
+com.lastpass.lpandroid
+com.tradingview.tradingviewapp
+com.deviantart.android.damobile
+com.fusionmedia.investing
+com.ewa.ewaapp
+com.duolingo
+com.hellotalk
+io.github.huskydg.magisk
+com.jsy.xpgbox
+com.hostloc.app.hostloc
+com.dena.pokota
+com.vitorpamplona.amethyst
+com.zhiliaoapp.musically
+us.spotco.fennec_dos
+com.fongmi.android.tv
+com.pocketprep.android.itcybersecurity
+com.cloudtv
+com.glassdoor.app
+com.indeed.android.jobsearch
+com.linkedin.android
+com.github.tvbox.osc.bh
+com.example.douban
+com.sipnetic.app
+com.microsoft.rdc.androidx
+org.zwanoo.android.speedtest
+com.sonelli.juicessh
+com.scmp.newspulse
+org.lsposed.manager
+mnn.Android
+com.thomsonretuers.reuters
+com.guardian
+com.ttxapps.onesyncv2
+org.fcitx.fcitx5.android.updater
+com.instagram.barcelona
+com.deniscerri.ytdl
+jp.pokemon.pokemonsleep
+com.github.android
+com.openai.chatgpt
+mega.privacy.android.app
+com.taptap.global
+tw.com.gamer.android.animad
+com.microsoft.copilot
+com.google.android.apps.aiwallpapers
+ai.x.grok
+com.google.android.apps.weather
+com.metrolist.music
+com.google.android.apps.youtube.creator
\ No newline at end of file
diff --git a/app/src/main/assets/yacd.version.txt b/app/src/main/assets/yacd.version.txt
index 56a6051ca..e440e5c84 100644
--- a/app/src/main/assets/yacd.version.txt
+++ b/app/src/main/assets/yacd.version.txt
@@ -1 +1 @@
-1
\ No newline at end of file
+3
\ No newline at end of file
diff --git a/app/src/main/assets/yacd.zip b/app/src/main/assets/yacd.zip
index 46d2b59b6..5fc55e2e0 100644
Binary files a/app/src/main/assets/yacd.zip and b/app/src/main/assets/yacd.zip differ
diff --git a/app/src/main/java/com/wireguard/crypto/Curve25519.java b/app/src/main/java/com/wireguard/crypto/Curve25519.java
deleted file mode 100644
index 55f2809af..000000000
--- a/app/src/main/java/com/wireguard/crypto/Curve25519.java
+++ /dev/null
@@ -1,497 +0,0 @@
-/*
- * Copyright © 2016 Southern Storm Software, Pty Ltd.
- * Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package com.wireguard.crypto;
-
-import androidx.annotation.Nullable;
-
-import java.util.Arrays;
-
-/**
- * Implementation of Curve25519 ECDH.
- * <p>
- * This implementation was imported to WireGuard from noise-java:
- * https://github.com/rweather/noise-java
- * <p>
- * This implementation is based on that from arduinolibs:
- * https://github.com/rweather/arduinolibs
- * <p>
- * Differences in this version are due to using 26-bit limbs for the
- * representation instead of the 8/16/32-bit limbs in the original.
- * <p>
- * References: http://cr.yp.to/ecdh.html, RFC 7748
- */
-@SuppressWarnings({"MagicNumber", "NonConstantFieldWithUpperCaseName", "SuspiciousNameCombination"})
-public final class Curve25519 {
-    // Numbers modulo 2^255 - 19 are broken up into ten 26-bit words.
-    private static final int NUM_LIMBS_255BIT = 10;
-    private static final int NUM_LIMBS_510BIT = 20;
-
-    private final int[] A;
-    private final int[] AA;
-    private final int[] B;
-    private final int[] BB;
-    private final int[] C;
-    private final int[] CB;
-    private final int[] D;
-    private final int[] DA;
-    private final int[] E;
-    private final long[] t1;
-    private final int[] t2;
-    private final int[] x_1;
-    private final int[] x_2;
-    private final int[] x_3;
-    private final int[] z_2;
-    private final int[] z_3;
-
-    /**
-     * Constructs the temporary state holder for Curve25519 evaluation.
-     */
-    private Curve25519() {
-        // Allocate memory for all of the temporary variables we will need.
-        x_1 = new int[NUM_LIMBS_255BIT];
-        x_2 = new int[NUM_LIMBS_255BIT];
-        x_3 = new int[NUM_LIMBS_255BIT];
-        z_2 = new int[NUM_LIMBS_255BIT];
-        z_3 = new int[NUM_LIMBS_255BIT];
-        A = new int[NUM_LIMBS_255BIT];
-        B = new int[NUM_LIMBS_255BIT];
-        C = new int[NUM_LIMBS_255BIT];
-        D = new int[NUM_LIMBS_255BIT];
-        E = new int[NUM_LIMBS_255BIT];
-        AA = new int[NUM_LIMBS_255BIT];
-        BB = new int[NUM_LIMBS_255BIT];
-        DA = new int[NUM_LIMBS_255BIT];
-        CB = new int[NUM_LIMBS_255BIT];
-        t1 = new long[NUM_LIMBS_510BIT];
-        t2 = new int[NUM_LIMBS_510BIT];
-    }
-
-    /**
-     * Conditional swap of two values.
-     *
-     * @param select Set to 1 to swap, 0 to leave as-is.
-     * @param x      The first value.
-     * @param y      The second value.
-     */
-    private static void cswap(int select, final int[] x, final int[] y) {
-        select = -select;
-        for (int index = 0; index < NUM_LIMBS_255BIT; ++index) {
-            final int dummy = select & (x[index] ^ y[index]);
-            x[index] ^= dummy;
-            y[index] ^= dummy;
-        }
-    }
-
-    /**
-     * Evaluates the Curve25519 curve.
-     *
-     * @param result     Buffer to place the result of the evaluation into.
-     * @param offset     Offset into the result buffer.
-     * @param privateKey The private key to use in the evaluation.
-     * @param publicKey  The public key to use in the evaluation, or null
-     *                   if the base point of the curve should be used.
-     */
-    public static void eval(final byte[] result, final int offset,
-                            final byte[] privateKey, @Nullable final byte[] publicKey) {
-        final Curve25519 state = new Curve25519();
-        try {
-            // Unpack the public key value.  If null, use 9 as the base point.
-            Arrays.fill(state.x_1, 0);
-            if (publicKey != null) {
-                // Convert the input value from little-endian into 26-bit limbs.
-                for (int index = 0; index < 32; ++index) {
-                    final int bit = (index * 8) % 26;
-                    final int word = (index * 8) / 26;
-                    final int value = publicKey[index] & 0xFF;
-                    if (bit <= (26 - 8)) {
-                        state.x_1[word] |= value << bit;
-                    } else {
-                        state.x_1[word] |= value << bit;
-                        state.x_1[word] &= 0x03FFFFFF;
-                        state.x_1[word + 1] |= value >> (26 - bit);
-                    }
-                }
-
-                // Just in case, we reduce the number modulo 2^255 - 19 to
-                // make sure that it is in range of the field before we start.
-                // This eliminates values between 2^255 - 19 and 2^256 - 1.
-                state.reduceQuick(state.x_1);
-                state.reduceQuick(state.x_1);
-            } else {
-                state.x_1[0] = 9;
-            }
-
-            // Initialize the other temporary variables.
-            Arrays.fill(state.x_2, 0);            // x_2 = 1
-            state.x_2[0] = 1;
-            Arrays.fill(state.z_2, 0);            // z_2 = 0
-            System.arraycopy(state.x_1, 0, state.x_3, 0, state.x_1.length);  // x_3 = x_1
-            Arrays.fill(state.z_3, 0);            // z_3 = 1
-            state.z_3[0] = 1;
-
-            // Evaluate the curve for every bit of the private key.
-            state.evalCurve(privateKey);
-
-            // Compute x_2 * (z_2 ^ (p - 2)) where p = 2^255 - 19.
-            state.recip(state.z_3, state.z_2);
-            state.mul(state.x_2, state.x_2, state.z_3);
-
-            // Convert x_2 into little-endian in the result buffer.
-            for (int index = 0; index < 32; ++index) {
-                final int bit = (index * 8) % 26;
-                final int word = (index * 8) / 26;
-                if (bit <= (26 - 8))
-                    result[offset + index] = (byte) (state.x_2[word] >> bit);
-                else
-                    result[offset + index] = (byte) ((state.x_2[word] >> bit) | (state.x_2[word + 1] << (26 - bit)));
-            }
-        } finally {
-            // Clean up all temporary state before we exit.
-            state.destroy();
-        }
-    }
-
-    /**
-     * Subtracts two numbers modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The first number to subtract.
-     * @param y      The second number to subtract.
-     */
-    private static void sub(final int[] result, final int[] x, final int[] y) {
-        int index;
-        int borrow;
-
-        // Subtract y from x to generate the intermediate result.
-        borrow = 0;
-        for (index = 0; index < NUM_LIMBS_255BIT; ++index) {
-            borrow = x[index] - y[index] - ((borrow >> 26) & 0x01);
-            result[index] = borrow & 0x03FFFFFF;
-        }
-
-        // If we had a borrow, then the result has gone negative and we
-        // have to add 2^255 - 19 to the result to make it positive again.
-        // The top bits of "borrow" will be all 1's if there is a borrow
-        // or it will be all 0's if there was no borrow.  Easiest is to
-        // conditionally subtract 19 and then mask off the high bits.
-        borrow = result[0] - ((-((borrow >> 26) & 0x01)) & 19);
-        result[0] = borrow & 0x03FFFFFF;
-        for (index = 1; index < NUM_LIMBS_255BIT; ++index) {
-            borrow = result[index] - ((borrow >> 26) & 0x01);
-            result[index] = borrow & 0x03FFFFFF;
-        }
-        result[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
-    }
-
-    /**
-     * Adds two numbers modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The first number to add.
-     * @param y      The second number to add.
-     */
-    private void add(final int[] result, final int[] x, final int[] y) {
-        int carry = x[0] + y[0];
-        result[0] = carry & 0x03FFFFFF;
-        for (int index = 1; index < NUM_LIMBS_255BIT; ++index) {
-            carry = (carry >> 26) + x[index] + y[index];
-            result[index] = carry & 0x03FFFFFF;
-        }
-        reduceQuick(result);
-    }
-
-    /**
-     * Destroy all sensitive data in this object.
-     */
-    private void destroy() {
-        // Destroy all temporary variables.
-        Arrays.fill(x_1, 0);
-        Arrays.fill(x_2, 0);
-        Arrays.fill(x_3, 0);
-        Arrays.fill(z_2, 0);
-        Arrays.fill(z_3, 0);
-        Arrays.fill(A, 0);
-        Arrays.fill(B, 0);
-        Arrays.fill(C, 0);
-        Arrays.fill(D, 0);
-        Arrays.fill(E, 0);
-        Arrays.fill(AA, 0);
-        Arrays.fill(BB, 0);
-        Arrays.fill(DA, 0);
-        Arrays.fill(CB, 0);
-        Arrays.fill(t1, 0L);
-        Arrays.fill(t2, 0);
-    }
-
-    /**
-     * Evaluates the curve for every bit in a secret key.
-     *
-     * @param s The 32-byte secret key.
-     */
-    private void evalCurve(final byte[] s) {
-        int sposn = 31;
-        int sbit = 6;
-        int svalue = s[sposn] | 0x40;
-        int swap = 0;
-
-        // Iterate over all 255 bits of "s" from the highest to the lowest.
-        // We ignore the high bit of the 256-bit representation of "s".
-        while (true) {
-            // Conditional swaps on entry to this bit but only if we
-            // didn't swap on the previous bit.
-            final int select = (svalue >> sbit) & 0x01;
-            swap ^= select;
-            cswap(swap, x_2, x_3);
-            cswap(swap, z_2, z_3);
-            swap = select;
-
-            // Evaluate the curve.
-            add(A, x_2, z_2);               // A = x_2 + z_2
-            square(AA, A);                  // AA = A^2
-            sub(B, x_2, z_2);               // B = x_2 - z_2
-            square(BB, B);                  // BB = B^2
-            sub(E, AA, BB);                 // E = AA - BB
-            add(C, x_3, z_3);               // C = x_3 + z_3
-            sub(D, x_3, z_3);               // D = x_3 - z_3
-            mul(DA, D, A);                  // DA = D * A
-            mul(CB, C, B);                  // CB = C * B
-            add(x_3, DA, CB);               // x_3 = (DA + CB)^2
-            square(x_3, x_3);
-            sub(z_3, DA, CB);               // z_3 = x_1 * (DA - CB)^2
-            square(z_3, z_3);
-            mul(z_3, z_3, x_1);
-            mul(x_2, AA, BB);               // x_2 = AA * BB
-            mulA24(z_2, E);                 // z_2 = E * (AA + a24 * E)
-            add(z_2, z_2, AA);
-            mul(z_2, z_2, E);
-
-            // Move onto the next lower bit of "s".
-            if (sbit > 0) {
-                --sbit;
-            } else if (sposn == 0) {
-                break;
-            } else if (sposn == 1) {
-                --sposn;
-                svalue = s[sposn] & 0xF8;
-                sbit = 7;
-            } else {
-                --sposn;
-                svalue = s[sposn];
-                sbit = 7;
-            }
-        }
-
-        // Final conditional swaps.
-        cswap(swap, x_2, x_3);
-        cswap(swap, z_2, z_3);
-    }
-
-    /**
-     * Multiplies two numbers modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The first number to multiply.
-     * @param y      The second number to multiply.
-     */
-    private void mul(final int[] result, final int[] x, final int[] y) {
-        // Multiply the two numbers to create the intermediate result.
-        long v = x[0];
-        for (int i = 0; i < NUM_LIMBS_255BIT; ++i) {
-            t1[i] = v * y[i];
-        }
-        for (int i = 1; i < NUM_LIMBS_255BIT; ++i) {
-            v = x[i];
-            for (int j = 0; j < (NUM_LIMBS_255BIT - 1); ++j) {
-                t1[i + j] += v * y[j];
-            }
-            t1[i + NUM_LIMBS_255BIT - 1] = v * y[NUM_LIMBS_255BIT - 1];
-        }
-
-        // Propagate carries and convert back into 26-bit words.
-        v = t1[0];
-        t2[0] = ((int) v) & 0x03FFFFFF;
-        for (int i = 1; i < NUM_LIMBS_510BIT; ++i) {
-            v = (v >> 26) + t1[i];
-            t2[i] = ((int) v) & 0x03FFFFFF;
-        }
-
-        // Reduce the result modulo 2^255 - 19.
-        reduce(result, t2, NUM_LIMBS_255BIT);
-    }
-
-    /**
-     * Multiplies a number by the a24 constant, modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The number to multiply by a24.
-     */
-    private void mulA24(final int[] result, final int[] x) {
-        final long a24 = 121665;
-        long carry = 0;
-        for (int index = 0; index < NUM_LIMBS_255BIT; ++index) {
-            carry += a24 * x[index];
-            t2[index] = ((int) carry) & 0x03FFFFFF;
-            carry >>= 26;
-        }
-        t2[NUM_LIMBS_255BIT] = ((int) carry) & 0x03FFFFFF;
-        reduce(result, t2, 1);
-    }
-
-    /**
-     * Raise x to the power of (2^250 - 1).
-     *
-     * @param result The result.  Must not overlap with x.
-     * @param x      The argument.
-     */
-    private void pow250(final int[] result, final int[] x) {
-        // The big-endian hexadecimal expansion of (2^250 - 1) is:
-        // 03FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
-        //
-        // The naive implementation needs to do 2 multiplications per 1 bit and
-        // 1 multiplication per 0 bit.  We can improve upon this by creating a
-        // pattern 0000000001 ... 0000000001.  If we square and multiply the
-        // pattern by itself we can turn the pattern into the partial results
-        // 0000000011 ... 0000000011, 0000000111 ... 0000000111, etc.
-        // This averages out to about 1.1 multiplications per 1 bit instead of 2.
-
-        // Build a pattern of 250 bits in length of repeated copies of 0000000001.
-        square(A, x);
-        for (int j = 0; j < 9; ++j)
-            square(A, A);
-        mul(result, A, x);
-        for (int i = 0; i < 23; ++i) {
-            for (int j = 0; j < 10; ++j)
-                square(A, A);
-            mul(result, result, A);
-        }
-
-        // Multiply bit-shifted versions of the 0000000001 pattern into
-        // the result to "fill in" the gaps in the pattern.
-        square(A, result);
-        mul(result, result, A);
-        for (int j = 0; j < 8; ++j) {
-            square(A, A);
-            mul(result, result, A);
-        }
-    }
-
-    /**
-     * Computes the reciprocal of a number modulo 2^255 - 19.
-     *
-     * @param result The result.  Must not overlap with x.
-     * @param x      The argument.
-     */
-    private void recip(final int[] result, final int[] x) {
-        // The reciprocal is the same as x ^ (p - 2) where p = 2^255 - 19.
-        // The big-endian hexadecimal expansion of (p - 2) is:
-        // 7FFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFEB
-        // Start with the 250 upper bits of the expansion of (p - 2).
-        pow250(result, x);
-
-        // Deal with the 5 lowest bits of (p - 2), 01011, from highest to lowest.
-        square(result, result);
-        square(result, result);
-        mul(result, result, x);
-        square(result, result);
-        square(result, result);
-        mul(result, result, x);
-        square(result, result);
-        mul(result, result, x);
-    }
-
-    /**
-     * Reduce a number modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The value to be reduced.  This array will be
-     *               modified during the reduction.
-     * @param size   The number of limbs in the high order half of x.
-     */
-    private void reduce(final int[] result, final int[] x, final int size) {
-        // Calculate (x mod 2^255) + ((x / 2^255) * 19) which will
-        // either produce the answer we want or it will produce a
-        // value of the form "answer + j * (2^255 - 19)".  There are
-        // 5 left-over bits in the top-most limb of the bottom half.
-        int carry = 0;
-        int limb = x[NUM_LIMBS_255BIT - 1] >> 21;
-        x[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
-        for (int index = 0; index < size; ++index) {
-            limb += x[NUM_LIMBS_255BIT + index] << 5;
-            carry += (limb & 0x03FFFFFF) * 19 + x[index];
-            x[index] = carry & 0x03FFFFFF;
-            limb >>= 26;
-            carry >>= 26;
-        }
-        if (size < NUM_LIMBS_255BIT) {
-            // The high order half of the number is short; e.g. for mulA24().
-            // Propagate the carry through the rest of the low order part.
-            for (int index = size; index < NUM_LIMBS_255BIT; ++index) {
-                carry += x[index];
-                x[index] = carry & 0x03FFFFFF;
-                carry >>= 26;
-            }
-        }
-
-        // The "j" value may still be too large due to the final carry-out.
-        // We must repeat the reduction.  If we already have the answer,
-        // then this won't do any harm but we must still do the calculation
-        // to preserve the overall timing.  The "j" value will be between
-        // 0 and 19, which means that the carry we care about is in the
-        // top 5 bits of the highest limb of the bottom half.
-        carry = (x[NUM_LIMBS_255BIT - 1] >> 21) * 19;
-        x[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
-        for (int index = 0; index < NUM_LIMBS_255BIT; ++index) {
-            carry += x[index];
-            result[index] = carry & 0x03FFFFFF;
-            carry >>= 26;
-        }
-
-        // At this point "x" will either be the answer or it will be the
-        // answer plus (2^255 - 19).  Perform a trial subtraction to
-        // complete the reduction process.
-        reduceQuick(result);
-    }
-
-    /**
-     * Reduces a number modulo 2^255 - 19 where it is known that the
-     * number can be reduced with only 1 trial subtraction.
-     *
-     * @param x The number to reduce, and the result.
-     */
-    private void reduceQuick(final int[] x) {
-        // Perform a trial subtraction of (2^255 - 19) from "x" which is
-        // equivalent to adding 19 and subtracting 2^255.  We add 19 here;
-        // the subtraction of 2^255 occurs in the next step.
-        int carry = 19;
-        for (int index = 0; index < NUM_LIMBS_255BIT; ++index) {
-            carry += x[index];
-            t2[index] = carry & 0x03FFFFFF;
-            carry >>= 26;
-        }
-
-        // If there was a borrow, then the original "x" is the correct answer.
-        // If there was no borrow, then "t2" is the correct answer.  Select the
-        // correct answer but do it in a way that instruction timing will not
-        // reveal which value was selected.  Borrow will occur if bit 21 of
-        // "t2" is zero.  Turn the bit into a selection mask.
-        final int mask = -((t2[NUM_LIMBS_255BIT - 1] >> 21) & 0x01);
-        final int nmask = ~mask;
-        t2[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
-        for (int index = 0; index < NUM_LIMBS_255BIT; ++index)
-            x[index] = (x[index] & nmask) | (t2[index] & mask);
-    }
-
-    /**
-     * Squares a number modulo 2^255 - 19.
-     *
-     * @param result The result.
-     * @param x      The number to square.
-     */
-    private void square(final int[] result, final int[] x) {
-        mul(result, x, x);
-    }
-}
diff --git a/app/src/main/java/com/wireguard/crypto/Ed25519.java b/app/src/main/java/com/wireguard/crypto/Ed25519.java
deleted file mode 100644
index a60babfbb..000000000
--- a/app/src/main/java/com/wireguard/crypto/Ed25519.java
+++ /dev/null
@@ -1,2508 +0,0 @@
-/*
- * Copyright © 2020 WireGuard LLC. All Rights Reserved.
- * Copyright 2017 Google Inc.
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package com.wireguard.crypto;
-
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.util.Arrays;
-
-/**
- * Implementation of Ed25519 signature verification.
- *
- * <p>This implementation is based on the ed25519/ref10 implementation in NaCl.</p>
- *
- * <p>It implements this twisted Edwards curve:
- *
- * <pre>
- * -x^2 + y^2 = 1 + (-121665 / 121666 mod 2^255-19)*x^2*y^2
- * </pre>
- *
- * @see <a href="https://eprint.iacr.org/2008/013.pdf">Bernstein D.J., Birkner P., Joye M., Lange
- * T., Peters C. (2008) Twisted Edwards Curves</a>
- * @see <a href="https://eprint.iacr.org/2008/522.pdf">Hisil H., Wong K.KH., Carter G., Dawson E.
- * (2008) Twisted Edwards Curves Revisited</a>
- */
-public final class Ed25519 {
-
-    // d = -121665 / 121666 mod 2^255-19
-    private static final long[] D;
-    // 2d
-    private static final long[] D2;
-    // 2^((p-1)/4) mod p where p = 2^255-19
-    private static final long[] SQRTM1;
-
-    /**
-     * Base point for the Edwards twisted curve = (x, 4/5) and its exponentiations. B_TABLE[i][j] =
-     * (j+1)*256^i*B for i in [0, 32) and j in [0, 8). Base point B = B_TABLE[0][0]
-     */
-    private static final CachedXYT[][] B_TABLE;
-    private static final CachedXYT[] B2;
-
-    private static final BigInteger P_BI =
-            BigInteger.valueOf(2).pow(255).subtract(BigInteger.valueOf(19));
-    private static final BigInteger D_BI =
-            BigInteger.valueOf(-121665).multiply(BigInteger.valueOf(121666).modInverse(P_BI)).mod(P_BI);
-    private static final BigInteger D2_BI = BigInteger.valueOf(2).multiply(D_BI).mod(P_BI);
-    private static final BigInteger SQRTM1_BI =
-            BigInteger.valueOf(2).modPow(P_BI.subtract(BigInteger.ONE).divide(BigInteger.valueOf(4)), P_BI);
-
-    private Ed25519() {
-    }
-
-    private static class Point {
-        private BigInteger x;
-        private BigInteger y;
-    }
-
-    private static BigInteger recoverX(BigInteger y) {
-        // x^2 = (y^2 - 1) / (d * y^2 + 1) mod 2^255-19
-        BigInteger xx =
-                y.pow(2)
-                        .subtract(BigInteger.ONE)
-                        .multiply(D_BI.multiply(y.pow(2)).add(BigInteger.ONE).modInverse(P_BI));
-        BigInteger x = xx.modPow(P_BI.add(BigInteger.valueOf(3)).divide(BigInteger.valueOf(8)), P_BI);
-        if (!x.pow(2).subtract(xx).mod(P_BI).equals(BigInteger.ZERO)) {
-            x = x.multiply(SQRTM1_BI).mod(P_BI);
-        }
-        if (x.testBit(0)) {
-            x = P_BI.subtract(x);
-        }
-        return x;
-    }
-
-    private static Point edwards(Point a, Point b) {
-        Point o = new Point();
-        BigInteger xxyy = D_BI.multiply(a.x.multiply(b.x).multiply(a.y).multiply(b.y)).mod(P_BI);
-        o.x =
-                (a.x.multiply(b.y).add(b.x.multiply(a.y)))
-                        .multiply(BigInteger.ONE.add(xxyy).modInverse(P_BI))
-                        .mod(P_BI);
-        o.y =
-                (a.y.multiply(b.y).add(a.x.multiply(b.x)))
-                        .multiply(BigInteger.ONE.subtract(xxyy).modInverse(P_BI))
-                        .mod(P_BI);
-        return o;
-    }
-
-    private static byte[] toLittleEndian(BigInteger n) {
-        byte[] b = new byte[32];
-        byte[] nBytes = n.toByteArray();
-        System.arraycopy(nBytes, 0, b, 32 - nBytes.length, nBytes.length);
-        for (int i = 0; i < b.length / 2; i++) {
-            byte t = b[i];
-            b[i] = b[b.length - i - 1];
-            b[b.length - i - 1] = t;
-        }
-        return b;
-    }
-
-    private static CachedXYT getCachedXYT(Point p) {
-        return new CachedXYT(
-                Field25519.expand(toLittleEndian(p.y.add(p.x).mod(P_BI))),
-                Field25519.expand(toLittleEndian(p.y.subtract(p.x).mod(P_BI))),
-                Field25519.expand(toLittleEndian(D2_BI.multiply(p.x).multiply(p.y).mod(P_BI))));
-    }
-
-    static {
-        Point b = new Point();
-        b.y = BigInteger.valueOf(4).multiply(BigInteger.valueOf(5).modInverse(P_BI)).mod(P_BI);
-        b.x = recoverX(b.y);
-
-        D = Field25519.expand(toLittleEndian(D_BI));
-        D2 = Field25519.expand(toLittleEndian(D2_BI));
-        SQRTM1 = Field25519.expand(toLittleEndian(SQRTM1_BI));
-
-        Point bi = b;
-        B_TABLE = new CachedXYT[32][8];
-        for (int i = 0; i < 32; i++) {
-            Point bij = bi;
-            for (int j = 0; j < 8; j++) {
-                B_TABLE[i][j] = getCachedXYT(bij);
-                bij = edwards(bij, bi);
-            }
-            for (int j = 0; j < 8; j++) {
-                bi = edwards(bi, bi);
-            }
-        }
-        bi = b;
-        Point b2 = edwards(b, b);
-        B2 = new CachedXYT[8];
-        for (int i = 0; i < 8; i++) {
-            B2[i] = getCachedXYT(bi);
-            bi = edwards(bi, b2);
-        }
-    }
-
-    private static final int PUBLIC_KEY_LEN = Field25519.FIELD_LEN;
-    private static final int SIGNATURE_LEN = Field25519.FIELD_LEN * 2;
-
-    /**
-     * Defines field 25519 function based on <a
-     * href="https://github.com/agl/curve25519-donna/blob/master/curve25519-donna.c">curve25519-donna C
-     * implementation</a> (mostly identical).
-     *
-     * <p>Field elements are written as an array of signed, 64-bit limbs (an array of longs), least
-     * significant first. The value of the field element is:
-     *
-     * <pre>
-     * x[0] + 2^26·x[1] + 2^51·x[2] + 2^77·x[3] + 2^102·x[4] + 2^128·x[5] + 2^153·x[6] + 2^179·x[7] +
-     * 2^204·x[8] + 2^230·x[9],
-     * </pre>
-     *
-     * <p>i.e. the limbs are 26, 25, 26, 25, ... bits wide.
-     */
-    private static final class Field25519 {
-        /**
-         * During Field25519 computation, the mixed radix representation may be in different forms:
-         * <ul>
-         *  <li> Reduced-size form: the array has size at most 10.
-         *  <li> Non-reduced-size form: the array is not reduced modulo 2^255 - 19 and has size at most
-         *  19.
-         * </ul>
-         * <p>
-         * TODO(quannguyen):
-         * <ul>
-         *  <li> Clarify ill-defined terminologies.
-         *  <li> The reduction procedure is different from DJB's paper
-         *  (http://cr.yp.to/ecdh/curve25519-20060209.pdf). The coefficients after reducing degree and
-         *  reducing coefficients aren't guaranteed to be in range {-2^25, ..., 2^25}. We should check to
-         *  see what's going on.
-         *  <li> Consider using method mult() everywhere and making product() private.
-         * </ul>
-         */
-
-        static final int FIELD_LEN = 32;
-        static final int LIMB_CNT = 10;
-        private static final long TWO_TO_25 = 1 << 25;
-        private static final long TWO_TO_26 = TWO_TO_25 << 1;
-
-        private static final int[] EXPAND_START = {0, 3, 6, 9, 12, 16, 19, 22, 25, 28};
-        private static final int[] EXPAND_SHIFT = {0, 2, 3, 5, 6, 0, 1, 3, 4, 6};
-        private static final int[] MASK = {0x3ffffff, 0x1ffffff};
-        private static final int[] SHIFT = {26, 25};
-
-        /**
-         * Sums two numbers: output = in1 + in2
-         * <p>
-         * On entry: in1, in2 are in reduced-size form.
-         */
-        static void sum(long[] output, long[] in1, long[] in2) {
-            for (int i = 0; i < LIMB_CNT; i++) {
-                output[i] = in1[i] + in2[i];
-            }
-        }
-
-        /**
-         * Sums two numbers: output += in
-         * <p>
-         * On entry: in is in reduced-size form.
-         */
-        static void sum(long[] output, long[] in) {
-            sum(output, output, in);
-        }
-
-        /**
-         * Find the difference of two numbers: output = in1 - in2
-         * (note the order of the arguments!).
-         * <p>
-         * On entry: in1, in2 are in reduced-size form.
-         */
-        static void sub(long[] output, long[] in1, long[] in2) {
-            for (int i = 0; i < LIMB_CNT; i++) {
-                output[i] = in1[i] - in2[i];
-            }
-        }
-
-        /**
-         * Find the difference of two numbers: output = in - output
-         * (note the order of the arguments!).
-         * <p>
-         * On entry: in, output are in reduced-size form.
-         */
-        static void sub(long[] output, long[] in) {
-            sub(output, in, output);
-        }
-
-        /**
-         * Multiply a number by a scalar: output = in * scalar
-         */
-        static void scalarProduct(long[] output, long[] in, long scalar) {
-            for (int i = 0; i < LIMB_CNT; i++) {
-                output[i] = in[i] * scalar;
-            }
-        }
-
-        /**
-         * Multiply two numbers: out = in2 * in
-         * <p>
-         * output must be distinct to both inputs. The inputs are reduced coefficient form,
-         * the output is not.
-         * <p>
-         * out[x] <= 14 * the largest product of the input limbs.
-         */
-        static void product(long[] out, long[] in2, long[] in) {
-            out[0] = in2[0] * in[0];
-            out[1] = in2[0] * in[1]
-                    + in2[1] * in[0];
-            out[2] = 2 * in2[1] * in[1]
-                    + in2[0] * in[2]
-                    + in2[2] * in[0];
-            out[3] = in2[1] * in[2]
-                    + in2[2] * in[1]
-                    + in2[0] * in[3]
-                    + in2[3] * in[0];
-            out[4] = in2[2] * in[2]
-                    + 2 * (in2[1] * in[3] + in2[3] * in[1])
-                    + in2[0] * in[4]
-                    + in2[4] * in[0];
-            out[5] = in2[2] * in[3]
-                    + in2[3] * in[2]
-                    + in2[1] * in[4]
-                    + in2[4] * in[1]
-                    + in2[0] * in[5]
-                    + in2[5] * in[0];
-            out[6] = 2 * (in2[3] * in[3] + in2[1] * in[5] + in2[5] * in[1])
-                    + in2[2] * in[4]
-                    + in2[4] * in[2]
-                    + in2[0] * in[6]
-                    + in2[6] * in[0];
-            out[7] = in2[3] * in[4]
-                    + in2[4] * in[3]
-                    + in2[2] * in[5]
-                    + in2[5] * in[2]
-                    + in2[1] * in[6]
-                    + in2[6] * in[1]
-                    + in2[0] * in[7]
-                    + in2[7] * in[0];
-            out[8] = in2[4] * in[4]
-                    + 2 * (in2[3] * in[5] + in2[5] * in[3] + in2[1] * in[7] + in2[7] * in[1])
-                    + in2[2] * in[6]
-                    + in2[6] * in[2]
-                    + in2[0] * in[8]
-                    + in2[8] * in[0];
-            out[9] = in2[4] * in[5]
-                    + in2[5] * in[4]
-                    + in2[3] * in[6]
-                    + in2[6] * in[3]
-                    + in2[2] * in[7]
-                    + in2[7] * in[2]
-                    + in2[1] * in[8]
-                    + in2[8] * in[1]
-                    + in2[0] * in[9]
-                    + in2[9] * in[0];
-            out[10] =
-                    2 * (in2[5] * in[5] + in2[3] * in[7] + in2[7] * in[3] + in2[1] * in[9] + in2[9] * in[1])
-                            + in2[4] * in[6]
-                            + in2[6] * in[4]
-                            + in2[2] * in[8]
-                            + in2[8] * in[2];
-            out[11] = in2[5] * in[6]
-                    + in2[6] * in[5]
-                    + in2[4] * in[7]
-                    + in2[7] * in[4]
-                    + in2[3] * in[8]
-                    + in2[8] * in[3]
-                    + in2[2] * in[9]
-                    + in2[9] * in[2];
-            out[12] = in2[6] * in[6]
-                    + 2 * (in2[5] * in[7] + in2[7] * in[5] + in2[3] * in[9] + in2[9] * in[3])
-                    + in2[4] * in[8]
-                    + in2[8] * in[4];
-            out[13] = in2[6] * in[7]
-                    + in2[7] * in[6]
-                    + in2[5] * in[8]
-                    + in2[8] * in[5]
-                    + in2[4] * in[9]
-                    + in2[9] * in[4];
-            out[14] = 2 * (in2[7] * in[7] + in2[5] * in[9] + in2[9] * in[5])
-                    + in2[6] * in[8]
-                    + in2[8] * in[6];
-            out[15] = in2[7] * in[8]
-                    + in2[8] * in[7]
-                    + in2[6] * in[9]
-                    + in2[9] * in[6];
-            out[16] = in2[8] * in[8]
-                    + 2 * (in2[7] * in[9] + in2[9] * in[7]);
-            out[17] = in2[8] * in[9]
-                    + in2[9] * in[8];
-            out[18] = 2 * in2[9] * in[9];
-        }
-
-        /**
-         * Reduce a field element by calling reduceSizeByModularReduction and reduceCoefficients.
-         *
-         * @param input  An input array of any length. If the array has 19 elements, it will be used as
-         *               temporary buffer and its contents changed.
-         * @param output An output array of size LIMB_CNT. After the call |output[i]| < 2^26 will hold.
-         */
-        static void reduce(long[] input, long[] output) {
-            long[] tmp;
-            if (input.length == 19) {
-                tmp = input;
-            } else {
-                tmp = new long[19];
-                System.arraycopy(input, 0, tmp, 0, input.length);
-            }
-            reduceSizeByModularReduction(tmp);
-            reduceCoefficients(tmp);
-            System.arraycopy(tmp, 0, output, 0, LIMB_CNT);
-        }
-
-        /**
-         * Reduce a long form to a reduced-size form by taking the input mod 2^255 - 19.
-         * <p>
-         * On entry: |output[i]| < 14*2^54
-         * On exit: |output[0..8]| < 280*2^54
-         */
-        static void reduceSizeByModularReduction(long[] output) {
-            // The coefficients x[10], x[11],..., x[18] are eliminated by reduction modulo 2^255 - 19.
-            // For example, the coefficient x[18] is multiplied by 19 and added to the coefficient x[8].
-            //
-            // Each of these shifts and adds ends up multiplying the value by 19.
-            //
-            // For output[0..8], the absolute entry value is < 14*2^54 and we add, at most, 19*14*2^54 thus,
-            // on exit, |output[0..8]| < 280*2^54.
-            output[8] += output[18] << 4;
-            output[8] += output[18] << 1;
-            output[8] += output[18];
-            output[7] += output[17] << 4;
-            output[7] += output[17] << 1;
-            output[7] += output[17];
-            output[6] += output[16] << 4;
-            output[6] += output[16] << 1;
-            output[6] += output[16];
-            output[5] += output[15] << 4;
-            output[5] += output[15] << 1;
-            output[5] += output[15];
-            output[4] += output[14] << 4;
-            output[4] += output[14] << 1;
-            output[4] += output[14];
-            output[3] += output[13] << 4;
-            output[3] += output[13] << 1;
-            output[3] += output[13];
-            output[2] += output[12] << 4;
-            output[2] += output[12] << 1;
-            output[2] += output[12];
-            output[1] += output[11] << 4;
-            output[1] += output[11] << 1;
-            output[1] += output[11];
-            output[0] += output[10] << 4;
-            output[0] += output[10] << 1;
-            output[0] += output[10];
-        }
-
-        /**
-         * Reduce all coefficients of the short form input so that |x| < 2^26.
-         * <p>
-         * On entry: |output[i]| < 280*2^54
-         */
-        static void reduceCoefficients(long[] output) {
-            output[10] = 0;
-
-            for (int i = 0; i < LIMB_CNT; i += 2) {
-                long over = output[i] / TWO_TO_26;
-                // The entry condition (that |output[i]| < 280*2^54) means that over is, at most, 280*2^28 in
-                // the first iteration of this loop. This is added to the next limb and we can approximate the
-                // resulting bound of that limb by 281*2^54.
-                output[i] -= over << 26;
-                output[i + 1] += over;
-
-                // For the first iteration, |output[i+1]| < 281*2^54, thus |over| < 281*2^29. When this is
-                // added to the next limb, the resulting bound can be approximated as 281*2^54.
-                //
-                // For subsequent iterations of the loop, 281*2^54 remains a conservative bound and no
-                // overflow occurs.
-                over = output[i + 1] / TWO_TO_25;
-                output[i + 1] -= over << 25;
-                output[i + 2] += over;
-            }
-            // Now |output[10]| < 281*2^29 and all other coefficients are reduced.
-            output[0] += output[10] << 4;
-            output[0] += output[10] << 1;
-            output[0] += output[10];
-
-            output[10] = 0;
-            // Now output[1..9] are reduced, and |output[0]| < 2^26 + 19*281*2^29 so |over| will be no more
-            // than 2^16.
-            long over = output[0] / TWO_TO_26;
-            output[0] -= over << 26;
-            output[1] += over;
-            // Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 2^16 < 2^26. The bound on
-            // |output[1]| is sufficient to meet our needs.
-        }
-
-        /**
-         * A helpful wrapper around {@ref Field25519#product}: output = in * in2.
-         * <p>
-         * On entry: |in[i]| < 2^27 and |in2[i]| < 2^27.
-         * <p>
-         * The output is reduced degree (indeed, one need only provide storage for 10 limbs) and
-         * |output[i]| < 2^26.
-         */
-        static void mult(long[] output, long[] in, long[] in2) {
-            long[] t = new long[19];
-            product(t, in, in2);
-            // |t[i]| < 2^26
-            reduce(t, output);
-        }
-
-        /**
-         * Square a number: out = in**2
-         * <p>
-         * output must be distinct from the input. The inputs are reduced coefficient form, the output is
-         * not.
-         * <p>
-         * out[x] <= 14 * the largest product of the input limbs.
-         */
-        private static void squareInner(long[] out, long[] in) {
-            out[0] = in[0] * in[0];
-            out[1] = 2 * in[0] * in[1];
-            out[2] = 2 * (in[1] * in[1] + in[0] * in[2]);
-            out[3] = 2 * (in[1] * in[2] + in[0] * in[3]);
-            out[4] = in[2] * in[2]
-                    + 4 * in[1] * in[3]
-                    + 2 * in[0] * in[4];
-            out[5] = 2 * (in[2] * in[3] + in[1] * in[4] + in[0] * in[5]);
-            out[6] = 2 * (in[3] * in[3] + in[2] * in[4] + in[0] * in[6] + 2 * in[1] * in[5]);
-            out[7] = 2 * (in[3] * in[4] + in[2] * in[5] + in[1] * in[6] + in[0] * in[7]);
-            out[8] = in[4] * in[4]
-                    + 2 * (in[2] * in[6] + in[0] * in[8] + 2 * (in[1] * in[7] + in[3] * in[5]));
-            out[9] = 2 * (in[4] * in[5] + in[3] * in[6] + in[2] * in[7] + in[1] * in[8] + in[0] * in[9]);
-            out[10] = 2 * (in[5] * in[5]
-                    + in[4] * in[6]
-                    + in[2] * in[8]
-                    + 2 * (in[3] * in[7] + in[1] * in[9]));
-            out[11] = 2 * (in[5] * in[6] + in[4] * in[7] + in[3] * in[8] + in[2] * in[9]);
-            out[12] = in[6] * in[6]
-                    + 2 * (in[4] * in[8] + 2 * (in[5] * in[7] + in[3] * in[9]));
-            out[13] = 2 * (in[6] * in[7] + in[5] * in[8] + in[4] * in[9]);
-            out[14] = 2 * (in[7] * in[7] + in[6] * in[8] + 2 * in[5] * in[9]);
-            out[15] = 2 * (in[7] * in[8] + in[6] * in[9]);
-            out[16] = in[8] * in[8] + 4 * in[7] * in[9];
-            out[17] = 2 * in[8] * in[9];
-            out[18] = 2 * in[9] * in[9];
-        }
-
-        /**
-         * Returns in^2.
-         * <p>
-         * On entry: The |in| argument is in reduced coefficients form and |in[i]| < 2^27.
-         * <p>
-         * On exit: The |output| argument is in reduced coefficients form (indeed, one need only provide
-         * storage for 10 limbs) and |out[i]| < 2^26.
-         */
-        static void square(long[] output, long[] in) {
-            long[] t = new long[19];
-            squareInner(t, in);
-            // |t[i]| < 14*2^54 because the largest product of two limbs will be < 2^(27+27) and SquareInner
-            // adds together, at most, 14 of those products.
-            reduce(t, output);
-        }
-
-        /**
-         * Takes a little-endian, 32-byte number and expands it into mixed radix form.
-         */
-        static long[] expand(byte[] input) {
-            long[] output = new long[LIMB_CNT];
-            for (int i = 0; i < LIMB_CNT; i++) {
-                output[i] = ((((long) (input[EXPAND_START[i]] & 0xff))
-                        | ((long) (input[EXPAND_START[i] + 1] & 0xff)) << 8
-                        | ((long) (input[EXPAND_START[i] + 2] & 0xff)) << 16
-                        | ((long) (input[EXPAND_START[i] + 3] & 0xff)) << 24) >> EXPAND_SHIFT[i]) & MASK[i & 1];
-            }
-            return output;
-        }
-
-        /**
-         * Takes a fully reduced mixed radix form number and contract it into a little-endian, 32-byte
-         * array.
-         * <p>
-         * On entry: |input_limbs[i]| < 2^26
-         */
-        @SuppressWarnings("NarrowingCompoundAssignment")
-        static byte[] contract(long[] inputLimbs) {
-            long[] input = Arrays.copyOf(inputLimbs, LIMB_CNT);
-            for (int j = 0; j < 2; j++) {
-                for (int i = 0; i < 9; i++) {
-                    // This calculation is a time-invariant way to make input[i] non-negative by borrowing
-                    // from the next-larger limb.
-                    int carry = -(int) ((input[i] & (input[i] >> 31)) >> SHIFT[i & 1]);
-                    input[i] = input[i] + (carry << SHIFT[i & 1]);
-                    input[i + 1] -= carry;
-                }
-
-                // There's no greater limb for input[9] to borrow from, but we can multiply by 19 and borrow
-                // from input[0], which is valid mod 2^255-19.
-                {
-                    int carry = -(int) ((input[9] & (input[9] >> 31)) >> 25);
-                    input[9] += (carry << 25);
-                    input[0] -= (carry * 19);
-                }
-
-                // After the first iteration, input[1..9] are non-negative and fit within 25 or 26 bits,
-                // depending on position. However, input[0] may be negative.
-            }
-
-            // The first borrow-propagation pass above ended with every limb except (possibly) input[0]
-            // non-negative.
-            //
-            // If input[0] was negative after the first pass, then it was because of a carry from input[9].
-            // On entry, input[9] < 2^26 so the carry was, at most, one, since (2**26-1) >> 25 = 1. Thus
-            // input[0] >= -19.
-            //
-            // In the second pass, each limb is decreased by at most one. Thus the second borrow-propagation
-            // pass could only have wrapped around to decrease input[0] again if the first pass left
-            // input[0] negative *and* input[1] through input[9] were all zero.  In that case, input[1] is
-            // now 2^25 - 1, and this last borrow-propagation step will leave input[1] non-negative.
-            {
-                int carry = -(int) ((input[0] & (input[0] >> 31)) >> 26);
-                input[0] += (carry << 26);
-                input[1] -= carry;
-            }
-
-            // All input[i] are now non-negative. However, there might be values between 2^25 and 2^26 in a
-            // limb which is, nominally, 25 bits wide.
-            for (int j = 0; j < 2; j++) {
-                for (int i = 0; i < 9; i++) {
-                    int carry = (int) (input[i] >> SHIFT[i & 1]);
-                    input[i] &= MASK[i & 1];
-                    input[i + 1] += carry;
-                }
-            }
-
-            {
-                int carry = (int) (input[9] >> 25);
-                input[9] &= 0x1ffffff;
-                input[0] += 19 * carry;
-            }
-
-            // If the first carry-chain pass, just above, ended up with a carry from input[9], and that
-            // caused input[0] to be out-of-bounds, then input[0] was < 2^26 + 2*19, because the carry was,
-            // at most, two.
-            //
-            // If the second pass carried from input[9] again then input[0] is < 2*19 and the input[9] ->
-            // input[0] carry didn't push input[0] out of bounds.
-
-            // It still remains the case that input might be between 2^255-19 and 2^255. In this case,
-            // input[1..9] must take their maximum value and input[0] must be >= (2^255-19) & 0x3ffffff,
-            // which is 0x3ffffed.
-            int mask = gte((int) input[0], 0x3ffffed);
-            for (int i = 1; i < LIMB_CNT; i++) {
-                mask &= eq((int) input[i], MASK[i & 1]);
-            }
-
-            // mask is either 0xffffffff (if input >= 2^255-19) and zero otherwise. Thus this conditionally
-            // subtracts 2^255-19.
-            input[0] -= mask & 0x3ffffed;
-            input[1] -= mask & 0x1ffffff;
-            for (int i = 2; i < LIMB_CNT; i += 2) {
-                input[i] -= mask & 0x3ffffff;
-                input[i + 1] -= mask & 0x1ffffff;
-            }
-
-            for (int i = 0; i < LIMB_CNT; i++) {
-                input[i] <<= EXPAND_SHIFT[i];
-            }
-            byte[] output = new byte[FIELD_LEN];
-            for (int i = 0; i < LIMB_CNT; i++) {
-                output[EXPAND_START[i]] |= input[i] & 0xff;
-                output[EXPAND_START[i] + 1] |= (input[i] >> 8) & 0xff;
-                output[EXPAND_START[i] + 2] |= (input[i] >> 16) & 0xff;
-                output[EXPAND_START[i] + 3] |= (input[i] >> 24) & 0xff;
-            }
-            return output;
-        }
-
-        /**
-         * Computes inverse of z = z(2^255 - 21)
-         * <p>
-         * Shamelessly copied from agl's code which was shamelessly copied from djb's code. Only the
-         * comment format and the variable namings are different from those.
-         */
-        static void inverse(long[] out, long[] z) {
-            long[] z2 = new long[Field25519.LIMB_CNT];
-            long[] z9 = new long[Field25519.LIMB_CNT];
-            long[] z11 = new long[Field25519.LIMB_CNT];
-            long[] z2To5Minus1 = new long[Field25519.LIMB_CNT];
-            long[] z2To10Minus1 = new long[Field25519.LIMB_CNT];
-            long[] z2To20Minus1 = new long[Field25519.LIMB_CNT];
-            long[] z2To50Minus1 = new long[Field25519.LIMB_CNT];
-            long[] z2To100Minus1 = new long[Field25519.LIMB_CNT];
-            long[] t0 = new long[Field25519.LIMB_CNT];
-            long[] t1 = new long[Field25519.LIMB_CNT];
-
-            square(z2, z);                          // 2
-            square(t1, z2);                         // 4
-            square(t0, t1);                         // 8
-            mult(z9, t0, z);                        // 9
-            mult(z11, z9, z2);                      // 11
-            square(t0, z11);                        // 22
-            mult(z2To5Minus1, t0, z9);              // 2^5 - 2^0 = 31
-
-            square(t0, z2To5Minus1);                // 2^6 - 2^1
-            square(t1, t0);                         // 2^7 - 2^2
-            square(t0, t1);                         // 2^8 - 2^3
-            square(t1, t0);                         // 2^9 - 2^4
-            square(t0, t1);                         // 2^10 - 2^5
-            mult(z2To10Minus1, t0, z2To5Minus1);    // 2^10 - 2^0
-
-            square(t0, z2To10Minus1);               // 2^11 - 2^1
-            square(t1, t0);                         // 2^12 - 2^2
-            for (int i = 2; i < 10; i += 2) {       // 2^20 - 2^10
-                square(t0, t1);
-                square(t1, t0);
-            }
-            mult(z2To20Minus1, t1, z2To10Minus1);   // 2^20 - 2^0
-
-            square(t0, z2To20Minus1);               // 2^21 - 2^1
-            square(t1, t0);                         // 2^22 - 2^2
-            for (int i = 2; i < 20; i += 2) {       // 2^40 - 2^20
-                square(t0, t1);
-                square(t1, t0);
-            }
-            mult(t0, t1, z2To20Minus1);             // 2^40 - 2^0
-
-            square(t1, t0);                         // 2^41 - 2^1
-            square(t0, t1);                         // 2^42 - 2^2
-            for (int i = 2; i < 10; i += 2) {       // 2^50 - 2^10
-                square(t1, t0);
-                square(t0, t1);
-            }
-            mult(z2To50Minus1, t0, z2To10Minus1);   // 2^50 - 2^0
-
-            square(t0, z2To50Minus1);               // 2^51 - 2^1
-            square(t1, t0);                         // 2^52 - 2^2
-            for (int i = 2; i < 50; i += 2) {       // 2^100 - 2^50
-                square(t0, t1);
-                square(t1, t0);
-            }
-            mult(z2To100Minus1, t1, z2To50Minus1);  // 2^100 - 2^0
-
-            square(t1, z2To100Minus1);              // 2^101 - 2^1
-            square(t0, t1);                         // 2^102 - 2^2
-            for (int i = 2; i < 100; i += 2) {      // 2^200 - 2^100
-                square(t1, t0);
-                square(t0, t1);
-            }
-            mult(t1, t0, z2To100Minus1);            // 2^200 - 2^0
-
-            square(t0, t1);                         // 2^201 - 2^1
-            square(t1, t0);                         // 2^202 - 2^2
-            for (int i = 2; i < 50; i += 2) {       // 2^250 - 2^50
-                square(t0, t1);
-                square(t1, t0);
-            }
-            mult(t0, t1, z2To50Minus1);             // 2^250 - 2^0
-
-            square(t1, t0);                         // 2^251 - 2^1
-            square(t0, t1);                         // 2^252 - 2^2
-            square(t1, t0);                         // 2^253 - 2^3
-            square(t0, t1);                         // 2^254 - 2^4
-            square(t1, t0);                         // 2^255 - 2^5
-            mult(out, t1, z11);                     // 2^255 - 21
-        }
-
-
-        /**
-         * Returns 0xffffffff iff a == b and zero otherwise.
-         */
-        private static int eq(int a, int b) {
-            a = ~(a ^ b);
-            a &= a << 16;
-            a &= a << 8;
-            a &= a << 4;
-            a &= a << 2;
-            a &= a << 1;
-            return a >> 31;
-        }
-
-        /**
-         * returns 0xffffffff if a >= b and zero otherwise, where a and b are both non-negative.
-         */
-        private static int gte(int a, int b) {
-            a -= b;
-            // a >= 0 iff a >= b.
-            return ~(a >> 31);
-        }
-    }
-
-    // (x = 0, y = 1) point
-    private static final CachedXYT CACHED_NEUTRAL = new CachedXYT(
-            new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-            new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-            new long[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
-    private static final PartialXYZT NEUTRAL = new PartialXYZT(
-            new XYZ(new long[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-                    new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-                    new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0}),
-            new long[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0});
-
-    /**
-     * Projective point representation (X:Y:Z) satisfying x = X/Z, y = Y/Z
-     * <p>
-     * Note that this is referred as ge_p2 in ref10 impl.
-     * Also note that x = X, y = Y and z = Z below following Java coding style.
-     * <p>
-     * See
-     * Koyama K., Tsuruoka Y. (1993) Speeding up Elliptic Cryptosystems by Using a Signed Binary
-     * Window Method.
-     * <p>
-     * https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html
-     */
-    private static class XYZ {
-
-        final long[] x;
-        final long[] y;
-        final long[] z;
-
-        XYZ() {
-            this(new long[Field25519.LIMB_CNT], new long[Field25519.LIMB_CNT], new long[Field25519.LIMB_CNT]);
-        }
-
-        XYZ(long[] x, long[] y, long[] z) {
-            this.x = x;
-            this.y = y;
-            this.z = z;
-        }
-
-        XYZ(XYZ xyz) {
-            x = Arrays.copyOf(xyz.x, Field25519.LIMB_CNT);
-            y = Arrays.copyOf(xyz.y, Field25519.LIMB_CNT);
-            z = Arrays.copyOf(xyz.z, Field25519.LIMB_CNT);
-        }
-
-        XYZ(PartialXYZT partialXYZT) {
-            this();
-            fromPartialXYZT(this, partialXYZT);
-        }
-
-        /**
-         * ge_p1p1_to_p2.c
-         */
-        static XYZ fromPartialXYZT(XYZ out, PartialXYZT in) {
-            Field25519.mult(out.x, in.xyz.x, in.t);
-            Field25519.mult(out.y, in.xyz.y, in.xyz.z);
-            Field25519.mult(out.z, in.xyz.z, in.t);
-            return out;
-        }
-
-        /**
-         * Encodes this point to bytes.
-         */
-        byte[] toBytes() {
-            long[] recip = new long[Field25519.LIMB_CNT];
-            long[] x = new long[Field25519.LIMB_CNT];
-            long[] y = new long[Field25519.LIMB_CNT];
-            Field25519.inverse(recip, z);
-            Field25519.mult(x, this.x, recip);
-            Field25519.mult(y, this.y, recip);
-            byte[] s = Field25519.contract(y);
-            s[31] = (byte) (s[31] ^ (getLsb(x) << 7));
-            return s;
-        }
-
-
-        /**
-         * Best effort fix-timing array comparison.
-         *
-         * @return true if two arrays are equal.
-         */
-        private static boolean bytesEqual(final byte[] x, final byte[] y) {
-            if (x == null || y == null) {
-                return false;
-            }
-            if (x.length != y.length) {
-                return false;
-            }
-            int res = 0;
-            for (int i = 0; i < x.length; i++) {
-                res |= x[i] ^ y[i];
-            }
-            return res == 0;
-        }
-
-        /**
-         * Checks that the point is on curve
-         */
-        boolean isOnCurve() {
-            long[] x2 = new long[Field25519.LIMB_CNT];
-            Field25519.square(x2, x);
-            long[] y2 = new long[Field25519.LIMB_CNT];
-            Field25519.square(y2, y);
-            long[] z2 = new long[Field25519.LIMB_CNT];
-            Field25519.square(z2, z);
-            long[] z4 = new long[Field25519.LIMB_CNT];
-            Field25519.square(z4, z2);
-            long[] lhs = new long[Field25519.LIMB_CNT];
-            // lhs = y^2 - x^2
-            Field25519.sub(lhs, y2, x2);
-            // lhs = z^2 * (y2 - x2)
-            Field25519.mult(lhs, lhs, z2);
-            long[] rhs = new long[Field25519.LIMB_CNT];
-            // rhs = x^2 * y^2
-            Field25519.mult(rhs, x2, y2);
-            // rhs = D * x^2 * y^2
-            Field25519.mult(rhs, rhs, D);
-            // rhs = z^4 + D * x^2 * y^2
-            Field25519.sum(rhs, z4);
-            // Field25519.mult reduces its output, but Field25519.sum does not, so we have to manually
-            // reduce it here.
-            Field25519.reduce(rhs, rhs);
-            // z^2 (y^2 - x^2) == z^4 + D * x^2 * y^2
-            return bytesEqual(Field25519.contract(lhs), Field25519.contract(rhs));
-        }
-    }
-
-    /**
-     * Represents extended projective point representation (X:Y:Z:T) satisfying x = X/Z, y = Y/Z,
-     * XY = ZT
-     * <p>
-     * Note that this is referred as ge_p3 in ref10 impl.
-     * Also note that t = T below following Java coding style.
-     * <p>
-     * See
-     * Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited.
-     * <p>
-     * https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html
-     */
-    private static class XYZT {
-
-        final XYZ xyz;
-        final long[] t;
-
-        XYZT() {
-            this(new XYZ(), new long[Field25519.LIMB_CNT]);
-        }
-
-        XYZT(XYZ xyz, long[] t) {
-            this.xyz = xyz;
-            this.t = t;
-        }
-
-        XYZT(PartialXYZT partialXYZT) {
-            this();
-            fromPartialXYZT(this, partialXYZT);
-        }
-
-        /**
-         * ge_p1p1_to_p2.c
-         */
-        private static XYZT fromPartialXYZT(XYZT out, PartialXYZT in) {
-            Field25519.mult(out.xyz.x, in.xyz.x, in.t);
-            Field25519.mult(out.xyz.y, in.xyz.y, in.xyz.z);
-            Field25519.mult(out.xyz.z, in.xyz.z, in.t);
-            Field25519.mult(out.t, in.xyz.x, in.xyz.y);
-            return out;
-        }
-
-        /**
-         * Decodes {@code s} into an extented projective point.
-         * See Section 5.1.3 Decoding in https://tools.ietf.org/html/rfc8032#section-5.1.3
-         */
-        private static XYZT fromBytesNegateVarTime(byte[] s) throws GeneralSecurityException {
-            long[] x = new long[Field25519.LIMB_CNT];
-            long[] y = Field25519.expand(s);
-            long[] z = new long[Field25519.LIMB_CNT];
-            z[0] = 1;
-            long[] t = new long[Field25519.LIMB_CNT];
-            long[] u = new long[Field25519.LIMB_CNT];
-            long[] v = new long[Field25519.LIMB_CNT];
-            long[] vxx = new long[Field25519.LIMB_CNT];
-            long[] check = new long[Field25519.LIMB_CNT];
-            Field25519.square(u, y);
-            Field25519.mult(v, u, D);
-            Field25519.sub(u, u, z); // u = y^2 - 1
-            Field25519.sum(v, v, z); // v = dy^2 + 1
-
-            long[] v3 = new long[Field25519.LIMB_CNT];
-            Field25519.square(v3, v);
-            Field25519.mult(v3, v3, v); // v3 = v^3
-            Field25519.square(x, v3);
-            Field25519.mult(x, x, v);
-            Field25519.mult(x, x, u); // x = uv^7
-
-            pow2252m3(x, x); // x = (uv^7)^((q-5)/8)
-            Field25519.mult(x, x, v3);
-            Field25519.mult(x, x, u); // x = uv^3(uv^7)^((q-5)/8)
-
-            Field25519.square(vxx, x);
-            Field25519.mult(vxx, vxx, v);
-            Field25519.sub(check, vxx, u); // vx^2-u
-            if (isNonZeroVarTime(check)) {
-                Field25519.sum(check, vxx, u); // vx^2+u
-                if (isNonZeroVarTime(check)) {
-                    throw new GeneralSecurityException("Cannot convert given bytes to extended projective "
-                            + "coordinates. No square root exists for modulo 2^255-19");
-                }
-                Field25519.mult(x, x, SQRTM1);
-            }
-
-            if (!isNonZeroVarTime(x) && (s[31] & 0xff) >> 7 != 0) {
-                throw new GeneralSecurityException("Cannot convert given bytes to extended projective "
-                        + "coordinates. Computed x is zero and encoded x's least significant bit is not zero");
-            }
-            if (getLsb(x) == ((s[31] & 0xff) >> 7)) {
-                neg(x, x);
-            }
-
-            Field25519.mult(t, x, y);
-            return new XYZT(new XYZ(x, y, z), t);
-        }
-    }
-
-    /**
-     * Partial projective point representation ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
-     * <p>
-     * Note that this is referred as complete form in the original ref10 impl (ge_p1p1).
-     * Also note that t = T below following Java coding style.
-     * <p>
-     * Although this has the same types as XYZT, it is redefined to have its own type so that it is
-     * readable and 1:1 corresponds to ref10 impl.
-     * <p>
-     * Can be converted to XYZT as follows:
-     * X1 = X * T = x * Z * T = x * Z1
-     * Y1 = Y * Z = y * T * Z = y * Z1
-     * Z1 = Z * T = Z * T
-     * T1 = X * Y = x * Z * y * T = x * y * Z1 = X1Y1 / Z1
-     */
-    private static class PartialXYZT {
-
-        final XYZ xyz;
-        final long[] t;
-
-        PartialXYZT() {
-            this(new XYZ(), new long[Field25519.LIMB_CNT]);
-        }
-
-        PartialXYZT(XYZ xyz, long[] t) {
-            this.xyz = xyz;
-            this.t = t;
-        }
-
-        PartialXYZT(PartialXYZT other) {
-            xyz = new XYZ(other.xyz);
-            t = Arrays.copyOf(other.t, Field25519.LIMB_CNT);
-        }
-    }
-
-    /**
-     * Corresponds to the caching mentioned in the last paragraph of Section 3.1 of
-     * Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited.
-     * with Z = 1.
-     */
-    private static class CachedXYT {
-
-        final long[] yPlusX;
-        final long[] yMinusX;
-        final long[] t2d;
-
-        /**
-         * Creates a cached XYZT with Z = 1
-         *
-         * @param yPlusX  y + x
-         * @param yMinusX y - x
-         * @param t2d     2d * xy
-         */
-        CachedXYT(long[] yPlusX, long[] yMinusX, long[] t2d) {
-            this.yPlusX = yPlusX;
-            this.yMinusX = yMinusX;
-            this.t2d = t2d;
-        }
-
-        CachedXYT(CachedXYT other) {
-            yPlusX = Arrays.copyOf(other.yPlusX, Field25519.LIMB_CNT);
-            yMinusX = Arrays.copyOf(other.yMinusX, Field25519.LIMB_CNT);
-            t2d = Arrays.copyOf(other.t2d, Field25519.LIMB_CNT);
-        }
-
-        // z is one implicitly, so this just copies {@code in} to {@code output}.
-        void multByZ(long[] output, long[] in) {
-            System.arraycopy(in, 0, output, 0, Field25519.LIMB_CNT);
-        }
-
-        /**
-         * If icopy is 1, copies {@code other} into this point. Time invariant wrt to icopy value.
-         */
-        void copyConditional(CachedXYT other, int icopy) {
-            copyConditional(yPlusX, other.yPlusX, icopy);
-            copyConditional(yMinusX, other.yMinusX, icopy);
-            copyConditional(t2d, other.t2d, icopy);
-        }
-
-        /**
-         * Conditionally copies a reduced-form limb arrays {@code b} into {@code a} if {@code icopy} is 1,
-         * but leave {@code a} unchanged if 'iswap' is 0. Runs in data-invariant time to avoid
-         * side-channel attacks.
-         *
-         * <p>NOTE that this function requires that {@code icopy} be 1 or 0; other values give wrong
-         * results. Also, the two limb arrays must be in reduced-coefficient, reduced-degree form: the
-         * values in a[10..19] or b[10..19] aren't swapped, and all all values in a[0..9],b[0..9] must
-         * have magnitude less than Integer.MAX_VALUE.
-         */
-        static void copyConditional(long[] a, long[] b, int icopy) {
-            int copy = -icopy;
-            for (int i = 0; i < Field25519.LIMB_CNT; i++) {
-                int x = copy & (((int) a[i]) ^ ((int) b[i]));
-                a[i] = ((int) a[i]) ^ x;
-            }
-        }
-    }
-
-    private static class CachedXYZT extends CachedXYT {
-
-        private final long[] z;
-
-        CachedXYZT() {
-            this(new long[Field25519.LIMB_CNT], new long[Field25519.LIMB_CNT], new long[Field25519.LIMB_CNT], new long[Field25519.LIMB_CNT]);
-        }
-
-        /**
-         * ge_p3_to_cached.c
-         */
-        CachedXYZT(XYZT xyzt) {
-            this();
-            Field25519.sum(yPlusX, xyzt.xyz.y, xyzt.xyz.x);
-            Field25519.sub(yMinusX, xyzt.xyz.y, xyzt.xyz.x);
-            System.arraycopy(xyzt.xyz.z, 0, z, 0, Field25519.LIMB_CNT);
-            Field25519.mult(t2d, xyzt.t, D2);
-        }
-
-        /**
-         * Creates a cached XYZT
-         *
-         * @param yPlusX  Y + X
-         * @param yMinusX Y - X
-         * @param z       Z
-         * @param t2d     2d * (XY/Z)
-         */
-        CachedXYZT(long[] yPlusX, long[] yMinusX, long[] z, long[] t2d) {
-            super(yPlusX, yMinusX, t2d);
-            this.z = z;
-        }
-
-        @Override
-        public void multByZ(long[] output, long[] in) {
-            Field25519.mult(output, in, z);
-        }
-    }
-
-    /**
-     * Addition defined in Section 3.1 of
-     * Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited.
-     * <p>
-     * Please note that this is a partial of the operation listed there leaving out the final
-     * conversion from PartialXYZT to XYZT.
-     *
-     * @param extended extended projective point input
-     * @param cached   cached projective point input
-     */
-    private static void add(PartialXYZT partialXYZT, XYZT extended, CachedXYT cached) {
-        long[] t = new long[Field25519.LIMB_CNT];
-
-        // Y1 + X1
-        Field25519.sum(partialXYZT.xyz.x, extended.xyz.y, extended.xyz.x);
-
-        // Y1 - X1
-        Field25519.sub(partialXYZT.xyz.y, extended.xyz.y, extended.xyz.x);
-
-        // A = (Y1 - X1) * (Y2 - X2)
-        Field25519.mult(partialXYZT.xyz.y, partialXYZT.xyz.y, cached.yMinusX);
-
-        // B = (Y1 + X1) * (Y2 + X2)
-        Field25519.mult(partialXYZT.xyz.z, partialXYZT.xyz.x, cached.yPlusX);
-
-        // C = T1 * 2d * T2 = 2d * T1 * T2 (2d is written as k in the paper)
-        Field25519.mult(partialXYZT.t, extended.t, cached.t2d);
-
-        // Z1 * Z2
-        cached.multByZ(partialXYZT.xyz.x, extended.xyz.z);
-
-        // D = 2 * Z1 * Z2
-        Field25519.sum(t, partialXYZT.xyz.x, partialXYZT.xyz.x);
-
-        // X3 = B - A
-        Field25519.sub(partialXYZT.xyz.x, partialXYZT.xyz.z, partialXYZT.xyz.y);
-
-        // Y3 = B + A
-        Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.y);
-
-        // Z3 = D + C
-        Field25519.sum(partialXYZT.xyz.z, t, partialXYZT.t);
-
-        // T3 = D - C
-        Field25519.sub(partialXYZT.t, t, partialXYZT.t);
-    }
-
-    /**
-     * Based on the addition defined in Section 3.1 of
-     * Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited.
-     * <p>
-     * Please note that this is a partial of the operation listed there leaving out the final
-     * conversion from PartialXYZT to XYZT.
-     *
-     * @param extended extended projective point input
-     * @param cached   cached projective point input
-     */
-    private static void sub(PartialXYZT partialXYZT, XYZT extended, CachedXYT cached) {
-        long[] t = new long[Field25519.LIMB_CNT];
-
-        // Y1 + X1
-        Field25519.sum(partialXYZT.xyz.x, extended.xyz.y, extended.xyz.x);
-
-        // Y1 - X1
-        Field25519.sub(partialXYZT.xyz.y, extended.xyz.y, extended.xyz.x);
-
-        // A = (Y1 - X1) * (Y2 + X2)
-        Field25519.mult(partialXYZT.xyz.y, partialXYZT.xyz.y, cached.yPlusX);
-
-        // B = (Y1 + X1) * (Y2 - X2)
-        Field25519.mult(partialXYZT.xyz.z, partialXYZT.xyz.x, cached.yMinusX);
-
-        // C = T1 * 2d * T2 = 2d * T1 * T2 (2d is written as k in the paper)
-        Field25519.mult(partialXYZT.t, extended.t, cached.t2d);
-
-        // Z1 * Z2
-        cached.multByZ(partialXYZT.xyz.x, extended.xyz.z);
-
-        // D = 2 * Z1 * Z2
-        Field25519.sum(t, partialXYZT.xyz.x, partialXYZT.xyz.x);
-
-        // X3 = B - A
-        Field25519.sub(partialXYZT.xyz.x, partialXYZT.xyz.z, partialXYZT.xyz.y);
-
-        // Y3 = B + A
-        Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.y);
-
-        // Z3 = D - C
-        Field25519.sub(partialXYZT.xyz.z, t, partialXYZT.t);
-
-        // T3 = D + C
-        Field25519.sum(partialXYZT.t, t, partialXYZT.t);
-    }
-
-    /**
-     * Doubles {@code p} and puts the result into this PartialXYZT.
-     * <p>
-     * This is based on the addition defined in formula 7 in Section 3.3 of
-     * Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited.
-     * <p>
-     * Please note that this is a partial of the operation listed there leaving out the final
-     * conversion from PartialXYZT to XYZT and also this fixes a typo in calculation of Y3 and T3 in
-     * the paper, H should be replaced with A+B.
-     */
-    private static void doubleXYZ(PartialXYZT partialXYZT, XYZ p) {
-        long[] t0 = new long[Field25519.LIMB_CNT];
-
-        // XX = X1^2
-        Field25519.square(partialXYZT.xyz.x, p.x);
-
-        // YY = Y1^2
-        Field25519.square(partialXYZT.xyz.z, p.y);
-
-        // B' = Z1^2
-        Field25519.square(partialXYZT.t, p.z);
-
-        // B = 2 * B'
-        Field25519.sum(partialXYZT.t, partialXYZT.t, partialXYZT.t);
-
-        // A = X1 + Y1
-        Field25519.sum(partialXYZT.xyz.y, p.x, p.y);
-
-        // AA = A^2
-        Field25519.square(t0, partialXYZT.xyz.y);
-
-        // Y3 = YY + XX
-        Field25519.sum(partialXYZT.xyz.y, partialXYZT.xyz.z, partialXYZT.xyz.x);
-
-        // Z3 = YY - XX
-        Field25519.sub(partialXYZT.xyz.z, partialXYZT.xyz.z, partialXYZT.xyz.x);
-
-        // X3 = AA - Y3
-        Field25519.sub(partialXYZT.xyz.x, t0, partialXYZT.xyz.y);
-
-        // T3 = B - Z3
-        Field25519.sub(partialXYZT.t, partialXYZT.t, partialXYZT.xyz.z);
-    }
-
-    /**
-     * Doubles {@code p} and puts the result into this PartialXYZT.
-     */
-    private static void doubleXYZT(PartialXYZT partialXYZT, XYZT p) {
-        doubleXYZ(partialXYZT, p.xyz);
-    }
-
-    /**
-     * Compares two byte values in constant time.
-     */
-    private static int eq(int a, int b) {
-        int r = ~(a ^ b) & 0xff;
-        r &= r << 4;
-        r &= r << 2;
-        r &= r << 1;
-        return (r >> 7) & 1;
-    }
-
-    /**
-     * This is a constant time operation where point b*B*256^pos is stored in {@code t}.
-     * When b is 0, t remains the same (i.e., neutral point).
-     * <p>
-     * Although B_TABLE[32][8] (B_TABLE[i][j] = (j+1)*B*256^i) has j values in [0, 7], the select
-     * method negates the corresponding point if b is negative (which is straight forward in elliptic
-     * curves by just negating y coordinate). Therefore we can get multiples of B with the half of
-     * memory requirements.
-     *
-     * @param t   neutral element (i.e., point 0), also serves as output.
-     * @param pos in B[pos][j] = (j+1)*B*256^pos
-     * @param b   value in [-8, 8] range.
-     */
-    private static void select(CachedXYT t, int pos, byte b) {
-        int bnegative = (b & 0xff) >> 7;
-        int babs = b - (((-bnegative) & b) << 1);
-
-        t.copyConditional(B_TABLE[pos][0], eq(babs, 1));
-        t.copyConditional(B_TABLE[pos][1], eq(babs, 2));
-        t.copyConditional(B_TABLE[pos][2], eq(babs, 3));
-        t.copyConditional(B_TABLE[pos][3], eq(babs, 4));
-        t.copyConditional(B_TABLE[pos][4], eq(babs, 5));
-        t.copyConditional(B_TABLE[pos][5], eq(babs, 6));
-        t.copyConditional(B_TABLE[pos][6], eq(babs, 7));
-        t.copyConditional(B_TABLE[pos][7], eq(babs, 8));
-
-        long[] yPlusX = Arrays.copyOf(t.yMinusX, Field25519.LIMB_CNT);
-        long[] yMinusX = Arrays.copyOf(t.yPlusX, Field25519.LIMB_CNT);
-        long[] t2d = Arrays.copyOf(t.t2d, Field25519.LIMB_CNT);
-        neg(t2d, t2d);
-        CachedXYT minust = new CachedXYT(yPlusX, yMinusX, t2d);
-        t.copyConditional(minust, bnegative);
-    }
-
-    /**
-     * Computes {@code a}*B
-     * where a = a[0]+256*a[1]+...+256^31 a[31] and
-     * B is the Ed25519 base point (x,4/5) with x positive.
-     * <p>
-     * Preconditions:
-     * a[31] <= 127
-     *
-     * @throws IllegalStateException iff there is arithmetic error.
-     */
-    @SuppressWarnings("NarrowingCompoundAssignment")
-    private static XYZ scalarMultWithBase(byte[] a) {
-        byte[] e = new byte[2 * Field25519.FIELD_LEN];
-        for (int i = 0; i < Field25519.FIELD_LEN; i++) {
-            e[2 * i + 0] = (byte) (((a[i] & 0xff) >> 0) & 0xf);
-            e[2 * i + 1] = (byte) (((a[i] & 0xff) >> 4) & 0xf);
-        }
-        // each e[i] is between 0 and 15
-        // e[63] is between 0 and 7
-
-        // Rewrite e in a way that each e[i] is in [-8, 8].
-        // This can be done since a[63] is in [0, 7], the carry-over onto the most significant byte
-        // a[63] can be at most 1.
-        int carry = 0;
-        for (int i = 0; i < e.length - 1; i++) {
-            e[i] += carry;
-            carry = e[i] + 8;
-            carry >>= 4;
-            e[i] -= carry << 4;
-        }
-        e[e.length - 1] += carry;
-
-        PartialXYZT ret = new PartialXYZT(NEUTRAL);
-        XYZT xyzt = new XYZT();
-        // Although B_TABLE's i can be at most 31 (stores only 32 4bit multiples of B) and we have 64
-        // 4bit values in e array, the below for loop adds cached values by iterating e by two in odd
-        // indices. After the result, we can double the result point 4 times to shift the multiplication
-        // scalar by 4 bits.
-        for (int i = 1; i < e.length; i += 2) {
-            CachedXYT t = new CachedXYT(CACHED_NEUTRAL);
-            select(t, i / 2, e[i]);
-            add(ret, XYZT.fromPartialXYZT(xyzt, ret), t);
-        }
-
-        // Doubles the result 4 times to shift the multiplication scalar 4 bits to get the actual result
-        // for the odd indices in e.
-        XYZ xyz = new XYZ();
-        doubleXYZ(ret, XYZ.fromPartialXYZT(xyz, ret));
-        doubleXYZ(ret, XYZ.fromPartialXYZT(xyz, ret));
-        doubleXYZ(ret, XYZ.fromPartialXYZT(xyz, ret));
-        doubleXYZ(ret, XYZ.fromPartialXYZT(xyz, ret));
-
-        // Add multiples of B for even indices of e.
-        for (int i = 0; i < e.length; i += 2) {
-            CachedXYT t = new CachedXYT(CACHED_NEUTRAL);
-            select(t, i / 2, e[i]);
-            add(ret, XYZT.fromPartialXYZT(xyzt, ret), t);
-        }
-
-        // This check is to protect against flaws, i.e. if there is a computation error through a
-        // faulty CPU or if the implementation contains a bug.
-        XYZ result = new XYZ(ret);
-        if (!result.isOnCurve()) {
-            throw new IllegalStateException("arithmetic error in scalar multiplication");
-        }
-        return result;
-    }
-
-    @SuppressWarnings("NarrowingCompoundAssignment")
-    private static byte[] slide(byte[] a) {
-        byte[] r = new byte[256];
-        // Writes each bit in a[0..31] into r[0..255]:
-        // a = a[0]+256*a[1]+...+256^31*a[31] is equal to
-        // r = r[0]+2*r[1]+...+2^255*r[255]
-        for (int i = 0; i < 256; i++) {
-            r[i] = (byte) (1 & ((a[i >> 3] & 0xff) >> (i & 7)));
-        }
-
-        // Transforms r[i] as odd values in [-15, 15]
-        for (int i = 0; i < 256; i++) {
-            if (r[i] != 0) {
-                for (int b = 1; b <= 6 && i + b < 256; b++) {
-                    if (r[i + b] != 0) {
-                        if (r[i] + (r[i + b] << b) <= 15) {
-                            r[i] += r[i + b] << b;
-                            r[i + b] = 0;
-                        } else if (r[i] - (r[i + b] << b) >= -15) {
-                            r[i] -= r[i + b] << b;
-                            for (int k = i + b; k < 256; k++) {
-                                if (r[k] == 0) {
-                                    r[k] = 1;
-                                    break;
-                                }
-                                r[k] = 0;
-                            }
-                        } else {
-                            break;
-                        }
-                    }
-                }
-            }
-        }
-        return r;
-    }
-
-    /**
-     * Computes {@code a}*{@code pointA}+{@code b}*B
-     * where a = a[0]+256*a[1]+...+256^31*a[31].
-     * and b = b[0]+256*b[1]+...+256^31*b[31].
-     * B is the Ed25519 base point (x,4/5) with x positive.
-     * <p>
-     * Note that execution time varies based on the input since this will only be used in verification
-     * of signatures.
-     */
-    private static XYZ doubleScalarMultVarTime(byte[] a, XYZT pointA, byte[] b) {
-        // pointA, 3*pointA, 5*pointA, 7*pointA, 9*pointA, 11*pointA, 13*pointA, 15*pointA
-        CachedXYZT[] pointAArray = new CachedXYZT[8];
-        pointAArray[0] = new CachedXYZT(pointA);
-        PartialXYZT t = new PartialXYZT();
-        doubleXYZT(t, pointA);
-        XYZT doubleA = new XYZT(t);
-        for (int i = 1; i < pointAArray.length; i++) {
-            add(t, doubleA, pointAArray[i - 1]);
-            pointAArray[i] = new CachedXYZT(new XYZT(t));
-        }
-
-        byte[] aSlide = slide(a);
-        byte[] bSlide = slide(b);
-        t = new PartialXYZT(NEUTRAL);
-        XYZT u = new XYZT();
-        int i = 255;
-        for (; i >= 0; i--) {
-            if (aSlide[i] != 0 || bSlide[i] != 0) {
-                break;
-            }
-        }
-        for (; i >= 0; i--) {
-            doubleXYZ(t, new XYZ(t));
-            if (aSlide[i] > 0) {
-                add(t, XYZT.fromPartialXYZT(u, t), pointAArray[aSlide[i] / 2]);
-            } else if (aSlide[i] < 0) {
-                sub(t, XYZT.fromPartialXYZT(u, t), pointAArray[-aSlide[i] / 2]);
-            }
-            if (bSlide[i] > 0) {
-                add(t, XYZT.fromPartialXYZT(u, t), B2[bSlide[i] / 2]);
-            } else if (bSlide[i] < 0) {
-                sub(t, XYZT.fromPartialXYZT(u, t), B2[-bSlide[i] / 2]);
-            }
-        }
-
-        return new XYZ(t);
-    }
-
-    /**
-     * Returns true if {@code in} is nonzero.
-     * <p>
-     * Note that execution time might depend on the input {@code in}.
-     */
-    private static boolean isNonZeroVarTime(long[] in) {
-        long[] inCopy = new long[in.length + 1];
-        System.arraycopy(in, 0, inCopy, 0, in.length);
-        Field25519.reduceCoefficients(inCopy);
-        byte[] bytes = Field25519.contract(inCopy);
-        for (byte b : bytes) {
-            if (b != 0) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Returns the least significant bit of {@code in}.
-     */
-    private static int getLsb(long[] in) {
-        return Field25519.contract(in)[0] & 1;
-    }
-
-    /**
-     * Negates all values in {@code in} and store it in {@code out}.
-     */
-    private static void neg(long[] out, long[] in) {
-        for (int i = 0; i < in.length; i++) {
-            out[i] = -in[i];
-        }
-    }
-
-    /**
-     * Computes {@code in}^(2^252-3) mod 2^255-19 and puts the result in {@code out}.
-     */
-    private static void pow2252m3(long[] out, long[] in) {
-        long[] t0 = new long[Field25519.LIMB_CNT];
-        long[] t1 = new long[Field25519.LIMB_CNT];
-        long[] t2 = new long[Field25519.LIMB_CNT];
-
-        // z2 = z1^2^1
-        Field25519.square(t0, in);
-
-        // z8 = z2^2^2
-        Field25519.square(t1, t0);
-        for (int i = 1; i < 2; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z9 = z1*z8
-        Field25519.mult(t1, in, t1);
-
-        // z11 = z2*z9
-        Field25519.mult(t0, t0, t1);
-
-        // z22 = z11^2^1
-        Field25519.square(t0, t0);
-
-        // z_5_0 = z9*z22
-        Field25519.mult(t0, t1, t0);
-
-        // z_10_5 = z_5_0^2^5
-        Field25519.square(t1, t0);
-        for (int i = 1; i < 5; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z_10_0 = z_10_5*z_5_0
-        Field25519.mult(t0, t1, t0);
-
-        // z_20_10 = z_10_0^2^10
-        Field25519.square(t1, t0);
-        for (int i = 1; i < 10; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z_20_0 = z_20_10*z_10_0
-        Field25519.mult(t1, t1, t0);
-
-        // z_40_20 = z_20_0^2^20
-        Field25519.square(t2, t1);
-        for (int i = 1; i < 20; i++) {
-            Field25519.square(t2, t2);
-        }
-
-        // z_40_0 = z_40_20*z_20_0
-        Field25519.mult(t1, t2, t1);
-
-        // z_50_10 = z_40_0^2^10
-        Field25519.square(t1, t1);
-        for (int i = 1; i < 10; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z_50_0 = z_50_10*z_10_0
-        Field25519.mult(t0, t1, t0);
-
-        // z_100_50 = z_50_0^2^50
-        Field25519.square(t1, t0);
-        for (int i = 1; i < 50; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z_100_0 = z_100_50*z_50_0
-        Field25519.mult(t1, t1, t0);
-
-        // z_200_100 = z_100_0^2^100
-        Field25519.square(t2, t1);
-        for (int i = 1; i < 100; i++) {
-            Field25519.square(t2, t2);
-        }
-
-        // z_200_0 = z_200_100*z_100_0
-        Field25519.mult(t1, t2, t1);
-
-        // z_250_50 = z_200_0^2^50
-        Field25519.square(t1, t1);
-        for (int i = 1; i < 50; i++) {
-            Field25519.square(t1, t1);
-        }
-
-        // z_250_0 = z_250_50*z_50_0
-        Field25519.mult(t0, t1, t0);
-
-        // z_252_2 = z_250_0^2^2
-        Field25519.square(t0, t0);
-        for (int i = 1; i < 2; i++) {
-            Field25519.square(t0, t0);
-        }
-
-        // z_252_3 = z_252_2*z1
-        Field25519.mult(out, t0, in);
-    }
-
-    /**
-     * Returns 3 bytes of {@code in} starting from {@code idx} in Little-Endian format.
-     */
-    private static long load3(byte[] in, int idx) {
-        long result;
-        result = (long) in[idx] & 0xff;
-        result |= (long) (in[idx + 1] & 0xff) << 8;
-        result |= (long) (in[idx + 2] & 0xff) << 16;
-        return result;
-    }
-
-    /**
-     * Returns 4 bytes of {@code in} starting from {@code idx} in Little-Endian format.
-     */
-    private static long load4(byte[] in, int idx) {
-        long result = load3(in, idx);
-        result |= (long) (in[idx + 3] & 0xff) << 24;
-        return result;
-    }
-
-    /**
-     * Input:
-     * s[0]+256*s[1]+...+256^63*s[63] = s
-     * <p>
-     * Output:
-     * s[0]+256*s[1]+...+256^31*s[31] = s mod l
-     * where l = 2^252 + 27742317777372353535851937790883648493.
-     * Overwrites s in place.
-     */
-    private static void reduce(byte[] s) {
-        // Observation:
-        // 2^252 mod l is equivalent to -27742317777372353535851937790883648493 mod l
-        // Let m = -27742317777372353535851937790883648493
-        // Thus a*2^252+b mod l is equivalent to a*m+b mod l
-        //
-        // First s is divided into chunks of 21 bits as follows:
-        // s0+2^21*s1+2^42*s3+...+2^462*s23 = s[0]+256*s[1]+...+256^63*s[63]
-        long s0 = 2097151 & load3(s, 0);
-        long s1 = 2097151 & (load4(s, 2) >> 5);
-        long s2 = 2097151 & (load3(s, 5) >> 2);
-        long s3 = 2097151 & (load4(s, 7) >> 7);
-        long s4 = 2097151 & (load4(s, 10) >> 4);
-        long s5 = 2097151 & (load3(s, 13) >> 1);
-        long s6 = 2097151 & (load4(s, 15) >> 6);
-        long s7 = 2097151 & (load3(s, 18) >> 3);
-        long s8 = 2097151 & load3(s, 21);
-        long s9 = 2097151 & (load4(s, 23) >> 5);
-        long s10 = 2097151 & (load3(s, 26) >> 2);
-        long s11 = 2097151 & (load4(s, 28) >> 7);
-        long s12 = 2097151 & (load4(s, 31) >> 4);
-        long s13 = 2097151 & (load3(s, 34) >> 1);
-        long s14 = 2097151 & (load4(s, 36) >> 6);
-        long s15 = 2097151 & (load3(s, 39) >> 3);
-        long s16 = 2097151 & load3(s, 42);
-        long s17 = 2097151 & (load4(s, 44) >> 5);
-        long s18 = 2097151 & (load3(s, 47) >> 2);
-        long s19 = 2097151 & (load4(s, 49) >> 7);
-        long s20 = 2097151 & (load4(s, 52) >> 4);
-        long s21 = 2097151 & (load3(s, 55) >> 1);
-        long s22 = 2097151 & (load4(s, 57) >> 6);
-        long s23 = (load4(s, 60) >> 3);
-        long carry0;
-        long carry1;
-        long carry2;
-        long carry3;
-        long carry4;
-        long carry5;
-        long carry6;
-        long carry7;
-        long carry8;
-        long carry9;
-        long carry10;
-        long carry11;
-        long carry12;
-        long carry13;
-        long carry14;
-        long carry15;
-        long carry16;
-
-        // s23*2^462 = s23*2^210*2^252 is equivalent to s23*2^210*m in mod l
-        // As m is a 125 bit number, the result needs to scattered to 6 limbs (125/21 ceil is 6)
-        // starting from s11 (s11*2^210)
-        // m = [666643, 470296, 654183, -997805, 136657, -683901] in 21-bit limbs
-        s11 += s23 * 666643;
-        s12 += s23 * 470296;
-        s13 += s23 * 654183;
-        s14 -= s23 * 997805;
-        s15 += s23 * 136657;
-        s16 -= s23 * 683901;
-        // s23 = 0;
-
-        s10 += s22 * 666643;
-        s11 += s22 * 470296;
-        s12 += s22 * 654183;
-        s13 -= s22 * 997805;
-        s14 += s22 * 136657;
-        s15 -= s22 * 683901;
-        // s22 = 0;
-
-        s9 += s21 * 666643;
-        s10 += s21 * 470296;
-        s11 += s21 * 654183;
-        s12 -= s21 * 997805;
-        s13 += s21 * 136657;
-        s14 -= s21 * 683901;
-        // s21 = 0;
-
-        s8 += s20 * 666643;
-        s9 += s20 * 470296;
-        s10 += s20 * 654183;
-        s11 -= s20 * 997805;
-        s12 += s20 * 136657;
-        s13 -= s20 * 683901;
-        // s20 = 0;
-
-        s7 += s19 * 666643;
-        s8 += s19 * 470296;
-        s9 += s19 * 654183;
-        s10 -= s19 * 997805;
-        s11 += s19 * 136657;
-        s12 -= s19 * 683901;
-        // s19 = 0;
-
-        s6 += s18 * 666643;
-        s7 += s18 * 470296;
-        s8 += s18 * 654183;
-        s9 -= s18 * 997805;
-        s10 += s18 * 136657;
-        s11 -= s18 * 683901;
-        // s18 = 0;
-
-        // Reduce the bit length of limbs from s6 to s15 to 21-bits.
-        carry6 = (s6 + (1 << 20)) >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry8 = (s8 + (1 << 20)) >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry10 = (s10 + (1 << 20)) >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-        carry12 = (s12 + (1 << 20)) >> 21;
-        s13 += carry12;
-        s12 -= carry12 << 21;
-        carry14 = (s14 + (1 << 20)) >> 21;
-        s15 += carry14;
-        s14 -= carry14 << 21;
-        carry16 = (s16 + (1 << 20)) >> 21;
-        s17 += carry16;
-        s16 -= carry16 << 21;
-
-        carry7 = (s7 + (1 << 20)) >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry9 = (s9 + (1 << 20)) >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry11 = (s11 + (1 << 20)) >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-        carry13 = (s13 + (1 << 20)) >> 21;
-        s14 += carry13;
-        s13 -= carry13 << 21;
-        carry15 = (s15 + (1 << 20)) >> 21;
-        s16 += carry15;
-        s15 -= carry15 << 21;
-
-        // Resume reduction where we left off.
-        s5 += s17 * 666643;
-        s6 += s17 * 470296;
-        s7 += s17 * 654183;
-        s8 -= s17 * 997805;
-        s9 += s17 * 136657;
-        s10 -= s17 * 683901;
-        // s17 = 0;
-
-        s4 += s16 * 666643;
-        s5 += s16 * 470296;
-        s6 += s16 * 654183;
-        s7 -= s16 * 997805;
-        s8 += s16 * 136657;
-        s9 -= s16 * 683901;
-        // s16 = 0;
-
-        s3 += s15 * 666643;
-        s4 += s15 * 470296;
-        s5 += s15 * 654183;
-        s6 -= s15 * 997805;
-        s7 += s15 * 136657;
-        s8 -= s15 * 683901;
-        // s15 = 0;
-
-        s2 += s14 * 666643;
-        s3 += s14 * 470296;
-        s4 += s14 * 654183;
-        s5 -= s14 * 997805;
-        s6 += s14 * 136657;
-        s7 -= s14 * 683901;
-        // s14 = 0;
-
-        s1 += s13 * 666643;
-        s2 += s13 * 470296;
-        s3 += s13 * 654183;
-        s4 -= s13 * 997805;
-        s5 += s13 * 136657;
-        s6 -= s13 * 683901;
-        // s13 = 0;
-
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        s12 = 0;
-
-        // Reduce the range of limbs from s0 to s11 to 21-bits.
-        carry0 = (s0 + (1 << 20)) >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry2 = (s2 + (1 << 20)) >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry4 = (s4 + (1 << 20)) >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry6 = (s6 + (1 << 20)) >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry8 = (s8 + (1 << 20)) >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry10 = (s10 + (1 << 20)) >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-
-        carry1 = (s1 + (1 << 20)) >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry3 = (s3 + (1 << 20)) >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry5 = (s5 + (1 << 20)) >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry7 = (s7 + (1 << 20)) >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry9 = (s9 + (1 << 20)) >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry11 = (s11 + (1 << 20)) >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        s12 = 0;
-
-        // Carry chain reduction to propagate excess bits from s0 to s5 to the most significant limbs.
-        carry0 = s0 >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry1 = s1 >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry2 = s2 >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry3 = s3 >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry4 = s4 >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry5 = s5 >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry6 = s6 >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry7 = s7 >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry8 = s8 >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry9 = s9 >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry10 = s10 >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-        carry11 = s11 >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-
-        // Do one last reduction as s12 might be 1.
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        // s12 = 0;
-
-        carry0 = s0 >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry1 = s1 >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry2 = s2 >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry3 = s3 >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry4 = s4 >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry5 = s5 >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry6 = s6 >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry7 = s7 >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry8 = s8 >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry9 = s9 >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry10 = s10 >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-
-        // Serialize the result into the s.
-        s[0] = (byte) s0;
-        s[1] = (byte) (s0 >> 8);
-        s[2] = (byte) ((s0 >> 16) | (s1 << 5));
-        s[3] = (byte) (s1 >> 3);
-        s[4] = (byte) (s1 >> 11);
-        s[5] = (byte) ((s1 >> 19) | (s2 << 2));
-        s[6] = (byte) (s2 >> 6);
-        s[7] = (byte) ((s2 >> 14) | (s3 << 7));
-        s[8] = (byte) (s3 >> 1);
-        s[9] = (byte) (s3 >> 9);
-        s[10] = (byte) ((s3 >> 17) | (s4 << 4));
-        s[11] = (byte) (s4 >> 4);
-        s[12] = (byte) (s4 >> 12);
-        s[13] = (byte) ((s4 >> 20) | (s5 << 1));
-        s[14] = (byte) (s5 >> 7);
-        s[15] = (byte) ((s5 >> 15) | (s6 << 6));
-        s[16] = (byte) (s6 >> 2);
-        s[17] = (byte) (s6 >> 10);
-        s[18] = (byte) ((s6 >> 18) | (s7 << 3));
-        s[19] = (byte) (s7 >> 5);
-        s[20] = (byte) (s7 >> 13);
-        s[21] = (byte) s8;
-        s[22] = (byte) (s8 >> 8);
-        s[23] = (byte) ((s8 >> 16) | (s9 << 5));
-        s[24] = (byte) (s9 >> 3);
-        s[25] = (byte) (s9 >> 11);
-        s[26] = (byte) ((s9 >> 19) | (s10 << 2));
-        s[27] = (byte) (s10 >> 6);
-        s[28] = (byte) ((s10 >> 14) | (s11 << 7));
-        s[29] = (byte) (s11 >> 1);
-        s[30] = (byte) (s11 >> 9);
-        s[31] = (byte) (s11 >> 17);
-    }
-
-    /**
-     * Input:
-     * a[0]+256*a[1]+...+256^31*a[31] = a
-     * b[0]+256*b[1]+...+256^31*b[31] = b
-     * c[0]+256*c[1]+...+256^31*c[31] = c
-     * <p>
-     * Output:
-     * s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
-     * where l = 2^252 + 27742317777372353535851937790883648493.
-     */
-    private static void mulAdd(byte[] s, byte[] a, byte[] b, byte[] c) {
-        // This is very similar to Ed25519.reduce, the difference in here is that it computes ab+c
-        // See Ed25519.reduce for related comments.
-        long a0 = 2097151 & load3(a, 0);
-        long a1 = 2097151 & (load4(a, 2) >> 5);
-        long a2 = 2097151 & (load3(a, 5) >> 2);
-        long a3 = 2097151 & (load4(a, 7) >> 7);
-        long a4 = 2097151 & (load4(a, 10) >> 4);
-        long a5 = 2097151 & (load3(a, 13) >> 1);
-        long a6 = 2097151 & (load4(a, 15) >> 6);
-        long a7 = 2097151 & (load3(a, 18) >> 3);
-        long a8 = 2097151 & load3(a, 21);
-        long a9 = 2097151 & (load4(a, 23) >> 5);
-        long a10 = 2097151 & (load3(a, 26) >> 2);
-        long a11 = (load4(a, 28) >> 7);
-        long b0 = 2097151 & load3(b, 0);
-        long b1 = 2097151 & (load4(b, 2) >> 5);
-        long b2 = 2097151 & (load3(b, 5) >> 2);
-        long b3 = 2097151 & (load4(b, 7) >> 7);
-        long b4 = 2097151 & (load4(b, 10) >> 4);
-        long b5 = 2097151 & (load3(b, 13) >> 1);
-        long b6 = 2097151 & (load4(b, 15) >> 6);
-        long b7 = 2097151 & (load3(b, 18) >> 3);
-        long b8 = 2097151 & load3(b, 21);
-        long b9 = 2097151 & (load4(b, 23) >> 5);
-        long b10 = 2097151 & (load3(b, 26) >> 2);
-        long b11 = (load4(b, 28) >> 7);
-        long c0 = 2097151 & load3(c, 0);
-        long c1 = 2097151 & (load4(c, 2) >> 5);
-        long c2 = 2097151 & (load3(c, 5) >> 2);
-        long c3 = 2097151 & (load4(c, 7) >> 7);
-        long c4 = 2097151 & (load4(c, 10) >> 4);
-        long c5 = 2097151 & (load3(c, 13) >> 1);
-        long c6 = 2097151 & (load4(c, 15) >> 6);
-        long c7 = 2097151 & (load3(c, 18) >> 3);
-        long c8 = 2097151 & load3(c, 21);
-        long c9 = 2097151 & (load4(c, 23) >> 5);
-        long c10 = 2097151 & (load3(c, 26) >> 2);
-        long c11 = (load4(c, 28) >> 7);
-        long s0;
-        long s1;
-        long s2;
-        long s3;
-        long s4;
-        long s5;
-        long s6;
-        long s7;
-        long s8;
-        long s9;
-        long s10;
-        long s11;
-        long s12;
-        long s13;
-        long s14;
-        long s15;
-        long s16;
-        long s17;
-        long s18;
-        long s19;
-        long s20;
-        long s21;
-        long s22;
-        long s23;
-        long carry0;
-        long carry1;
-        long carry2;
-        long carry3;
-        long carry4;
-        long carry5;
-        long carry6;
-        long carry7;
-        long carry8;
-        long carry9;
-        long carry10;
-        long carry11;
-        long carry12;
-        long carry13;
-        long carry14;
-        long carry15;
-        long carry16;
-        long carry17;
-        long carry18;
-        long carry19;
-        long carry20;
-        long carry21;
-        long carry22;
-
-        s0 = c0 + a0 * b0;
-        s1 = c1 + a0 * b1 + a1 * b0;
-        s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
-        s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
-        s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
-        s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
-        s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
-        s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0;
-        s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1
-                + a8 * b0;
-        s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2
-                + a8 * b1 + a9 * b0;
-        s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3
-                + a8 * b2 + a9 * b1 + a10 * b0;
-        s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4
-                + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
-        s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3
-                + a10 * b2 + a11 * b1;
-        s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3
-                + a11 * b2;
-        s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4
-                + a11 * b3;
-        s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4;
-        s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
-        s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
-        s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
-        s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
-        s20 = a9 * b11 + a10 * b10 + a11 * b9;
-        s21 = a10 * b11 + a11 * b10;
-        s22 = a11 * b11;
-        s23 = 0;
-
-        carry0 = (s0 + (1 << 20)) >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry2 = (s2 + (1 << 20)) >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry4 = (s4 + (1 << 20)) >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry6 = (s6 + (1 << 20)) >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry8 = (s8 + (1 << 20)) >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry10 = (s10 + (1 << 20)) >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-        carry12 = (s12 + (1 << 20)) >> 21;
-        s13 += carry12;
-        s12 -= carry12 << 21;
-        carry14 = (s14 + (1 << 20)) >> 21;
-        s15 += carry14;
-        s14 -= carry14 << 21;
-        carry16 = (s16 + (1 << 20)) >> 21;
-        s17 += carry16;
-        s16 -= carry16 << 21;
-        carry18 = (s18 + (1 << 20)) >> 21;
-        s19 += carry18;
-        s18 -= carry18 << 21;
-        carry20 = (s20 + (1 << 20)) >> 21;
-        s21 += carry20;
-        s20 -= carry20 << 21;
-        carry22 = (s22 + (1 << 20)) >> 21;
-        s23 += carry22;
-        s22 -= carry22 << 21;
-
-        carry1 = (s1 + (1 << 20)) >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry3 = (s3 + (1 << 20)) >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry5 = (s5 + (1 << 20)) >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry7 = (s7 + (1 << 20)) >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry9 = (s9 + (1 << 20)) >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry11 = (s11 + (1 << 20)) >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-        carry13 = (s13 + (1 << 20)) >> 21;
-        s14 += carry13;
-        s13 -= carry13 << 21;
-        carry15 = (s15 + (1 << 20)) >> 21;
-        s16 += carry15;
-        s15 -= carry15 << 21;
-        carry17 = (s17 + (1 << 20)) >> 21;
-        s18 += carry17;
-        s17 -= carry17 << 21;
-        carry19 = (s19 + (1 << 20)) >> 21;
-        s20 += carry19;
-        s19 -= carry19 << 21;
-        carry21 = (s21 + (1 << 20)) >> 21;
-        s22 += carry21;
-        s21 -= carry21 << 21;
-
-        s11 += s23 * 666643;
-        s12 += s23 * 470296;
-        s13 += s23 * 654183;
-        s14 -= s23 * 997805;
-        s15 += s23 * 136657;
-        s16 -= s23 * 683901;
-        // s23 = 0;
-
-        s10 += s22 * 666643;
-        s11 += s22 * 470296;
-        s12 += s22 * 654183;
-        s13 -= s22 * 997805;
-        s14 += s22 * 136657;
-        s15 -= s22 * 683901;
-        // s22 = 0;
-
-        s9 += s21 * 666643;
-        s10 += s21 * 470296;
-        s11 += s21 * 654183;
-        s12 -= s21 * 997805;
-        s13 += s21 * 136657;
-        s14 -= s21 * 683901;
-        // s21 = 0;
-
-        s8 += s20 * 666643;
-        s9 += s20 * 470296;
-        s10 += s20 * 654183;
-        s11 -= s20 * 997805;
-        s12 += s20 * 136657;
-        s13 -= s20 * 683901;
-        // s20 = 0;
-
-        s7 += s19 * 666643;
-        s8 += s19 * 470296;
-        s9 += s19 * 654183;
-        s10 -= s19 * 997805;
-        s11 += s19 * 136657;
-        s12 -= s19 * 683901;
-        // s19 = 0;
-
-        s6 += s18 * 666643;
-        s7 += s18 * 470296;
-        s8 += s18 * 654183;
-        s9 -= s18 * 997805;
-        s10 += s18 * 136657;
-        s11 -= s18 * 683901;
-        // s18 = 0;
-
-        carry6 = (s6 + (1 << 20)) >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry8 = (s8 + (1 << 20)) >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry10 = (s10 + (1 << 20)) >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-        carry12 = (s12 + (1 << 20)) >> 21;
-        s13 += carry12;
-        s12 -= carry12 << 21;
-        carry14 = (s14 + (1 << 20)) >> 21;
-        s15 += carry14;
-        s14 -= carry14 << 21;
-        carry16 = (s16 + (1 << 20)) >> 21;
-        s17 += carry16;
-        s16 -= carry16 << 21;
-
-        carry7 = (s7 + (1 << 20)) >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry9 = (s9 + (1 << 20)) >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry11 = (s11 + (1 << 20)) >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-        carry13 = (s13 + (1 << 20)) >> 21;
-        s14 += carry13;
-        s13 -= carry13 << 21;
-        carry15 = (s15 + (1 << 20)) >> 21;
-        s16 += carry15;
-        s15 -= carry15 << 21;
-
-        s5 += s17 * 666643;
-        s6 += s17 * 470296;
-        s7 += s17 * 654183;
-        s8 -= s17 * 997805;
-        s9 += s17 * 136657;
-        s10 -= s17 * 683901;
-        // s17 = 0;
-
-        s4 += s16 * 666643;
-        s5 += s16 * 470296;
-        s6 += s16 * 654183;
-        s7 -= s16 * 997805;
-        s8 += s16 * 136657;
-        s9 -= s16 * 683901;
-        // s16 = 0;
-
-        s3 += s15 * 666643;
-        s4 += s15 * 470296;
-        s5 += s15 * 654183;
-        s6 -= s15 * 997805;
-        s7 += s15 * 136657;
-        s8 -= s15 * 683901;
-        // s15 = 0;
-
-        s2 += s14 * 666643;
-        s3 += s14 * 470296;
-        s4 += s14 * 654183;
-        s5 -= s14 * 997805;
-        s6 += s14 * 136657;
-        s7 -= s14 * 683901;
-        // s14 = 0;
-
-        s1 += s13 * 666643;
-        s2 += s13 * 470296;
-        s3 += s13 * 654183;
-        s4 -= s13 * 997805;
-        s5 += s13 * 136657;
-        s6 -= s13 * 683901;
-        // s13 = 0;
-
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        s12 = 0;
-
-        carry0 = (s0 + (1 << 20)) >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry2 = (s2 + (1 << 20)) >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry4 = (s4 + (1 << 20)) >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry6 = (s6 + (1 << 20)) >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry8 = (s8 + (1 << 20)) >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry10 = (s10 + (1 << 20)) >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-
-        carry1 = (s1 + (1 << 20)) >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry3 = (s3 + (1 << 20)) >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry5 = (s5 + (1 << 20)) >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry7 = (s7 + (1 << 20)) >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry9 = (s9 + (1 << 20)) >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry11 = (s11 + (1 << 20)) >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        s12 = 0;
-
-        carry0 = s0 >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry1 = s1 >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry2 = s2 >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry3 = s3 >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry4 = s4 >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry5 = s5 >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry6 = s6 >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry7 = s7 >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry8 = s8 >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry9 = s9 >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry10 = s10 >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-        carry11 = s11 >> 21;
-        s12 += carry11;
-        s11 -= carry11 << 21;
-
-        s0 += s12 * 666643;
-        s1 += s12 * 470296;
-        s2 += s12 * 654183;
-        s3 -= s12 * 997805;
-        s4 += s12 * 136657;
-        s5 -= s12 * 683901;
-        // s12 = 0;
-
-        carry0 = s0 >> 21;
-        s1 += carry0;
-        s0 -= carry0 << 21;
-        carry1 = s1 >> 21;
-        s2 += carry1;
-        s1 -= carry1 << 21;
-        carry2 = s2 >> 21;
-        s3 += carry2;
-        s2 -= carry2 << 21;
-        carry3 = s3 >> 21;
-        s4 += carry3;
-        s3 -= carry3 << 21;
-        carry4 = s4 >> 21;
-        s5 += carry4;
-        s4 -= carry4 << 21;
-        carry5 = s5 >> 21;
-        s6 += carry5;
-        s5 -= carry5 << 21;
-        carry6 = s6 >> 21;
-        s7 += carry6;
-        s6 -= carry6 << 21;
-        carry7 = s7 >> 21;
-        s8 += carry7;
-        s7 -= carry7 << 21;
-        carry8 = s8 >> 21;
-        s9 += carry8;
-        s8 -= carry8 << 21;
-        carry9 = s9 >> 21;
-        s10 += carry9;
-        s9 -= carry9 << 21;
-        carry10 = s10 >> 21;
-        s11 += carry10;
-        s10 -= carry10 << 21;
-
-        s[0] = (byte) s0;
-        s[1] = (byte) (s0 >> 8);
-        s[2] = (byte) ((s0 >> 16) | (s1 << 5));
-        s[3] = (byte) (s1 >> 3);
-        s[4] = (byte) (s1 >> 11);
-        s[5] = (byte) ((s1 >> 19) | (s2 << 2));
-        s[6] = (byte) (s2 >> 6);
-        s[7] = (byte) ((s2 >> 14) | (s3 << 7));
-        s[8] = (byte) (s3 >> 1);
-        s[9] = (byte) (s3 >> 9);
-        s[10] = (byte) ((s3 >> 17) | (s4 << 4));
-        s[11] = (byte) (s4 >> 4);
-        s[12] = (byte) (s4 >> 12);
-        s[13] = (byte) ((s4 >> 20) | (s5 << 1));
-        s[14] = (byte) (s5 >> 7);
-        s[15] = (byte) ((s5 >> 15) | (s6 << 6));
-        s[16] = (byte) (s6 >> 2);
-        s[17] = (byte) (s6 >> 10);
-        s[18] = (byte) ((s6 >> 18) | (s7 << 3));
-        s[19] = (byte) (s7 >> 5);
-        s[20] = (byte) (s7 >> 13);
-        s[21] = (byte) s8;
-        s[22] = (byte) (s8 >> 8);
-        s[23] = (byte) ((s8 >> 16) | (s9 << 5));
-        s[24] = (byte) (s9 >> 3);
-        s[25] = (byte) (s9 >> 11);
-        s[26] = (byte) ((s9 >> 19) | (s10 << 2));
-        s[27] = (byte) (s10 >> 6);
-        s[28] = (byte) ((s10 >> 14) | (s11 << 7));
-        s[29] = (byte) (s11 >> 1);
-        s[30] = (byte) (s11 >> 9);
-        s[31] = (byte) (s11 >> 17);
-    }
-
-    // The order of the generator as unsigned bytes in little endian order.
-    // (2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed, cf. RFC 7748)
-    private static final byte[] GROUP_ORDER = {
-            (byte) 0xed, (byte) 0xd3, (byte) 0xf5, (byte) 0x5c,
-            (byte) 0x1a, (byte) 0x63, (byte) 0x12, (byte) 0x58,
-            (byte) 0xd6, (byte) 0x9c, (byte) 0xf7, (byte) 0xa2,
-            (byte) 0xde, (byte) 0xf9, (byte) 0xde, (byte) 0x14,
-            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
-            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
-            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
-            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x10};
-
-    // Checks whether s represents an integer smaller than the order of the group.
-    // This is needed to ensure that EdDSA signatures are non-malleable, as failing to check
-    // the range of S allows to modify signatures (cf. RFC 8032, Section 5.2.7 and Section 8.4.)
-    // @param s an integer in little-endian order.
-    private static boolean isSmallerThanGroupOrder(byte[] s) {
-        for (int j = Field25519.FIELD_LEN - 1; j >= 0; j--) {
-            // compare unsigned bytes
-            int a = s[j] & 0xff;
-            int b = GROUP_ORDER[j] & 0xff;
-            if (a != b) {
-                return a < b;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Returns true if the EdDSA {@code signature} with {@code message}, can be verified with
-     * {@code publicKey}.
-     */
-    public static boolean verify(final byte[] message, final byte[] signature,
-                                 final byte[] publicKey) {
-        try {
-            if (signature.length != SIGNATURE_LEN) {
-                return false;
-            }
-            if (publicKey.length != PUBLIC_KEY_LEN) {
-                return false;
-            }
-            byte[] s = Arrays.copyOfRange(signature, Field25519.FIELD_LEN, SIGNATURE_LEN);
-            if (!isSmallerThanGroupOrder(s)) {
-                return false;
-            }
-            MessageDigest digest = MessageDigest.getInstance("SHA-512");
-            digest.update(signature, 0, Field25519.FIELD_LEN);
-            digest.update(publicKey);
-            digest.update(message);
-            byte[] h = digest.digest();
-            reduce(h);
-
-            XYZT negPublicKey = XYZT.fromBytesNegateVarTime(publicKey);
-            XYZ xyz = doubleScalarMultVarTime(h, negPublicKey, s);
-            byte[] expectedR = xyz.toBytes();
-            for (int i = 0; i < Field25519.FIELD_LEN; i++) {
-                if (expectedR[i] != signature[i]) {
-                    return false;
-                }
-            }
-            return true;
-        } catch (final GeneralSecurityException ignored) {
-            return false;
-        }
-    }
-}
diff --git a/app/src/main/java/com/wireguard/crypto/Key.java b/app/src/main/java/com/wireguard/crypto/Key.java
deleted file mode 100644
index 9e25e6057..000000000
--- a/app/src/main/java/com/wireguard/crypto/Key.java
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package com.wireguard.crypto;
-
-import com.wireguard.crypto.KeyFormatException.Type;
-
-import java.security.MessageDigest;
-import java.security.SecureRandom;
-import java.util.Arrays;
-
-/**
- * Represents a WireGuard public or private key. This class uses specialized constant-time base64
- * and hexadecimal codec implementations that resist side-channel attacks.
- * <p>
- * Instances of this class are immutable.
- */
-@SuppressWarnings("MagicNumber")
-public final class Key {
-    private final byte[] key;
-
-    /**
-     * Constructs an object encapsulating the supplied key.
-     *
-     * @param key an array of bytes containing a binary key. Callers of this constructor are
-     *            responsible for ensuring that the array is of the correct length.
-     */
-    private Key(final byte[] key) {
-        // Defensively copy to ensure immutability.
-        this.key = Arrays.copyOf(key, key.length);
-    }
-
-    /**
-     * Decodes a single 4-character base64 chunk to an integer in constant time.
-     *
-     * @param src       an array of at least 4 characters in base64 format
-     * @param srcOffset the offset of the beginning of the chunk in {@code src}
-     * @return the decoded 3-byte integer, or some arbitrary integer value if the input was not
-     * valid base64
-     */
-    private static int decodeBase64(final char[] src, final int srcOffset) {
-        int val = 0;
-        for (int i = 0; i < 4; ++i) {
-            final char c = src[i + srcOffset];
-            val |= (-1
-                    + ((((('A' - 1) - c) & (c - ('Z' + 1))) >>> 8) & (c - 64))
-                    + ((((('a' - 1) - c) & (c - ('z' + 1))) >>> 8) & (c - 70))
-                    + ((((('0' - 1) - c) & (c - ('9' + 1))) >>> 8) & (c + 5))
-                    + ((((('+' - 1) - c) & (c - ('+' + 1))) >>> 8) & 63)
-                    + ((((('/' - 1) - c) & (c - ('/' + 1))) >>> 8) & 64)
-            ) << (18 - 6 * i);
-        }
-        return val;
-    }
-
-    /**
-     * Encodes a single 4-character base64 chunk from 3 consecutive bytes in constant time.
-     *
-     * @param src        an array of at least 3 bytes
-     * @param srcOffset  the offset of the beginning of the chunk in {@code src}
-     * @param dest       an array of at least 4 characters
-     * @param destOffset the offset of the beginning of the chunk in {@code dest}
-     */
-    private static void encodeBase64(final byte[] src, final int srcOffset,
-                                     final char[] dest, final int destOffset) {
-        final byte[] input = {
-                (byte) ((src[srcOffset] >>> 2) & 63),
-                (byte) ((src[srcOffset] << 4 | ((src[1 + srcOffset] & 0xff) >>> 4)) & 63),
-                (byte) ((src[1 + srcOffset] << 2 | ((src[2 + srcOffset] & 0xff) >>> 6)) & 63),
-                (byte) ((src[2 + srcOffset]) & 63),
-        };
-        for (int i = 0; i < 4; ++i) {
-            dest[i + destOffset] = (char) (input[i] + 'A'
-                    + (((25 - input[i]) >>> 8) & 6)
-                    - (((51 - input[i]) >>> 8) & 75)
-                    - (((61 - input[i]) >>> 8) & 15)
-                    + (((62 - input[i]) >>> 8) & 3));
-        }
-    }
-
-    /**
-     * Decodes a WireGuard public or private key from its base64 string representation. This
-     * function throws a {@link KeyFormatException} if the source string is not well-formed.
-     *
-     * @param str the base64 string representation of a WireGuard key
-     * @return the decoded key encapsulated in an immutable container
-     */
-    public static Key fromBase64(final String str) throws KeyFormatException {
-        final char[] input = str.toCharArray();
-        if (input.length != Format.BASE64.length || input[Format.BASE64.length - 1] != '=')
-            throw new KeyFormatException(Format.BASE64, Type.LENGTH);
-        final byte[] key = new byte[Format.BINARY.length];
-        int i;
-        int ret = 0;
-        for (i = 0; i < key.length / 3; ++i) {
-            final int val = decodeBase64(input, i * 4);
-            ret |= val >>> 31;
-            key[i * 3] = (byte) ((val >>> 16) & 0xff);
-            key[i * 3 + 1] = (byte) ((val >>> 8) & 0xff);
-            key[i * 3 + 2] = (byte) (val & 0xff);
-        }
-        final char[] endSegment = {
-                input[i * 4],
-                input[i * 4 + 1],
-                input[i * 4 + 2],
-                'A',
-        };
-        final int val = decodeBase64(endSegment, 0);
-        ret |= (val >>> 31) | (val & 0xff);
-        key[i * 3] = (byte) ((val >>> 16) & 0xff);
-        key[i * 3 + 1] = (byte) ((val >>> 8) & 0xff);
-
-        if (ret != 0)
-            throw new KeyFormatException(Format.BASE64, Type.CONTENTS);
-        return new Key(key);
-    }
-
-    /**
-     * Wraps a WireGuard public or private key in an immutable container. This function throws a
-     * {@link KeyFormatException} if the source data is not the correct length.
-     *
-     * @param bytes an array of bytes containing a WireGuard key in binary format
-     * @return the key encapsulated in an immutable container
-     */
-    public static Key fromBytes(final byte[] bytes) throws KeyFormatException {
-        if (bytes.length != Format.BINARY.length)
-            throw new KeyFormatException(Format.BINARY, Type.LENGTH);
-        return new Key(bytes);
-    }
-
-    /**
-     * Decodes a WireGuard public or private key from its hexadecimal string representation. This
-     * function throws a {@link KeyFormatException} if the source string is not well-formed.
-     *
-     * @param str the hexadecimal string representation of a WireGuard key
-     * @return the decoded key encapsulated in an immutable container
-     */
-    public static Key fromHex(final String str) throws KeyFormatException {
-        final char[] input = str.toCharArray();
-        if (input.length != Format.HEX.length)
-            throw new KeyFormatException(Format.HEX, Type.LENGTH);
-        final byte[] key = new byte[Format.BINARY.length];
-        int ret = 0;
-        for (int i = 0; i < key.length; ++i) {
-            int c;
-            int cNum;
-            int cNum0;
-            int cAlpha;
-            int cAlpha0;
-            int cVal;
-            final int cAcc;
-
-            c = input[i * 2];
-            cNum = c ^ 48;
-            cNum0 = ((cNum - 10) >>> 8) & 0xff;
-            cAlpha = (c & ~32) - 55;
-            cAlpha0 = (((cAlpha - 10) ^ (cAlpha - 16)) >>> 8) & 0xff;
-            ret |= ((cNum0 | cAlpha0) - 1) >>> 8;
-            cVal = (cNum0 & cNum) | (cAlpha0 & cAlpha);
-            cAcc = cVal * 16;
-
-            c = input[i * 2 + 1];
-            cNum = c ^ 48;
-            cNum0 = ((cNum - 10) >>> 8) & 0xff;
-            cAlpha = (c & ~32) - 55;
-            cAlpha0 = (((cAlpha - 10) ^ (cAlpha - 16)) >>> 8) & 0xff;
-            ret |= ((cNum0 | cAlpha0) - 1) >>> 8;
-            cVal = (cNum0 & cNum) | (cAlpha0 & cAlpha);
-            key[i] = (byte) (cAcc | cVal);
-        }
-        if (ret != 0)
-            throw new KeyFormatException(Format.HEX, Type.CONTENTS);
-        return new Key(key);
-    }
-
-    /**
-     * Generates a private key using the system's {@link SecureRandom} number generator.
-     *
-     * @return a well-formed random private key
-     */
-    static Key generatePrivateKey() {
-        final SecureRandom secureRandom = new SecureRandom();
-        final byte[] privateKey = new byte[Format.BINARY.getLength()];
-        secureRandom.nextBytes(privateKey);
-        privateKey[0] &= 248;
-        privateKey[31] &= 127;
-        privateKey[31] |= 64;
-        return new Key(privateKey);
-    }
-
-    /**
-     * Generates a public key from an existing private key.
-     *
-     * @param privateKey a private key
-     * @return a well-formed public key that corresponds to the supplied private key
-     */
-    static Key generatePublicKey(final Key privateKey) {
-        final byte[] publicKey = new byte[Format.BINARY.getLength()];
-        Curve25519.eval(publicKey, 0, privateKey.getBytes(), null);
-        return new Key(publicKey);
-    }
-
-    @Override
-    public boolean equals(final Object obj) {
-        if (obj == this)
-            return true;
-        if (obj == null || obj.getClass() != getClass())
-            return false;
-        final Key other = (Key) obj;
-        return MessageDigest.isEqual(key, other.key);
-    }
-
-    /**
-     * Returns the key as an array of bytes.
-     *
-     * @return an array of bytes containing the raw binary key
-     */
-    public byte[] getBytes() {
-        // Defensively copy to ensure immutability.
-        return Arrays.copyOf(key, key.length);
-    }
-
-    @Override
-    public int hashCode() {
-        int ret = 0;
-        for (int i = 0; i < key.length / 4; ++i)
-            ret ^= (key[i * 4 + 0] >> 0) + (key[i * 4 + 1] >> 8) + (key[i * 4 + 2] >> 16) + (key[i * 4 + 3] >> 24);
-        return ret;
-    }
-
-    /**
-     * Encodes the key to base64.
-     *
-     * @return a string containing the encoded key
-     */
-    public String toBase64() {
-        final char[] output = new char[Format.BASE64.length];
-        int i;
-        for (i = 0; i < key.length / 3; ++i)
-            encodeBase64(key, i * 3, output, i * 4);
-        final byte[] endSegment = {
-                key[i * 3],
-                key[i * 3 + 1],
-                0,
-        };
-        encodeBase64(endSegment, 0, output, i * 4);
-        output[Format.BASE64.length - 1] = '=';
-        return new String(output);
-    }
-
-    /**
-     * Encodes the key to hexadecimal ASCII characters.
-     *
-     * @return a string containing the encoded key
-     */
-    public String toHex() {
-        final char[] output = new char[Format.HEX.length];
-        for (int i = 0; i < key.length; ++i) {
-            output[i * 2] = (char) (87 + (key[i] >> 4 & 0xf)
-                    + ((((key[i] >> 4 & 0xf) - 10) >> 8) & ~38));
-            output[i * 2 + 1] = (char) (87 + (key[i] & 0xf)
-                    + ((((key[i] & 0xf) - 10) >> 8) & ~38));
-        }
-        return new String(output);
-    }
-
-    /**
-     * The supported formats for encoding a WireGuard key.
-     */
-    public enum Format {
-        BASE64(44),
-        BINARY(32),
-        HEX(64);
-
-        private final int length;
-
-        Format(final int length) {
-            this.length = length;
-        }
-
-        public int getLength() {
-            return length;
-        }
-    }
-
-}
diff --git a/app/src/main/java/com/wireguard/crypto/KeyFormatException.java b/app/src/main/java/com/wireguard/crypto/KeyFormatException.java
deleted file mode 100644
index 5818b4d45..000000000
--- a/app/src/main/java/com/wireguard/crypto/KeyFormatException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package com.wireguard.crypto;
-
-/**
- * An exception thrown when attempting to parse an invalid key (too short, too long, or byte
- * data inappropriate for the format). The format being parsed can be accessed with the
- * {@link #getFormat} method.
- */
-public final class KeyFormatException extends Exception {
-    private final Key.Format format;
-    private final Type type;
-
-    KeyFormatException(final Key.Format format, final Type type) {
-        this.format = format;
-        this.type = type;
-    }
-
-    public Key.Format getFormat() {
-        return format;
-    }
-
-    public Type getType() {
-        return type;
-    }
-
-    public enum Type {
-        CONTENTS,
-        LENGTH
-    }
-}
diff --git a/app/src/main/java/com/wireguard/crypto/KeyPair.java b/app/src/main/java/com/wireguard/crypto/KeyPair.java
deleted file mode 100644
index f8238e91c..000000000
--- a/app/src/main/java/com/wireguard/crypto/KeyPair.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package com.wireguard.crypto;
-
-/**
- * Represents a Curve25519 key pair as used by WireGuard.
- * <p>
- * Instances of this class are immutable.
- */
-public class KeyPair {
-    private final Key privateKey;
-    private final Key publicKey;
-
-    /**
-     * Creates a key pair using a newly-generated private key.
-     */
-    public KeyPair() {
-        this(Key.generatePrivateKey());
-    }
-
-    /**
-     * Creates a key pair using an existing private key.
-     *
-     * @param privateKey a private key, used to derive the public key
-     */
-    public KeyPair(final Key privateKey) {
-        this.privateKey = privateKey;
-        publicKey = Key.generatePublicKey(privateKey);
-    }
-
-    /**
-     * Returns the private key from the key pair.
-     *
-     * @return the private key
-     */
-    public Key getPrivateKey() {
-        return privateKey;
-    }
-
-    /**
-     * Returns the public key from the key pair.
-     *
-     * @return the public key
-     */
-    public Key getPublicKey() {
-        return publicKey;
-    }
-}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/BootReceiver.kt b/app/src/main/java/io/nekohasekai/sagernet/BootReceiver.kt
new file mode 100644
index 000000000..fd037ad49
--- /dev/null
+++ b/app/src/main/java/io/nekohasekai/sagernet/BootReceiver.kt
@@ -0,0 +1,42 @@
+package io.nekohasekai.sagernet
+
+import android.content.BroadcastReceiver
+import android.content.ComponentName
+import android.content.Context
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.os.Build
+import io.nekohasekai.sagernet.bg.SubscriptionUpdater
+import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.ktx.app
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
+
+class BootReceiver : BroadcastReceiver() {
+    companion object {
+        private val componentName by lazy { ComponentName(app, BootReceiver::class.java) }
+        var enabled: Boolean
+            get() = app.packageManager.getComponentEnabledSetting(componentName) == PackageManager.COMPONENT_ENABLED_STATE_ENABLED
+            set(value) = app.packageManager.setComponentEnabledSetting(
+                componentName, if (value) PackageManager.COMPONENT_ENABLED_STATE_ENABLED
+                else PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP
+            )
+    }
+
+    override fun onReceive(context: Context, intent: Intent) {
+        runOnDefaultDispatcher {
+            SubscriptionUpdater.reconfigureUpdater()
+        }
+
+        if (!DataStore.persistAcrossReboot) {   // sanity check
+            enabled = false
+            return
+        }
+
+        val doStart = when (intent.action) {
+            Intent.ACTION_LOCKED_BOOT_COMPLETED -> false // DataStore.directBootAware
+            else -> Build.VERSION.SDK_INT < 24 || SagerNet.user.isUserUnlocked
+        } && DataStore.selectedProxy > 0
+
+        if (doStart) SagerNet.startService()
+    }
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/Constants.kt b/app/src/main/java/io/nekohasekai/sagernet/Constants.kt
index d84be134a..caf363f6f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/Constants.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/Constants.kt
@@ -7,6 +7,8 @@ object Key {
     const val DB_PUBLIC = "configuration.db"
     const val DB_PROFILE = "sager_net.db"
 
+    const val PERSIST_ACROSS_REBOOT = "isAutoConnect"
+
     const val APP_EXPERT = "isExpert"
     const val APP_THEME = "appTheme"
     const val NIGHT_THEME = "nightTheme"
@@ -14,12 +16,12 @@ object Key {
     const val MODE_VPN = "vpn"
     const val MODE_PROXY = "proxy"
 
+    const val GLOBAL_CUSTOM_CONFIG = "globalCustomConfig"
+
     const val REMOTE_DNS = "remoteDns"
     const val DIRECT_DNS = "directDns"
-    const val DIRECT_DNS_USE_SYSTEM = "directDnsUseSystem"
     const val ENABLE_DNS_ROUTING = "enableDnsRouting"
     const val ENABLE_FAKEDNS = "enableFakeDns"
-    const val DNS_NETWORK = "dnsNetwork"
 
     const val IPV6_MODE = "ipv6Mode"
 
@@ -28,7 +30,6 @@ object Key {
     const val INDIVIDUAL = "individual"
     const val METERED_NETWORK = "meteredNetwork"
 
-    const val DOMAIN_STRATEGY = "domainStrategy"
     const val TRAFFIC_SNIFFING = "trafficSniffing"
     const val RESOLVE_DESTINATION = "resolveDestination"
 
@@ -39,16 +40,13 @@ object Key {
     const val ALLOW_ACCESS = "allowAccess"
     const val SPEED_INTERVAL = "speedInterval"
     const val SHOW_DIRECT_SPEED = "showDirectSpeed"
-    const val LOCAL_DNS_PORT = "portLocalDns"
 
     const val APPEND_HTTP_PROXY = "appendHttpProxy"
 
-    const val REQUIRE_TRANSPROXY = "requireTransproxy"
-    const val TRANSPROXY_MODE = "transproxyMode"
-    const val TRANSPROXY_PORT = "transproxyPort"
     const val CONNECTION_TEST_URL = "connectionTestURL"
 
-    const val TCP_KEEP_ALIVE_INTERVAL = "tcpKeepAliveInterval"
+    const val NETWORK_CHANGE_RESET_CONNECTIONS = "networkChangeResetConnections"
+    const val WAKE_RESET_CONNECTIONS = "wakeResetConnections"
     const val RULES_PROVIDER = "rulesProvider"
     const val LOG_LEVEL = "logLevel"
     const val LOG_BUF_SIZE = "logBufSize"
@@ -56,12 +54,13 @@ object Key {
     const val ALWAYS_SHOW_ADDRESS = "alwaysShowAddress"
 
     // Protocol Settings
-    const val MUX_PROTOCOLS = "mux"
-    const val MUX_CONCURRENCY = "muxConcurrency"
+    const val GLOBAL_ALLOW_INSECURE = "globalAllowInsecure"
 
     const val ACQUIRE_WAKE_LOCK = "acquireWakeLock"
     const val SHOW_BOTTOM_BAR = "showBottomBar"
 
+    const val ALLOW_INSECURE_ON_REQUEST = "allowInsecureOnRequest"
+
     const val TUN_IMPLEMENTATION = "tunImplementation"
     const val PROFILE_TRAFFIC_STATISTICS = "profileTrafficStatistics"
 
@@ -76,14 +75,13 @@ object Key {
     const val SERVER_USERNAME = "serverUsername"
     const val SERVER_PASSWORD = "serverPassword"
     const val SERVER_METHOD = "serverMethod"
-    const val SERVER_PLUGIN = "serverPlugin"
-    const val SERVER_PLUGIN_CONFIGURE = "serverPluginConfigure"
     const val SERVER_PASSWORD1 = "serverPassword1"
 
+    const val PROTOCOL_VERSION = "protocolVersion"
+
     const val SERVER_PROTOCOL = "serverProtocol"
     const val SERVER_OBFS = "serverObfs"
 
-    const val SERVER_SECURITY = "serverSecurity"
     const val SERVER_NETWORK = "serverNetwork"
     const val SERVER_HOST = "serverHost"
     const val SERVER_PATH = "serverPath"
@@ -91,6 +89,7 @@ object Key {
     const val SERVER_ENCRYPTION = "serverEncryption"
     const val SERVER_ALPN = "serverALPN"
     const val SERVER_CERTIFICATES = "serverCertificates"
+    const val SERVER_MTU = "serverMTU"
 
     const val SERVER_CONFIG = "serverConfig"
     const val SERVER_CUSTOM = "serverCustom"
@@ -98,6 +97,7 @@ object Key {
 
     const val SERVER_SECURITY_CATEGORY = "serverSecurityCategory"
     const val SERVER_TLS_CAMOUFLAGE_CATEGORY = "serverTlsCamouflageCategory"
+    const val SERVER_ECH_CATEORY = "serverECHCategory"
     const val SERVER_WS_CATEGORY = "serverWsCategory"
     const val SERVER_SS_CATEGORY = "serverSsCategory"
     const val SERVER_HEADERS = "serverHeaders"
@@ -108,19 +108,16 @@ object Key {
     const val SERVER_DOWNLOAD_SPEED = "serverDownloadSpeed"
     const val SERVER_STREAM_RECEIVE_WINDOW = "serverStreamReceiveWindow"
     const val SERVER_CONNECTION_RECEIVE_WINDOW = "serverConnectionReceiveWindow"
-    const val SERVER_MTU = "serverMTU"
     const val SERVER_DISABLE_MTU_DISCOVERY = "serverDisableMtuDiscovery"
     const val SERVER_HOP_INTERVAL = "hopInterval"
 
     const val SERVER_PRIVATE_KEY = "serverPrivateKey"
-    const val SERVER_LOCAL_ADDRESS = "serverLocalAddress"
     const val SERVER_INSECURE_CONCURRENCY = "serverInsecureConcurrency"
 
     const val SERVER_UDP_RELAY_MODE = "serverUDPRelayMode"
     const val SERVER_CONGESTION_CONTROLLER = "serverCongestionController"
     const val SERVER_DISABLE_SNI = "serverDisableSNI"
     const val SERVER_REDUCE_RTT = "serverReduceRTT"
-    const val SERVER_FAST_CONNECT = "serverFastConnect"
 
     const val ROUTE_NAME = "routeName"
     const val ROUTE_DOMAIN = "routeDomain"
@@ -152,7 +149,6 @@ object Key {
 
     //
 
-    const val NEKO_PLUGIN_MANAGED = "nekoPlugins"
     const val APP_TLS_VERSION = "appTLSVersion"
     const val ENABLE_CLASH_API = "enableClashAPI"
 }
@@ -160,6 +156,7 @@ object Key {
 object TunImplementation {
     const val GVISOR = 0
     const val SYSTEM = 1
+    const val MIXED = 2
 }
 
 object IPv6Mode {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/SagerNet.kt b/app/src/main/java/io/nekohasekai/sagernet/SagerNet.kt
index c082ec3db..f38305d46 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/SagerNet.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/SagerNet.kt
@@ -6,8 +6,6 @@ import android.content.ClipData
 import android.content.ClipboardManager
 import android.content.Context
 import android.content.Intent
-import android.content.pm.PackageInfo
-import android.content.pm.PackageManager
 import android.content.res.Configuration
 import android.net.ConnectivityManager
 import android.net.Network
@@ -22,22 +20,23 @@ import go.Seq
 import io.nekohasekai.sagernet.bg.SagerConnection
 import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.isOss
+import io.nekohasekai.sagernet.ktx.isPreview
 import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import io.nekohasekai.sagernet.ui.MainActivity
 import io.nekohasekai.sagernet.utils.*
 import kotlinx.coroutines.DEBUG_PROPERTY_NAME
 import kotlinx.coroutines.DEBUG_PROPERTY_VALUE_ON
-import libcore.BoxPlatformInterface
 import libcore.Libcore
-import libcore.NB4AInterface
+import moe.matsuri.nb4a.NativeInterface
+import moe.matsuri.nb4a.net.LocalResolverImpl
 import moe.matsuri.nb4a.utils.JavaUtil
 import moe.matsuri.nb4a.utils.cleanWebview
-import java.net.InetSocketAddress
+import java.io.File
 import androidx.work.Configuration as WorkConfiguration
 
 class SagerNet : Application(),
-    BoxPlatformInterface,
-    WorkConfiguration.Provider, NB4AInterface {
+    WorkConfiguration.Provider {
 
     override fun attachBaseContext(base: Context) {
         super.attachBaseContext(base)
@@ -45,18 +44,31 @@ class SagerNet : Application(),
         application = this
     }
 
-    val externalAssets by lazy { getExternalFilesDir(null) ?: filesDir }
-    val process = JavaUtil.getProcessName()
-    val isMainProcess = process == BuildConfig.APPLICATION_ID
+    private val nativeInterface = NativeInterface()
+
+    val externalAssets: File by lazy { getExternalFilesDir(null) ?: filesDir }
+    val process: String = JavaUtil.getProcessName()
+    private val isMainProcess = process == BuildConfig.APPLICATION_ID
     val isBgProcess = process.endsWith(":bg")
 
     override fun onCreate() {
         super.onCreate()
 
-        System.setProperty(DEBUG_PROPERTY_NAME, DEBUG_PROPERTY_VALUE_ON)
         Thread.setDefaultUncaughtExceptionHandler(CrashHandler)
 
         if (isMainProcess || isBgProcess) {
+            externalAssets.mkdirs()
+            Seq.setContext(this)
+            Libcore.initCore(
+                process,
+                cacheDir.absolutePath + "/",
+                filesDir.absolutePath + "/",
+                externalAssets.absolutePath + "/",
+                DataStore.logBufSize,
+                DataStore.logLevel > 0,
+                nativeInterface, nativeInterface, LocalResolverImpl
+            )
+
             // fix multi process issue in Android 9+
             JavaUtil.handleWebviewDir(this)
 
@@ -66,24 +78,6 @@ class SagerNet : Application(),
             }
         }
 
-        Seq.setContext(this)
-        updateNotificationChannels()
-
-        // nb4a: init core
-        externalAssets.mkdirs()
-        Libcore.initCore(
-            process,
-            cacheDir.absolutePath + "/",
-            filesDir.absolutePath + "/",
-            externalAssets.absolutePath + "/",
-            DataStore.logBufSize,
-            DataStore.logLevel > 0,
-            this
-        )
-
-        // libbox: platform interface
-        Libcore.setBoxPlatformInterface(this)
-
         if (isMainProcess) {
             Theme.apply(this)
             Theme.applyNightTheme()
@@ -91,24 +85,24 @@ class SagerNet : Application(),
                 DefaultNetworkListener.start(this) {
                     underlyingNetwork = it
                 }
+
+                updateNotificationChannels()
             }
         }
 
-        if (BuildConfig.DEBUG) StrictMode.setVmPolicy(
-            StrictMode.VmPolicy.Builder()
-                .detectLeakedSqlLiteObjects()
-                .detectLeakedClosableObjects()
-                .detectLeakedRegistrationObjects()
-                .penaltyLog()
-                .build()
-        )
+        if (BuildConfig.DEBUG) {
+            System.setProperty(DEBUG_PROPERTY_NAME, DEBUG_PROPERTY_VALUE_ON)
+            StrictMode.setVmPolicy(
+                StrictMode.VmPolicy.Builder()
+                    .detectLeakedSqlLiteObjects()
+                    .detectLeakedClosableObjects()
+                    .detectLeakedRegistrationObjects()
+                    .penaltyLog()
+                    .build()
+            )
+        }
     }
 
-    fun getPackageInfo(packageName: String) = packageManager.getPackageInfo(
-        packageName, if (Build.VERSION.SDK_INT >= 28) PackageManager.GET_SIGNING_CERTIFICATES
-        else @Suppress("DEPRECATION") PackageManager.GET_SIGNATURES
-    )!!
-
     override fun onConfigurationChanged(newConfig: Configuration) {
         super.onConfigurationChanged(newConfig)
         updateNotificationChannels()
@@ -135,11 +129,6 @@ class SagerNet : Application(),
             uiMode.currentModeType == Configuration.UI_MODE_TYPE_TELEVISION
         }
 
-        // /data/user_de available when not unlocked
-        val deviceStorage by lazy {
-            if (Build.VERSION.SDK_INT < 24) application else DeviceStorageApp(application)
-        }
-
         val configureIntent: (Context) -> PendingIntent by lazy {
             {
                 PendingIntent.getActivity(
@@ -160,8 +149,6 @@ class SagerNet : Application(),
         val uiMode by lazy { application.getSystemService<UiModeManager>()!! }
         val power by lazy { application.getSystemService<PowerManager>()!! }
 
-        val packageInfo: PackageInfo by lazy { application.getPackageInfo(application.packageName) }
-
         fun getClipboardText(): String {
             return clipboard.primaryClip?.takeIf { it.itemCount > 0 }
                 ?.getItemAt(0)?.text?.toString() ?: ""
@@ -193,6 +180,10 @@ class SagerNet : Application(),
                             "service-subscription",
                             application.getText(R.string.service_subscription),
                             NotificationManager.IMPORTANCE_DEFAULT
+                        ), NotificationChannel(
+                            "connection-test",
+                            application.getText(R.string.connection_test),
+                            NotificationManager.IMPORTANCE_DEFAULT
                         )
                     )
                 )
@@ -211,59 +202,18 @@ class SagerNet : Application(),
 
         var underlyingNetwork: Network? = null
 
-    }
-
-
-    //  libbox interface
-
-    override fun autoDetectInterfaceControl(fd: Int) {
-        DataStore.vpnService?.protect(fd)
-    }
-
-    override fun openTun(singTunOptionsJson: String, tunPlatformOptionsJson: String): Long {
-        if (DataStore.vpnService == null) {
-            throw Exception("no VpnService")
-        }
-        return DataStore.vpnService!!.startVpn(singTunOptionsJson, tunPlatformOptionsJson).toLong()
-    }
-
-    override fun useProcFS(): Boolean {
-        return Build.VERSION.SDK_INT < Build.VERSION_CODES.Q
-    }
-
-    @RequiresApi(Build.VERSION_CODES.Q)
-    override fun findConnectionOwner(
-        ipProto: Int, srcIp: String, srcPort: Int, destIp: String, destPort: Int
-    ): Int {
-        return connectivity.getConnectionOwnerUid(
-            ipProto, InetSocketAddress(srcIp, srcPort), InetSocketAddress(destIp, destPort)
-        )
-    }
-
-    override fun packageNameByUid(uid: Int): String {
-        PackageCache.awaitLoadSync()
-
-        if (uid <= 1000L) {
-            return "android"
-        }
-
-        val packageNames = PackageCache.uidMap[uid]
-        if (!packageNames.isNullOrEmpty()) for (packageName in packageNames) {
-            return packageName
-        }
-
-        error("unknown uid $uid")
-    }
-
-    override fun uidByPackageName(packageName: String): Int {
-        PackageCache.awaitLoadSync()
-        return PackageCache[packageName] ?: 0
-    }
-
-    // nb4a interface
-
-    override fun useOfficialAssets(): Boolean {
-        return DataStore.rulesProvider == 0
+        var appVersionNameForDisplay = {
+            var n = BuildConfig.VERSION_NAME
+            if (isPreview) {
+                n += " " + BuildConfig.PRE_VERSION_NAME
+            } else if (!isOss) {
+                n += " ${BuildConfig.FLAVOR}"
+            }
+            if (BuildConfig.DEBUG) {
+                n += " DEBUG"
+            }
+            n
+        }()
     }
 
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/BaseService.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/BaseService.kt
index d14a3c28d..e760983dc 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/BaseService.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/BaseService.kt
@@ -7,6 +7,7 @@ import android.content.IntentFilter
 import android.os.*
 import android.widget.Toast
 import io.nekohasekai.sagernet.Action
+import io.nekohasekai.sagernet.BootReceiver
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.aidl.ISagerNetService
@@ -50,6 +51,19 @@ class BaseService {
                 Intent.ACTION_SHUTDOWN -> service.persistStats()
                 Action.RELOAD -> service.reload()
                 // Action.SWITCH_WAKE_LOCK -> runOnDefaultDispatcher { service.switchWakeLock() }
+                PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED -> {
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                        if (SagerNet.power.isDeviceIdleMode) {
+                            proxy?.box?.sleep()
+                        } else {
+                            proxy?.box?.wake()
+                            if (DataStore.wakeResetConnections) {
+                                Libcore.resetAllConnections(true)
+                            }
+                        }
+                    }
+                }
+
                 Action.RESET_UPSTREAM_CONNECTIONS -> runOnDefaultDispatcher {
                     Libcore.resetAllConnections(true)
                     runOnMainDispatcher {
@@ -58,6 +72,7 @@ class BaseService {
                             .show()
                     }
                 }
+
                 else -> service.stopRunner()
             }
         }
@@ -68,8 +83,9 @@ class BaseService {
 
         fun changeState(s: State, msg: String? = null) {
             if (state == s && msg == null) return
-            binder.stateChanged(s, msg)
             state = s
+            DataStore.serviceState = s
+            binder.stateChanged(s, msg)
         }
     }
 
@@ -86,9 +102,13 @@ class BaseService {
         override val coroutineContext = Dispatchers.Main.immediate + Job()
 
         override fun getState(): Int = (data?.state ?: State.Idle).ordinal
-        override fun getProfileName(): String = data?.proxy?.profile?.displayName() ?: "Idle"
+        override fun getProfileName(): String = data?.proxy?.displayProfileName ?: "Idle"
 
         override fun registerCallback(cb: ISagerNetServiceCallback, id: Int) {
+            if (id == SagerConnection.CONNECTION_ID_RESTART_BG) {
+                Runtime.getRuntime().exit(0)
+                return
+            }
             if (!callbackIdMap.contains(cb)) {
                 callbacks.register(cb)
             }
@@ -165,12 +185,10 @@ class BaseService {
                 val ent = SagerDatabase.proxyDao.getById(DataStore.selectedProxy)
                 val tag = data.proxy!!.config.profileTagMap[ent?.id] ?: ""
                 if (tag.isNotBlank() && ent != null) {
-                    val success = data.proxy!!.box.selectOutbound(tag)
-                    if (success) runOnDefaultDispatcher {
-                        data.proxy!!.looper?.selectMain(ent.id)
-                        val title = ServiceNotification.genTitle(ent)
-                        data.notification?.postNotificationTitle(title)
-                    }
+                    // select from GUI
+                    data.proxy!!.box.selectOutbound(tag)
+                    // or select from webui
+                    // => selector_OnProxySelected
                 }
                 return
             }
@@ -189,7 +207,6 @@ class BaseService {
             tmpBox.buildConfigTmp()
             if (tmpBox.lastSelectorGroupId == data.proxy?.lastSelectorGroupId) {
                 return true
-                // TODO if profile changed?
             }
             return false
         }
@@ -248,7 +265,7 @@ class BaseService {
             }
         }
 
-        open fun persistStats() {
+        fun persistStats() {
             // TODO NEW save app stats?
         }
 
@@ -267,7 +284,9 @@ class BaseService {
                     }
                     if (oldName != null && upstreamInterfaceName != null && oldName != upstreamInterfaceName) {
                         Logs.d("Network changed: $oldName -> $upstreamInterfaceName")
-                        Libcore.resetAllConnections(true)
+                        if (DataStore.networkChangeResetConnections) {
+                            Libcore.resetAllConnections(true)
+                        }
                     }
                 }
             }
@@ -275,16 +294,6 @@ class BaseService {
 
         var wakeLock: PowerManager.WakeLock?
         fun acquireWakeLock()
-        suspend fun switchWakeLock() {
-            wakeLock?.apply {
-                release()
-                wakeLock = null
-                data.notification?.postNotificationWakeLockStatus(false)
-            } ?: apply {
-                acquireWakeLock()
-                data.notification?.postNotificationWakeLockStatus(true)
-            }
-        }
 
         suspend fun lateInit() {
             wakeLock?.apply {
@@ -315,14 +324,34 @@ class BaseService {
 
             val proxy = ProxyInstance(profile, this)
             data.proxy = proxy
+            BootReceiver.enabled = DataStore.persistAcrossReboot
             if (!data.closeReceiverRegistered) {
-                registerReceiver(data.receiver, IntentFilter().apply {
+                val filter = IntentFilter().apply {
                     addAction(Action.RELOAD)
                     addAction(Intent.ACTION_SHUTDOWN)
                     addAction(Action.CLOSE)
                     // addAction(Action.SWITCH_WAKE_LOCK)
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                        addAction(PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED)
+                    }
                     addAction(Action.RESET_UPSTREAM_CONNECTIONS)
-                }, "$packageName.SERVICE", null)
+                }
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+                    registerReceiver(
+                        data.receiver,
+                        filter,
+                        "$packageName.SERVICE",
+                        null,
+                        Context.RECEIVER_EXPORTED
+                    )
+                } else {
+                    registerReceiver(
+                        data.receiver,
+                        filter,
+                        "$packageName.SERVICE",
+                        null
+                    )
+                }
                 data.closeReceiverRegistered = true
             }
 
@@ -344,19 +373,13 @@ class BaseService {
                     startProcesses()
                     data.changeState(State.Connected)
 
-                    for ((type, routeName) in proxy.config.alerts) {
-                        data.binder.broadcast {
-                            it.routeAlert(type, routeName)
-                        }
-                    }
-
                     lateInit()
                 } catch (_: CancellationException) { // if the job was cancelled, it is canceller's responsibility to call stopRunner
                 } catch (_: UnknownHostException) {
                     stopRunner(false, getString(R.string.invalid_server))
                 } catch (e: PluginManager.PluginNotFoundException) {
                     Toast.makeText(this@Interface, e.readableMessage, Toast.LENGTH_SHORT).show()
-                    Logs.d(e.readableMessage)
+                    Logs.w(e)
                     data.binder.missingPlugin(e.plugin)
                     stopRunner(false, null)
                 } catch (exc: Throwable) {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/Executable.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/Executable.kt
index 8e69f0b6a..5b860b35f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/Executable.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/Executable.kt
@@ -3,24 +3,21 @@ package io.nekohasekai.sagernet.bg
 import android.system.ErrnoException
 import android.system.Os
 import android.system.OsConstants
-import android.text.TextUtils
 import io.nekohasekai.sagernet.ktx.Logs
 import java.io.File
 import java.io.IOException
+import androidx.core.text.isDigitsOnly
 
 object Executable {
     private val EXECUTABLES = setOf(
-        "libtrojan.so",
-        "libtrojan-go.so",
-        "libnaive.so",
-        "libhysteria.so",
-        "libwg.so"
+        "libtrojan.so", "libtrojan-go.so", "libnaive.so", "libtuic.so", "libhysteria.so"
     )
 
     fun killAll(alsoKillBg: Boolean = false) {
-        for (process in File("/proc").listFiles { _, name -> TextUtils.isDigitsOnly(name) }
-            ?: return) {
-            val exe = File(try {
+        // kill bg may fail
+        for (process in File("/proc").listFiles { _, name -> name.isDigitsOnly() } ?: return) {
+            val exe = File(
+                try {
                 File(process, "cmdline").inputStream().bufferedReader().use {
                     it.readText()
                 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/GuardedProcessPool.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/GuardedProcessPool.kt
index db7000018..cded1cabb 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/GuardedProcessPool.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/GuardedProcessPool.kt
@@ -64,6 +64,7 @@ class GuardedProcessPool(private val onFatal: suspend (IOException) -> Unit) : C
                         SystemClock.elapsedRealtime() - startTime < 1000 -> throw IOException(
                             "$cmdName exits too fast (exit code: $exitCode)"
                         )
+
                         exitCode == 128 + OsConstants.SIGKILL -> Logs.w("$cmdName was killed")
                         else -> Logs.w(IOException("$cmdName unexpectedly exits with code $exitCode"))
                     }
@@ -99,6 +100,7 @@ class GuardedProcessPool(private val onFatal: suspend (IOException) -> Unit) : C
     }
 
     override val coroutineContext = Dispatchers.Main.immediate + Job()
+    var processCount = 0
 
     @MainThread
     fun start(
@@ -111,6 +113,7 @@ class GuardedProcessPool(private val onFatal: suspend (IOException) -> Unit) : C
             start() // if start fails, IOException will be thrown directly
             launch { looper(onRestartCallback) }
         }
+        processCount += 1
     }
 
     @MainThread
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/SagerConnection.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/SagerConnection.kt
index 0ddf8de08..97ff4b8a0 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/SagerConnection.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/SagerConnection.kt
@@ -24,7 +24,7 @@ class SagerConnection(
         val serviceClass
             get() = when (DataStore.serviceMode) {
                 Key.MODE_PROXY -> ProxyService::class
-                Key.MODE_VPN -> VpnService::class //   Key.MODE_TRANS -> TransproxyService::class
+                Key.MODE_VPN -> VpnService::class
                 else -> throw UnknownError()
             }.java
 
@@ -32,6 +32,9 @@ class SagerConnection(
         const val CONNECTION_ID_TILE = 1
         const val CONNECTION_ID_MAIN_ACTIVITY_FOREGROUND = 2
         const val CONNECTION_ID_MAIN_ACTIVITY_BACKGROUND = 3
+        const val CONNECTION_ID_RESTART_BG = 4
+
+        var restartingApp = false
     }
 
     interface Callback {
@@ -39,11 +42,11 @@ class SagerConnection(
 
         fun cbSpeedUpdate(stats: SpeedDisplayData) {}
         fun cbTrafficUpdate(data: TrafficData) {}
+        fun cbSelectorUpdate(id: Long) {}
 
         fun stateChanged(state: BaseService.State, profileName: String?, msg: String?)
 
         fun missingPlugin(profileName: String, pluginName: String) {}
-        fun routeAlert(type: Int, routeName: String) {}
 
         fun onServiceConnected(service: ISagerNetService)
 
@@ -83,17 +86,17 @@ class SagerConnection(
             }
         }
 
-        override fun missingPlugin(profileName: String, pluginName: String) {
+        override fun cbSelectorUpdate(id: Long) {
             val callback = callback ?: return
             runOnMainDispatcher {
-                callback.missingPlugin(profileName, pluginName)
+                callback.cbSelectorUpdate(id)
             }
         }
 
-        override fun routeAlert(type: Int, routeName: String) {
+        override fun missingPlugin(profileName: String, pluginName: String) {
             val callback = callback ?: return
             runOnMainDispatcher {
-                callback.routeAlert(type, routeName)
+                callback.missingPlugin(profileName, pluginName)
             }
         }
 
@@ -105,7 +108,11 @@ class SagerConnection(
 
     fun updateConnectionId(id: Int) {
         connectionId = id
-        service?.registerCallback(serviceCallback, id)
+        try {
+            service?.registerCallback(serviceCallback, id)
+        } catch (e: Exception) {
+            e.printStackTrace()
+        }
     }
 
     override fun onServiceConnected(name: ComponentName?, binder: IBinder) {
@@ -120,7 +127,7 @@ class SagerConnection(
         } catch (e: RemoteException) {
             e.printStackTrace()
         }
-        callback!!.onServiceConnected(service)
+        callback?.onServiceConnected(service)
     }
 
     override fun onServiceDisconnected(name: ComponentName?) {
@@ -133,7 +140,9 @@ class SagerConnection(
     override fun binderDied() {
         service = null
         callbackRegistered = false
-        callback?.also { runOnMainDispatcher { it.onBinderDied() } }
+        if (!restartingApp) {
+            callback?.also { runOnMainDispatcher { it.onBinderDied() } }
+        }
     }
 
     private fun unregisterCallback() {
@@ -145,7 +154,7 @@ class SagerConnection(
         callbackRegistered = false
     }
 
-    fun connect(context: Context, callback: Callback) {
+    fun connect(context: Context, callback: Callback?) {
         if (connectionActive) return
         connectionActive = true
         check(this.callback == null)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/ServiceNotification.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/ServiceNotification.kt
index dce4b2105..0ac84ac6a 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/ServiceNotification.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/ServiceNotification.kt
@@ -6,8 +6,10 @@ import android.content.BroadcastReceiver
 import android.content.Context
 import android.content.Intent
 import android.content.IntentFilter
+import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED
 import android.os.Build
 import android.text.format.Formatter
+import android.widget.Toast
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
 import io.nekohasekai.sagernet.Action
@@ -19,8 +21,11 @@ import io.nekohasekai.sagernet.database.ProxyEntity
 import io.nekohasekai.sagernet.database.SagerDatabase
 import io.nekohasekai.sagernet.ktx.app
 import io.nekohasekai.sagernet.ktx.getColorAttr
+import io.nekohasekai.sagernet.ktx.runOnMainDispatcher
 import io.nekohasekai.sagernet.ui.SwitchActivity
 import io.nekohasekai.sagernet.utils.Theme
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
 
 /**
  * User can customize visibility of notification since Android 8.
@@ -48,8 +53,10 @@ class ServiceNotification(
         }
     }
 
-    fun postNotificationSpeedUpdate(stats: SpeedDisplayData) {
-        builder.apply {
+    var listenPostSpeed = true
+
+    suspend fun postNotificationSpeedUpdate(stats: SpeedDisplayData) {
+        useBuilder {
             if (showDirectSpeed) {
                 val speedDetail = (service as Context).getString(
                     R.string.speed_detail, service.getString(
@@ -64,8 +71,8 @@ class ServiceNotification(
                         Formatter.formatFileSize(service, stats.rxRateDirect)
                     )
                 )
-                setStyle(NotificationCompat.BigTextStyle().bigText(speedDetail))
-                setContentText(speedDetail)
+                it.setStyle(NotificationCompat.BigTextStyle().bigText(speedDetail))
+                it.setContentText(speedDetail)
             } else {
                 val speedSimple = (service as Context).getString(
                     R.string.traffic, service.getString(
@@ -74,9 +81,9 @@ class ServiceNotification(
                         R.string.speed, Formatter.formatFileSize(service, stats.rxRateProxy)
                     )
                 )
-                setContentText(speedSimple)
+                it.setContentText(speedSimple)
             }
-            setSubText(
+            it.setSubText(
                 service.getString(
                     R.string.traffic,
                     Formatter.formatFileSize(service, stats.txTotal),
@@ -87,15 +94,19 @@ class ServiceNotification(
         update()
     }
 
-    fun postNotificationTitle(newTitle: String) {
-        builder.setContentTitle(newTitle)
+    suspend fun postNotificationTitle(newTitle: String) {
+        useBuilder {
+            it.setContentTitle(newTitle)
+        }
         update()
     }
 
-    fun postNotificationWakeLockStatus(acquired: Boolean) {
+    suspend fun postNotificationWakeLockStatus(acquired: Boolean) {
         updateActions()
-        builder.priority =
-            if (acquired) NotificationCompat.PRIORITY_HIGH else NotificationCompat.PRIORITY_LOW
+        useBuilder {
+            it.priority =
+                if (acquired) NotificationCompat.PRIORITY_HIGH else NotificationCompat.PRIORITY_LOW
+        }
         update()
     }
 
@@ -111,79 +122,100 @@ class ServiceNotification(
         .setCategory(NotificationCompat.CATEGORY_SERVICE)
         .setPriority(if (visible) NotificationCompat.PRIORITY_LOW else NotificationCompat.PRIORITY_MIN)
 
+    private val buildLock = Mutex()
+
+    private suspend fun useBuilder(f: (NotificationCompat.Builder) -> Unit) {
+        buildLock.withLock {
+            f(builder)
+        }
+    }
+
     init {
         service as Context
-        updateActions()
 
         Theme.apply(app)
         Theme.apply(service)
         builder.color = service.getColorAttr(R.attr.colorPrimary)
 
-        updateCallback(SagerNet.power.isInteractive)
         service.registerReceiver(this, IntentFilter().apply {
             addAction(Intent.ACTION_SCREEN_ON)
             addAction(Intent.ACTION_SCREEN_OFF)
         })
-        show()
+
+        runOnMainDispatcher {
+            updateActions()
+            show()
+        }
     }
 
-    private fun updateActions() {
+    private suspend fun updateActions() {
         service as Context
-        builder.clearActions()
+        useBuilder {
+            it.clearActions()
 
-        val closeAction = NotificationCompat.Action.Builder(
-            0, service.getText(R.string.stop), PendingIntent.getBroadcast(
-                service, 0, Intent(Action.CLOSE).setPackage(service.packageName), flags
-            )
-        ).setShowsUserInterface(false).build()
-        builder.addAction(closeAction)
+            val closeAction = NotificationCompat.Action.Builder(
+                0, service.getText(R.string.stop), PendingIntent.getBroadcast(
+                    service, 0, Intent(Action.CLOSE).setPackage(service.packageName), flags
+                )
+            ).setShowsUserInterface(false).build()
+            it.addAction(closeAction)
 
-        val switchAction = NotificationCompat.Action.Builder(
-            0, service.getString(R.string.action_switch), PendingIntent.getActivity(
-                service, 0, Intent(service, SwitchActivity::class.java), flags
-            )
-        ).setShowsUserInterface(false).build()
-        builder.addAction(switchAction)
+            val switchAction = NotificationCompat.Action.Builder(
+                0, service.getString(R.string.action_switch), PendingIntent.getActivity(
+                    service, 0, Intent(service, SwitchActivity::class.java), flags
+                )
+            ).setShowsUserInterface(false).build()
+            it.addAction(switchAction)
 
-        val resetUpstreamAction = NotificationCompat.Action.Builder(
-            0, service.getString(R.string.reset_connections),
-            PendingIntent.getBroadcast(
-                service, 0, Intent(Action.RESET_UPSTREAM_CONNECTIONS), flags
-            )
-        ).setShowsUserInterface(false).build()
-        builder.addAction(resetUpstreamAction)
-
-//        val wakeLockAction = NotificationCompat.Action.Builder(
-//            0,
-//            service.getText(if (!wakeLockAcquired) R.string.acquire_wake_lock else R.string.release_wake_lock),
-//            PendingIntent.getBroadcast(
-//                service,
-//                0,
-//                Intent(Action.SWITCH_WAKE_LOCK).setPackage(service.packageName),
-//                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) PendingIntent.FLAG_IMMUTABLE else 0
-//            )
-//        ).setShowsUserInterface(false).build()
-//        builder.addAction(wakeLockAction)
+            val resetUpstreamAction = NotificationCompat.Action.Builder(
+                0, service.getString(R.string.reset_connections),
+                PendingIntent.getBroadcast(
+                    service, 0, Intent(Action.RESET_UPSTREAM_CONNECTIONS), flags
+                )
+            ).setShowsUserInterface(false).build()
+            it.addAction(resetUpstreamAction)
+        }
     }
 
     override fun onReceive(context: Context, intent: Intent) {
-        if (service.data.state == BaseService.State.Connected) updateCallback(intent.action == Intent.ACTION_SCREEN_ON)
+        if (service.data.state == BaseService.State.Connected) {
+            listenPostSpeed = intent.action == Intent.ACTION_SCREEN_ON
+        }
     }
 
-    var listenPostSpeed = false
 
-    private fun updateCallback(screenOn: Boolean) {
-        if (DataStore.speedInterval == 0) return
-        listenPostSpeed = screenOn
-    }
+    private suspend fun show() =
+        useBuilder {
+            try {
+                if (Build.VERSION.SDK_INT >= 34) {
+                    (service as Service).startForeground(
+                        notificationId,
+                        it.build(),
+                        FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED
+                    )
+                } else {
+                    (service as Service).startForeground(notificationId, it.build())
+                }
+            } catch (e: Exception) {
+                Toast.makeText(
+                    SagerNet.application,
+                    "startForeground: $e",
+                    Toast.LENGTH_LONG
+                ).show()
+            }
+        }
 
-    private fun show() = (service as Service).startForeground(notificationId, builder.build())
-    private fun update() =
-        NotificationManagerCompat.from(service as Service).notify(notificationId, builder.build())
+    private suspend fun update() = useBuilder {
+        NotificationManagerCompat.from(service as Service).notify(notificationId, it.build())
+    }
 
     fun destroy() {
-        (service as Service).stopForeground(true)
+        listenPostSpeed = false
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            (service as Service).stopForeground(Service.STOP_FOREGROUND_REMOVE)
+        } else {
+            (service as Service).stopForeground(true)
+        }
         service.unregisterReceiver(this)
-        updateCallback(false)
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/SubscriptionUpdater.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/SubscriptionUpdater.kt
index 5a367ee74..a00067283 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/SubscriptionUpdater.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/SubscriptionUpdater.kt
@@ -4,7 +4,7 @@ import android.content.Context
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
 import androidx.work.CoroutineWorker
-import androidx.work.ExistingPeriodicWorkPolicy
+import androidx.work.ExistingPeriodicWorkPolicy.UPDATE
 import androidx.work.PeriodicWorkRequest
 import androidx.work.WorkerParameters
 import androidx.work.multiprocess.RemoteWorkManager
@@ -39,7 +39,7 @@ object SubscriptionUpdater {
         // main process
         RemoteWorkManager.getInstance(app).enqueueUniquePeriodicWork(
             WORK_NAME,
-            ExistingPeriodicWorkPolicy.REPLACE,
+            UPDATE,
             PeriodicWorkRequest.Builder(UpdateTask::class.java, minDelay, TimeUnit.MINUTES)
                 .apply {
                     if (minInitDelay > 0) setInitialDelay(minInitDelay, TimeUnit.SECONDS)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/TileService.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/TileService.kt
index 54239e914..dd46ee5cd 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/TileService.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/TileService.kt
@@ -1,23 +1,3 @@
-/*******************************************************************************
- *                                                                             *
- *  Copyright (C) 2017 by Max Lv <max.c.lv@gmail.com>                          *
- *  Copyright (C) 2017 by Mygod Studio <contact-shadowsocks-android@mygod.be>  *
- *                                                                             *
- *  This program is free software: you can redistribute it and/or modify       *
- *  it under the terms of the GNU General Public License as published by       *
- *  the Free Software Foundation, either version 3 of the License, or          *
- *  (at your option) any later version.                                        *
- *                                                                             *
- *  This program is distributed in the hope that it will be useful,            *
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of             *
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
- *  GNU General Public License for more details.                               *
- *                                                                             *
- *  You should have received a copy of the GNU General Public License          *
- *  along with this program. If not, see <http://www.gnu.org/licenses/>.       *
- *                                                                             *
- *******************************************************************************/
-
 package io.nekohasekai.sagernet.bg
 
 import android.graphics.drawable.Icon
@@ -26,6 +6,7 @@ import androidx.annotation.RequiresApi
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.aidl.ISagerNetService
+import io.nekohasekai.sagernet.database.SagerDatabase
 import android.service.quicksettings.TileService as BaseTileService
 
 @RequiresApi(24)
@@ -39,16 +20,21 @@ class TileService : BaseTileService(), SagerConnection.Callback {
 
     private val connection = SagerConnection(SagerConnection.CONNECTION_ID_TILE)
     override fun stateChanged(state: BaseService.State, profileName: String?, msg: String?) =
-        updateTile(state) { profileName }
+        updateTile(state, profileName)
 
     override fun onServiceConnected(service: ISagerNetService) {
-        updateTile(BaseService.State.values()[service.state]) { service.profileName }
+        updateTile(BaseService.State.values()[service.state], service.profileName)
         if (tapPending) {
             tapPending = false
             onClick()
         }
     }
 
+    override fun cbSelectorUpdate(id: Long) {
+        val profile = SagerDatabase.proxyDao.getById(id) ?: return
+        updateTile(BaseService.State.Connected, profile.displayName())
+    }
+
     override fun onStartListening() {
         super.onStartListening()
         connection.connect(this, this)
@@ -60,10 +46,10 @@ class TileService : BaseTileService(), SagerConnection.Callback {
     }
 
     override fun onClick() {
-        toggle()
+        if (isLocked) unlockAndRun(this::toggle) else toggle()
     }
 
-    private fun updateTile(serviceState: BaseService.State, profileName: () -> String?) {
+    private fun updateTile(serviceState: BaseService.State, profileName: String?) {
         qsTile?.apply {
             label = null
             when (serviceState) {
@@ -72,15 +58,18 @@ class TileService : BaseTileService(), SagerConnection.Callback {
                     icon = iconBusy
                     state = Tile.STATE_ACTIVE
                 }
+
                 BaseService.State.Connected -> {
                     icon = iconConnected
-                    label = profileName()
+                    label = profileName
                     state = Tile.STATE_ACTIVE
                 }
+
                 BaseService.State.Stopping -> {
                     icon = iconBusy
                     state = Tile.STATE_UNAVAILABLE
                 }
+
                 BaseService.State.Stopped -> {
                     icon = iconIdle
                     state = Tile.STATE_INACTIVE
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/VpnService.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/VpnService.kt
index b6f0b4376..751c14965 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/VpnService.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/VpnService.kt
@@ -16,9 +16,6 @@ import io.nekohasekai.sagernet.fmt.hysteria.HysteriaBean
 import io.nekohasekai.sagernet.ktx.*
 import io.nekohasekai.sagernet.ui.VpnRequestActivity
 import io.nekohasekai.sagernet.utils.Subnet
-import libcore.*
-import moe.matsuri.nb4a.net.LocalResolverImpl
-import moe.matsuri.nb4a.proxy.neko.needBypassRootUid
 import android.net.VpnService as BaseVpnService
 
 class VpnService : BaseVpnService(),
@@ -95,9 +92,8 @@ class VpnService : BaseVpnService(),
 //        val tunOptions = JSONObject(tunOptionsJson)
 
         // address & route & MTU ...... use NB4A GUI config
-        val profile = data.proxy!!.profile
         val builder = Builder().setConfigureIntent(SagerNet.configureIntent(this))
-            .setSession(profile.displayName())
+            .setSession(getString(R.string.app_name))
             .setMtu(DataStore.mtu)
         val ipv6Mode = DataStore.ipv6Mode
 
@@ -132,11 +128,11 @@ class VpnService : BaseVpnService(),
 
         // app route
         val packageName = packageName
-        var proxyApps = DataStore.proxyApps
+        val proxyApps = DataStore.proxyApps
         var bypass = DataStore.bypass
-        var workaroundSYSTEM = false /* DataStore.tunImplementation == TunImplementation.SYSTEM */
-        var needBypassRootUid = workaroundSYSTEM || data.proxy!!.config.trafficMap.values.any {
-            it[0].nekoBean?.needBypassRootUid() == true || it[0].hysteriaBean?.protocol == HysteriaBean.PROTOCOL_FAKETCP
+        val workaroundSYSTEM = false /* DataStore.tunImplementation == TunImplementation.SYSTEM */
+        val needBypassRootUid = workaroundSYSTEM || data.proxy!!.config.trafficMap.values.any {
+            it[0].hysteriaBean?.protocol == HysteriaBean.PROTOCOL_FAKETCP
         }
 
         if (proxyApps || needBypassRootUid) {
@@ -200,9 +196,6 @@ class VpnService : BaseVpnService(),
         if (Build.VERSION.SDK_INT >= 29) builder.setMetered(metered)
         conn = builder.establish() ?: throw NullConnectionException()
 
-        // post setup
-        Libcore.setLocalResolver(LocalResolverImpl)
-
         return conn!!.fd
     }
 
@@ -218,7 +211,6 @@ class VpnService : BaseVpnService(),
     override fun onRevoke() = stopRunner()
 
     override fun onDestroy() {
-        Libcore.setLocalResolver(null)
         DataStore.vpnService = null
         super.onDestroy()
         data.binder.close()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/BoxInstance.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/BoxInstance.kt
index 190a99e4f..9f16723de 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/BoxInstance.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/BoxInstance.kt
@@ -1,6 +1,5 @@
 package io.nekohasekai.sagernet.bg.proto
 
-import android.os.Build
 import android.os.SystemClock
 import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.bg.AbstractInstance
@@ -10,23 +9,19 @@ import io.nekohasekai.sagernet.database.ProxyEntity
 import io.nekohasekai.sagernet.fmt.ConfigBuildResult
 import io.nekohasekai.sagernet.fmt.buildConfig
 import io.nekohasekai.sagernet.fmt.hysteria.HysteriaBean
-import io.nekohasekai.sagernet.fmt.hysteria.buildHysteriaConfig
+import io.nekohasekai.sagernet.fmt.hysteria.buildHysteria1Config
+import io.nekohasekai.sagernet.fmt.mieru.MieruBean
+import io.nekohasekai.sagernet.fmt.mieru.buildMieruConfig
 import io.nekohasekai.sagernet.fmt.naive.NaiveBean
 import io.nekohasekai.sagernet.fmt.naive.buildNaiveConfig
 import io.nekohasekai.sagernet.fmt.trojan_go.TrojanGoBean
 import io.nekohasekai.sagernet.fmt.trojan_go.buildTrojanGoConfig
-import io.nekohasekai.sagernet.fmt.tuic.TuicBean
-import io.nekohasekai.sagernet.fmt.tuic.buildTuicConfig
 import io.nekohasekai.sagernet.ktx.*
 import io.nekohasekai.sagernet.plugin.PluginManager
 import kotlinx.coroutines.*
 import libcore.BoxInstance
 import libcore.Libcore
-import moe.matsuri.nb4a.plugin.NekoPluginManager
-import moe.matsuri.nb4a.proxy.neko.NekoBean
-import moe.matsuri.nb4a.proxy.neko.NekoJSInterface
-import moe.matsuri.nb4a.proxy.neko.updateAllConfig
-import org.json.JSONObject
+import moe.matsuri.nb4a.net.LocalResolverImpl
 import java.io.File
 
 abstract class BoxInstance(
@@ -54,8 +49,7 @@ abstract class BoxInstance(
     }
 
     protected open suspend fun loadConfig() {
-        NekoJSInterface.Default.destroyAllJsi()
-        box = Libcore.newSingBoxInstance(config.config)
+        box = Libcore.newSingBoxInstance(config.config, LocalResolverImpl)
     }
 
     open suspend fun init() {
@@ -67,13 +61,20 @@ abstract class BoxInstance(
                         initPlugin("trojan-go-plugin")
                         pluginConfigs[port] = profile.type to bean.buildTrojanGoConfig(port)
                     }
+
+                    is MieruBean -> {
+                        initPlugin("mieru-plugin")
+                        pluginConfigs[port] = profile.type to bean.buildMieruConfig(port)
+                    }
+
                     is NaiveBean -> {
                         initPlugin("naive-plugin")
                         pluginConfigs[port] = profile.type to bean.buildNaiveConfig(port)
                     }
+
                     is HysteriaBean -> {
                         initPlugin("hysteria-plugin")
-                        pluginConfigs[port] = profile.type to bean.buildHysteriaConfig(port) {
+                        pluginConfigs[port] = profile.type to bean.buildHysteria1Config(port) {
                             File(
                                 app.cacheDir, "hysteria_" + SystemClock.elapsedRealtime() + ".ca"
                             ).apply {
@@ -82,28 +83,6 @@ abstract class BoxInstance(
                             }
                         }
                     }
-                    is TuicBean -> {
-                        initPlugin("tuic-plugin")
-                        pluginConfigs[port] = profile.type to bean.buildTuicConfig(port) {
-                            File(
-                                app.noBackupFilesDir,
-                                "tuic_" + SystemClock.elapsedRealtime() + ".ca"
-                            ).apply {
-                                parentFile?.mkdirs()
-                                cacheFiles.add(this)
-                            }
-                        }
-                    }
-                    is NekoBean -> {
-                        // check if plugin binary can be loaded
-                        initPlugin(bean.plgId)
-
-                        // build config and check if succeed
-                        bean.updateAllConfig(port)
-                        if (bean.allConfig == null) {
-                            throw NekoPluginManager.PluginInternalException(bean.protocolId)
-                        }
-                    }
                 }
             }
         }
@@ -112,10 +91,8 @@ abstract class BoxInstance(
 
     override fun launch() {
         // TODO move, this is not box
-        val context =
-            if (Build.VERSION.SDK_INT < 24 || SagerNet.user.isUserUnlocked) SagerNet.application else SagerNet.deviceStorage
-        val cache = File(context.cacheDir, "tmpcfg")
-        cache.mkdirs()
+        val cacheDir = File(SagerNet.application.cacheDir, "tmpcfg")
+        cacheDir.mkdirs()
 
         for ((chain) in config.externalIndex) {
             chain.entries.forEachIndexed { index, (port, profile) ->
@@ -127,9 +104,10 @@ abstract class BoxInstance(
                     externalInstances.containsKey(port) -> {
                         externalInstances[port]!!.launch()
                     }
+
                     bean is TrojanGoBean -> {
                         val configFile = File(
-                            cache, "trojan_go_" + SystemClock.elapsedRealtime() + ".json"
+                            cacheDir, "trojan_go_" + SystemClock.elapsedRealtime() + ".json"
                         )
                         configFile.parentFile?.mkdirs()
                         configFile.writeText(config)
@@ -141,9 +119,30 @@ abstract class BoxInstance(
 
                         processes.start(commands)
                     }
+
+                    bean is MieruBean -> {
+                        val configFile = File(
+                            cacheDir, "mieru_" + SystemClock.elapsedRealtime() + ".json"
+                        )
+
+                        configFile.parentFile?.mkdirs()
+                        configFile.writeText(config)
+                        cacheFiles.add(configFile)
+
+                        val envMap = mutableMapOf<String, String>()
+                        envMap["MIERU_CONFIG_JSON_FILE"] = configFile.absolutePath
+                        envMap["MIERU_PROTECT_PATH"] = "protect_path"
+
+                        val commands = mutableListOf(
+                            initPlugin("mieru-plugin").path, "run",
+                        )
+
+                        processes.start(commands, envMap)
+                    }
+
                     bean is NaiveBean -> {
                         val configFile = File(
-                            cache, "naive_" + SystemClock.elapsedRealtime() + ".json"
+                            cacheDir, "naive_" + SystemClock.elapsedRealtime() + ".json"
                         )
 
                         configFile.parentFile?.mkdirs()
@@ -154,7 +153,7 @@ abstract class BoxInstance(
 
                         if (bean.certificates.isNotBlank()) {
                             val certFile = File(
-                                cache, "naive_" + SystemClock.elapsedRealtime() + ".crt"
+                                cacheDir, "naive_" + SystemClock.elapsedRealtime() + ".crt"
                             )
 
                             certFile.parentFile?.mkdirs()
@@ -170,9 +169,10 @@ abstract class BoxInstance(
 
                         processes.start(commands, envMap)
                     }
+
                     bean is HysteriaBean -> {
                         val configFile = File(
-                            cache, "hysteria_" + SystemClock.elapsedRealtime() + ".json"
+                            cacheDir, "hysteria_" + SystemClock.elapsedRealtime() + ".json"
                         )
 
                         configFile.parentFile?.mkdirs()
@@ -193,61 +193,6 @@ abstract class BoxInstance(
                             commands.addAll(0, listOf("su", "-c"))
                         }
 
-                        processes.start(commands)
-                    }
-                    bean is NekoBean -> {
-                        // config built from JS
-                        val nekoRunConfigs = bean.allConfig.optJSONArray("nekoRunConfigs")
-                        val configs = mutableMapOf<String, String>()
-
-                        nekoRunConfigs?.forEach { _, any ->
-                            any as JSONObject
-
-                            val name = any.getString("name")
-                            val configFile = File(cache, name)
-                            configFile.parentFile?.mkdirs()
-                            val content = any.getString("content")
-                            configFile.writeText(content)
-
-                            cacheFiles.add(configFile)
-                            configs[name] = configFile.absolutePath
-
-                            Logs.d(name + "\n\n" + content)
-                        }
-
-                        val nekoCommands = bean.allConfig.getJSONArray("nekoCommands")
-                        val commands = mutableListOf<String>()
-
-                        nekoCommands.forEach { _, any ->
-                            if (any is String) {
-                                if (configs.containsKey(any)) {
-                                    commands.add(configs[any]!!)
-                                } else if (any == "%exe%") {
-                                    commands.add(initPlugin(bean.plgId).path)
-                                } else {
-                                    commands.add(any)
-                                }
-                            }
-                        }
-
-                        processes.start(commands)
-                    }
-                    bean is TuicBean -> {
-                        val configFile = File(
-                            context.noBackupFilesDir,
-                            "tuic_" + SystemClock.elapsedRealtime() + ".json"
-                        )
-
-                        configFile.parentFile?.mkdirs()
-                        configFile.writeText(config)
-                        cacheFiles.add(configFile)
-
-                        val commands = mutableListOf(
-                            initPlugin("tuic-plugin").path,
-                            "-c",
-                            configFile.absolutePath,
-                        )
-
                         processes.start(commands)
                     }
                 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/ProxyInstance.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/ProxyInstance.kt
index 81178fdbc..9758a5c40 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/ProxyInstance.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/ProxyInstance.kt
@@ -2,6 +2,7 @@ package io.nekohasekai.sagernet.bg.proto
 
 import io.nekohasekai.sagernet.BuildConfig
 import io.nekohasekai.sagernet.bg.BaseService
+import io.nekohasekai.sagernet.bg.ServiceNotification
 import io.nekohasekai.sagernet.database.ProxyEntity
 import io.nekohasekai.sagernet.ktx.Logs
 import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
@@ -11,9 +12,11 @@ import moe.matsuri.nb4a.utils.JavaUtil
 class ProxyInstance(profile: ProxyEntity, var service: BaseService.Interface? = null) :
     BoxInstance(profile) {
 
-    var lastSelectorGroupId = -1L
     var notTmp = true
 
+    var lastSelectorGroupId = -1L
+    var displayProfileName = ServiceNotification.genTitle(profile)
+
     // for TrafficLooper
     var looper: TrafficLooper? = null
 
@@ -39,9 +42,13 @@ class ProxyInstance(profile: ProxyEntity, var service: BaseService.Interface? =
         }
     }
 
+    override suspend fun loadConfig() {
+        super.loadConfig()
+    }
+
     override fun launch() {
         box.setAsMain()
-        super.launch()
+        super.launch() // start box
         runOnDefaultDispatcher {
             looper = service?.let { TrafficLooper(it.data, this) }
             looper?.start()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TestInstance.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TestInstance.kt
index e4b85df0f..bc6907137 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TestInstance.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TestInstance.kt
@@ -8,10 +8,12 @@ import io.nekohasekai.sagernet.ktx.Logs
 import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import io.nekohasekai.sagernet.ktx.tryResume
 import io.nekohasekai.sagernet.ktx.tryResumeWithException
+import kotlinx.coroutines.delay
 import libcore.Libcore
+import moe.matsuri.nb4a.net.LocalResolverImpl
 import kotlin.coroutines.suspendCoroutine
 
-class TestInstance(profile: ProxyEntity, val link: String, val timeout: Int) :
+class TestInstance(profile: ProxyEntity, val link: String, private val timeout: Int) :
     BoxInstance(profile) {
 
     suspend fun doTest(): Int {
@@ -25,6 +27,10 @@ class TestInstance(profile: ProxyEntity, val link: String, val timeout: Int) :
                     try {
                         init()
                         launch()
+                        if (processes.processCount > 0) {
+                            // wait for plugin start
+                            delay(500)
+                        }
                         c.tryResume(Libcore.urlTest(box, link, timeout))
                     } catch (e: Exception) {
                         c.tryResumeWithException(e)
@@ -41,8 +47,7 @@ class TestInstance(profile: ProxyEntity, val link: String, val timeout: Int) :
     override suspend fun loadConfig() {
         // don't call destroyAllJsi here
         if (BuildConfig.DEBUG) Logs.d(config.config)
-        box = Libcore.newSingBoxInstance(config.config)
-        box.forTest = true
+        box = Libcore.newSingBoxInstance(config.config, LocalResolverImpl)
     }
 
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficLooper.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficLooper.kt
index 98bfbdda4..2d4bf7323 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficLooper.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficLooper.kt
@@ -9,6 +9,7 @@ import io.nekohasekai.sagernet.database.ProfileManager
 import io.nekohasekai.sagernet.fmt.TAG_BYPASS
 import io.nekohasekai.sagernet.fmt.TAG_PROXY
 import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import kotlinx.coroutines.*
 
 class TrafficLooper
@@ -17,7 +18,8 @@ class TrafficLooper
 ) {
 
     private var job: Job? = null
-    private val items = mutableMapOf<Long, TrafficUpdater.TrafficLooperData>() // associate ent id
+    private val idMap = mutableMapOf<Long, TrafficUpdater.TrafficLooperData>() // id to 1 data
+    private val tagMap = mutableMapOf<String, TrafficUpdater.TrafficLooperData>() // tag to 1 data
 
     suspend fun stop() {
         job?.cancel()
@@ -26,7 +28,7 @@ class TrafficLooper
         val traffic = mutableMapOf<Long, TrafficData>()
         data.proxy?.config?.trafficMap?.forEach { (_, ents) ->
             for (ent in ents) {
-                val item = items[ent.id] ?: return@forEach
+                val item = idMap[ent.id] ?: return@forEach
                 ent.rx = item.rx
                 ent.tx = item.tx
                 ProfileManager.updateProfile(ent) // update DB
@@ -54,15 +56,25 @@ class TrafficLooper
 
     fun selectMain(id: Long) {
         Logs.d("select traffic count $TAG_PROXY to $id, old id is $selectorNowId")
-        val oldData = items[selectorNowId]
-        val data = items[id] ?: return
+        val oldData = idMap[selectorNowId]
+        val newData = idMap[id] ?: return
         oldData?.apply {
             tag = selectorNowFakeTag
             ignore = true
+            // post traffic when switch
+            if (DataStore.profileTrafficStatistics) {
+                data.proxy?.config?.trafficMap?.get(tag)?.firstOrNull()?.let {
+                    it.rx = rx
+                    it.tx = tx
+                    runOnDefaultDispatcher {
+                        ProfileManager.updateProfile(it) // update DB
+                    }
+                }
+            }
         }
-        selectorNowFakeTag = data.tag
+        selectorNowFakeTag = newData.tag
         selectorNowId = id
-        data.apply {
+        newData.apply {
             tag = TAG_PROXY
             ignore = false
         }
@@ -78,19 +90,19 @@ class TrafficLooper
         var proxy: ProxyInstance?
 
         // for display
-        var itemMain: TrafficUpdater.TrafficLooperData? = null
-        var itemMainBase: TrafficUpdater.TrafficLooperData? = null
-        var itemBypass: TrafficUpdater.TrafficLooperData? = null
+        val itemBypass = TrafficUpdater.TrafficLooperData(tag = TAG_BYPASS)
 
         while (sc.isActive) {
-            delay(delayMs)
-            proxy = data.proxy ?: continue
+            proxy = data.proxy
+            if (proxy == null) {
+                delay(delayMs)
+                continue
+            }
 
             if (trafficUpdater == null) {
                 if (!proxy.isInitialized()) continue
-                items.clear()
-                itemBypass = TrafficUpdater.TrafficLooperData(tag = "bypass")
-                items[-1] = itemBypass
+                idMap.clear()
+                idMap[-1] = itemBypass
                 //
                 val tags = hashSetOf(TAG_PROXY, TAG_BYPASS)
                 proxy.config.trafficMap.forEach { (tag, ents) ->
@@ -100,30 +112,21 @@ class TrafficLooper
                             tag = tag,
                             rx = ent.rx,
                             tx = ent.tx,
+                            rxBase = ent.rx,
+                            txBase = ent.tx,
                             ignore = proxy.config.selectorGroupId >= 0L,
                         )
-                        if (tag == TAG_PROXY && itemMain == null) {
-                            itemMain = item
-                            itemMainBase = TrafficUpdater.TrafficLooperData(
-                                tag = tag,
-                                rx = ent.rx,
-                                tx = ent.tx,
-                            )
-                            Logs.d("traffic count $tag to main to ${ent.id}")
-                        }
-                        items[ent.id] = item
+                        idMap[ent.id] = item
+                        tagMap[tag] = item
                         Logs.d("traffic count $tag to ${ent.id}")
                     }
                 }
                 if (proxy.config.selectorGroupId >= 0L) {
-                    itemMain = TrafficUpdater.TrafficLooperData(tag = TAG_PROXY)
-                    itemMainBase = TrafficUpdater.TrafficLooperData(tag = TAG_PROXY)
-                    items[-2] = itemMain!!
                     selectMain(proxy.config.mainEntId)
                 }
                 //
                 trafficUpdater = TrafficUpdater(
-                    box = proxy.box, items = items.values.toList()
+                    box = proxy.box, items = idMap.values.toList()
                 )
                 proxy.box.setV2rayStats(tags.joinToString("\n"))
             }
@@ -131,14 +134,28 @@ class TrafficLooper
             trafficUpdater.updateAll()
             if (!sc.isActive) return
 
+            // add all non-bypass to "main"
+            var mainTxRate = 0L
+            var mainRxRate = 0L
+            var mainTx = 0L
+            var mainRx = 0L
+            tagMap.forEach { (_, it) ->
+                if (!it.ignore) {
+                    mainTxRate += it.txRate
+                    mainRxRate += it.rxRate
+                }
+                mainTx += it.tx - it.txBase
+                mainRx += it.rx - it.rxBase
+            }
+
             // speed
             val speed = SpeedDisplayData(
-                itemMain!!.txRate,
-                itemMain!!.rxRate,
-                if (showDirectSpeed) itemBypass!!.txRate else 0L,
-                if (showDirectSpeed) itemBypass!!.rxRate else 0L,
-                itemMain!!.tx - itemMainBase!!.tx,
-                itemMain!!.rx - itemMainBase!!.rx
+                mainTxRate,
+                mainRxRate,
+                if (showDirectSpeed) itemBypass.txRate else 0L,
+                if (showDirectSpeed) itemBypass.rxRate else 0L,
+                mainTx,
+                mainRx
             )
 
             // broadcast (MainActivity)
@@ -149,7 +166,7 @@ class TrafficLooper
                     if (data.binder.callbackIdMap[b] == SagerConnection.CONNECTION_ID_MAIN_ACTIVITY_FOREGROUND) {
                         b.cbSpeedUpdate(speed)
                         if (profileTrafficStatistics) {
-                            items.forEach { (id, item) ->
+                            idMap.forEach { (id, item) ->
                                 b.cbTrafficUpdate(
                                     TrafficData(id = id, rx = item.rx, tx = item.tx) // display
                                 )
@@ -163,6 +180,8 @@ class TrafficLooper
             data.notification?.apply {
                 if (listenPostSpeed) postNotificationSpeedUpdate(speed)
             }
+
+            delay(delayMs)
         }
     }
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficUpdater.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficUpdater.kt
index 3081e2b0c..c13869c5c 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficUpdater.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/TrafficUpdater.kt
@@ -10,6 +10,8 @@ class TrafficUpdater(
         var tag: String,
         var tx: Long = 0,
         var rx: Long = 0,
+        var txBase: Long = 0,
+        var rxBase: Long = 0,
         var txRate: Long = 0,
         var rxRate: Long = 0,
         var lastUpdate: Long = 0,
diff --git a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/UrlTest.kt b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/UrlTest.kt
index 3cec7cff4..73b654630 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/bg/proto/UrlTest.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/bg/proto/UrlTest.kt
@@ -6,7 +6,7 @@ import io.nekohasekai.sagernet.database.ProxyEntity
 class UrlTest {
 
     val link = DataStore.connectionTestURL
-    val timeout = 3000
+    private val timeout = 5000
 
     suspend fun doTest(profile: ProxyEntity): Int {
         return TestInstance(profile, link, timeout).doTest()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt b/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt
index c413ee686..06bb50133 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt
@@ -2,18 +2,28 @@ package io.nekohasekai.sagernet.database
 
 import android.os.Binder
 import androidx.preference.PreferenceDataStore
-import io.nekohasekai.sagernet.*
+import io.nekohasekai.sagernet.CONNECTION_TEST_URL
+import io.nekohasekai.sagernet.GroupType
+import io.nekohasekai.sagernet.IPv6Mode
+import io.nekohasekai.sagernet.Key
+import io.nekohasekai.sagernet.TunImplementation
 import io.nekohasekai.sagernet.bg.BaseService
 import io.nekohasekai.sagernet.bg.VpnService
 import io.nekohasekai.sagernet.database.preference.OnPreferenceDataStoreChangeListener
 import io.nekohasekai.sagernet.database.preference.PublicDatabase
 import io.nekohasekai.sagernet.database.preference.RoomPreferenceDataStore
-import io.nekohasekai.sagernet.ktx.*
+import io.nekohasekai.sagernet.ktx.boolean
+import io.nekohasekai.sagernet.ktx.int
+import io.nekohasekai.sagernet.ktx.long
+import io.nekohasekai.sagernet.ktx.parsePort
+import io.nekohasekai.sagernet.ktx.string
+import io.nekohasekai.sagernet.ktx.stringToInt
+import io.nekohasekai.sagernet.ktx.stringToIntIfExists
 import moe.matsuri.nb4a.TempDatabase
 
 object DataStore : OnPreferenceDataStoreChangeListener {
 
-    // share service state in main process
+    // share service state in main & bg process
     @Volatile
     var serviceState = BaseService.State.Idle
 
@@ -30,6 +40,10 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var vpnService: VpnService? = null
     var baseService: BaseService.Interface? = null
 
+    // main
+
+    var runningTest = false
+
     fun currentGroupId(): Long {
         val currentSelected = configurationStore.getLong(Key.PROFILE_GROUP, -1)
         if (currentSelected > 0L) return currentSelected
@@ -70,11 +84,14 @@ object DataStore : OnPreferenceDataStoreChangeListener {
         return groups.find { it.type == GroupType.BASIC }!!.id
     }
 
-    var nekoPlugins by configurationStore.string(Key.NEKO_PLUGIN_MANAGED)
     var appTLSVersion by configurationStore.string(Key.APP_TLS_VERSION)
     var enableClashAPI by configurationStore.boolean(Key.ENABLE_CLASH_API)
     var showBottomBar by configurationStore.boolean(Key.SHOW_BOTTOM_BAR)
 
+    var allowInsecureOnRequest by configurationStore.boolean(Key.ALLOW_INSECURE_ON_REQUEST)
+    var networkChangeResetConnections by configurationStore.boolean(Key.NETWORK_CHANGE_RESET_CONNECTIONS) { true }
+    var wakeResetConnections by configurationStore.boolean(Key.WAKE_RESET_CONNECTIONS)
+
     //
 
     var isExpert by configurationStore.boolean(Key.APP_EXPERT)
@@ -82,11 +99,9 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var nightTheme by configurationStore.stringToInt(Key.NIGHT_THEME)
     var serviceMode by configurationStore.string(Key.SERVICE_MODE) { Key.MODE_VPN }
 
-    //    var domainStrategy by configurationStore.string(Key.DOMAIN_STRATEGY) { "AsIs" }
-    var trafficSniffing by configurationStore.boolean(Key.TRAFFIC_SNIFFING) { true }
+    var trafficSniffing by configurationStore.stringToInt(Key.TRAFFIC_SNIFFING) { 1 }
     var resolveDestination by configurationStore.boolean(Key.RESOLVE_DESTINATION)
 
-    //    var tcpKeepAliveInterval by configurationStore.stringToInt(Key.TCP_KEEP_ALIVE_INTERVAL) { 15 }
     var mtu by configurationStore.stringToInt(Key.MTU) { 9000 }
 
     var bypassLan by configurationStore.boolean(Key.BYPASS_LAN)
@@ -96,12 +111,12 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var speedInterval by configurationStore.stringToInt(Key.SPEED_INTERVAL)
     var showGroupInNotification by configurationStore.boolean("showGroupInNotification")
 
-    var remoteDns by configurationStore.string(Key.REMOTE_DNS) { "https://8.8.8.8/dns-query" }
+    var globalCustomConfig by configurationStore.string(Key.GLOBAL_CUSTOM_CONFIG) { "" }
+
+    var remoteDns by configurationStore.string(Key.REMOTE_DNS) { "https://dns.google/dns-query" }
     var directDns by configurationStore.string(Key.DIRECT_DNS) { "https://223.5.5.5/dns-query" }
-    var directDnsUseSystem by configurationStore.boolean(Key.DIRECT_DNS_USE_SYSTEM)
     var enableDnsRouting by configurationStore.boolean(Key.ENABLE_DNS_ROUTING) { true }
-    var enableFakeDns by configurationStore.boolean(Key.ENABLE_FAKEDNS)
-    var dnsNetwork by configurationStore.stringSet(Key.DNS_NETWORK)
+    var enableFakeDns by configurationStore.boolean(Key.ENABLE_FAKEDNS) { true }
 
     var rulesProvider by configurationStore.stringToInt(Key.RULES_PROVIDER)
     var logLevel by configurationStore.stringToInt(Key.LOG_LEVEL)
@@ -113,25 +128,11 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var mixedPort: Int
         get() = getLocalPort(Key.MIXED_PORT, 2080)
         set(value) = saveLocalPort(Key.MIXED_PORT, value)
-    var localDNSPort: Int
-        get() = getLocalPort(Key.LOCAL_DNS_PORT, 6450)
-        set(value) {
-            saveLocalPort(Key.LOCAL_DNS_PORT, value)
-        }
-    var transproxyPort: Int
-        get() = getLocalPort(Key.TRANSPROXY_PORT, 9200)
-        set(value) = saveLocalPort(Key.TRANSPROXY_PORT, value)
 
     fun initGlobal() {
         if (configurationStore.getString(Key.MIXED_PORT) == null) {
             mixedPort = mixedPort
         }
-        if (configurationStore.getString(Key.LOCAL_DNS_PORT) == null) {
-            localDNSPort = localDNSPort
-        }
-        if (configurationStore.getString(Key.TRANSPROXY_PORT) == null) {
-            transproxyPort = transproxyPort
-        }
     }
 
 
@@ -151,22 +152,21 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var individual by configurationStore.string(Key.INDIVIDUAL)
     var showDirectSpeed by configurationStore.boolean(Key.SHOW_DIRECT_SPEED) { true }
 
+    val persistAcrossReboot by configurationStore.boolean(Key.PERSIST_ACROSS_REBOOT) { false }
+
     var appendHttpProxy by configurationStore.boolean(Key.APPEND_HTTP_PROXY)
-    var requireTransproxy by configurationStore.boolean(Key.REQUIRE_TRANSPROXY)
-    var transproxyMode by configurationStore.stringToInt(Key.TRANSPROXY_MODE)
     var connectionTestURL by configurationStore.string(Key.CONNECTION_TEST_URL) { CONNECTION_TEST_URL }
     var connectionTestConcurrent by configurationStore.int("connectionTestConcurrent") { 5 }
     var alwaysShowAddress by configurationStore.boolean(Key.ALWAYS_SHOW_ADDRESS)
 
-    var tunImplementation by configurationStore.stringToInt(Key.TUN_IMPLEMENTATION) { TunImplementation.SYSTEM }
+    var tunImplementation by configurationStore.stringToInt(Key.TUN_IMPLEMENTATION) { TunImplementation.GVISOR }
     var profileTrafficStatistics by configurationStore.boolean(Key.PROFILE_TRAFFIC_STATISTICS) { true }
 
     var yacdURL by configurationStore.string("yacdURL") { "http://127.0.0.1:9090/ui" }
 
     // protocol
 
-    var muxProtocols by configurationStore.stringSet(Key.MUX_PROTOCOLS)
-    var muxConcurrency by configurationStore.stringToInt(Key.MUX_CONCURRENCY) { 8 }
+    var globalAllowInsecure by configurationStore.boolean(Key.GLOBAL_ALLOW_INSECURE) { false }
 
     // old cache, DO NOT ADD
 
@@ -176,6 +176,7 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var profileName by profileCacheStore.string(Key.PROFILE_NAME)
     var serverAddress by profileCacheStore.string(Key.SERVER_ADDRESS)
     var serverPort by profileCacheStore.stringToInt(Key.SERVER_PORT)
+    var serverPorts by profileCacheStore.string("serverPorts")
     var serverUsername by profileCacheStore.string(Key.SERVER_USERNAME)
     var serverPassword by profileCacheStore.string(Key.SERVER_PASSWORD)
     var serverPassword1 by profileCacheStore.string(Key.SERVER_PASSWORD1)
@@ -193,6 +194,7 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var serverEncryption by profileCacheStore.string(Key.SERVER_ENCRYPTION)
     var serverALPN by profileCacheStore.string(Key.SERVER_ALPN)
     var serverCertificates by profileCacheStore.string(Key.SERVER_CERTIFICATES)
+    var serverMTU by profileCacheStore.stringToInt(Key.SERVER_MTU)
     var serverHeaders by profileCacheStore.string(Key.SERVER_HEADERS)
     var serverAllowInsecure by profileCacheStore.boolean(Key.SERVER_ALLOW_INSECURE)
 
@@ -201,11 +203,12 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var serverDownloadSpeed by profileCacheStore.stringToInt(Key.SERVER_DOWNLOAD_SPEED)
     var serverStreamReceiveWindow by profileCacheStore.stringToIntIfExists(Key.SERVER_STREAM_RECEIVE_WINDOW)
     var serverConnectionReceiveWindow by profileCacheStore.stringToIntIfExists(Key.SERVER_CONNECTION_RECEIVE_WINDOW)
-    var serverMTU by profileCacheStore.stringToInt(Key.SERVER_MTU) { 1420 }
     var serverDisableMtuDiscovery by profileCacheStore.boolean(Key.SERVER_DISABLE_MTU_DISCOVERY)
     var serverHopInterval by profileCacheStore.stringToInt(Key.SERVER_HOP_INTERVAL) { 10 }
 
-    var serverProtocolVersion by profileCacheStore.stringToInt(Key.SERVER_PROTOCOL)
+    var protocolVersion by profileCacheStore.stringToInt(Key.PROTOCOL_VERSION) { 2 } // default is SOCKS5
+
+    var serverProtocolInt by profileCacheStore.stringToInt(Key.SERVER_PROTOCOL)
     var serverPrivateKey by profileCacheStore.string(Key.SERVER_PRIVATE_KEY)
     var serverInsecureConcurrency by profileCacheStore.stringToInt(Key.SERVER_INSECURE_CONCURRENCY)
 
@@ -213,7 +216,6 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var serverCongestionController by profileCacheStore.string(Key.SERVER_CONGESTION_CONTROLLER)
     var serverDisableSNI by profileCacheStore.boolean(Key.SERVER_DISABLE_SNI)
     var serverReduceRTT by profileCacheStore.boolean(Key.SERVER_REDUCE_RTT)
-    var serverFastConnect by profileCacheStore.boolean(Key.SERVER_FAST_CONNECT)
 
     var routeName by profileCacheStore.string(Key.ROUTE_NAME)
     var routeDomain by profileCacheStore.string(Key.ROUTE_DOMAIN)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/ProfileManager.kt b/app/src/main/java/io/nekohasekai/sagernet/database/ProfileManager.kt
index 1bcad16d3..ba21dde44 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/ProfileManager.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/ProfileManager.kt
@@ -17,7 +17,7 @@ object ProfileManager {
     interface Listener {
         suspend fun onAdd(profile: ProxyEntity)
         suspend fun onUpdated(data: TrafficData)
-        suspend fun onUpdated(profile: ProxyEntity)
+        suspend fun onUpdated(profile: ProxyEntity, noTraffic: Boolean)
         suspend fun onRemoved(groupId: Long, profileId: Long)
     }
 
@@ -87,13 +87,13 @@ object ProfileManager {
 
     suspend fun updateProfile(profile: ProxyEntity) {
         SagerDatabase.proxyDao.updateProxy(profile)
-        iterator { onUpdated(profile) }
+        iterator { onUpdated(profile, false) }
     }
 
     suspend fun updateProfile(profiles: List<ProxyEntity>) {
         SagerDatabase.proxyDao.updateProxy(profiles)
         profiles.forEach {
-            iterator { onUpdated(it) }
+            iterator { onUpdated(it, false) }
         }
     }
 
@@ -141,12 +141,12 @@ object ProfileManager {
 
     // postUpdate: post to listeners, don't change the DB
 
-    suspend fun postUpdate(profileId: Long) {
-        postUpdate(getProfile(profileId) ?: return)
+    suspend fun postUpdate(profileId: Long, noTraffic: Boolean = false) {
+        postUpdate(getProfile(profileId) ?: return, noTraffic)
     }
 
-    suspend fun postUpdate(profile: ProxyEntity) {
-        iterator { onUpdated(profile) }
+    suspend fun postUpdate(profile: ProxyEntity, noTraffic: Boolean = false) {
+        iterator { onUpdated(profile, noTraffic) }
     }
 
     suspend fun postUpdate(data: TrafficData) {
@@ -200,55 +200,37 @@ object ProfileManager {
                     outbound = -2
                 )
             )
-            createRule(
-                RuleEntity(
-                    name = app.getString(R.string.route_opt_block_analysis),
-                    domains = app.assets.open("analysis.txt").use {
-                        it.bufferedReader()
-                            .readLines()
-                            .filter { it.isNotBlank() }
-                            .joinToString("\n")
-                    },
-                    outbound = -2,
-                )
-            )
-            var country = Locale.getDefault().country.lowercase()
-            var displayCountry = Locale.getDefault().displayCountry
-            if (country in arrayOf(
-                    "ir"
-                )
-            ) {
-                createRule(
+            val fuckedCountry = mutableListOf("cn:中国")
+            if (Locale.getDefault().country != Locale.CHINA.country) {
+                // 非中文用户
+                fuckedCountry += "ir:Iran"
+                fuckedCountry += "ru:Russia"
+            }
+            for (c in fuckedCountry) {
+                val country = c.substringBefore(":")
+                val displayCountry = c.substringAfter(":")
+                //
+                if (country == "cn") createRule(
                     RuleEntity(
-                        name = app.getString(R.string.route_bypass_domain, displayCountry),
-                        domains = "domain:$country",
-                        outbound = -1
+                        name = app.getString(R.string.route_play_store, displayCountry),
+                        domains = "googleapis.cn",
                     ), false
                 )
-            } else {
-                country = Locale.CHINA.country.lowercase()
-                displayCountry = Locale.CHINA.displayCountry
                 createRule(
                     RuleEntity(
-                        name = app.getString(R.string.route_play_store, displayCountry),
-                        domains = "domain:googleapis.cn",
+                        name = app.getString(R.string.route_bypass_domain, displayCountry),
+                        domains = "geosite:$country",
+                        outbound = -1
                     ), false
                 )
                 createRule(
                     RuleEntity(
-                        name = app.getString(R.string.route_bypass_domain, displayCountry),
-                        domains = "geosite:$country",
+                        name = app.getString(R.string.route_bypass_ip, displayCountry),
+                        ip = "geoip:$country",
                         outbound = -1
                     ), false
                 )
             }
-            createRule(
-                RuleEntity(
-                    name = app.getString(R.string.route_bypass_ip, displayCountry),
-                    ip = "geoip:$country",
-                    outbound = -1
-                ), false
-            )
             rules = SagerDatabase.rulesDao.allRules()
         }
         return rules
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/ProxyEntity.kt b/app/src/main/java/io/nekohasekai/sagernet/database/ProxyEntity.kt
index 551bf0e6d..b975695cb 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/ProxyEntity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/ProxyEntity.kt
@@ -11,6 +11,8 @@ import io.nekohasekai.sagernet.fmt.http.HttpBean
 import io.nekohasekai.sagernet.fmt.http.toUri
 import io.nekohasekai.sagernet.fmt.hysteria.*
 import io.nekohasekai.sagernet.fmt.internal.ChainBean
+import io.nekohasekai.sagernet.fmt.mieru.MieruBean
+import io.nekohasekai.sagernet.fmt.mieru.buildMieruConfig
 import io.nekohasekai.sagernet.fmt.naive.NaiveBean
 import io.nekohasekai.sagernet.fmt.naive.buildNaiveConfig
 import io.nekohasekai.sagernet.fmt.naive.toUri
@@ -24,13 +26,15 @@ import io.nekohasekai.sagernet.fmt.trojan_go.TrojanGoBean
 import io.nekohasekai.sagernet.fmt.trojan_go.buildTrojanGoConfig
 import io.nekohasekai.sagernet.fmt.trojan_go.toUri
 import io.nekohasekai.sagernet.fmt.tuic.TuicBean
-import io.nekohasekai.sagernet.fmt.tuic.buildTuicConfig
+import io.nekohasekai.sagernet.fmt.tuic.toUri
 import io.nekohasekai.sagernet.fmt.v2ray.*
 import io.nekohasekai.sagernet.fmt.wireguard.WireGuardBean
 import io.nekohasekai.sagernet.ktx.app
-import io.nekohasekai.sagernet.ktx.applyDefaultValues
 import io.nekohasekai.sagernet.ui.profile.*
-import moe.matsuri.nb4a.Protocols
+import moe.matsuri.nb4a.SingBoxOptions.MultiplexOptions
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSBean
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSSettingsActivity
+import moe.matsuri.nb4a.proxy.anytls.toUri
 import moe.matsuri.nb4a.proxy.config.ConfigBean
 import moe.matsuri.nb4a.proxy.config.ConfigSettingActivity
 import moe.matsuri.nb4a.proxy.neko.*
@@ -56,12 +60,14 @@ data class ProxyEntity(
     var vmessBean: VMessBean? = null,
     var trojanBean: TrojanBean? = null,
     var trojanGoBean: TrojanGoBean? = null,
+    var mieruBean: MieruBean? = null,
     var naiveBean: NaiveBean? = null,
     var hysteriaBean: HysteriaBean? = null,
     var tuicBean: TuicBean? = null,
     var sshBean: SSHBean? = null,
     var wgBean: WireGuardBean? = null,
     var shadowTLSBean: ShadowTLSBean? = null,
+    var anyTLSBean: AnyTLSBean? = null,
     var chainBean: ChainBean? = null,
     var nekoBean: NekoBean? = null,
     var configBean: ConfigBean? = null,
@@ -74,15 +80,16 @@ data class ProxyEntity(
         const val TYPE_VMESS = 4
         const val TYPE_TROJAN = 6
 
-        const val TYPE_TROJAN_GO = 7
-        const val TYPE_NAIVE = 9
-        const val TYPE_HYSTERIA = 15
-        const val TYPE_TUIC = 20
-
         const val TYPE_SSH = 17
         const val TYPE_WG = 18
 
+        const val TYPE_TROJAN_GO = 7
+        const val TYPE_NAIVE = 9
+        const val TYPE_HYSTERIA = 15
         const val TYPE_SHADOWTLS = 19
+        const val TYPE_TUIC = 20
+        const val TYPE_MIERU = 21
+        const val TYPE_ANYTLS = 22
 
         const val TYPE_CONFIG = 998
         const val TYPE_NEKO = 999
@@ -91,10 +98,8 @@ data class ProxyEntity(
 
         val chainName by lazy { app.getString(R.string.proxy_chain) }
 
-        private val placeHolderBean = SOCKSBean().applyDefaultValues()
-
         @JvmField
-        val CREATOR = object : Serializable.CREATOR<ProxyEntity>() {
+        val CREATOR = object : CREATOR<ProxyEntity>() {
 
             override fun newInstance(): ProxyEntity {
                 return ProxyEntity()
@@ -161,31 +166,35 @@ data class ProxyEntity(
             TYPE_VMESS -> vmessBean = KryoConverters.vmessDeserialize(byteArray)
             TYPE_TROJAN -> trojanBean = KryoConverters.trojanDeserialize(byteArray)
             TYPE_TROJAN_GO -> trojanGoBean = KryoConverters.trojanGoDeserialize(byteArray)
+            TYPE_MIERU -> mieruBean = KryoConverters.mieruDeserialize(byteArray)
             TYPE_NAIVE -> naiveBean = KryoConverters.naiveDeserialize(byteArray)
             TYPE_HYSTERIA -> hysteriaBean = KryoConverters.hysteriaDeserialize(byteArray)
             TYPE_SSH -> sshBean = KryoConverters.sshDeserialize(byteArray)
             TYPE_WG -> wgBean = KryoConverters.wireguardDeserialize(byteArray)
             TYPE_TUIC -> tuicBean = KryoConverters.tuicDeserialize(byteArray)
             TYPE_SHADOWTLS -> shadowTLSBean = KryoConverters.shadowTLSDeserialize(byteArray)
+            TYPE_ANYTLS -> anyTLSBean = KryoConverters.anyTLSDeserialize(byteArray)
             TYPE_CHAIN -> chainBean = KryoConverters.chainDeserialize(byteArray)
             TYPE_NEKO -> nekoBean = KryoConverters.nekoDeserialize(byteArray)
             TYPE_CONFIG -> configBean = KryoConverters.configDeserialize(byteArray)
         }
     }
 
-    fun displayType() = when (type) {
+    fun displayType(): String = when (type) {
         TYPE_SOCKS -> socksBean!!.protocolName()
         TYPE_HTTP -> if (httpBean!!.isTLS()) "HTTPS" else "HTTP"
         TYPE_SS -> "Shadowsocks"
         TYPE_VMESS -> if (vmessBean!!.isVLESS) "VLESS" else "VMess"
         TYPE_TROJAN -> "Trojan"
         TYPE_TROJAN_GO -> "Trojan-Go"
+        TYPE_MIERU -> "Mieru"
         TYPE_NAIVE -> "Naïve"
-        TYPE_HYSTERIA -> "Hysteria"
+        TYPE_HYSTERIA -> "Hysteria" + hysteriaBean!!.protocolVersion
         TYPE_SSH -> "SSH"
         TYPE_WG -> "WireGuard"
         TYPE_TUIC -> "TUIC"
         TYPE_SHADOWTLS -> "ShadowTLS"
+        TYPE_ANYTLS -> "AnyTLS"
         TYPE_CHAIN -> chainName
         TYPE_NEKO -> nekoBean!!.displayType()
         TYPE_CONFIG -> configBean!!.displayType()
@@ -203,12 +212,14 @@ data class ProxyEntity(
             TYPE_VMESS -> vmessBean
             TYPE_TROJAN -> trojanBean
             TYPE_TROJAN_GO -> trojanGoBean
+            TYPE_MIERU -> mieruBean
             TYPE_NAIVE -> naiveBean
             TYPE_HYSTERIA -> hysteriaBean
             TYPE_SSH -> sshBean
             TYPE_WG -> wgBean
             TYPE_TUIC -> tuicBean
             TYPE_SHADOWTLS -> shadowTLSBean
+            TYPE_ANYTLS -> anyTLSBean
             TYPE_CHAIN -> chainBean
             TYPE_NEKO -> nekoBean
             TYPE_CONFIG -> configBean
@@ -225,11 +236,10 @@ data class ProxyEntity(
 
     fun haveStandardLink(): Boolean {
         return when (requireBean()) {
-            is TuicBean -> false
             is SSHBean -> false
             is WireGuardBean -> false
             is ShadowTLSBean -> false
-            is NekoBean -> nekoBean!!.haveStandardLink()
+            is NekoBean -> false
             is ConfigBean -> false
             else -> true
         }
@@ -245,7 +255,9 @@ data class ProxyEntity(
             is TrojanGoBean -> toUri()
             is NaiveBean -> toUri()
             is HysteriaBean -> toUri()
-            is NekoBean -> shareLink()
+            is TuicBean -> toUri()
+            is AnyTLSBean -> toUri()
+            is NekoBean -> ""
             else -> toUniversalLink()
         }
     }
@@ -269,17 +281,20 @@ data class ProxyEntity(
                                 append("\n\n")
                                 append(bean.buildTrojanGoConfig(port))
                             }
+
+                            is MieruBean -> {
+                                append("\n\n")
+                                append(bean.buildMieruConfig(port))
+                            }
+
                             is NaiveBean -> {
                                 append("\n\n")
                                 append(bean.buildNaiveConfig(port))
                             }
+
                             is HysteriaBean -> {
                                 append("\n\n")
-                                append(bean.buildHysteriaConfig(port, null))
-                            }
-                            is TuicBean -> {
-                                append("\n\n")
-                                append(bean.buildTuicConfig(port, null))
+                                append(bean.buildHysteria1Config(port, null))
                             }
                         }
                     }
@@ -291,28 +306,39 @@ data class ProxyEntity(
     fun needExternal(): Boolean {
         return when (type) {
             TYPE_TROJAN_GO -> true
+            TYPE_MIERU -> true
             TYPE_NAIVE -> true
             TYPE_HYSTERIA -> !hysteriaBean!!.canUseSingBox()
-            TYPE_TUIC -> true
             TYPE_NEKO -> true
             else -> false
         }
     }
 
-    fun isV2RayNetworkTcp(): Boolean {
-        val bean = requireBean() as StandardV2RayBean
-        return when (bean.type) {
-            "tcp", "ws", "http" -> true
-            else -> false
-        }
-    }
-
-    fun needCoreMux(): Boolean {
+    fun singMux(): MultiplexOptions? {
         return when (type) {
-            TYPE_VMESS -> isV2RayNetworkTcp() && Protocols.shouldEnableMux("vmess") && !vmessBean!!.isVLESS
-            TYPE_TROJAN -> isV2RayNetworkTcp() && Protocols.shouldEnableMux("trojan")
-            TYPE_SS -> !ssBean!!.sUoT && Protocols.shouldEnableMux("shadowsocks")
-            else -> false
+            TYPE_VMESS -> MultiplexOptions().apply {
+                enabled = vmessBean!!.enableMux
+                padding = vmessBean!!.muxPadding
+                max_streams = vmessBean!!.muxConcurrency
+                protocol = when (vmessBean!!.muxType) {
+                    1 -> "smux"
+                    2 -> "yamux"
+                    else -> "h2mux"
+                }
+            }
+
+            TYPE_TROJAN -> MultiplexOptions().apply {
+                enabled = trojanBean!!.enableMux
+                padding = trojanBean!!.muxPadding
+                max_streams = trojanBean!!.muxConcurrency
+                protocol = when (trojanBean!!.muxType) {
+                    1 -> "smux"
+                    2 -> "yamux"
+                    else -> "h2mux"
+                }
+            }
+
+            else -> null
         }
     }
 
@@ -323,12 +349,14 @@ data class ProxyEntity(
         vmessBean = null
         trojanBean = null
         trojanGoBean = null
+        mieruBean = null
         naiveBean = null
         hysteriaBean = null
         sshBean = null
         wgBean = null
         tuicBean = null
         shadowTLSBean = null
+        anyTLSBean = null
         chainBean = null
         configBean = null
         nekoBean = null
@@ -338,62 +366,87 @@ data class ProxyEntity(
                 type = TYPE_SOCKS
                 socksBean = bean
             }
+
             is HttpBean -> {
                 type = TYPE_HTTP
                 httpBean = bean
             }
+
             is ShadowsocksBean -> {
                 type = TYPE_SS
                 ssBean = bean
             }
+
             is VMessBean -> {
                 type = TYPE_VMESS
                 vmessBean = bean
             }
+
             is TrojanBean -> {
                 type = TYPE_TROJAN
                 trojanBean = bean
             }
+
             is TrojanGoBean -> {
                 type = TYPE_TROJAN_GO
                 trojanGoBean = bean
             }
+
+            is MieruBean -> {
+                type = TYPE_MIERU
+                mieruBean = bean
+            }
+
             is NaiveBean -> {
                 type = TYPE_NAIVE
                 naiveBean = bean
             }
+
             is HysteriaBean -> {
                 type = TYPE_HYSTERIA
                 hysteriaBean = bean
             }
+
             is SSHBean -> {
                 type = TYPE_SSH
                 sshBean = bean
             }
+
             is WireGuardBean -> {
                 type = TYPE_WG
                 wgBean = bean
             }
+
             is TuicBean -> {
                 type = TYPE_TUIC
                 tuicBean = bean
             }
+
             is ShadowTLSBean -> {
                 type = TYPE_SHADOWTLS
                 shadowTLSBean = bean
             }
+
+            is AnyTLSBean -> {
+                type = TYPE_ANYTLS
+                anyTLSBean = bean
+            }
+
             is ChainBean -> {
                 type = TYPE_CHAIN
                 chainBean = bean
             }
+
             is NekoBean -> {
                 type = TYPE_NEKO
                 nekoBean = bean
             }
+
             is ConfigBean -> {
                 type = TYPE_CONFIG
                 configBean = bean
             }
+
             else -> error("Undefined type $type")
         }
         return this
@@ -408,14 +461,15 @@ data class ProxyEntity(
                 TYPE_VMESS -> VMessSettingsActivity::class.java
                 TYPE_TROJAN -> TrojanSettingsActivity::class.java
                 TYPE_TROJAN_GO -> TrojanGoSettingsActivity::class.java
+                TYPE_MIERU -> MieruSettingsActivity::class.java
                 TYPE_NAIVE -> NaiveSettingsActivity::class.java
                 TYPE_HYSTERIA -> HysteriaSettingsActivity::class.java
                 TYPE_SSH -> SSHSettingsActivity::class.java
                 TYPE_WG -> WireGuardSettingsActivity::class.java
                 TYPE_TUIC -> TuicSettingsActivity::class.java
                 TYPE_SHADOWTLS -> ShadowTLSSettingsActivity::class.java
+                TYPE_ANYTLS -> AnyTLSSettingsActivity::class.java
                 TYPE_CHAIN -> ChainSettingsActivity::class.java
-                TYPE_NEKO -> NekoSettingActivity::class.java
                 TYPE_CONFIG -> ConfigSettingActivity::class.java
                 else -> throw IllegalArgumentException()
             }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/RuleEntity.kt b/app/src/main/java/io/nekohasekai/sagernet/database/RuleEntity.kt
index 20cbbc05d..7d610c5e4 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/RuleEntity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/RuleEntity.kt
@@ -8,9 +8,12 @@ import kotlinx.parcelize.Parcelize
 
 @Entity(tableName = "rules")
 @Parcelize
+@TypeConverters(StringCollectionConverter::class)
 data class RuleEntity(
     @PrimaryKey(autoGenerate = true) var id: Long = 0L,
     var name: String = "",
+    @ColumnInfo(defaultValue = "")
+    var config: String = "",
     var userOrder: Long = 0L,
     var enabled: Boolean = false,
     var domains: String = "",
@@ -21,7 +24,7 @@ data class RuleEntity(
     var source: String = "",
     var protocol: String = "",
     var outbound: Long = 0,
-    var packages: List<String> = listOf(),
+    var packages: Set<String> = emptySet(),
 ) : Parcelable {
 
     fun displayName(): String {
@@ -30,11 +33,12 @@ data class RuleEntity(
 
     fun mkSummary(): String {
         var summary = ""
+        if (config.isNotBlank()) summary += "[config]\n"
         if (domains.isNotBlank()) summary += "$domains\n"
         if (ip.isNotBlank()) summary += "$ip\n"
-        if (source.isNotBlank()) summary += "source: $source\n"
-        if (sourcePort.isNotBlank()) summary += "sourcePort: $sourcePort\n"
-        if (port.isNotBlank()) summary += "port: $port\n"
+        if (source.isNotBlank()) summary += "src ip: $source\n"
+        if (sourcePort.isNotBlank()) summary += "src port: $sourcePort\n"
+        if (port.isNotBlank()) summary += "dst port: $port\n"
         if (network.isNotBlank()) summary += "network: $network\n"
         if (protocol.isNotBlank()) summary += "protocol: $protocol\n"
         if (packages.isNotEmpty()) summary += app.getString(
@@ -54,7 +58,7 @@ data class RuleEntity(
             -1L -> app.getString(R.string.route_bypass)
             -2L -> app.getString(R.string.route_block)
             else -> ProfileManager.getProfile(outbound)?.displayName()
-                ?: app.getString(R.string.route_proxy)
+                ?: app.getString(R.string.error_title)
         }
     }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/SagerDatabase.kt b/app/src/main/java/io/nekohasekai/sagernet/database/SagerDatabase.kt
index 4d57ed3e4..ececc106e 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/SagerDatabase.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/SagerDatabase.kt
@@ -1,5 +1,6 @@
 package io.nekohasekai.sagernet.database
 
+import androidx.room.AutoMigration
 import androidx.room.Database
 import androidx.room.Room
 import androidx.room.RoomDatabase
@@ -15,7 +16,12 @@ import kotlinx.coroutines.launch
 
 @Database(
     entities = [ProxyGroup::class, ProxyEntity::class, RuleEntity::class],
-    version = 2
+    version = 6,
+    autoMigrations = [
+        AutoMigration(from = 3, to = 4),
+        AutoMigration(from = 4, to = 5),
+        AutoMigration(from = 5, to = 6)
+    ]
 )
 @TypeConverters(value = [KryoConverters::class, GsonConverters::class])
 @GenerateRoomMigrations
@@ -27,7 +33,8 @@ abstract class SagerDatabase : RoomDatabase() {
         val instance by lazy {
             SagerNet.application.getDatabasePath(Key.DB_PROFILE).parentFile?.mkdirs()
             Room.databaseBuilder(SagerNet.application, SagerDatabase::class.java, Key.DB_PROFILE)
-                .addMigrations(*SagerDatabase_Migrations.build())
+//                .addMigrations(*SagerDatabase_Migrations.build())
+                .setJournalMode(JournalMode.TRUNCATE)
                 .allowMainThreadQueries()
                 .enableMultiInstanceInvalidation()
                 .fallbackToDestructiveMigration()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/StringCollectionConverter.kt b/app/src/main/java/io/nekohasekai/sagernet/database/StringCollectionConverter.kt
new file mode 100644
index 000000000..ea45467d8
--- /dev/null
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/StringCollectionConverter.kt
@@ -0,0 +1,44 @@
+package io.nekohasekai.sagernet.database
+
+import androidx.room.TypeConverter
+
+class StringCollectionConverter {
+    companion object {
+        const val SPLIT_FLAG = ","
+
+        /*
+        @TypeConverter
+        @JvmStatic
+        fun fromList(list: List<String>): String = if (list.isEmpty()) {
+            ""
+        } else {
+            list.joinToString(SPLIT_FLAG)
+        }
+
+        @TypeConverter
+        @JvmStatic
+        fun toList(str: String): List<String> = if (str.isBlank()) {
+            emptyList()
+        } else {
+            str.split(SPLIT_FLAG)
+        }
+        */
+
+
+        @TypeConverter
+        @JvmStatic
+        fun fromSet(set: Set<String>): String = if (set.isEmpty()) {
+            ""
+        } else {
+            set.joinToString(SPLIT_FLAG)
+        }
+
+        @TypeConverter
+        @JvmStatic
+        fun toSet(str: String): Set<String> = if (str.isBlank()) {
+            emptySet()
+        } else {
+            str.split(",").toSet()
+        }
+    }
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/preference/PublicDatabase.kt b/app/src/main/java/io/nekohasekai/sagernet/database/preference/PublicDatabase.kt
index e9296de55..d4ebf9800 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/database/preference/PublicDatabase.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/database/preference/PublicDatabase.kt
@@ -16,6 +16,7 @@ abstract class PublicDatabase : RoomDatabase() {
         val instance by lazy {
             SagerNet.application.getDatabasePath(Key.DB_PROFILE).parentFile?.mkdirs()
             Room.databaseBuilder(SagerNet.application, PublicDatabase::class.java, Key.DB_PUBLIC)
+                .setJournalMode(JournalMode.TRUNCATE)
                 .allowMainThreadQueries()
                 .enableMultiInstanceInvalidation()
                 .fallbackToDestructiveMigration()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt
index 9e2635f63..8fe0a2944 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt
@@ -1,7 +1,7 @@
 package io.nekohasekai.sagernet.fmt
 
-import io.nekohasekai.sagernet.IPv6Mode
-import io.nekohasekai.sagernet.Key
+import android.widget.Toast
+import io.nekohasekai.sagernet.*
 import io.nekohasekai.sagernet.bg.VpnService
 import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.database.ProxyEntity
@@ -10,7 +10,6 @@ import io.nekohasekai.sagernet.database.SagerDatabase
 import io.nekohasekai.sagernet.fmt.ConfigBuildResult.IndexEntity
 import io.nekohasekai.sagernet.fmt.hysteria.HysteriaBean
 import io.nekohasekai.sagernet.fmt.hysteria.buildSingBoxOutboundHysteriaBean
-import io.nekohasekai.sagernet.fmt.hysteria.isMultiPort
 import io.nekohasekai.sagernet.fmt.internal.ChainBean
 import io.nekohasekai.sagernet.fmt.shadowsocks.ShadowsocksBean
 import io.nekohasekai.sagernet.fmt.shadowsocks.buildSingBoxOutboundShadowsocksBean
@@ -19,6 +18,7 @@ import io.nekohasekai.sagernet.fmt.socks.buildSingBoxOutboundSocksBean
 import io.nekohasekai.sagernet.fmt.ssh.SSHBean
 import io.nekohasekai.sagernet.fmt.ssh.buildSingBoxOutboundSSHBean
 import io.nekohasekai.sagernet.fmt.tuic.TuicBean
+import io.nekohasekai.sagernet.fmt.tuic.buildSingBoxOutboundTuicBean
 import io.nekohasekai.sagernet.fmt.v2ray.StandardV2RayBean
 import io.nekohasekai.sagernet.fmt.v2ray.buildSingBoxOutboundStandardV2RayBean
 import io.nekohasekai.sagernet.fmt.wireguard.WireGuardBean
@@ -26,30 +26,27 @@ import io.nekohasekai.sagernet.fmt.wireguard.buildSingBoxOutboundWireguardBean
 import io.nekohasekai.sagernet.ktx.isIpAddress
 import io.nekohasekai.sagernet.ktx.mkPort
 import io.nekohasekai.sagernet.utils.PackageCache
+import moe.matsuri.nb4a.*
 import moe.matsuri.nb4a.SingBoxOptions.*
-import moe.matsuri.nb4a.applyDNSNetworkSettings
-import moe.matsuri.nb4a.checkEmpty
-import moe.matsuri.nb4a.makeSingBoxRule
 import moe.matsuri.nb4a.plugin.Plugins
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSBean
+import moe.matsuri.nb4a.proxy.anytls.buildSingBoxOutboundAnyTLSBean
 import moe.matsuri.nb4a.proxy.config.ConfigBean
 import moe.matsuri.nb4a.proxy.shadowtls.ShadowTLSBean
 import moe.matsuri.nb4a.proxy.shadowtls.buildSingBoxOutboundShadowTLSBean
 import moe.matsuri.nb4a.utils.JavaUtil.gson
+import moe.matsuri.nb4a.utils.Util
+import moe.matsuri.nb4a.utils.listByLineOrComma
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
 
 const val TAG_MIXED = "mixed-in"
-const val TAG_TRANS = "trans-in"
 
 const val TAG_PROXY = "proxy"
 const val TAG_DIRECT = "direct"
 const val TAG_BYPASS = "bypass"
 const val TAG_BLOCK = "block"
 
-const val TAG_DNS_IN = "dns-in"
-const val TAG_DNS_OUT = "dns-out"
-
 const val LOCALHOST = "127.0.0.1"
-const val LOCAL_DNS_SERVER = "underlying://0.0.0.0"
 
 class ConfigBuildResult(
     var config: String,
@@ -57,26 +54,11 @@ class ConfigBuildResult(
     var mainEntId: Long,
     var trafficMap: Map<String, List<ProxyEntity>>,
     var profileTagMap: Map<Long, String>,
-    val alerts: List<Pair<Int, String>>,
     val selectorGroupId: Long,
 ) {
     data class IndexEntity(var chain: LinkedHashMap<Int, ProxyEntity>)
 }
 
-fun mergeJSON(j: String, to: MutableMap<String, Any>) {
-    if (j.isBlank()) return
-    val m = gson.fromJson(j, to.javaClass)
-    m.forEach { (k, v) ->
-        if (v is Map<*, *> && to[k] is Map<*, *>) {
-            val currentMap = (to[k] as Map<*, *>).toMutableMap()
-            currentMap += v
-            to[k] = currentMap
-        } else {
-            to[k] = v
-        }
-    }
-}
-
 fun buildConfig(
     proxy: ProxyEntity, forTest: Boolean = false, forExport: Boolean = false
 ): ConfigBuildResult {
@@ -90,7 +72,6 @@ fun buildConfig(
                 proxy.id, //
                 mapOf(TAG_PROXY to listOf(proxy)), //
                 mapOf(proxy.id to TAG_PROXY), //
-                listOf(),
                 -1L
             )
         }
@@ -101,7 +82,6 @@ fun buildConfig(
     val globalOutbounds = HashMap<Long, String>()
     val selectorNames = ArrayList<String>()
     val group = SagerDatabase.groupDao.getById(proxy.groupId)
-    val optionsToMerge = proxy.requireBean().customConfigJson ?: ""
 
     fun ProxyEntity.resolveChainInternal(): MutableList<ProxyEntity> {
         val bean = requireBean()
@@ -130,8 +110,9 @@ fun buildConfig(
     }
 
     fun ProxyEntity.resolveChain(): MutableList<ProxyEntity> {
-        val frontProxy = group?.frontProxy?.let { SagerDatabase.proxyDao.getById(it) }
-        val landingProxy = group?.landingProxy?.let { SagerDatabase.proxyDao.getById(it) }
+        val thisGroup = SagerDatabase.groupDao.getById(groupId)
+        val frontProxy = thisGroup?.frontProxy?.let { SagerDatabase.proxyDao.getById(it) }
+        val landingProxy = thisGroup?.landingProxy?.let { SagerDatabase.proxyDao.getById(it) }
         val list = resolveChainInternal()
         if (frontProxy != null) {
             list.add(frontProxy)
@@ -148,31 +129,25 @@ fun buildConfig(
             rule.outbound.takeIf { it > 0 && it != proxy.id }
         }.toHashSet().toList()).associateBy { it.id }
     val buildSelector = !forTest && group?.isSelector == true && !forExport
-    val uidListDNSRemote = mutableListOf<Int>()
-    val uidListDNSDirect = mutableListOf<Int>()
-    val domainListDNSRemote = mutableListOf<String>()
-    val domainListDNSDirect = mutableListOf<String>()
+    val userDNSRuleList = mutableListOf<DNSRule_DefaultOptions>()
     val domainListDNSDirectForce = mutableListOf<String>()
-    val domainListDNSBlock = mutableListOf<String>()
     val bypassDNSBeans = hashSetOf<AbstractBean>()
     val isVPN = DataStore.serviceMode == Key.MODE_VPN
     val bind = if (!forTest && DataStore.allowAccess) "0.0.0.0" else LOCALHOST
     val remoteDns = DataStore.remoteDns.split("\n")
         .mapNotNull { dns -> dns.trim().takeIf { it.isNotBlank() && !it.startsWith("#") } }
-    var directDNS = DataStore.directDns.split("\n")
+    val directDNS = DataStore.directDns.split("\n")
         .mapNotNull { dns -> dns.trim().takeIf { it.isNotBlank() && !it.startsWith("#") } }
     val enableDnsRouting = DataStore.enableDnsRouting
-    val useFakeDns = DataStore.enableFakeDns && !forTest && DataStore.ipv6Mode != IPv6Mode.ONLY
-    val needSniff = DataStore.trafficSniffing
+    val useFakeDns = DataStore.enableFakeDns && !forTest
+    val needSniff = DataStore.trafficSniffing > 0
+    val needSniffOverride = DataStore.trafficSniffing == 2
     val externalIndexMap = ArrayList<IndexEntity>()
-    val requireTransproxy = if (forTest) false else DataStore.requireTransproxy
     val ipv6Mode = if (forTest) IPv6Mode.ENABLE else DataStore.ipv6Mode
-    val resolveDestination = DataStore.resolveDestination
-    val alerts = mutableListOf<Pair<Int, String>>()
 
     fun genDomainStrategy(noAsIs: Boolean): String {
         return when {
-            !resolveDestination && !noAsIs -> ""
+            !noAsIs -> ""
             ipv6Mode == IPv6Mode.DISABLE -> "ipv4_only"
             ipv6Mode == IPv6Mode.PREFER -> "prefer_ipv6"
             ipv6Mode == IPv6Mode.ONLY -> "ipv6_only"
@@ -185,7 +160,6 @@ fun buildConfig(
             clash_api = ClashAPIOptions().apply {
                 external_controller = "127.0.0.1:9090"
                 external_ui = "../files/yacd"
-                cache_file = "../cache/clash.db"
             }
         }
 
@@ -201,22 +175,21 @@ fun buildConfig(
         }
 
         dns = DNSOptions().apply {
-            // TODO nb4a hosts?
-//            hosts = DataStore.hosts.split("\n")
-//                .filter { it.isNotBlank() }
-//                .associate { it.substringBefore(" ") to it.substringAfter(" ") }
-//                .toMutableMap()
-
             servers = mutableListOf()
             rules = mutableListOf()
+            independent_cache = true
+        }
 
-            when (ipv6Mode) {
-                IPv6Mode.DISABLE -> {
-                    strategy = "ipv4_only"
-                }
-                IPv6Mode.ONLY -> {
-                    strategy = "ipv6_only"
-                }
+        fun autoDnsDomainStrategy(s: String): String? {
+            if (s.isNotEmpty()) {
+                return s
+            }
+            return when (ipv6Mode) {
+                IPv6Mode.DISABLE -> "ipv4_only"
+                IPv6Mode.ENABLE -> "prefer_ipv4"
+                IPv6Mode.PREFER -> "prefer_ipv6"
+                IPv6Mode.ONLY -> "ipv6_only"
+                else -> null
             }
         }
 
@@ -226,17 +199,25 @@ fun buildConfig(
             if (isVPN) inbounds.add(Inbound_TunOptions().apply {
                 type = "tun"
                 tag = "tun-in"
-                stack = if (DataStore.tunImplementation == 1) "system" else "gvisor"
-                sniff = needSniff
+                stack = when (DataStore.tunImplementation) {
+                    TunImplementation.GVISOR -> "gvisor"
+                    TunImplementation.SYSTEM -> "system"
+                    else -> "mixed"
+                }
                 endpoint_independent_nat = true
-                domain_strategy = genDomainStrategy(false)
+                mtu = DataStore.mtu
+                domain_strategy = genDomainStrategy(DataStore.resolveDestination)
+                sniff = needSniff
+                sniff_override_destination = needSniffOverride
                 when (ipv6Mode) {
                     IPv6Mode.DISABLE -> {
                         inet4_address = listOf(VpnService.PRIVATE_VLAN4_CLIENT + "/28")
                     }
+
                     IPv6Mode.ONLY -> {
                         inet6_address = listOf(VpnService.PRIVATE_VLAN6_CLIENT + "/126")
                     }
+
                     else -> {
                         inet4_address = listOf(VpnService.PRIVATE_VLAN4_CLIENT + "/28")
                         inet6_address = listOf(VpnService.PRIVATE_VLAN6_CLIENT + "/126")
@@ -248,48 +229,19 @@ fun buildConfig(
                 tag = TAG_MIXED
                 listen = bind
                 listen_port = DataStore.mixedPort
-                domain_strategy = genDomainStrategy(false)
-                if (needSniff) {
-                    sniff = true
-//                destOverride = when {
-//                    useFakeDns && !trafficSniffing -> listOf("fakedns")
-//                    useFakeDns -> listOf("fakedns", "http", "tls", "quic")
-//                    else -> listOf("http", "tls", "quic")
-//                }
-//                metadataOnly = useFakeDns && !trafficSniffing
-//                routeOnly = true
-                }
+                domain_strategy = genDomainStrategy(DataStore.resolveDestination)
+                sniff = needSniff
+                sniff_override_destination = needSniffOverride
             })
         }
 
-        if (requireTransproxy) {
-            if (DataStore.transproxyMode == 1) {
-                inbounds.add(Inbound_TProxyOptions().apply {
-                    type = "tproxy"
-                    tag = TAG_TRANS
-                    listen = bind
-                    listen_port = DataStore.transproxyPort
-                    sniff = needSniff
-                    domain_strategy = genDomainStrategy(false)
-                })
-            } else {
-                inbounds.add(Inbound_RedirectOptions().apply {
-                    type = "redirect"
-                    tag = TAG_TRANS
-                    listen = bind
-                    listen_port = DataStore.transproxyPort
-                    sniff = needSniff
-                    domain_strategy = genDomainStrategy(false)
-                })
-            }
-        }
-
         outbounds = mutableListOf()
 
         // init routing object
         route = RouteOptions().apply {
             auto_detect_interface = true
             rules = mutableListOf()
+            rule_set = mutableListOf()
         }
 
         // returns outbound tag
@@ -302,20 +254,20 @@ fun buildConfig(
                 add(entity)
             }
 
-            var currentOutbound = mutableMapOf<String, Any>()
-            lateinit var pastOutbound: MutableMap<String, Any>
+            var currentOutbound: SingBoxOption
+            lateinit var pastOutbound: SingBoxOption
             lateinit var pastInboundTag: String
             var pastEntity: ProxyEntity? = null
             val externalChainMap = LinkedHashMap<Int, ProxyEntity>()
             externalIndexMap.add(IndexEntity(externalChainMap))
-            val chainOutbounds = ArrayList<MutableMap<String, Any>>()
+            val chainOutbounds = ArrayList<SingBoxOption>()
 
             // chainTagOut: v2ray outbound tag for this chain
             var chainTagOut = ""
             val chainTag = "c-$chainId"
             var muxApplied = false
 
-            var currentDomainStrategy = genDomainStrategy(false)
+            val defaultServerDomainStrategy = SingBoxOptionsUtil.domainStrategy("server")
 
             profileList.forEachIndexed { index, proxyEntity ->
                 val bean = proxyEntity.requireBean()
@@ -336,13 +288,6 @@ fun buildConfig(
                     bypassDNSBeans += proxyEntity.requireBean()
                 }
 
-                if (needGlobal) {
-                    globalOutbounds[proxyEntity.id]?.let {
-                        if (index == 0) chainTagOut = it // single, duplicate chain
-                        return@forEachIndexed
-                    }
-                }
-
                 // last profile set as "proxy"
                 if (chainId == 0L && index == 0) {
                     tagOut = TAG_PROXY
@@ -353,10 +298,6 @@ fun buildConfig(
                     tagOut = selectorName(bean.displayName())
                 }
 
-                // now tagOut is determined
-                if (needGlobal) {
-                    globalOutbounds[proxyEntity.id] = tagOut
-                }
 
                 // chain rules
                 if (index > 0) {
@@ -367,93 +308,118 @@ fun buildConfig(
                             outbound = tagOut
                         })
                     } else {
-                        pastOutbound["detour"] = tagOut
+                        pastOutbound._hack_config_map["detour"] = tagOut
                     }
                 } else {
                     // index == 0 means last profile in chain / not chain
                     chainTagOut = tagOut
                 }
 
-                // Chain outbound
-                if (proxyEntity.needExternal()) {
+                // now tagOut is determined
+                if (needGlobal) {
+                    globalOutbounds[proxyEntity.id]?.let {
+                        if (index == 0) chainTagOut = it // single, duplicate chain
+                        return@forEachIndexed
+                    }
+                    globalOutbounds[proxyEntity.id] = tagOut
+                }
+
+                if (proxyEntity.needExternal()) { // externel outbound
                     val localPort = mkPort()
                     externalChainMap[localPort] = proxyEntity
                     currentOutbound = Outbound_SocksOptions().apply {
                         type = "socks"
                         server = LOCALHOST
                         server_port = localPort
-                    }.asMap()
+                    }
                 } else {
                     // internal outbound
 
                     currentOutbound = when (bean) {
-                        is ConfigBean ->
-                            gson.fromJson(bean.config, currentOutbound.javaClass)
+                        is ConfigBean -> CustomSingBoxOption(bean.config)
+
                         is ShadowTLSBean -> // before StandardV2RayBean
-                            buildSingBoxOutboundShadowTLSBean(bean).asMap()
+                            buildSingBoxOutboundShadowTLSBean(bean)
+
                         is StandardV2RayBean -> // http/trojan/vmess/vless
-                            buildSingBoxOutboundStandardV2RayBean(bean).asMap()
+                            buildSingBoxOutboundStandardV2RayBean(bean)
+
                         is HysteriaBean ->
-                            buildSingBoxOutboundHysteriaBean(bean).asMap()
+                            buildSingBoxOutboundHysteriaBean(bean)
+
+                        is TuicBean ->
+                            buildSingBoxOutboundTuicBean(bean)
+
                         is SOCKSBean ->
-                            buildSingBoxOutboundSocksBean(bean).asMap()
+                            buildSingBoxOutboundSocksBean(bean)
+
                         is ShadowsocksBean ->
-                            buildSingBoxOutboundShadowsocksBean(bean).asMap()
+                            buildSingBoxOutboundShadowsocksBean(bean)
+
                         is WireGuardBean ->
-                            buildSingBoxOutboundWireguardBean(bean).asMap()
+                            buildSingBoxOutboundWireguardBean(bean)
+
                         is SSHBean ->
-                            buildSingBoxOutboundSSHBean(bean).asMap()
+                            buildSingBoxOutboundSSHBean(bean)
+
+                        is AnyTLSBean ->
+                            buildSingBoxOutboundAnyTLSBean(bean)
+
                         else -> throw IllegalStateException("can't reach")
                     }
 
-                    currentOutbound.apply {
-                        // TODO nb4a keepAliveInterval?
-//                        val keepAliveInterval = DataStore.tcpKeepAliveInterval
-//                        val needKeepAliveInterval = keepAliveInterval !in intArrayOf(0, 15)
-
-                        if (!muxApplied && proxyEntity.needCoreMux()) {
+                    // internal mux
+                    if (!muxApplied) {
+                        val muxObj = proxyEntity.singMux()
+                        if (muxObj != null && muxObj.enabled) {
                             muxApplied = true
-                            currentOutbound["multiplex"] = MultiplexOptions().apply {
-                                enabled = true
-                                max_streams = DataStore.muxConcurrency
-                            }
+                            currentOutbound._hack_config_map["multiplex"] = muxObj.asMap()
                         }
                     }
+                }
 
-                    // custom JSON merge
-                    if (bean.customOutboundJson.isNotBlank()) {
-                        mergeJSON(bean.customOutboundJson, currentOutbound)
+                // internal & external
+                currentOutbound.apply {
+                    // udp over tcp
+                    try {
+                        val sUoT = bean.javaClass.getField("sUoT").get(bean)
+                        if (sUoT is Boolean && sUoT) {
+                            _hack_config_map["udp_over_tcp"] = true
+                        }
+                    } catch (_: Exception) {
                     }
-                }
 
-                pastEntity?.requireBean()?.apply {
-                    // don't loopback
-                    if (currentDomainStrategy != "" && !serverAddress.isIpAddress()) {
-                        domainListDNSDirectForce.add("full:$serverAddress")
+                    // domain_strategy
+                    pastEntity?.requireBean()?.apply {
+                        // don't loopback
+                        if (defaultServerDomainStrategy != "" && !serverAddress.isIpAddress()) {
+                            domainListDNSDirectForce.add("full:$serverAddress")
+                        }
                     }
-                }
-                if (forTest) {
-                    currentDomainStrategy = ""
-                }
+                    _hack_config_map["domain_strategy"] =
+                        if (forTest) "" else defaultServerDomainStrategy
 
-                currentOutbound["tag"] = tagOut
-                currentOutbound["domain_strategy"] = currentDomainStrategy
+                    _hack_config_map["tag"] = tagOut
+
+                    _hack_custom_config = bean.customOutboundJson
+                }
 
                 // External proxy need a dokodemo-door inbound to forward the traffic
                 // For external proxy software, their traffic must goes to v2ray-core to use protected fd.
+                bean.finalAddress = bean.serverAddress
+                bean.finalPort = bean.serverPort
                 if (bean.canMapping() && proxyEntity.needExternal()) {
                     // With ss protect, don't use mapping
                     var needExternal = true
                     if (index == profileList.lastIndex) {
                         val pluginId = when (bean) {
-                            is HysteriaBean -> "hysteria-plugin"
-                            is TuicBean -> "tuic-plugin"
+                            is HysteriaBean -> if (bean.protocolVersion == 1) "hysteria-plugin" else "hysteria2-plugin"
                             else -> ""
                         }
                         if (Plugins.isUsingMatsuriExe(pluginId)) {
                             needExternal = false
-                        } else if (bean is HysteriaBean) {
-                            throw Exception("not supported hysteria-plugin (SagerNet)")
+                        } else if (Plugins.getPluginExternal(pluginId) != null) {
+                            throw Exception("You are using an unsupported $pluginId, please download the correct plugin.")
                         }
                     }
                     if (needExternal) {
@@ -495,8 +461,8 @@ fun buildConfig(
 
         // build outbounds
         if (buildSelector) {
-            val list = group?.id?.let { SagerDatabase.proxyDao.getByGroup(it) }
-            list?.forEach {
+            val list = group.id.let { SagerDatabase.proxyDao.getByGroup(it) }
+            list.forEach {
                 tagMap[it.id] = buildChain(it.id, it)
             }
             outbounds.add(0, Outbound_SelectorOptions().apply {
@@ -504,7 +470,7 @@ fun buildConfig(
                 tag = TAG_PROXY
                 default_ = tagMap[proxy.id]
                 outbounds = tagMap.values.toList()
-            }.asMap())
+            })
         } else {
             buildChain(0, proxy)
         }
@@ -518,30 +484,38 @@ fun buildConfig(
             if (rule.packages.isNotEmpty()) {
                 PackageCache.awaitLoadSync()
             }
-            val uidList2 = rule.packages.map {
+            val uidList = rule.packages.map {
                 if (!isVPN) {
-                    alerts.add(0 to rule.displayName())
+                    Toast.makeText(
+                        SagerNet.application,
+                        SagerNet.application.getString(R.string.route_need_vpn, rule.displayName()),
+                        Toast.LENGTH_SHORT
+                    ).show()
                 }
                 PackageCache[it]?.takeIf { uid -> uid >= 1000 }
             }.toHashSet().filterNotNull()
+            val ruleSets = mutableListOf<RuleSet>()
 
             val ruleObj = Rule_DefaultOptions().apply {
-                if (uidList2.isNotEmpty()) {
+                if (uidList.isNotEmpty()) {
                     PackageCache.awaitLoadSync()
-                    user_id = uidList2
+                    user_id = uidList
                 }
-                var domainList2: List<String>? = null
+                var domainList: List<String>? = null
                 if (rule.domains.isNotBlank()) {
-                    domainList2 = rule.domains.split("\n")
-                    makeSingBoxRule(domainList2, false)
+                    domainList = rule.domains.listByLineOrComma()
+                    makeSingBoxRule(domainList, false)
                 }
                 if (rule.ip.isNotBlank()) {
-                    makeSingBoxRule(rule.ip.split("\n"), true)
+                    makeSingBoxRule(rule.ip.listByLineOrComma(), true)
                 }
+
+                if (rule_set != null) generateRuleSet(rule_set, ruleSets)
+
                 if (rule.port.isNotBlank()) {
                     port = mutableListOf<Int>()
                     port_range = mutableListOf<String>()
-                    rule.port.split(",").map {
+                    rule.port.listByLineOrComma().map {
                         if (it.contains(":")) {
                             port_range.add(it)
                         } else {
@@ -552,7 +526,7 @@ fun buildConfig(
                 if (rule.sourcePort.isNotBlank()) {
                     source_port = mutableListOf<Int>()
                     source_port_range = mutableListOf<String>()
-                    rule.sourcePort.split(",").map {
+                    rule.sourcePort.listByLineOrComma().map {
                         if (it.contains(":")) {
                             source_port_range.add(it)
                         } else {
@@ -561,78 +535,88 @@ fun buildConfig(
                     }
                 }
                 if (rule.network.isNotBlank()) {
-                    network = rule.network
+                    network = listOf(rule.network)
                 }
                 if (rule.source.isNotBlank()) {
-                    source_ip_cidr = rule.source.split("\n")
+                    source_ip_cidr = rule.source.listByLineOrComma()
                 }
                 if (rule.protocol.isNotBlank()) {
-                    protocol = rule.protocol.split("\n")
+                    protocol = rule.protocol.listByLineOrComma()
                 }
 
-                // also bypass lookup
-                // cannot use other outbound profile to lookup...
-                if (rule.outbound == -1L) {
-                    uidListDNSDirect += uidList2
-                    if (domainList2 != null) domainListDNSDirect += domainList2
-                } else if (rule.outbound == 0L) {
-                    uidListDNSRemote += uidList2
-                    if (domainList2 != null) domainListDNSRemote += domainList2
-                } else if (rule.outbound == -2L) {
-                    if (domainList2 != null) domainListDNSBlock += domainList2
+                fun makeDnsRuleObj(): DNSRule_DefaultOptions {
+                    return DNSRule_DefaultOptions().apply {
+                        if (uidList.isNotEmpty()) user_id = uidList
+                        domainList?.let { makeSingBoxRule(it) }
+                    }
+                }
+
+                when (rule.outbound) {
+                    -1L -> {
+                        userDNSRuleList += makeDnsRuleObj().apply { server = "dns-direct" }
+                    }
+
+                    0L -> {
+                        if (useFakeDns) userDNSRuleList += makeDnsRuleObj().apply {
+                            server = "dns-fake"
+                            inbound = listOf("tun-in")
+                        }
+                        userDNSRuleList += makeDnsRuleObj().apply {
+                            server = "dns-remote"
+                        }
+                    }
+
+                    -2L -> {
+                        userDNSRuleList += makeDnsRuleObj().apply {
+                            server = "dns-block"
+                            disable_cache = true
+                        }
+                    }
                 }
 
                 outbound = when (val outId = rule.outbound) {
                     0L -> TAG_PROXY
                     -1L -> TAG_BYPASS
                     -2L -> TAG_BLOCK
-                    else -> if (outId == proxy.id) TAG_PROXY else tagMap[outId]
-                        ?: throw Exception("invalid rule")
+                    else -> if (outId == proxy.id) TAG_PROXY else tagMap[outId] ?: ""
                 }
+
+                _hack_custom_config = rule.config
             }
 
             if (!ruleObj.checkEmpty()) {
-                route.rules.add(ruleObj)
+                if (ruleObj.outbound.isNullOrBlank()) {
+                    Toast.makeText(
+                        SagerNet.application,
+                        "Warning: " + rule.displayName() + ": A non-existent outbound was specified.",
+                        Toast.LENGTH_LONG
+                    ).show()
+                } else {
+                    // block 改用新的写法
+                    if (ruleObj.outbound == TAG_BLOCK) {
+                        ruleObj.outbound = null
+                        ruleObj.action = "reject"
+                    }
+                    route.rules.add(ruleObj)
+                    route.rule_set.addAll(ruleSets)
+                }
             }
         }
 
+        // 对 rule_set tag 去重
+        if (route.rule_set != null) {
+            route.rule_set = route.rule_set.distinctBy { it.tag }
+        }
+
         for (freedom in arrayOf(TAG_DIRECT, TAG_BYPASS)) outbounds.add(Outbound().apply {
             tag = freedom
             type = "direct"
-        }.asMap())
-
-        outbounds.add(Outbound().apply {
-            tag = TAG_BLOCK
-            type = "block"
-        }.asMap())
-
-        if (!forTest) {
-            inbounds.add(0, Inbound_DirectOptions().apply {
-                type = "direct"
-                tag = TAG_DNS_IN
-                listen = bind
-                listen_port = DataStore.localDNSPort
-                override_address = "8.8.8.8"
-                override_port = 53
-            })
-
-            outbounds.add(Outbound().apply {
-                type = "dns"
-                tag = TAG_DNS_OUT
-            }.asMap())
-        }
-
-        if (DataStore.directDnsUseSystem) {
-            // finally able to use "localDns" now...
-            directDNS = listOf(LOCAL_DNS_SERVER)
-        }
+        })
 
         // Bypass Lookup for the first profile
         bypassDNSBeans.forEach {
             var serverAddr = it.serverAddress
-            if (it is HysteriaBean && it.isMultiPort()) {
-                serverAddr = it.serverAddress.substringBeforeLast(":")
-            }
+
             if (it is ConfigBean) {
                 var config = mutableMapOf<String, Any>()
                 config = gson.fromJson(it.config, config.javaClass)
@@ -658,137 +642,94 @@ fun buildConfig(
             }
         }
 
-        // remote dns obj
-        remoteDns.firstOrNull().let {
-            dns.servers.add(DNSServerOptions().apply {
-                address = it ?: throw Exception("No remote DNS, check your settings!")
-                tag = "dns-remote"
-                address_resolver = "dns-direct"
-                applyDNSNetworkSettings(false)
-            })
-        }
+        dns.servers.add(DNSServerOptions().apply {
+            address = "rcode://success"
+            tag = "dns-block"
+        })
+
+        dns.servers.add(DNSServerOptions().apply {
+            address = "local"
+            tag = "dns-local"
+            detour = TAG_DIRECT
+        })
 
-        // add directDNS objects here
         directDNS.firstOrNull().let {
             dns.servers.add(DNSServerOptions().apply {
                 address = it ?: throw Exception("No direct DNS, check your settings!")
                 tag = "dns-direct"
                 detour = TAG_DIRECT
                 address_resolver = "dns-local"
-                applyDNSNetworkSettings(true)
+                strategy = autoDnsDomainStrategy(SingBoxOptionsUtil.domainStrategy(tag))
             })
         }
-        dns.servers.add(DNSServerOptions().apply {
-            address = LOCAL_DNS_SERVER
-            tag = "dns-local"
-            detour = TAG_DIRECT
-        })
-        dns.servers.add(DNSServerOptions().apply {
-            address = "rcode://success"
-            tag = "dns-block"
-        })
+
+        remoteDns.firstOrNull().let {
+            // Always use direct DNS for urlTest
+            if (!forTest) dns.servers.add(DNSServerOptions().apply {
+                address = it ?: throw Exception("No remote DNS, check your settings!")
+                tag = "dns-remote"
+                address_resolver = "dns-direct"
+                strategy = autoDnsDomainStrategy(SingBoxOptionsUtil.domainStrategy(tag))
+            })
+        }
+
+        dns.final_ = if (forTest) "dns-direct" else "dns-remote"
 
         // dns object user rules
         if (enableDnsRouting) {
-            val dnsRuleObj = mutableListOf<DNSRule_DefaultOptions>()
-            if (uidListDNSRemote.isNotEmpty()) {
-                if (useFakeDns) dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        user_id = uidListDNSRemote.toHashSet().toList()
-                        server = "dns-fake"
-                        inbound = listOf("tun-in")
-                    }
-                )
-                dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        user_id = uidListDNSRemote.toHashSet().toList()
-                        server = "dns-remote"
-                    }
-                )
-            }
-            if (domainListDNSRemote.isNotEmpty()) {
-                if (useFakeDns) dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        makeSingBoxRule(domainListDNSRemote.toHashSet().toList())
-                        server = "dns-fake"
-                        inbound = listOf("tun-in")
-                    }
-                )
-                dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        makeSingBoxRule(domainListDNSRemote.toHashSet().toList())
-                        server = "dns-remote"
-                    }
-                )
-            }
-            if (uidListDNSDirect.isNotEmpty()) {
-                dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        user_id = uidListDNSDirect.toHashSet().toList()
-                        server = "dns-direct"
-                    }
-                )
-            }
-            if (domainListDNSDirect.isNotEmpty()) {
-                dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        makeSingBoxRule(domainListDNSDirect.toHashSet().toList())
-                        server = "dns-direct"
-                    }
-                )
-            }
-            if (domainListDNSBlock.isNotEmpty()) {
-                dnsRuleObj.add(
-                    DNSRule_DefaultOptions().apply {
-                        makeSingBoxRule(domainListDNSBlock.toHashSet().toList())
-                        server = "dns-block"
-                        disable_cache = true
-                    }
-                )
-            }
-            dnsRuleObj.forEach {
+            userDNSRuleList.forEach {
                 if (!it.checkEmpty()) dns.rules.add(it)
             }
         }
 
         if (forTest) {
-            // Disable DNS for test
-            dns.servers = listOf(
-                DNSServerOptions().apply {
-                    address = LOCAL_DNS_SERVER
-                    tag = "dns-local"
-                    detour = TAG_DIRECT
-                }
-            ) // Always use system DNS for urlTest
             dns.rules = listOf()
         } else {
             // built-in DNS rules
             route.rules.add(0, Rule_DefaultOptions().apply {
-                inbound = listOf(TAG_DNS_IN)
-                outbound = TAG_DNS_OUT
+                protocol = listOf("dns")
+                action = "hijack-dns"
             })
             route.rules.add(0, Rule_DefaultOptions().apply {
                 port = listOf(53)
-                outbound = TAG_DNS_OUT
-            }) // TODO new mode use system dns?
+                action = "hijack-dns"
+            })
             if (DataStore.bypassLanInCore) {
                 route.rules.add(Rule_DefaultOptions().apply {
                     outbound = TAG_BYPASS
-                    geoip = listOf("private")
+                    ip_is_private = true
                 })
             }
             // block mcast
             route.rules.add(Rule_DefaultOptions().apply {
                 ip_cidr = listOf("224.0.0.0/3", "ff00::/8")
                 source_ip_cidr = listOf("224.0.0.0/3", "ff00::/8")
-                outbound = TAG_BLOCK
+                action = "reject"
             })
-            dns.rules.add(DNSRule_DefaultOptions().apply {
-                domain_suffix = listOf(".arpa.", ".arpa")
-                server = "dns-block"
-                disable_cache = true
+            // FakeDNS obj
+            if (useFakeDns) {
+                dns.fakeip = DNSFakeIPOptions().apply {
+                    enabled = true
+                    inet4_range = "198.18.0.0/15"
+                    inet6_range = "fc00::/18"
+                }
+                dns.servers.add(DNSServerOptions().apply {
+                    address = "fakeip"
+                    tag = "dns-fake"
+                    strategy = "ipv4_only"
+                })
+                dns.rules.add(DNSRule_DefaultOptions().apply {
+                    inbound = listOf("tun-in")
+                    server = "dns-fake"
+                    disable_cache = true
+                })
+            }
+            // avoid loopback
+            dns.rules.add(0, DNSRule_DefaultOptions().apply {
+                outbound = mutableListOf("any")
+                server = "dns-direct"
             })
-            // force bypass
+            // force bypass (always top DNS rule)
             if (domainListDNSDirectForce.isNotEmpty()) {
                 dns.rules.add(0, DNSRule_DefaultOptions().apply {
                     makeSingBoxRule(domainListDNSDirectForce.toHashSet().toList())
@@ -797,34 +738,17 @@ fun buildConfig(
             }
         }
 
-        // fakedns obj
-        if (useFakeDns) {
-            dns.servers.add(DNSServerOptions().apply {
-                address = "fakedns://" + VpnService.FAKEDNS_VLAN4_CLIENT + "/15"
-                tag = "dns-fake"
-                strategy = "ipv4_only"
-            })
-            dns.rules.add(0, DNSRule_DefaultOptions().apply {
-                auth_user = listOf("fakedns")
-                server = "dns-remote"
-            })
-            dns.rules.add(DNSRule_DefaultOptions().apply {
-                inbound = listOf("tun-in")
-                server = "dns-fake"
-                disable_cache = true
-            })
-        }
+        if (!forTest) _hack_custom_config = DataStore.globalCustomConfig
     }.let {
+        val configMap = it.asMap()
+        Util.mergeJSON(configMap, proxy.requireBean().customConfigJson)
         ConfigBuildResult(
-            gson.toJson(it.asMap().apply {
-                mergeJSON(optionsToMerge, this)
-            }),
+            gson.toJson(configMap),
             externalIndexMap,
             proxy.id,
             trafficMap,
             tagMap,
-            alerts,
-            if (buildSelector) group!!.id else -1L
+            if (buildSelector) group.id else -1L
         )
     }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/KryoConverters.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/KryoConverters.java
index b9a6338da..8fb9951ba 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/KryoConverters.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/KryoConverters.java
@@ -13,8 +13,10 @@
 import io.nekohasekai.sagernet.fmt.http.HttpBean;
 import io.nekohasekai.sagernet.fmt.hysteria.HysteriaBean;
 import io.nekohasekai.sagernet.fmt.internal.ChainBean;
+import io.nekohasekai.sagernet.fmt.mieru.MieruBean;
 import io.nekohasekai.sagernet.fmt.naive.NaiveBean;
 import io.nekohasekai.sagernet.fmt.shadowsocks.ShadowsocksBean;
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSBean;
 import moe.matsuri.nb4a.proxy.shadowtls.ShadowTLSBean;
 import io.nekohasekai.sagernet.fmt.socks.SOCKSBean;
 import io.nekohasekai.sagernet.fmt.ssh.SSHBean;
@@ -99,6 +101,12 @@ public static TrojanGoBean trojanGoDeserialize(byte[] bytes) {
         return deserialize(new TrojanGoBean(), bytes);
     }
 
+    @TypeConverter
+    public static MieruBean mieruDeserialize(byte[] bytes) {
+        if (JavaUtil.isEmpty(bytes)) return null;
+        return deserialize(new MieruBean(), bytes);
+    }
+
     @TypeConverter
     public static NaiveBean naiveDeserialize(byte[] bytes) {
         if (JavaUtil.isEmpty(bytes)) return null;
@@ -135,6 +143,13 @@ public static ShadowTLSBean shadowTLSDeserialize(byte[] bytes) {
         return deserialize(new ShadowTLSBean(), bytes);
     }
 
+    @TypeConverter
+    public static AnyTLSBean anyTLSDeserialize(byte[] bytes) {
+        if (JavaUtil.isEmpty(bytes)) return null;
+        return deserialize(new AnyTLSBean(), bytes);
+    }
+
+
     @TypeConverter
     public static ChainBean chainDeserialize(byte[] bytes) {
         if (JavaUtil.isEmpty(bytes)) return null;
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/PluginEntry.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/PluginEntry.kt
index 6cd765856..42769e214 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/PluginEntry.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/PluginEntry.kt
@@ -14,35 +14,42 @@ enum class PluginEntry(
         SagerNet.application.getString(R.string.action_trojan_go),
         "io.nekohasekai.sagernet.plugin.trojan_go"
     ),
+    MieruProxy(
+        "mieru-plugin",
+        SagerNet.application.getString(R.string.action_mieru),
+        "moe.matsuri.exe.mieru",
+        DownloadSource(
+            playStore = false,
+            fdroid = false,
+            downloadLink = "https://github.com/MatsuriDayo/plugins/releases?q=mieru"
+        )
+    ),
     NaiveProxy(
         "naive-plugin",
         SagerNet.application.getString(R.string.action_naive),
-        "io.nekohasekai.sagernet.plugin.naive"
+        "moe.matsuri.exe.naive",
+        DownloadSource(
+            playStore = false,
+            fdroid = false,
+            downloadLink = "https://github.com/MatsuriDayo/plugins/releases?q=naive"
+        )
     ),
     Hysteria(
         "hysteria-plugin",
         SagerNet.application.getString(R.string.action_hysteria),
-        "moe.matsuri.exe.hysteria", DownloadSource(
+        "moe.matsuri.exe.hysteria",
+        DownloadSource(
             playStore = false,
             fdroid = false,
             downloadLink = "https://github.com/MatsuriDayo/plugins/releases?q=Hysteria"
         )
     ),
-    TUIC(
-        "tuic-plugin",
-        SagerNet.application.getString(R.string.action_tuic),
-        "moe.matsuri.exe.tuic", DownloadSource(
-            playStore = false,
-            fdroid = false,
-            downloadLink = "https://github.com/MatsuriDayo/plugins/releases?q=tuic"
-        )
-    ),
     ;
 
     data class DownloadSource(
         val playStore: Boolean = true,
         val fdroid: Boolean = true,
-        val downloadLink: String = "https://sagernet.org/download/"
+        val downloadLink: String = "https://matsuridayo.github.io/"
     )
 
     companion object {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/TypeMap.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/TypeMap.kt
index c55c58b71..1a91eeff8 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/TypeMap.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/TypeMap.kt
@@ -10,11 +10,13 @@ object TypeMap : HashMap<String, Int>() {
         this["vmess"] = ProxyEntity.TYPE_VMESS
         this["trojan"] = ProxyEntity.TYPE_TROJAN
         this["trojan-go"] = ProxyEntity.TYPE_TROJAN_GO
+        this["mieru"] = ProxyEntity.TYPE_MIERU
         this["naive"] = ProxyEntity.TYPE_NAIVE
         this["hysteria"] = ProxyEntity.TYPE_HYSTERIA
         this["ssh"] = ProxyEntity.TYPE_SSH
         this["wg"] = ProxyEntity.TYPE_WG
         this["tuic"] = ProxyEntity.TYPE_TUIC
+        this["anytls"] = ProxyEntity.TYPE_ANYTLS
         this["neko"] = ProxyEntity.TYPE_NEKO
         this["config"] = ProxyEntity.TYPE_CONFIG
     }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaBean.java
index 239c9d4ab..6a5f83c03 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaBean.java
@@ -9,27 +9,21 @@
 
 import io.nekohasekai.sagernet.fmt.AbstractBean;
 import io.nekohasekai.sagernet.fmt.KryoConverters;
+import io.nekohasekai.sagernet.ktx.NetsKt;
+import kotlin.text.StringsKt;
 
 public class HysteriaBean extends AbstractBean {
+    public Integer protocolVersion;
 
-    public static final int TYPE_NONE = 0;
-    public static final int TYPE_STRING = 1;
-    public static final int TYPE_BASE64 = 2;
-
-    public Integer authPayloadType;
-    public String authPayload;
+    // Use serverPorts instead of serverPort
+    public String serverPorts;
 
-    public static final int PROTOCOL_UDP = 0;
-    public static final int PROTOCOL_FAKETCP = 1;
-    public static final int PROTOCOL_WECHAT_VIDEO = 2;
-
-    public Integer protocol;
+    // HY1 & 2
 
+    public String authPayload;
     public String obfuscation;
     public String sni;
-    public String alpn;
     public String caText;
-
     public Integer uploadMbps;
     public Integer downloadMbps;
     public Boolean allowInsecure;
@@ -38,6 +32,20 @@ public class HysteriaBean extends AbstractBean {
     public Boolean disableMtuDiscovery;
     public Integer hopInterval;
 
+    // HY1
+
+    public String alpn;
+
+    public static final int TYPE_NONE = 0;
+    public static final int TYPE_STRING = 1;
+    public static final int TYPE_BASE64 = 2;
+    public Integer authPayloadType;
+
+    public static final int PROTOCOL_UDP = 0;
+    public static final int PROTOCOL_FAKETCP = 1;
+    public static final int PROTOCOL_WECHAT_VIDEO = 2;
+    public Integer protocol;
+
     @Override
     public boolean canMapping() {
         return protocol != PROTOCOL_FAKETCP;
@@ -46,6 +54,8 @@ public boolean canMapping() {
     @Override
     public void initializeDefaultValues() {
         super.initializeDefaultValues();
+        if (protocolVersion == null) protocolVersion = 2;
+
         if (authPayloadType == null) authPayloadType = TYPE_NONE;
         if (authPayload == null) authPayload = "";
         if (protocol == null) protocol = PROTOCOL_UDP;
@@ -53,21 +63,30 @@ public void initializeDefaultValues() {
         if (sni == null) sni = "";
         if (alpn == null) alpn = "";
         if (caText == null) caText = "";
-
-        if (uploadMbps == null) uploadMbps = 10;
-        if (downloadMbps == null) downloadMbps = 50;
         if (allowInsecure == null) allowInsecure = false;
 
+        if (protocolVersion == 1) {
+            if (uploadMbps == null) uploadMbps = 10;
+            if (downloadMbps == null) downloadMbps = 50;
+        } else {
+            if (uploadMbps == null) uploadMbps = 0;
+            if (downloadMbps == null) downloadMbps = 0;
+        }
+
         if (streamReceiveWindow == null) streamReceiveWindow = 0;
         if (connectionReceiveWindow == null) connectionReceiveWindow = 0;
         if (disableMtuDiscovery == null) disableMtuDiscovery = false;
         if (hopInterval == null) hopInterval = 10;
+        if (serverPorts == null) serverPorts = "443";
     }
 
     @Override
     public void serialize(ByteBufferOutput output) {
-        output.writeInt(5);
+        output.writeInt(7);
         super.serialize(output);
+
+        output.writeInt(protocolVersion);
+
         output.writeInt(authPayloadType);
         output.writeString(authPayload);
         output.writeInt(protocol);
@@ -84,13 +103,18 @@ public void serialize(ByteBufferOutput output) {
         output.writeInt(connectionReceiveWindow);
         output.writeBoolean(disableMtuDiscovery);
         output.writeInt(hopInterval);
-
+        output.writeString(serverPorts);
     }
 
     @Override
     public void deserialize(ByteBufferInput input) {
         int version = input.readInt();
         super.deserialize(input);
+        if (version >= 7) {
+            protocolVersion = input.readInt();
+        } else {
+            protocolVersion = 1;
+        }
         authPayloadType = input.readInt();
         authPayload = input.readString();
         if (version >= 3) {
@@ -113,6 +137,17 @@ public void deserialize(ByteBufferInput input) {
         if (version >= 5) {
             hopInterval = input.readInt();
         }
+        if (version >= 6) {
+            serverPorts = input.readString();
+        } else {
+            // old update to new
+            if (HysteriaFmtKt.isMultiPort(serverAddress)) {
+                serverPorts = StringsKt.substringAfterLast(serverAddress, ":", serverAddress);
+                serverAddress = StringsKt.substringBeforeLast(serverAddress, ":", serverAddress);
+            } else {
+                serverPorts = serverPort.toString();
+            }
+        }
     }
 
     @Override
@@ -128,10 +163,7 @@ public void applyFeatureSettings(AbstractBean other) {
 
     @Override
     public String displayAddress() {
-        if (HysteriaFmtKt.isMultiPort(this)) {
-            return serverAddress;
-        }
-        return super.displayAddress();
+        return NetsKt.wrapIPV6Host(serverAddress) + ":" + serverPorts;
     }
 
     @Override
@@ -157,4 +189,4 @@ public HysteriaBean[] newArray(int size) {
             return new HysteriaBean[size];
         }
     };
-} 
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt
index c0e321c3f..1e78a29f5 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt
@@ -4,24 +4,25 @@ import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.fmt.LOCALHOST
 import io.nekohasekai.sagernet.ktx.*
 import moe.matsuri.nb4a.SingBoxOptions
+import moe.matsuri.nb4a.utils.listByLineOrComma
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
 import org.json.JSONObject
 import java.io.File
 
 
 // hysteria://host:port?auth=123456&peer=sni.domain&insecure=1|0&upmbps=100&downmbps=100&alpn=hysteria&obfs=xplus&obfsParam=123456#remarks
-
-fun parseHysteria(url: String): HysteriaBean {
+fun parseHysteria1(url: String): HysteriaBean {
     val link = url.replace("hysteria://", "https://").toHttpUrlOrNull() ?: error(
         "invalid hysteria link $url"
     )
     return HysteriaBean().apply {
+        protocolVersion = 1
         serverAddress = link.host
-        serverPort = link.port
+        serverPorts = link.port.toString()
         name = link.fragment
 
         link.queryParameter("mport")?.also {
-            serverAddress = serverAddress.wrapIPV6Host() + ":" + it
+            serverPorts = it
         }
         link.queryParameter("peer")?.also {
             sni = it
@@ -31,7 +32,7 @@ fun parseHysteria(url: String): HysteriaBean {
             authPayload = it
         }
         link.queryParameter("insecure")?.also {
-            allowInsecure = it == "1"
+            allowInsecure = it == "1" || it == "true"
         }
         link.queryParameter("upmbps")?.also {
             uploadMbps = it.toIntOrNull() ?: uploadMbps
@@ -50,6 +51,7 @@ fun parseHysteria(url: String): HysteriaBean {
                 "faketcp" -> {
                     protocol = HysteriaBean.PROTOCOL_FAKETCP
                 }
+
                 "wechat-video" -> {
                     protocol = HysteriaBean.PROTOCOL_WECHAT_VIDEO
                 }
@@ -58,53 +60,116 @@ fun parseHysteria(url: String): HysteriaBean {
     }
 }
 
-fun HysteriaBean.toUri(): String {
-    val builder = linkBuilder().host(serverAddress.substringBeforeLast(":")).port(serverPort)
-    if (isMultiPort()) {
-        builder.addQueryParameter("mport", serverAddress.substringAfterLast(":"))
-    }
-    if (allowInsecure) {
-        builder.addQueryParameter("insecure", "1")
+// hysteria2://[auth@]hostname[:port]/?[key=value]&[key=value]...
+fun parseHysteria2(url: String): HysteriaBean {
+    val link = url
+        .replace("hysteria2://", "https://")
+        .replace("hy2://", "https://")
+        .toHttpUrlOrNull() ?: error("invalid hysteria link $url")
+    return HysteriaBean().apply {
+        protocolVersion = 2
+        serverAddress = link.host
+        serverPorts = link.port.toString()
+        authPayload = if (link.password.isNotBlank()) {
+            link.username + ":" + link.password
+        } else {
+            link.username
+        }
+        name = link.fragment
+
+        link.queryParameter("mport")?.also {
+            serverPorts = it
+        }
+        link.queryParameter("sni")?.also {
+            sni = it
+        }
+        link.queryParameter("insecure")?.also {
+            allowInsecure = it == "1" || it == "true"
+        }
+//        link.queryParameter("upmbps")?.also {
+//            uploadMbps = it.toIntOrNull() ?: uploadMbps
+//        }
+//        link.queryParameter("downmbps")?.also {
+//            downloadMbps = it.toIntOrNull() ?: downloadMbps
+//        }
+        link.queryParameter("obfs-password")?.also {
+            obfuscation = it
+        }
+//        link.queryParameter("pinSHA256")?.also {
+//            // TODO your box do not support it
+//        }
     }
-    if (sni.isNotBlank()) {
-        builder.addQueryParameter("peer", sni)
+}
+
+fun HysteriaBean.toUri(): String {
+    var un = ""
+    var pw = ""
+    if (protocolVersion == 2) {
+        if (authPayload.contains(":")) {
+            un = authPayload.substringBefore(":")
+            pw = authPayload.substringAfter(":")
+        } else {
+            un = authPayload
+        }
     }
-    if (authPayload.isNotBlank()) {
-        builder.addQueryParameter("auth", authPayload)
+    //
+    val builder = linkBuilder()
+        .host(serverAddress)
+        .port(getFirstPort(serverPorts))
+        .username(un)
+        .password(pw)
+    if (isMultiPort(displayAddress())) {
+        builder.addQueryParameter("mport", serverPorts)
     }
-    builder.addQueryParameter("upmbps", "$uploadMbps")
-    builder.addQueryParameter("downmbps", "$downloadMbps")
-    if (alpn.isNotBlank()) {
-        builder.addQueryParameter("alpn", alpn)
+    if (name.isNotBlank()) {
+        builder.encodedFragment(name.urlSafe())
     }
-    if (obfuscation.isNotBlank()) {
-        builder.addQueryParameter("obfs", "xplus")
-        builder.addQueryParameter("obfsParam", obfuscation)
+    if (allowInsecure) {
+        builder.addQueryParameter("insecure", "1")
     }
-    when (protocol) {
-        HysteriaBean.PROTOCOL_FAKETCP -> {
-            builder.addQueryParameter("protocol", "faketcp")
+    if (protocolVersion == 1) {
+        if (sni.isNotBlank()) {
+            builder.addQueryParameter("peer", sni)
         }
-        HysteriaBean.PROTOCOL_WECHAT_VIDEO -> {
-            builder.addQueryParameter("protocol", "wechat-video")
+        if (authPayload.isNotBlank()) {
+            builder.addQueryParameter("auth", authPayload)
+        }
+        builder.addQueryParameter("upmbps", "$uploadMbps")
+        builder.addQueryParameter("downmbps", "$downloadMbps")
+        if (alpn.isNotBlank()) {
+            builder.addQueryParameter("alpn", alpn)
+        }
+        if (obfuscation.isNotBlank()) {
+            builder.addQueryParameter("obfs", "xplus")
+            builder.addQueryParameter("obfsParam", obfuscation)
+        }
+        when (protocol) {
+            HysteriaBean.PROTOCOL_FAKETCP -> {
+                builder.addQueryParameter("protocol", "faketcp")
+            }
+
+            HysteriaBean.PROTOCOL_WECHAT_VIDEO -> {
+                builder.addQueryParameter("protocol", "wechat-video")
+            }
+        }
+    } else {
+        if (sni.isNotBlank()) {
+            builder.addQueryParameter("sni", sni)
+        }
+        if (obfuscation.isNotBlank()) {
+            builder.addQueryParameter("obfs", "salamander")
+            builder.addQueryParameter("obfs-password", obfuscation)
         }
     }
-    if (protocol == HysteriaBean.PROTOCOL_FAKETCP) {
-        builder.addQueryParameter("protocol", "faketcp")
-    }
-    if (name.isNotBlank()) {
-        builder.encodedFragment(name.urlSafe())
-    }
-    return builder.toLink("hysteria")
+    return builder.toLink(if (protocolVersion == 2) "hy2" else "hysteria")
 }
 
-fun JSONObject.parseHysteria(): HysteriaBean {
+fun JSONObject.parseHysteria1Json(): HysteriaBean {
+    // TODO parse HY2 JSON+YAML
     return HysteriaBean().apply {
-        serverAddress = optString("server")
-        if (!isMultiPort()) {
-            serverAddress = optString("server").substringBeforeLast(":")
-            serverPort = optString("server").substringAfterLast(":").toIntOrNull() ?: 443
-        }
+        protocolVersion = 1
+        serverAddress = optString("server").substringBeforeLast(":")
+        serverPorts = optString("server").substringAfterLast(":")
         uploadMbps = getIntNya("up_mbps")
         downloadMbps = getIntNya("down_mbps")
         obfuscation = getStr("obfs")
@@ -121,6 +186,7 @@ fun JSONObject.parseHysteria(): HysteriaBean {
                 "faketcp" -> {
                     protocol = HysteriaBean.PROTOCOL_FAKETCP
                 }
+
                 "wechat-video" -> {
                     protocol = HysteriaBean.PROTOCOL_WECHAT_VIDEO
                 }
@@ -136,13 +202,17 @@ fun JSONObject.parseHysteria(): HysteriaBean {
     }
 }
 
-fun HysteriaBean.buildHysteriaConfig(port: Int, cacheFile: (() -> File)?): String {
+fun HysteriaBean.buildHysteria1Config(port: Int, cacheFile: (() -> File)?): String {
+    if (protocolVersion != 1) {
+        throw Exception("error version: $protocolVersion")
+    }
     return JSONObject().apply {
-        put("server", if (isMultiPort()) serverAddress else wrapUri())
+        put("server", displayAddress())
         when (protocol) {
             HysteriaBean.PROTOCOL_FAKETCP -> {
                 put("protocol", "faketcp")
             }
+
             HysteriaBean.PROTOCOL_WECHAT_VIDEO -> {
                 put("protocol", "wechat-video")
             }
@@ -157,6 +227,8 @@ fun HysteriaBean.buildHysteriaConfig(port: Int, cacheFile: (() -> File)?): Strin
             )
         )
         put("retry", 5)
+        put("fast_open", true)
+        put("lazy_start", true)
         put("obfs", obfuscation)
         when (authPayloadType) {
             HysteriaBean.TYPE_BASE64 -> put("auth", authPayload)
@@ -180,57 +252,117 @@ fun HysteriaBean.buildHysteriaConfig(port: Int, cacheFile: (() -> File)?): Strin
         if (connectionReceiveWindow > 0) put("recv_window", connectionReceiveWindow)
         if (disableMtuDiscovery) put("disable_mtu_discovery", true)
 
-        // hy 1.2.0 （不兼容）
-        put("resolver", "udp://127.0.0.1:" + DataStore.localDNSPort)
-
         put("hop_interval", hopInterval)
     }.toStringPretty()
 }
 
-fun HysteriaBean.isMultiPort(): Boolean {
-    if (!serverAddress.contains(":")) return false
-    val p = serverAddress.substringAfterLast(":")
+fun isMultiPort(hyAddr: String): Boolean {
+    if (!hyAddr.contains(":")) return false
+    val p = hyAddr.substringAfterLast(":")
     if (p.contains("-") || p.contains(",")) return true
     return false
 }
 
+fun getFirstPort(portStr: String): Int {
+    return portStr.substringBefore(":").substringBefore(",").toIntOrNull() ?: 443
+}
+
 fun HysteriaBean.canUseSingBox(): Boolean {
-    if (isMultiPort() || protocol != HysteriaBean.PROTOCOL_UDP) return false
+    if (protocol != HysteriaBean.PROTOCOL_UDP) return false
     return true
 }
 
-fun buildSingBoxOutboundHysteriaBean(bean: HysteriaBean): SingBoxOptions.Outbound_HysteriaOptions {
-    // No multi-port
-    return SingBoxOptions.Outbound_HysteriaOptions().apply {
-        type = "hysteria"
-        server = bean.serverAddress
-        server_port = bean.serverPort
-        up_mbps = bean.uploadMbps
-        down_mbps = bean.downloadMbps
-        obfs = bean.obfuscation
-        disable_mtu_discovery = bean.disableMtuDiscovery
-        when (bean.authPayloadType) {
-            HysteriaBean.TYPE_BASE64 -> auth = bean.authPayload
-            HysteriaBean.TYPE_STRING -> auth_str = bean.authPayload
-        }
-        if (bean.streamReceiveWindow > 0) {
-            recv_window_conn = bean.streamReceiveWindow.toLong()
-        }
-        if (bean.connectionReceiveWindow > 0) {
-            recv_window_conn = bean.connectionReceiveWindow.toLong()
-        }
-        tls = SingBoxOptions.OutboundTLSOptions().apply {
-            if (bean.sni.isNotBlank()) {
-                server_name = bean.sni
+fun buildSingBoxOutboundHysteriaBean(bean: HysteriaBean): SingBoxOptions.SingBoxOption {
+    return when (bean.protocolVersion) {
+        1 -> SingBoxOptions.Outbound_HysteriaOptions().apply {
+            type = "hysteria"
+            server = bean.serverAddress
+            val port = bean.serverPorts.toIntOrNull()
+            if (port != null) {
+                server_port = port
+            } else {
+                server_ports = hopPortsToSingboxList(bean.serverPorts)
+            }
+            hop_interval = "${bean.hopInterval}s"
+            up_mbps = bean.uploadMbps
+            down_mbps = bean.downloadMbps
+            obfs = bean.obfuscation
+            disable_mtu_discovery = bean.disableMtuDiscovery
+            when (bean.authPayloadType) {
+                HysteriaBean.TYPE_BASE64 -> auth = bean.authPayload
+                HysteriaBean.TYPE_STRING -> auth_str = bean.authPayload
+            }
+            if (bean.streamReceiveWindow > 0) {
+                recv_window_conn = bean.streamReceiveWindow.toLong()
+            }
+            if (bean.connectionReceiveWindow > 0) {
+                recv_window_conn = bean.connectionReceiveWindow.toLong()
+            }
+            tls = SingBoxOptions.OutboundTLSOptions().apply {
+                if (bean.sni.isNotBlank()) {
+                    server_name = bean.sni
+                }
+                if (bean.alpn.isNotBlank()) {
+                    alpn = bean.alpn.listByLineOrComma()
+                }
+                if (bean.caText.isNotBlank()) {
+                    certificate = bean.caText
+                }
+                insecure = bean.allowInsecure || DataStore.globalAllowInsecure
+                enabled = true
+            }
+        }
+
+        2 -> SingBoxOptions.Outbound_Hysteria2Options().apply {
+            type = "hysteria2"
+            server = bean.serverAddress
+            val port = bean.serverPorts.toIntOrNull()
+            if (port != null) {
+                server_port = port
+            } else {
+                server_ports = hopPortsToSingboxList(bean.serverPorts)
             }
-            if (bean.alpn.isNotBlank()) {
-                alpn = bean.alpn.split("\n")
+            hop_interval = "${bean.hopInterval}s"
+            up_mbps = bean.uploadMbps
+            down_mbps = bean.downloadMbps
+            if (bean.obfuscation.isNotBlank()) {
+                obfs = SingBoxOptions.Hysteria2Obfs().apply {
+                    type = "salamander"
+                    password = bean.obfuscation
+                }
             }
-            if (bean.caText.isNotBlank()) {
-                certificate = bean.caText
+//            disable_mtu_discovery = bean.disableMtuDiscovery
+            password = bean.authPayload
+//            if (bean.streamReceiveWindow > 0) {
+//                recv_window_conn = bean.streamReceiveWindow.toLong()
+//            }
+//            if (bean.connectionReceiveWindow > 0) {
+//                recv_window_conn = bean.connectionReceiveWindow.toLong()
+//            }
+            tls = SingBoxOptions.OutboundTLSOptions().apply {
+                if (bean.sni.isNotBlank()) {
+                    server_name = bean.sni
+                }
+                alpn = listOf("h3")
+                if (bean.caText.isNotBlank()) {
+                    certificate = bean.caText
+                }
+                insecure = bean.allowInsecure || DataStore.globalAllowInsecure
+                enabled = true
             }
-            insecure = bean.allowInsecure
-            enabled = true
+        }
+
+        else -> error("error_version $bean.protocolVersion")
+    }
+}
+
+fun hopPortsToSingboxList(s: String): List<String> {
+    return s.split(",").mapNotNull {
+        val pRange = it.replace("-", ":")
+        if (pRange.split(":").size == 2) {
+            pRange
+        } else {
+            null
         }
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruBean.java
new file mode 100644
index 000000000..0a7c21fab
--- /dev/null
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruBean.java
@@ -0,0 +1,89 @@
+/******************************************************************************
+ * Copyright (C) 2022 by nekohasekai <contact-git@sekai.icu>                  *
+ *                                                                            *
+ * This program is free software: you can redistribute it and/or modify       *
+ * it under the terms of the GNU General Public License as published by       *
+ * the Free Software Foundation, either version 3 of the License, or          *
+ *  (at your option) any later version.                                       *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.       *
+ *                                                                            *
+ ******************************************************************************/
+
+package io.nekohasekai.sagernet.fmt.mieru;
+
+import androidx.annotation.NonNull;
+
+import com.esotericsoftware.kryo.io.ByteBufferInput;
+import com.esotericsoftware.kryo.io.ByteBufferOutput;
+
+import org.jetbrains.annotations.NotNull;
+
+import io.nekohasekai.sagernet.fmt.AbstractBean;
+import io.nekohasekai.sagernet.fmt.KryoConverters;
+
+public class MieruBean extends AbstractBean {
+
+    public String protocol;
+    public String username;
+    public String password;
+    public Integer mtu;
+
+    @Override
+    public void initializeDefaultValues() {
+        super.initializeDefaultValues();
+        if (protocol == null) protocol = "TCP";
+        if (username == null) username = "";
+        if (password == null) password = "";
+        if (mtu == null) mtu = 1400;
+    }
+
+    @Override
+    public void serialize(ByteBufferOutput output) {
+        output.writeInt(0);
+        super.serialize(output);
+        output.writeString(protocol);
+        output.writeString(username);
+        output.writeString(password);
+        if (protocol.equals("UDP")) {
+            output.writeInt(mtu);
+        }
+    }
+
+    @Override
+    public void deserialize(ByteBufferInput input) {
+        int version = input.readInt();
+        super.deserialize(input);
+        protocol = input.readString();
+        username = input.readString();
+        password = input.readString();
+        if (protocol.equals("UDP")) {
+            mtu = input.readInt();
+        }
+    }
+
+    @NotNull
+    @Override
+    public MieruBean clone() {
+        return KryoConverters.deserialize(new MieruBean(), KryoConverters.serialize(this));
+    }
+
+    public static final Creator<MieruBean> CREATOR = new CREATOR<MieruBean>() {
+        @NonNull
+        @Override
+        public MieruBean newInstance() {
+            return new MieruBean();
+        }
+
+        @Override
+        public MieruBean[] newArray(int size) {
+            return new MieruBean[size];
+        }
+    };
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruFmt.kt
new file mode 100644
index 000000000..476999a0b
--- /dev/null
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/mieru/MieruFmt.kt
@@ -0,0 +1,54 @@
+/******************************************************************************
+ * Copyright (C) 2022 by nekohasekai <contact-git@sekai.icu>                  *
+ *                                                                            *
+ * This program is free software: you can redistribute it and/or modify       *
+ * it under the terms of the GNU General Public License as published by       *
+ * the Free Software Foundation, either version 3 of the License, or          *
+ *  (at your option) any later version.                                       *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.       *
+ *                                                                            *
+ ******************************************************************************/
+
+package io.nekohasekai.sagernet.fmt.mieru
+
+import io.nekohasekai.sagernet.ktx.toStringPretty
+import org.json.JSONArray
+import org.json.JSONObject
+
+fun MieruBean.buildMieruConfig(port: Int): String {
+    val serverInfo = JSONArray().apply {
+        put(JSONObject().apply {
+            put("ipAddress", finalAddress)
+            put("portBindings", JSONArray().apply {
+                put(JSONObject().apply {
+                    put("port", finalPort)
+                    put("protocol", protocol)
+                })
+            })
+        })
+    }
+    return JSONObject().apply {
+        put("activeProfile", "default")
+        put("socks5Port", port)
+        // TODO: follow NekoBox logging level.
+        put("loggingLevel", "INFO")
+        put("profiles", JSONArray().apply {
+            put(JSONObject().apply {
+                put("profileName", "default")
+                put("user", JSONObject().apply {
+                    put("name", username)
+                    put("password", password)
+                })
+                put("servers", serverInfo)
+                put("mtu", mtu)
+            })
+        })
+    }.toStringPretty()
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/naive/NaiveBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/naive/NaiveBean.java
index 841ae59a8..6e504d4a5 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/naive/NaiveBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/naive/NaiveBean.java
@@ -23,6 +23,9 @@ public class NaiveBean extends AbstractBean {
     public String certificates;
     public Integer insecureConcurrency;
 
+    // sing-box socks
+    public Boolean sUoT;
+
     @Override
     public void initializeDefaultValues() {
         if (serverPort == null) serverPort = 443;
@@ -34,11 +37,12 @@ public void initializeDefaultValues() {
         if (certificates == null) certificates = "";
         if (sni == null) sni = "";
         if (insecureConcurrency == null) insecureConcurrency = 0;
+        if (sUoT == null) sUoT = false;
     }
 
     @Override
     public void serialize(ByteBufferOutput output) {
-        output.writeInt(2);
+        output.writeInt(3);
         super.serialize(output);
         output.writeString(proto);
         output.writeString(username);
@@ -48,6 +52,7 @@ public void serialize(ByteBufferOutput output) {
         output.writeString(certificates);
         output.writeString(sni);
         output.writeInt(insecureConcurrency);
+        output.writeBoolean(sUoT);
     }
 
     @Override
@@ -65,6 +70,9 @@ public void deserialize(ByteBufferInput input) {
         if (version >= 1) {
             insecureConcurrency = input.readInt();
         }
+        if (version >= 3) {
+            sUoT = input.readBoolean();
+        }
     }
 
     @NotNull
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksBean.java
index 10c394f59..326662ffb 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksBean.java
@@ -50,6 +50,13 @@ public void deserialize(ByteBufferInput input) {
         sUoT = input.readBoolean();
     }
 
+    @Override
+    public void applyFeatureSettings(AbstractBean other) {
+        if (!(other instanceof ShadowsocksBean)) return;
+        ShadowsocksBean bean = ((ShadowsocksBean) other);
+        bean.sUoT = sUoT;
+    }
+
     @NotNull
     @Override
     public ShadowsocksBean clone() {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksFmt.kt
index 9b0c61639..b1d0bb9c1 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/shadowsocks/ShadowsocksFmt.kt
@@ -114,14 +114,13 @@ fun buildSingBoxOutboundShadowsocksBean(bean: ShadowsocksBean): SingBoxOptions.O
         server_port = bean.serverPort
         password = bean.password
         method = bean.method
-        if (bean.sUoT) {
-            udp_over_tcp = SingBoxOptions.UDPOverTCPOptions().apply {
-                enabled = true
-            }
-        }
         if (bean.plugin.isNotBlank()) {
             plugin = bean.plugin.substringBefore(";")
             plugin_opts = bean.plugin.substringAfter(";")
+            if (plugin == "none") {
+                plugin = null
+                plugin_opts = null
+            }
         }
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSBean.java
index fb07ac109..5780480d7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSBean.java
@@ -14,6 +14,8 @@ public class SOCKSBean extends AbstractBean {
 
     public Integer protocol;
 
+    public Boolean sUoT;
+
     public int protocolVersion() {
         switch (protocol) {
             case 0:
@@ -66,15 +68,17 @@ public void initializeDefaultValues() {
         if (protocol == null) protocol = PROTOCOL_SOCKS5;
         if (username == null) username = "";
         if (password == null) password = "";
+        if (sUoT == null) sUoT = false;
     }
 
     @Override
     public void serialize(ByteBufferOutput output) {
-        output.writeInt(1);
+        output.writeInt(2);
         super.serialize(output);
         output.writeInt(protocol);
         output.writeString(username);
         output.writeString(password);
+        output.writeBoolean(sUoT);
     }
 
     @Override
@@ -86,6 +90,9 @@ public void deserialize(ByteBufferInput input) {
         }
         username = input.readString();
         password = input.readString();
+        if (version >= 2) {
+            sUoT = input.readBoolean();
+        }
     }
 
     @NotNull
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSFmt.kt
index 8eee29106..b3aff52d7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/socks/SOCKSFmt.kt
@@ -6,42 +6,33 @@ import io.nekohasekai.sagernet.ktx.unUrlSafe
 import io.nekohasekai.sagernet.ktx.urlSafe
 import moe.matsuri.nb4a.SingBoxOptions
 import moe.matsuri.nb4a.utils.NGUtil
+import moe.matsuri.nb4a.utils.Util
 import okhttp3.HttpUrl
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
 
 fun parseSOCKS(link: String): SOCKSBean {
-    if (!link.substringAfter("://").contains(":")) {
-        // v2rayN shit format
-        var url = link.substringAfter("://")
-        if (url.contains("#")) {
-            url = url.substringBeforeLast("#")
-        }
-        url = url.decodeBase64UrlSafe()
-        val httpUrl = "http://$url".toHttpUrlOrNull() ?: error("Invalid v2rayN link content: $url")
-        return SOCKSBean().apply {
-            serverAddress = httpUrl.host
-            serverPort = httpUrl.port
-            username = httpUrl.username.takeIf { it != "null" } ?: ""
-            password = httpUrl.password.takeIf { it != "null" } ?: ""
-            if (link.contains("#")) {
-                name = link.substringAfter("#").unUrlSafe()
-            }
-        }
-    } else {
-        val url = ("http://" + link.substringAfter("://")).toHttpUrlOrNull()
-            ?: error("Not supported: $link")
+    val url = ("http://" + link.substringAfter("://")).toHttpUrlOrNull()
+        ?: error("Not supported: $link")
 
-        return SOCKSBean().apply {
-            protocol = when {
-                link.startsWith("socks4://") -> SOCKSBean.PROTOCOL_SOCKS4
-                link.startsWith("socks4a://") -> SOCKSBean.PROTOCOL_SOCKS4A
-                else -> SOCKSBean.PROTOCOL_SOCKS5
+    return SOCKSBean().apply {
+        protocol = when {
+            link.startsWith("socks4://") -> SOCKSBean.PROTOCOL_SOCKS4
+            link.startsWith("socks4a://") -> SOCKSBean.PROTOCOL_SOCKS4A
+            else -> SOCKSBean.PROTOCOL_SOCKS5
+        }
+        name = url.fragment
+        serverAddress = url.host
+        serverPort = url.port
+        username = url.username
+        password = url.password
+        // v2rayN fmt
+        if (password.isNullOrBlank() && !username.isNullOrBlank()) {
+            try {
+                val n = username.decodeBase64UrlSafe()
+                username = n.substringBefore(":")
+                password = n.substringAfter(":")
+            } catch (_: Exception) {
             }
-            serverAddress = url.host
-            serverPort = url.port
-            username = url.username
-            password = url.password
-            name = url.fragment
         }
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/ssh/SSHFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/ssh/SSHFmt.kt
index 4ee032a24..170e640f4 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/ssh/SSHFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/ssh/SSHFmt.kt
@@ -1,6 +1,7 @@
 package io.nekohasekai.sagernet.fmt.ssh
 
 import moe.matsuri.nb4a.SingBoxOptions
+import moe.matsuri.nb4a.utils.listByLineOrComma
 
 fun buildSingBoxOutboundSSHBean(bean: SSHBean): SingBoxOptions.Outbound_SSHOptions {
     return SingBoxOptions.Outbound_SSHOptions().apply {
@@ -9,7 +10,7 @@ fun buildSingBoxOutboundSSHBean(bean: SSHBean): SingBoxOptions.Outbound_SSHOptio
         server_port = bean.serverPort
         user = bean.username
         if (bean.publicKey.isNotBlank()) {
-            host_key = bean.publicKey.split("\n")
+            host_key = bean.publicKey.listByLineOrComma()
         }
         when (bean.authType) {
             SSHBean.AUTH_TYPE_PRIVATE_KEY -> {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/trojan_go/TrojanGoFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/trojan_go/TrojanGoFmt.kt
index cb0235754..4e6e91f45 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/trojan_go/TrojanGoFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/trojan_go/TrojanGoFmt.kt
@@ -92,10 +92,10 @@ fun TrojanGoBean.buildTrojanGoConfig(port: Int): String {
             put(password)
         })
         put("log_level", if (DataStore.logLevel > 0) 0 else 2)
-        if (Protocols.shouldEnableMux("trojan-go")) put("mux", JSONObject().apply {
-            put("enabled", true)
-            put("concurrency", DataStore.muxConcurrency)
-        })
+//        if (Protocols.shouldEnableMux("trojan-go")) put("mux", JSONObject().apply {
+//            put("enabled", true)
+//            put("concurrency", DataStore.muxConcurrency)
+//        })
         put("tcp", JSONObject().apply {
             put("prefer_ipv4", DataStore.ipv6Mode <= IPv6Mode.ENABLE)
         })
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicBean.java
index 4ce148f46..f1b76d369 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicBean.java
@@ -21,9 +21,18 @@ public class TuicBean extends AbstractBean {
     public Boolean reduceRTT;
     public Integer mtu;
     public String sni;
+
+    // TUIC zep
+
     public Boolean fastConnect;
     public Boolean allowInsecure;
 
+    // TUIC v5
+
+    public String customJSON;
+    public Integer protocolVersion;
+    public String uuid;
+
     @Override
     public void initializeDefaultValues() {
         super.initializeDefaultValues();
@@ -38,11 +47,14 @@ public void initializeDefaultValues() {
         if (sni == null) sni = "";
         if (fastConnect == null) fastConnect = false;
         if (allowInsecure == null) allowInsecure = false;
+        if (customJSON == null) customJSON = "";
+        if (protocolVersion == null) protocolVersion = 5;
+        if (uuid == null) uuid = "";
     }
 
     @Override
     public void serialize(ByteBufferOutput output) {
-        output.writeInt(1);
+        output.writeInt(2);
         super.serialize(output);
         output.writeString(token);
         output.writeString(caText);
@@ -55,6 +67,9 @@ public void serialize(ByteBufferOutput output) {
         output.writeString(sni);
         output.writeBoolean(fastConnect);
         output.writeBoolean(allowInsecure);
+        output.writeString(customJSON);
+        output.writeInt(protocolVersion);
+        output.writeString(uuid);
     }
 
     @Override
@@ -74,6 +89,13 @@ public void deserialize(ByteBufferInput input) {
             fastConnect = input.readBoolean();
             allowInsecure = input.readBoolean();
         }
+        if (version >= 2) {
+            customJSON = input.readString();
+            protocolVersion = input.readInt();
+            uuid = input.readString();
+        } else {
+            protocolVersion = 4;
+        }
     }
 
     @Override
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicFmt.kt
index ce3136378..cad2147e6 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/tuic/TuicFmt.kt
@@ -1,64 +1,89 @@
 package io.nekohasekai.sagernet.fmt.tuic
 
 import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.fmt.LOCALHOST
-import io.nekohasekai.sagernet.ktx.isIpAddress
-import io.nekohasekai.sagernet.ktx.toStringPretty
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.runBlocking
-import kotlinx.coroutines.withContext
-import moe.matsuri.nb4a.plugin.Plugins
-import org.json.JSONArray
-import org.json.JSONObject
-import java.io.File
-import java.net.InetAddress
+import io.nekohasekai.sagernet.ktx.linkBuilder
+import io.nekohasekai.sagernet.ktx.toLink
+import io.nekohasekai.sagernet.ktx.urlSafe
+import moe.matsuri.nb4a.SingBoxOptions
+import moe.matsuri.nb4a.utils.listByLineOrComma
+import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
 
-fun TuicBean.buildTuicConfig(port: Int, cacheFile: (() -> File)?): String {
-    if (Plugins.isUsingMatsuriExe("tuic-plugin")) {
-        if (!serverAddress.isIpAddress()) {
-            runBlocking {
-                finalAddress = withContext(Dispatchers.IO) {
-                    InetAddress.getAllByName(serverAddress)
-                }?.firstOrNull()?.hostAddress ?: "127.0.0.1"
-                // TODO network on main thread, tuic don't support "sni"
-            }
+fun parseTuic(url: String): TuicBean {
+    // https://github.com/daeuniverse/dae/discussions/182
+    val link = url.replace("tuic://", "https://").toHttpUrlOrNull() ?: error(
+        "invalid tuic link $url"
+    )
+    return TuicBean().apply {
+        protocolVersion = 5
+
+        name = link.fragment
+        uuid = link.username
+        token = link.password
+        serverAddress = link.host
+        serverPort = link.port
+
+        link.queryParameter("sni")?.let {
+            sni = it
+        }
+        link.queryParameter("congestion_control")?.let {
+            congestionController = it
+        }
+        link.queryParameter("udp_relay_mode")?.let {
+            udpRelayMode = it
+        }
+        link.queryParameter("alpn")?.let {
+            alpn = it
+        }
+        link.queryParameter("allow_insecure")?.let {
+            if (it == "1") allowInsecure = true
+        }
+        link.queryParameter("disable_sni")?.let {
+            if (it == "1") disableSNI = true
         }
     }
-    return JSONObject().apply {
-        put("relay", JSONObject().apply {
-            if (sni.isNotBlank()) {
-                put("server", sni)
-                put("ip", finalAddress)
-            } else if (serverAddress.isIpAddress()) {
-                put("server", finalAddress)
-            } else {
-                put("server", serverAddress)
-                put("ip", finalAddress)
-            }
-            put("port", finalPort)
-            put("token", token)
+}
 
-            if (caText.isNotBlank() && cacheFile != null) {
-                val caFile = cacheFile()
-                caFile.writeText(caText)
-                put("certificates", JSONArray(listOf(caFile.absolutePath)))
-            }
+fun TuicBean.toUri(): String {
+    val builder = linkBuilder().username(uuid).password(token).host(serverAddress).port(serverPort)
+
+    builder.addQueryParameter("congestion_control", congestionController)
+    builder.addQueryParameter("udp_relay_mode", udpRelayMode)
+
+    if (sni.isNotBlank()) builder.addQueryParameter("sni", sni)
+    if (alpn.isNotBlank()) builder.addQueryParameter("alpn", alpn)
+    if (allowInsecure) builder.addQueryParameter("allow_insecure", "1")
+    if (disableSNI) builder.addQueryParameter("disable_sni", "1")
+    if (name.isNotBlank()) builder.encodedFragment(name.urlSafe())
+
+    return builder.toLink("tuic")
+}
 
-            put("udp_relay_mode", udpRelayMode)
-            if (alpn.isNotBlank()) {
-                put("alpn", JSONArray(alpn.split("\n")))
+fun buildSingBoxOutboundTuicBean(bean: TuicBean): SingBoxOptions.Outbound_TUICOptions {
+    if (bean.protocolVersion == 4) throw Exception("TUIC v4 is no longer supported")
+    return SingBoxOptions.Outbound_TUICOptions().apply {
+        type = "tuic"
+        server = bean.serverAddress
+        server_port = bean.serverPort
+        uuid = bean.uuid
+        password = bean.token
+        congestion_control = bean.congestionController
+        when (bean.udpRelayMode) {
+            "quic" -> udp_relay_mode = "quic"
+        }
+        zero_rtt_handshake = bean.reduceRTT
+        tls = SingBoxOptions.OutboundTLSOptions().apply {
+            if (bean.sni.isNotBlank()) {
+                server_name = bean.sni
+            }
+            if (bean.alpn.isNotBlank()) {
+                alpn = bean.alpn.listByLineOrComma()
+            }
+            if (bean.caText.isNotBlank()) {
+                certificate = bean.caText
             }
-            put("congestion_controller", congestionController)
-            put("disable_sni", disableSNI)
-            put("reduce_rtt", reduceRTT)
-            put("max_udp_relay_packet_size", mtu)
-            if (fastConnect) put("fast_connect", true)
-            if (allowInsecure) put("insecure", true)
-        })
-        put("local", JSONObject().apply {
-            put("ip", LOCALHOST)
-            put("port", port)
-        })
-        put("log_level", if (DataStore.logLevel > 0) "debug" else "info")
-    }.toStringPretty()
+            disable_sni = bean.disableSNI
+            insecure = bean.allowInsecure || DataStore.globalAllowInsecure
+            enabled = true
+        }
+    }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/StandardV2RayBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/StandardV2RayBean.java
index 808c90e5d..2f32c50f4 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/StandardV2RayBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/StandardV2RayBean.java
@@ -14,7 +14,7 @@ public abstract class StandardV2RayBean extends AbstractBean {
 
     //////// End of VMess & VLESS ////////
 
-    // "V2Ray Transport" tcp/http/ws/quic/grpc
+    // "V2Ray Transport" tcp/http/ws/quic/grpc/httpupgrade
     public String type;
 
     public String host;
@@ -48,6 +48,20 @@ public abstract class StandardV2RayBean extends AbstractBean {
 
     public String certificates;
 
+    // --------------------------------------- ech
+
+    public Boolean enableECH;
+
+    public String echConfig;
+
+    // --------------------------------------- Mux
+
+    public Boolean enableMux;
+    public Boolean muxPadding;
+    public Integer muxType;
+    public Integer muxConcurrency;
+
+
     // --------------------------------------- //
 
     public Integer packetEncoding; // 1:packet 2:xudp
@@ -61,11 +75,13 @@ public void initializeDefaultValues() {
         if (JavaUtil.isNullOrBlank(type)) type = "tcp";
         else if ("h2".equals(type)) type = "http";
 
+        type = type.toLowerCase();
+
         if (JavaUtil.isNullOrBlank(host)) host = "";
         if (JavaUtil.isNullOrBlank(path)) path = "";
 
         if (JavaUtil.isNullOrBlank(security)) {
-            if (this instanceof TrojanBean || isVLESS()) {
+            if (this instanceof TrojanBean) {
                 security = "tls";
             } else {
                 security = "none";
@@ -84,13 +100,20 @@ public void initializeDefaultValues() {
 
         if (realityPubKey == null) realityPubKey = "";
         if (realityShortId == null) realityShortId = "";
+
+        if (enableECH == null) enableECH = false;
+        if (JavaUtil.isNullOrBlank(echConfig)) echConfig = "";
+
+        if (enableMux == null) enableMux = false;
+        if (muxPadding == null) muxPadding = false;
+        if (muxType == null) muxType = 0;
+        if (muxConcurrency == null) muxConcurrency = 1;
     }
 
     @Override
     public void serialize(ByteBufferOutput output) {
-        output.writeInt(0);
+        output.writeInt(4);
         super.serialize(output);
-
         output.writeString(uuid);
         output.writeString(encryption);
         if (this instanceof VMessBean) {
@@ -110,13 +133,15 @@ public void serialize(ByteBufferOutput output) {
                 output.writeString(earlyDataHeaderName);
                 break;
             }
-            case "http": {
+            case "http":
+            case "httpupgrade": {
                 output.writeString(host);
                 output.writeString(path);
                 break;
             }
             case "grpc": {
                 output.writeString(path);
+                break;
             }
         }
 
@@ -131,7 +156,15 @@ public void serialize(ByteBufferOutput output) {
             output.writeString(realityShortId);
         }
 
+        output.writeBoolean(enableECH);
+        output.writeString(echConfig);
+
         output.writeInt(packetEncoding);
+
+        output.writeBoolean(enableMux);
+        output.writeBoolean(muxPadding);
+        output.writeInt(muxType);
+        output.writeInt(muxConcurrency);
     }
 
     @Override
@@ -157,13 +190,20 @@ public void deserialize(ByteBufferInput input) {
                 earlyDataHeaderName = input.readString();
                 break;
             }
-            case "http": {
+            case "http":
+            case "httpupgrade": {
                 host = input.readString();
                 path = input.readString();
                 break;
             }
             case "grpc": {
                 path = input.readString();
+                if (version < 4) {
+                    // 解决老版本数据的读取问题
+                    input.readString();
+                    input.readString();
+                }
+                break;
             }
         }
 
@@ -178,7 +218,44 @@ public void deserialize(ByteBufferInput input) {
             realityShortId = input.readString();
         }
 
+        if (version >= 1) {
+            enableECH = input.readBoolean();
+            if (version >= 3) {
+                echConfig = input.readString();
+            } else {
+                if (enableECH) {
+                    input.readBoolean();
+                    input.readBoolean();
+                    echConfig = input.readString();
+                }
+            }
+        } else if (version == 0) {
+            // 从老版本升级上来但是 version == 0, 可能有 enableECH 也可能没有，需要做判断
+            int position = input.getByteBuffer().position(); // 当前位置
+
+            boolean tmpEnableECH = input.readBoolean();
+            int tmpPacketEncoding = input.readInt();
+
+            input.setPosition(position); // 读后归位
+
+            if (tmpPacketEncoding != 1 && tmpPacketEncoding != 2) {
+                enableECH = tmpEnableECH;
+                if (enableECH) {
+                    input.readBoolean();
+                    input.readBoolean();
+                    echConfig = input.readString();
+                }
+            } // 否则后一位就是 packetEncoding
+        }
+
         packetEncoding = input.readInt();
+
+        if (version >= 2) {
+            enableMux = input.readBoolean();
+            muxPadding = input.readBoolean();
+            muxType = input.readInt();
+            muxConcurrency = input.readInt();
+        }
     }
 
     @Override
@@ -187,8 +264,13 @@ public void applyFeatureSettings(AbstractBean other) {
         StandardV2RayBean bean = ((StandardV2RayBean) other);
         bean.allowInsecure = allowInsecure;
         bean.utlsFingerprint = utlsFingerprint;
-        bean.realityPubKey = realityPubKey;
-        bean.realityShortId = realityShortId;
+        bean.packetEncoding = packetEncoding;
+        bean.enableECH = enableECH;
+        bean.echConfig = echConfig;
+        bean.enableMux = enableMux;
+        bean.muxPadding = muxPadding;
+        bean.muxType = muxType;
+        bean.muxConcurrency = muxConcurrency;
     }
 
     public boolean isVLESS() {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/V2RayFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/V2RayFmt.kt
index 20e63202b..93684a5b3 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/V2RayFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/V2RayFmt.kt
@@ -2,11 +2,13 @@ package io.nekohasekai.sagernet.fmt.v2ray
 
 import android.text.TextUtils
 import com.google.gson.Gson
+import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.fmt.http.HttpBean
 import io.nekohasekai.sagernet.fmt.trojan.TrojanBean
 import io.nekohasekai.sagernet.ktx.*
 import moe.matsuri.nb4a.SingBoxOptions.*
 import moe.matsuri.nb4a.utils.NGUtil
+import moe.matsuri.nb4a.utils.listByLineOrComma
 import okhttp3.HttpUrl
 import okhttp3.HttpUrl.Companion.toHttpUrl
 import org.json.JSONObject
@@ -100,6 +102,7 @@ fun parseV2Ray(link: String): StandardV2RayBean {
                     bean.host = it.split("|").joinToString(",")
                 }
             }
+
             "ws" -> {
                 url.queryParameter("path")?.let {
                     bean.path = it
@@ -108,11 +111,21 @@ fun parseV2Ray(link: String): StandardV2RayBean {
                     bean.host = it
                 }
             }
+
             "grpc" -> {
                 url.queryParameter("serviceName")?.let {
                     bean.path = it
                 }
             }
+
+            "httpupgrade" -> {
+                url.queryParameter("path")?.let {
+                    bean.path = it
+                }
+                url.queryParameter("host")?.let {
+                    bean.host = it
+                }
+            }
         }
     } else {
         // also vless format
@@ -140,21 +153,27 @@ fun StandardV2RayBean.parseDuckSoft(url: HttpUrl) {
     }
 
     type = url.queryParameter("type") ?: "tcp"
-    if (type == "h2") type = "http"
+    if (type == "h2" || url.queryParameter("headerType") == "http") type = "http"
 
     security = url.queryParameter("security")
-    if (security == null) {
+    if (security.isNullOrBlank()) {
         security = if (this is TrojanBean) "tls" else "none"
     }
 
     when (security) {
         "tls", "reality" -> {
             security = "tls"
+            url.queryParameter("allowInsecure")?.let {
+                allowInsecure = it == "1" || it == "true"
+            }
             url.queryParameter("sni")?.let {
                 sni = it
             }
+            url.queryParameter("host")?.let {
+                if (sni.isNullOrBlank()) sni = it
+            }
             url.queryParameter("alpn")?.let {
-                alpn = it.replace(",", "\n")
+                alpn = it
             }
             url.queryParameter("cert")?.let {
                 certificates = it
@@ -167,16 +186,8 @@ fun StandardV2RayBean.parseDuckSoft(url: HttpUrl) {
             }
         }
     }
+
     when (type) {
-        "tcp" -> {
-            // v2rayNG
-            if (url.queryParameter("headerType") == "http") {
-                url.queryParameter("host")?.let {
-                    type = "http"
-                    host = it
-                }
-            }
-        }
         "http" -> {
             url.queryParameter("host")?.let {
                 host = it
@@ -185,6 +196,7 @@ fun StandardV2RayBean.parseDuckSoft(url: HttpUrl) {
                 path = it
             }
         }
+
         "ws" -> {
             url.queryParameter("host")?.let {
                 host = it
@@ -200,11 +212,21 @@ fun StandardV2RayBean.parseDuckSoft(url: HttpUrl) {
                 }
             }
         }
+
         "grpc" -> {
             url.queryParameter("serviceName")?.let {
                 path = it
             }
         }
+
+        "httpupgrade" -> {
+            url.queryParameter("host")?.let {
+                host = it
+            }
+            url.queryParameter("path")?.let {
+                path = it
+            }
+        }
     }
 
     // maybe from matsuri vmess exoprt
@@ -222,8 +244,8 @@ fun StandardV2RayBean.parseDuckSoft(url: HttpUrl) {
     }
 
     url.queryParameter("flow")?.let {
-        if (isVLESS && it.contains("vision")) {
-            encryption = it
+        if (isVLESS) {
+            encryption = it.removeSuffix("-udp443")
         }
     }
 
@@ -302,6 +324,7 @@ fun parseV2RayN(link: String): VMessBean {
         throw Exception("invalid VmessQRCode")
     }
 
+    bean.name = vmessQRCode.ps
     bean.serverAddress = vmessQRCode.add
     bean.serverPort = vmessQRCode.port.toIntOrNull()
     bean.encryption = vmessQRCode.scy
@@ -320,14 +343,15 @@ fun parseV2RayN(link: String): VMessBean {
         }
     }
     when (vmessQRCode.tls) {
-        "tls", "reality" -> bean.security = "tls"
+        "tls", "reality" -> {
+            bean.security = "tls"
+            bean.sni = vmessQRCode.sni
+            if (bean.sni.isNullOrBlank()) bean.sni = bean.host
+            bean.alpn = vmessQRCode.alpn
+            bean.utlsFingerprint = vmessQRCode.fp
+        }
     }
 
-    bean.name = vmessQRCode.ps
-    bean.sni = vmessQRCode.sni
-    bean.alpn = vmessQRCode.alpn.replace(",", "\n")
-    bean.utlsFingerprint = vmessQRCode.fp
-
     return bean
 }
 
@@ -424,7 +448,7 @@ fun StandardV2RayBean.toUriVMessVLESSTrojan(isTrojan: Boolean): String {
 
     when (type) {
         "tcp" -> {}
-        "ws", "http" -> {
+        "ws", "http", "httpupgrade" -> {
             if (host.isNotBlank()) {
                 builder.addQueryParameter("host", host)
             }
@@ -443,6 +467,7 @@ fun StandardV2RayBean.toUriVMessVLESSTrojan(isTrojan: Boolean): String {
                 builder.addQueryParameter("headerType", "http")
             }
         }
+
         "grpc" -> {
             if (path.isNotBlank()) {
                 builder.setQueryParameter("serviceName", path)
@@ -480,8 +505,9 @@ fun StandardV2RayBean.toUriVMessVLESSTrojan(isTrojan: Boolean): String {
 
     when (packetEncoding) {
         1 -> {
-            builder.addQueryParameter("packetEncoding", "packet")
+            builder.addQueryParameter("packetEncoding", "packetaddr")
         }
+
         2 -> {
             builder.addQueryParameter("packetEncoding", "xudp")
         }
@@ -499,6 +525,7 @@ fun buildSingBoxOutboundStreamSettings(bean: StandardV2RayBean): V2RayTransportO
         "tcp" -> {
             return null
         }
+
         "ws" -> {
             return V2RayTransportOptions_WebsocketOptions().apply {
                 type = "ws"
@@ -525,33 +552,39 @@ fun buildSingBoxOutboundStreamSettings(bean: StandardV2RayBean): V2RayTransportO
                 }
             }
         }
+
         "http" -> {
             return V2RayTransportOptions_HTTPOptions().apply {
                 type = "http"
+                if (!bean.isTLS()) method = "GET" // v2ray tcp header
                 if (bean.host.isNotBlank()) {
                     host = bean.host.split(",")
                 }
                 path = bean.path.takeIf { it.isNotBlank() } ?: "/"
             }
         }
+
         "quic" -> {
             return V2RayTransportOptions().apply {
                 type = "quic"
             }
         }
+
         "grpc" -> {
             return V2RayTransportOptions_GRPCOptions().apply {
                 type = "grpc"
                 service_name = bean.path
             }
         }
-    }
 
-//    if (needKeepAliveInterval) {
-//        sockopt = StreamSettingsObject.SockoptObject().apply {
-//            tcpKeepAliveInterval = keepAliveInterval
-//        }
-//    }
+        "httpupgrade" -> {
+            return V2RayTransportOptions_HTTPUpgradeOptions().apply {
+                type = "httpupgrade"
+                host = bean.host
+                path = bean.path
+            }
+        }
+    }
 
     return null
 }
@@ -560,22 +593,32 @@ fun buildSingBoxOutboundTLS(bean: StandardV2RayBean): OutboundTLSOptions? {
     if (bean.security != "tls") return null
     return OutboundTLSOptions().apply {
         enabled = true
-        insecure = bean.allowInsecure
+        insecure = bean.allowInsecure || DataStore.globalAllowInsecure
         if (bean.sni.isNotBlank()) server_name = bean.sni
-        if (bean.alpn.isNotBlank()) alpn = bean.alpn.split("\n")
+        if (bean.alpn.isNotBlank()) alpn = bean.alpn.listByLineOrComma()
         if (bean.certificates.isNotBlank()) certificate = bean.certificates
-        if (bean.utlsFingerprint.isNotBlank()) {
-            utls = OutboundUTLSOptions().apply {
-                enabled = true
-                fingerprint = bean.utlsFingerprint
-            }
-        }
+        var fp = bean.utlsFingerprint
         if (bean.realityPubKey.isNotBlank()) {
             reality = OutboundRealityOptions().apply {
                 enabled = true
                 public_key = bean.realityPubKey
                 short_id = bean.realityShortId
             }
+            if (fp.isNullOrBlank()) fp = "chrome"
+        }
+        if (fp.isNotBlank()) {
+            utls = OutboundUTLSOptions().apply {
+                enabled = true
+                fingerprint = fp
+            }
+        }
+        if (bean.enableECH) {
+            ech = OutboundECHOptions().apply {
+                enabled = true
+                if (bean.echConfig.isNotBlank()) {
+                    config = bean.echConfig.lines()
+                }
+            }
         }
     }
 }
@@ -592,6 +635,7 @@ fun buildSingBoxOutboundStandardV2RayBean(bean: StandardV2RayBean): Outbound {
                 tls = buildSingBoxOutboundTLS(bean)
             }
         }
+
         is VMessBean -> {
             if (bean.isVLESS) return Outbound_VLESSOptions().apply {
                 type = "vless"
@@ -625,6 +669,7 @@ fun buildSingBoxOutboundStandardV2RayBean(bean: StandardV2RayBean): Outbound {
                 transport = buildSingBoxOutboundStreamSettings(bean)
             }
         }
+
         is TrojanBean -> {
             return Outbound_TrojanOptions().apply {
                 type = "trojan"
@@ -635,6 +680,7 @@ fun buildSingBoxOutboundStandardV2RayBean(bean: StandardV2RayBean): Outbound {
                 transport = buildSingBoxOutboundStreamSettings(bean)
             }
         }
+
         else -> throw IllegalStateException("can't reach")
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/VMessBean.java b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/VMessBean.java
index 84044da1b..2b7e8ae9e 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/VMessBean.java
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/VMessBean.java
@@ -16,7 +16,12 @@ public void initializeDefaultValues() {
         super.initializeDefaultValues();
 
         alterId = alterId != null ? alterId : 0;
-        encryption = JavaUtil.isNotBlank(encryption) ? encryption : "auto";
+
+        if (alterId == -1) {
+            encryption = JavaUtil.isNotBlank(encryption) ? encryption : "";
+        } else {
+            encryption = JavaUtil.isNotBlank(encryption) ? encryption : "auto";
+        }
     }
 
     @NotNull
diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/wireguard/WireGuardFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/wireguard/WireGuardFmt.kt
index 8e8388649..5fa7397b0 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/fmt/wireguard/WireGuardFmt.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/wireguard/WireGuardFmt.kt
@@ -1,17 +1,41 @@
 package io.nekohasekai.sagernet.fmt.wireguard
 
 import moe.matsuri.nb4a.SingBoxOptions
+import moe.matsuri.nb4a.utils.Util
+import moe.matsuri.nb4a.utils.listByLineOrComma
+
+fun genReserved(anyStr: String): String {
+    try {
+        val list = anyStr.listByLineOrComma()
+        val ba = ByteArray(3)
+        if (list.size == 3) {
+            list.forEachIndexed { index, s ->
+                val i = s
+                    .replace("[", "")
+                    .replace("]", "")
+                    .replace(" ", "")
+                    .toIntOrNull() ?: return anyStr
+                ba[index] = i.toByte()
+            }
+            return Util.b64EncodeOneLine(ba)
+        } else {
+            return anyStr
+        }
+    } catch (e: Exception) {
+        return anyStr
+    }
+}
 
 fun buildSingBoxOutboundWireguardBean(bean: WireGuardBean): SingBoxOptions.Outbound_WireGuardOptions {
     return SingBoxOptions.Outbound_WireGuardOptions().apply {
         type = "wireguard"
         server = bean.serverAddress
         server_port = bean.serverPort
-        local_address = bean.localAddress.split("\n")
+        local_address = bean.localAddress.listByLineOrComma()
         private_key = bean.privateKey
         peer_public_key = bean.peerPublicKey
         pre_shared_key = bean.peerPreSharedKey
         mtu = bean.mtu
-        if (bean.reserved.isNotBlank()) reserved = bean.reserved
+        if (bean.reserved.isNotBlank()) reserved = genReserved(bean.reserved)
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/group/RawUpdater.kt b/app/src/main/java/io/nekohasekai/sagernet/group/RawUpdater.kt
index af97d1e69..28213489a 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/group/RawUpdater.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/group/RawUpdater.kt
@@ -1,18 +1,19 @@
 package io.nekohasekai.sagernet.group
 
 import android.annotation.SuppressLint
-import android.net.Uri
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.database.*
 import io.nekohasekai.sagernet.fmt.AbstractBean
 import io.nekohasekai.sagernet.fmt.http.HttpBean
 import io.nekohasekai.sagernet.fmt.hysteria.HysteriaBean
-import io.nekohasekai.sagernet.fmt.hysteria.parseHysteria
+import io.nekohasekai.sagernet.fmt.hysteria.parseHysteria1Json
 import io.nekohasekai.sagernet.fmt.shadowsocks.ShadowsocksBean
 import io.nekohasekai.sagernet.fmt.shadowsocks.parseShadowsocks
 import io.nekohasekai.sagernet.fmt.socks.SOCKSBean
 import io.nekohasekai.sagernet.fmt.trojan.TrojanBean
 import io.nekohasekai.sagernet.fmt.trojan_go.parseTrojanGo
+import io.nekohasekai.sagernet.fmt.tuic.TuicBean
+import io.nekohasekai.sagernet.fmt.v2ray.StandardV2RayBean
 import io.nekohasekai.sagernet.fmt.v2ray.VMessBean
 import io.nekohasekai.sagernet.fmt.v2ray.isTLS
 import io.nekohasekai.sagernet.fmt.v2ray.setTLS
@@ -20,7 +21,9 @@ import io.nekohasekai.sagernet.fmt.wireguard.WireGuardBean
 import io.nekohasekai.sagernet.ktx.*
 import libcore.Libcore
 import moe.matsuri.nb4a.Protocols
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSBean
 import moe.matsuri.nb4a.proxy.config.ConfigBean
+import moe.matsuri.nb4a.utils.Util
 import org.ini4j.Ini
 import org.json.JSONArray
 import org.json.JSONObject
@@ -29,6 +32,7 @@ import org.yaml.snakeyaml.TypeDescription
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.error.YAMLException
 import java.io.StringReader
+import androidx.core.net.toUri
 
 @Suppress("EXPERIMENTAL_API_USAGE")
 object RawUpdater : GroupUpdater() {
@@ -44,7 +48,7 @@ object RawUpdater : GroupUpdater() {
         val link = subscription.link
         var proxies: List<AbstractBean>
         if (link.startsWith("content://")) {
-            val contentText = app.contentResolver.openInputStream(Uri.parse(link))
+            val contentText = app.contentResolver.openInputStream(link.toUri())
                 ?.bufferedReader()
                 ?.readText()
 
@@ -54,18 +58,33 @@ object RawUpdater : GroupUpdater() {
 
             val response = Libcore.newHttpClient().apply {
                 trySocks5(DataStore.mixedPort)
+                tryH3Direct()
                 when (DataStore.appTLSVersion) {
                     "1.3" -> restrictedTLS()
                 }
             }.newRequest().apply {
+                if (DataStore.allowInsecureOnRequest) {
+                    allowInsecure()
+                }
                 setURL(subscription.link)
                 setUserAgent(subscription.customUserAgent.takeIf { it.isNotBlank() } ?: USER_AGENT)
             }.execute()
-
-            proxies = parseRaw(response.contentString)
+            proxies = parseRaw(Util.getStringBox(response.contentString))
                 ?: error(app.getString(R.string.no_proxies_found))
 
-            subscription.subscriptionUserinfo = response.getHeader("Subscription-Userinfo")
+            subscription.subscriptionUserinfo =
+                Util.getStringBox(response.getHeader("Subscription-Userinfo"))
+
+            // 修改默认名字
+            if (proxyGroup.name?.startsWith("Subscription #") == true) {
+                var remoteName = Util.getStringBox(response.getHeader("content-disposition"))
+                if (remoteName.isNotBlank()) {
+                    remoteName = Util.decodeFilename(remoteName)
+                    if (remoteName.isNotBlank()) {
+                        proxyGroup.name = remoteName
+                    }
+                }
+            }
         }
 
         val proxiesMap = LinkedHashMap<String, AbstractBean>()
@@ -167,11 +186,12 @@ object RawUpdater : GroupUpdater() {
                 }
             } else {
                 changed++
-                SagerDatabase.proxyDao.addProxy(ProxyEntity(
-                    groupId = proxyGroup.id, userOrder = userOrder
-                ).apply {
-                    putBean(bean)
-                })
+                SagerDatabase.proxyDao.addProxy(
+                    ProxyEntity(
+                        groupId = proxyGroup.id, userOrder = userOrder
+                    ).apply {
+                        putBean(bean)
+                    })
                 added.add(name)
                 Logs.d("Inserted profile: $name")
             }
@@ -208,12 +228,17 @@ object RawUpdater : GroupUpdater() {
 
         if (text.contains("proxies:")) {
 
+            // clash & meta
+
             try {
 
-                // clash
-                for (proxy in (Yaml().apply {
+                val yaml = Yaml().apply {
                     addTypeDescription(TypeDescription(String::class.java, "str"))
-                }.loadAs(text, Map::class.java)["proxies"] as? (List<Map<String, Any?>>) ?: error(
+                }.loadAs(text, Map::class.java)
+
+                val globalClientFingerprint = yaml["global-client-fingerprint"]?.toString() ?: ""
+
+                for (proxy in (yaml["proxies"] as? (List<Map<String, Any?>>) ?: error(
                     app.getString(R.string.no_proxies_found_in_file)
                 ))) {
                     // Note: YAML numbers parsed as "Long"
@@ -238,6 +263,7 @@ object RawUpdater : GroupUpdater() {
                                 setTLS(proxy["tls"]?.toString() == "true")
                                 sni = proxy["sni"]?.toString()
                                 name = proxy["name"]?.toString()
+                                allowInsecure = proxy["skip-cert-verify"]?.toString() == "true"
                             })
                         }
 
@@ -276,201 +302,365 @@ object RawUpdater : GroupUpdater() {
                             })
                         }
 
-                        "vmess", "vless" -> {
-                            val isVLESS = proxy["type"].toString() == "vless"
-                            val bean = VMessBean().apply { if (isVLESS) alterId = -1 }
+                        "vmess", "vless", "trojan" -> {
+                            val bean = when (proxy["type"] as String) {
+                                "vmess" -> VMessBean()
+                                "vless" -> VMessBean().apply {
+                                    alterId = -1 // make it VLESS
+                                    packetEncoding = 2 // clash meta default XUDP
+                                }
+
+                                "trojan" -> TrojanBean().apply {
+                                    security = "tls"
+                                }
+
+                                else -> error("impossible")
+                            }
+
+                            bean.serverAddress = proxy["server"]?.toString() ?: continue
+                            bean.serverPort = proxy["port"]?.toString()?.toIntOrNull() ?: continue
+
                             for (opt in proxy) {
                                 when (opt.key) {
                                     "name" -> bean.name = opt.value?.toString()
-                                    "server" -> bean.serverAddress = opt.value as String
-                                    "port" -> bean.serverPort = opt.value.toString().toInt()
-                                    "uuid" -> bean.uuid = opt.value as String
+                                    "password" -> if (bean is TrojanBean) bean.password =
+                                        opt.value?.toString()
 
-                                    "alterId" -> if (!isVLESS) bean.alterId =
-                                        opt.value.toString().toInt()
+                                    "uuid" -> if (bean is VMessBean) bean.uuid =
+                                        opt.value?.toString()
 
-                                    "cipher" -> if (!isVLESS) bean.encryption = opt.value as String
+                                    "alterId" -> if (bean is VMessBean && !bean.isVLESS) bean.alterId =
+                                        opt.value?.toString()?.toIntOrNull()
 
-                                    "flow" -> if (isVLESS) bean.encryption = opt.value as String
+                                    "cipher" -> if (bean is VMessBean && !bean.isVLESS) bean.encryption =
+                                        (opt.value as? String)
 
-                                    "network" -> {
-                                        bean.type = opt.value as String
-                                        // Clash "network" fix
-                                        when (bean.type) {
-                                            "h2" -> bean.type = "http"
+                                    "flow" -> if (bean is VMessBean && bean.isVLESS) {
+                                        (opt.value as? String)?.let {
+                                            if (it.contains("xtls-rprx-vision")) {
+                                                bean.encryption = "xtls-rprx-vision"
+                                            }
                                         }
                                     }
 
+                                    "packet-encoding" -> if (bean is VMessBean) {
+                                        bean.packetEncoding = when ((opt.value as? String)) {
+                                            "packetaddr" -> 1
+                                            "xudp" -> 2
+                                            else -> 0
+                                        }
+                                    }
+
+                                    "tls" -> if (bean is VMessBean) {
+                                        bean.security =
+                                            if (opt.value as? Boolean == true) "tls" else ""
+                                    }
+
+                                    "servername", "sni" -> bean.sni = opt.value?.toString()
+
+                                    "alpn" -> bean.alpn =
+                                        (opt.value as? List<Any>)?.joinToString("\n")
+
+                                    "skip-cert-verify" -> bean.allowInsecure =
+                                        opt.value as? Boolean == true
+
                                     "client-fingerprint" -> bean.utlsFingerprint =
                                         opt.value as String
 
-                                    "tls" -> bean.security =
-                                        if (opt.value?.toString() == "true") "tls" else ""
+                                    "reality-opts" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (realityOpt in it) {
+                                            bean.security = "tls"
 
-                                    "skip-cert-verify" -> bean.allowInsecure =
-                                        opt.value?.toString() == "true"
+                                            when (realityOpt.key) {
+                                                "public-key" -> bean.realityPubKey =
+                                                    realityOpt.value?.toString()
+
+                                                "short-id" -> bean.realityShortId =
+                                                    realityOpt.value?.toString()
+                                            }
+                                        }
+                                    }
 
-                                    "ws-path" -> bean.path = opt.value?.toString()
-                                    "ws-headers" -> for (wsHeader in (opt.value as Map<String, Any>)) {
-                                        when (wsHeader.key.lowercase()) {
-                                            "host" -> bean.host = wsHeader.value.toString()
+                                    "network" -> {
+                                        when (opt.value) {
+                                            "h2", "http" -> bean.type = "http"
+                                            "ws", "grpc" -> bean.type = opt.value as String
                                         }
                                     }
 
-                                    "ws-opts", "ws-opt" -> for (wsOpt in (opt.value as Map<String, Any>)) {
-                                        when (wsOpt.key.lowercase()) {
-                                            "headers" -> for (wsHeader in (opt.value as Map<String, Any>)) {
-                                                when (wsHeader.key.lowercase()) {
-                                                    "host" -> bean.host = wsHeader.value.toString()
+                                    "ws-opts" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (wsOpt in it) {
+                                            when (wsOpt.key) {
+                                                "headers" -> (wsOpt.value as? Map<Any, Any?>)?.forEach { (key, value) ->
+                                                    when (key.toString().lowercase()) {
+                                                        "host" -> {
+                                                            bean.host = value?.toString()
+                                                        }
+                                                    }
                                                 }
-                                            }
 
-                                            "path" -> {
-                                                bean.path = wsOpt.value.toString()
-                                            }
+                                                "path" -> {
+                                                    bean.path = wsOpt.value?.toString()
+                                                }
 
-                                            "max-early-data" -> {
-                                                bean.wsMaxEarlyData = wsOpt.value.toString().toInt()
-                                            }
+                                                "max-early-data" -> {
+                                                    bean.wsMaxEarlyData =
+                                                        wsOpt.value?.toString()?.toIntOrNull()
+                                                }
+
+                                                "early-data-header-name" -> {
+                                                    bean.earlyDataHeaderName =
+                                                        wsOpt.value?.toString()
+                                                }
 
-                                            "early-data-header-name" -> {
-                                                bean.earlyDataHeaderName = wsOpt.value.toString()
+                                                "v2ray-http-upgrade" -> {
+                                                    if (wsOpt.value as? Boolean == true) {
+                                                        bean.type = "httpupgrade"
+                                                    }
+                                                }
                                             }
                                         }
                                     }
 
-                                    "servername" -> bean.host = opt.value?.toString()
-                                    // The format of the VMessBean is wrong, so the `host` `path` has some strange transformations here.
-                                    "h2-opts", "h2-opt" -> for (h2Opt in (opt.value as Map<String, Any>)) {
-                                        when (h2Opt.key.lowercase()) {
-                                            "host" -> bean.host =
-                                                (h2Opt.value as List<String>).first()
+                                    "h2-opts" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (h2Opt in it) {
+                                            when (h2Opt.key) {
+                                                "host" -> bean.host =
+                                                    (h2Opt.value as? List<Any>)?.joinToString("\n")
 
-                                            "path" -> bean.path = h2Opt.value.toString()
+                                                "path" -> bean.path = h2Opt.value?.toString()
+                                            }
                                         }
                                     }
 
-                                    "http-opts", "http-opt" -> for (httpOpt in (opt.value as Map<String, Any>)) {
-                                        when (httpOpt.key.lowercase()) {
-                                            "path" -> bean.path =
-                                                (httpOpt.value as List<String>).first()
-
-                                            "headers" -> for (hdr in (httpOpt.value as Map<String, Any>)) {
-                                                when (hdr.key.lowercase()) {
-                                                    "host" -> bean.host =
-                                                        (hdr.value as List<String>).first()
+                                    "http-opts" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (httpOpt in it) {
+                                            when (httpOpt.key) {
+                                                "path" -> bean.path =
+                                                    (httpOpt.value as? List<Any>)?.joinToString("\n")
+
+                                                "headers" -> {
+                                                    (httpOpt.value as? Map<Any, List<Any>>)?.forEach { (key, value) ->
+                                                        when (key.toString().lowercase()) {
+                                                            "host" -> {
+                                                                bean.host = value.joinToString("\n")
+                                                            }
+                                                        }
+                                                    }
                                                 }
                                             }
                                         }
                                     }
 
-                                    "grpc-opts", "grpc-opt" -> for (grpcOpt in (opt.value as Map<String, Any>)) {
-                                        when (grpcOpt.key.lowercase()) {
-                                            "grpc-service-name" -> bean.path =
-                                                grpcOpt.value.toString()
+                                    "grpc-opts" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (grpcOpt in it) {
+                                            when (grpcOpt.key) {
+                                                "grpc-service-name" -> bean.path =
+                                                    grpcOpt.value?.toString()
+                                            }
                                         }
                                     }
 
-                                    "reality-opts" -> for (realityOpt in (opt.value as Map<String, Any>)) {
-                                        when (realityOpt.key.lowercase()) {
-                                            "public-key" -> bean.realityPubKey =
-                                                realityOpt.value.toString()
+                                    "smux" -> (opt.value as? Map<String, Any?>)?.also {
+                                        for (smuxOpt in it) {
+                                            when (smuxOpt.key) {
+                                                "enabled" -> bean.enableMux =
+                                                    smuxOpt.value.toString() == "true"
+
+                                                "max-streams" -> bean.muxConcurrency =
+                                                    smuxOpt.value.toString().toInt()
 
-                                            "short-id" -> bean.realityShortId =
-                                                realityOpt.value.toString()
+                                                "padding" -> bean.muxPadding =
+                                                    smuxOpt.value.toString() == "true"
+                                            }
                                         }
                                     }
                                 }
                             }
-                            if (bean.isTLS() && bean.sni.isNullOrBlank() && !bean.host.isNullOrBlank()) {
-                                bean.sni = bean.host
-                            }
                             proxies.add(bean)
                         }
 
-                        "trojan" -> {
-                            val bean = TrojanBean()
-                            bean.security = "tls"
+                        "anytls" -> {
+                            val bean = AnyTLSBean()
                             for (opt in proxy) {
-                                when (opt.key) {
-                                    "name" -> bean.name = opt.value?.toString()
+                                if (opt.value == null) continue
+                                when (opt.key.replace("_", "-")) {
+                                    "name" -> bean.name = opt.value.toString()
                                     "server" -> bean.serverAddress = opt.value as String
                                     "port" -> bean.serverPort = opt.value.toString().toInt()
-                                    "password" -> bean.password = opt.value?.toString()
+                                    "password" -> bean.password = opt.value.toString()
                                     "client-fingerprint" -> bean.utlsFingerprint =
                                         opt.value as String
 
-                                    "sni" -> bean.sni = opt.value?.toString()
+                                    "sni" -> bean.sni = opt.value.toString()
                                     "skip-cert-verify" -> bean.allowInsecure =
-                                        opt.value?.toString() == "true"
+                                        opt.value.toString() == "true"
 
-                                    "network" -> when (opt.value) {
-                                        "ws", "grpc" -> bean.type = opt.value?.toString()
+                                    "alpn" -> {
+                                        val alpn = (opt.value as? (List<String>))
+                                        bean.alpn = alpn?.joinToString("\n")
                                     }
+                                }
+                            }
+                            proxies.add(bean)
+                        }
 
-                                    "ws-opts", "ws-opt" -> for (wsOpt in (opt.value as Map<String, Any>)) {
-                                        when (wsOpt.key.lowercase()) {
-                                            "headers" -> for (wsHeader in (opt.value as Map<String, Any>)) {
-                                                when (wsHeader.key.lowercase()) {
-                                                    "host" -> bean.host = wsHeader.value.toString()
-                                                }
-                                            }
+                        "hysteria" -> {
+                            val bean = HysteriaBean()
+                            bean.protocolVersion = 1
+                            var hopPorts = ""
+                            for (opt in proxy) {
+                                if (opt.value == null) continue
+                                when (opt.key.replace("_", "-")) {
+                                    "name" -> bean.name = opt.value.toString()
+                                    "server" -> bean.serverAddress = opt.value as String
+                                    "port" -> bean.serverPorts = opt.value.toString()
+                                    "ports" -> hopPorts = opt.value.toString()
 
-                                            "path" -> {
-                                                bean.path = wsOpt.value.toString()
-                                            }
-                                        }
+                                    "obfs" -> bean.obfuscation = opt.value.toString()
+
+                                    "auth-str" -> {
+                                        bean.authPayloadType = HysteriaBean.TYPE_STRING
+                                        bean.authPayload = opt.value.toString()
                                     }
 
-                                    "grpc-opts", "grpc-opt" -> for (grpcOpt in (opt.value as Map<String, Any>)) {
-                                        when (grpcOpt.key.lowercase()) {
-                                            "grpc-service-name" -> bean.path =
-                                                grpcOpt.value.toString()
-                                        }
+                                    "sni" -> bean.sni = opt.value.toString()
+
+                                    "skip-cert-verify" -> bean.allowInsecure =
+                                        opt.value.toString() == "true"
+
+                                    "up" -> bean.uploadMbps =
+                                        opt.value.toString().substringBefore(" ").toIntOrNull()
+                                            ?: 100
+
+                                    "down" -> bean.downloadMbps =
+                                        opt.value.toString().substringBefore(" ").toIntOrNull()
+                                            ?: 100
+
+                                    "recv-window-conn" -> bean.connectionReceiveWindow =
+                                        opt.value.toString().toIntOrNull() ?: 0
+
+                                    "recv-window" -> bean.streamReceiveWindow =
+                                        opt.value.toString().toIntOrNull() ?: 0
+
+                                    "disable-mtu-discovery" -> bean.disableMtuDiscovery =
+                                        opt.value.toString() == "true" || opt.value.toString() == "1"
+
+                                    "alpn" -> {
+                                        val alpn = (opt.value as? (List<String>))
+                                        bean.alpn = alpn?.joinToString("\n") ?: "h3"
                                     }
                                 }
                             }
+                            if (hopPorts.isNotBlank()) {
+                                bean.serverPorts = hopPorts
+                            }
                             proxies.add(bean)
                         }
 
-                        "hysteria" -> {
+                        "hysteria2" -> {
                             val bean = HysteriaBean()
+                            bean.protocolVersion = 2
+                            var hopPorts = ""
                             for (opt in proxy) {
-                                when (opt.key) {
-                                    "name" -> bean.name = opt.value?.toString()
+                                if (opt.value == null) continue
+                                when (opt.key.replace("_", "-")) {
+                                    "name" -> bean.name = opt.value.toString()
                                     "server" -> bean.serverAddress = opt.value as String
-                                    "port" -> bean.serverPort = opt.value.toString().toInt()
-                                    "auth_str" -> {
-                                        bean.authPayloadType = HysteriaBean.TYPE_STRING
-                                        bean.authPayload = opt.value?.toString()
-                                    }
+                                    "port" -> bean.serverPorts = opt.value.toString()
+                                    "ports" -> hopPorts = opt.value.toString()
 
-                                    "sni" -> bean.sni = opt.value?.toString()
+                                    "obfs-password" -> bean.obfuscation = opt.value.toString()
+
+                                    "password" -> bean.authPayload = opt.value.toString()
+
+                                    "sni" -> bean.sni = opt.value.toString()
 
                                     "skip-cert-verify" -> bean.allowInsecure =
-                                        opt.value?.toString() == "true"
+                                        opt.value.toString() == "true"
 
                                     "up" -> bean.uploadMbps =
-                                        opt.value?.toString()?.toIntOrNull() ?: 100
+                                        opt.value.toString().substringBefore(" ").toIntOrNull() ?: 0
 
                                     "down" -> bean.downloadMbps =
-                                        opt.value?.toString()?.toIntOrNull() ?: 100
+                                        opt.value.toString().substringBefore(" ").toIntOrNull() ?: 0
+                                }
+                            }
+                            if (hopPorts.isNotBlank()) {
+                                bean.serverPorts = hopPorts
+                            }
+                            proxies.add(bean)
+                        }
+
+                        "tuic" -> {
+                            val bean = TuicBean()
+                            var ip = ""
+                            for (opt in proxy) {
+                                if (opt.value == null) continue
+                                when (opt.key.replace("_", "-")) {
+                                    "name" -> bean.name = opt.value.toString()
+                                    "server" -> bean.serverAddress = opt.value.toString()
+                                    "ip" -> ip = opt.value.toString()
+                                    "port" -> bean.serverPort = opt.value.toString().toInt()
+
+                                    "token" -> {
+                                        bean.protocolVersion = 4
+                                        bean.token = opt.value.toString()
+                                    }
+
+                                    "uuid" -> bean.uuid = opt.value.toString()
+
+                                    "password" -> bean.token = opt.value.toString()
+
+                                    "skip-cert-verify" -> bean.allowInsecure =
+                                        opt.value.toString() == "true"
+
+                                    "disable-sni" -> bean.disableSNI =
+                                        opt.value.toString() == "true"
 
-                                    "disable_mtu_discovery" -> bean.disableMtuDiscovery =
-                                        opt.value?.toString() == "true" || opt.value?.toString() == "1"
+                                    "reduce-rtt" -> bean.reduceRTT =
+                                        opt.value.toString() == "true"
+
+                                    "sni" -> bean.sni = opt.value.toString()
 
                                     "alpn" -> {
                                         val alpn = (opt.value as? (List<String>))
-                                        bean.alpn = alpn?.joinToString("\n") ?: "h3"
+                                        bean.alpn = alpn?.joinToString("\n")
                                     }
 
+                                    "congestion-controller" -> bean.congestionController =
+                                        opt.value.toString()
+
+                                    "udp-relay-mode" -> bean.udpRelayMode = opt.value.toString()
+
+                                }
+                            }
+                            if (ip.isNotBlank()) {
+                                bean.serverAddress = ip
+                                if (bean.sni.isNullOrBlank() && !bean.serverAddress.isNullOrBlank() && !bean.serverAddress.isIpAddress()) {
+                                    bean.sni = bean.serverAddress
                                 }
                             }
                             proxies.add(bean)
                         }
                     }
                 }
-                proxies.forEach { it.initializeDefaultValues() }
+
+                // Fix ent
+                proxies.forEach {
+                    it.initializeDefaultValues()
+                    if (it is StandardV2RayBean) {
+                        // 1. SNI
+                        if (it.isTLS() && it.sni.isNullOrBlank() && !it.host.isNullOrBlank() && !it.host.isIpAddress()) {
+                            it.sni = it.host
+                        }
+                        // 2. globalClientFingerprint
+                        if (!it.realityPubKey.isNullOrBlank() && it.utlsFingerprint.isNullOrBlank()) {
+                            it.utlsFingerprint = globalClientFingerprint
+                            if (it.utlsFingerprint.isNullOrBlank()) it.utlsFingerprint = "chrome"
+                        }
+                    }
+                }
                 return proxies
             } catch (e: YAMLException) {
                 Logs.w(e)
@@ -526,6 +716,7 @@ object RawUpdater : GroupUpdater() {
         if (localAddresses.isNullOrEmpty()) error("Empty address in 'Interface' selection")
         bean.localAddress = localAddresses.flatMap { it.split(",") }.joinToString("\n")
         bean.privateKey = iface["PrivateKey"]
+        bean.mtu = iface["MTU"]?.toIntOrNull()
         val peers = ini.getAll("Peer")
         if (peers.isNullOrEmpty()) error("Missing 'Peer' selections")
         val beans = mutableListOf<WireGuardBean>()
@@ -552,7 +743,7 @@ object RawUpdater : GroupUpdater() {
         if (json is JSONObject) {
             when {
                 json.has("server") && (json.has("up") || json.has("up_mbps")) -> {
-                    return listOf(json.parseHysteria())
+                    return listOf(json.parseHysteria1Json())
                 }
 
                 json.has("method") -> {
@@ -564,9 +755,25 @@ object RawUpdater : GroupUpdater() {
                 }
 
                 json.has("outbounds") -> {
-                    return listOf(ConfigBean().applyDefaultValues().apply {
-                        config = json.toStringPretty()
-                    })
+                    return json.getJSONArray("outbounds")
+                        .filterIsInstance<JSONObject>()
+                        .mapNotNull {
+                            val ty = it.getStr("type")
+                            if (ty == null || ty == "" ||
+                                ty == "dns" || ty == "block" || ty == "direct" || ty == "selector" || ty == "urltest"
+                            ) {
+                                null
+                            } else {
+                                it
+                            }
+                        }.map {
+                            ConfigBean().apply {
+                                applyDefaultValues()
+                                type = 1
+                                config = it.toStringPretty()
+                                name = it.getStr("tag")
+                            }
+                        }
                 }
 
                 json.has("server") && json.has("server_port") -> {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ktx/Asyncs.kt b/app/src/main/java/io/nekohasekai/sagernet/ktx/Asyncs.kt
index af3c96cc7..6c6696408 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ktx/Asyncs.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ktx/Asyncs.kt
@@ -2,6 +2,8 @@
 
 package io.nekohasekai.sagernet.ktx
 
+import androidx.fragment.app.Fragment
+import androidx.lifecycle.lifecycleScope
 import kotlinx.coroutines.*
 
 fun block(block: suspend CoroutineScope.() -> Unit): suspend CoroutineScope.() -> Unit {
@@ -11,6 +13,9 @@ fun block(block: suspend CoroutineScope.() -> Unit): suspend CoroutineScope.() -
 fun runOnDefaultDispatcher(block: suspend CoroutineScope.() -> Unit) =
     GlobalScope.launch(Dispatchers.Default, block = block)
 
+fun Fragment.runOnLifecycleDispatcher(block: suspend CoroutineScope.() -> Unit) =
+    lifecycleScope.launch(Dispatchers.Default, block = block)
+
 suspend fun <T> onDefaultDispatcher(block: suspend CoroutineScope.() -> T) =
     withContext(Dispatchers.Default, block = block)
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ktx/Dialogs.kt b/app/src/main/java/io/nekohasekai/sagernet/ktx/Dialogs.kt
index 53a5f69e1..3dbc532d5 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ktx/Dialogs.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ktx/Dialogs.kt
@@ -1,5 +1,6 @@
 package io.nekohasekai.sagernet.ktx
 
+import android.app.Activity
 import android.content.Context
 import androidx.appcompat.app.AlertDialog
 import androidx.fragment.app.Fragment
@@ -13,4 +14,15 @@ fun Context.alert(text: String): AlertDialog {
         .create()
 }
 
-fun Fragment.alert(text: String) = requireContext().alert(text)
\ No newline at end of file
+fun Fragment.alert(text: String) = requireContext().alert(text)
+
+fun AlertDialog.tryToShow() {
+    try {
+        val activity = context as Activity
+        if (!activity.isFinishing) {
+            show()
+        }
+    } catch (e: Exception) {
+        Logs.e(e)
+    }
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ktx/Formats.kt b/app/src/main/java/io/nekohasekai/sagernet/ktx/Formats.kt
index aa28fb8e8..6c0f8f45b 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ktx/Formats.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ktx/Formats.kt
@@ -4,19 +4,20 @@ import com.google.gson.JsonParser
 import io.nekohasekai.sagernet.fmt.AbstractBean
 import io.nekohasekai.sagernet.fmt.Serializable
 import io.nekohasekai.sagernet.fmt.http.parseHttp
-import io.nekohasekai.sagernet.fmt.hysteria.parseHysteria
+import io.nekohasekai.sagernet.fmt.hysteria.parseHysteria1
+import io.nekohasekai.sagernet.fmt.hysteria.parseHysteria2
 import io.nekohasekai.sagernet.fmt.naive.parseNaive
 import io.nekohasekai.sagernet.fmt.parseUniversal
 import io.nekohasekai.sagernet.fmt.shadowsocks.parseShadowsocks
 import io.nekohasekai.sagernet.fmt.socks.parseSOCKS
 import io.nekohasekai.sagernet.fmt.trojan.parseTrojan
+import io.nekohasekai.sagernet.fmt.tuic.parseTuic
 import io.nekohasekai.sagernet.fmt.trojan_go.parseTrojanGo
 import io.nekohasekai.sagernet.fmt.v2ray.parseV2Ray
-import moe.matsuri.nb4a.plugin.NekoPluginManager
-import moe.matsuri.nb4a.proxy.neko.NekoJSInterface
-import moe.matsuri.nb4a.proxy.neko.parseShareLink
+import moe.matsuri.nb4a.proxy.anytls.parseAnytls
 import moe.matsuri.nb4a.utils.JavaUtil.gson
 import moe.matsuri.nb4a.utils.Util
+import okhttp3.HttpUrl
 import org.json.JSONArray
 import org.json.JSONException
 import org.json.JSONObject
@@ -109,7 +110,7 @@ suspend fun parseProxies(text: String): List<AbstractBean> {
     val entities = ArrayList<AbstractBean>()
     val entitiesByLine = ArrayList<AbstractBean>()
 
-    suspend fun String.parseLink(entities: ArrayList<AbstractBean>) {
+    fun String.parseLink(entities: ArrayList<AbstractBean>) {
         if (startsWith("clash://install-config?") || startsWith("sn://subscription?")) {
             throw SubscriptionFoundException(this)
         }
@@ -137,6 +138,14 @@ suspend fun parseProxies(text: String): List<AbstractBean> {
                 entities.add(parseHttp(this))
             }.onFailure {
                 Logs.w(it)
+                val clashUrl = HttpUrl.Builder()
+                    .scheme("https")
+                    .host("install-config")
+                    .addQueryParameter("url", this)
+                    .build()
+                    .toString()
+                    .replaceFirst("https://", "clash://")
+                throw (SubscriptionFoundException(clashUrl))
             }
         } else if (startsWith("vmess://")) {
             Logs.d("Try parse v2ray link: $this")
@@ -181,27 +190,32 @@ suspend fun parseProxies(text: String): List<AbstractBean> {
                 Logs.w(it)
             }
         } else if (startsWith("hysteria://")) {
-            Logs.d("Try parse hysteria link: $this")
+            Logs.d("Try parse hysteria1 link: $this")
             runCatching {
-                entities.add(parseHysteria(this))
+                entities.add(parseHysteria1(this))
             }.onFailure {
                 Logs.w(it)
             }
-        } else { // Neko Plugins
-            NekoPluginManager.getProtocols().forEach { obj ->
-                obj.protocolConfig.optJSONArray("links")?.forEach { _, any ->
-                    if (any is String && startsWith(any)) {
-                        runCatching {
-                            entities.add(
-                                parseShareLink(
-                                    obj.plgId, obj.protocolId, this@parseLink
-                                )
-                            )
-                        }.onFailure {
-                            Logs.w(it)
-                        }
-                    }
-                }
+        } else if (startsWith("hysteria2://") || startsWith("hy2://")) {
+            Logs.d("Try parse hysteria2 link: $this")
+            runCatching {
+                entities.add(parseHysteria2(this))
+            }.onFailure {
+                Logs.w(it)
+            }
+        } else if (startsWith("tuic://")) {
+            Logs.d("Try parse TUIC link: $this")
+            runCatching {
+                entities.add(parseTuic(this))
+            }.onFailure {
+                Logs.w(it)
+            }
+        } else if (startsWith("anytls://")) {
+            Logs.d("Try parse anytls link: $this")
+            runCatching {
+                entities.add(parseAnytls(this))
+            }.onFailure {
+                Logs.w(it)
             }
         }
     }
@@ -212,17 +226,16 @@ suspend fun parseProxies(text: String): List<AbstractBean> {
     for (link in linksByLine) {
         link.parseLink(entitiesByLine)
     }
-    var isBadLink = false
+//    var isBadLink = false
     if (entities.onEach { it.initializeDefaultValues() }.size == entitiesByLine.onEach { it.initializeDefaultValues() }.size) run test@{
         entities.forEachIndexed { index, bean ->
             val lineBean = entitiesByLine[index]
             if (bean == lineBean && bean.displayName() != lineBean.displayName()) {
-                isBadLink = true
+//                isBadLink = true
                 return@test
             }
         }
     }
-    NekoJSInterface.Default.destroyAllJsi()
     return if (entities.size > entitiesByLine.size) entities else entitiesByLine
 }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ktx/Nets.kt b/app/src/main/java/io/nekohasekai/sagernet/ktx/Nets.kt
index d8ff48026..86b718733 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ktx/Nets.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ktx/Nets.kt
@@ -2,6 +2,7 @@
 
 package io.nekohasekai.sagernet.ktx
 
+import io.nekohasekai.sagernet.BuildConfig
 import io.nekohasekai.sagernet.fmt.AbstractBean
 import moe.matsuri.nb4a.utils.NGUtil
 import okhttp3.HttpUrl
@@ -62,4 +63,4 @@ fun mkPort(): Int {
     return port
 }
 
-const val USER_AGENT = "NekoBox/Android/1.0 (Prefer ClashMeta Format)"
+const val USER_AGENT = "NekoBox/Android/" + BuildConfig.VERSION_NAME + " (Prefer ClashMeta Format)"
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ktx/Utils.kt b/app/src/main/java/io/nekohasekai/sagernet/ktx/Utils.kt
index d0ce4d81b..3e176c8ed 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ktx/Utils.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ktx/Utils.kt
@@ -5,8 +5,11 @@ package io.nekohasekai.sagernet.ktx
 import android.animation.Animator
 import android.animation.AnimatorListenerAdapter
 import android.annotation.SuppressLint
-import android.content.*
-import android.content.pm.PackageInfo
+import android.content.ActivityNotFoundException
+import android.content.BroadcastReceiver
+import android.content.Context
+import android.content.Intent
+import android.content.IntentFilter
 import android.content.res.Resources
 import android.os.Build
 import android.system.Os
@@ -17,6 +20,8 @@ import androidx.activity.result.ActivityResultLauncher
 import androidx.annotation.AttrRes
 import androidx.annotation.ColorRes
 import androidx.core.content.ContextCompat
+import androidx.core.view.isGone
+import androidx.core.view.isVisible
 import androidx.fragment.app.DialogFragment
 import androidx.fragment.app.Fragment
 import androidx.fragment.app.FragmentManager
@@ -27,16 +32,23 @@ import com.jakewharton.processphoenix.ProcessPhoenix
 import io.nekohasekai.sagernet.BuildConfig
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.SagerNet
-import io.nekohasekai.sagernet.bg.Executable
+import io.nekohasekai.sagernet.aidl.ISagerNetService
+import io.nekohasekai.sagernet.bg.BaseService
+import io.nekohasekai.sagernet.bg.SagerConnection
 import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.database.SagerDatabase
-import io.nekohasekai.sagernet.database.preference.PublicDatabase
 import io.nekohasekai.sagernet.ui.MainActivity
 import io.nekohasekai.sagernet.ui.ThemedActivity
-import kotlinx.coroutines.*
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.suspendCancellableCoroutine
 import moe.matsuri.nb4a.utils.NGUtil
 import java.io.FileDescriptor
-import java.net.*
+import java.net.HttpURLConnection
+import java.net.InetAddress
+import java.net.Socket
+import java.net.URLEncoder
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicInteger
 import java.util.concurrent.atomic.AtomicLong
@@ -48,6 +60,7 @@ import kotlin.reflect.KMutableProperty0
 import kotlin.reflect.KProperty
 import kotlin.reflect.KProperty0
 
+fun String?.blankAsNull(): String? = if (isNullOrBlank()) null else this
 
 inline fun <T> Iterable<T>.forEachTry(action: (T) -> Unit) {
     var result: Exception? = null
@@ -113,9 +126,6 @@ fun Context.listenForPackageChanges(onetime: Boolean = true, callback: () -> Uni
         })
     }
 
-val PackageInfo.signaturesCompat
-    get() = if (Build.VERSION.SDK_INT >= 28) signingInfo.apkContentsSigners else @Suppress("DEPRECATION") signatures
-
 /**
  * Based on: https://stackoverflow.com/a/26348729/2245107
  */
@@ -193,7 +203,7 @@ val shortAnimTime by lazy {
 fun View.crossFadeFrom(other: View) {
     clearAnimation()
     other.clearAnimation()
-    if (visibility == View.VISIBLE && other.visibility == View.GONE) return
+    if (isVisible && other.isGone) return
     alpha = 0F
     visibility = View.VISIBLE
     animate().alpha(1F).duration = shortAnimTime
@@ -240,16 +250,33 @@ fun Fragment.needReload() {
 
 fun Fragment.needRestart() {
     snackbar(R.string.need_restart).setAction(R.string.apply) {
+        triggerFullRestart(requireContext())
+    }.show()
+}
+
+fun triggerFullRestart(ctx: Context) {
+    runOnDefaultDispatcher {
         SagerNet.stopService()
-        val ctx = requireContext()
-        runOnDefaultDispatcher {
-            delay(500)
-            SagerDatabase.instance.close()
-            PublicDatabase.instance.close()
-            Executable.killAll(true)
+        delay(500)
+        SagerConnection.restartingApp = true
+        val connection = SagerConnection(SagerConnection.CONNECTION_ID_RESTART_BG)
+        connection.connect(ctx, RestartCallback {
             ProcessPhoenix.triggerRebirth(ctx, Intent(ctx, MainActivity::class.java))
-        }
-    }.show()
+        })
+    }
+}
+
+private class RestartCallback(val callback: () -> Unit) : SagerConnection.Callback {
+    override fun stateChanged(
+        state: BaseService.State,
+        profileName: String?,
+        msg: String?
+    ) {
+    }
+
+    override fun onServiceConnected(service: ISagerNetService) {
+        callback()
+    }
 }
 
 fun Context.getColour(@ColorRes colorRes: Int): Int {
@@ -262,13 +289,10 @@ fun Context.getColorAttr(@AttrRes resId: Int): Int {
     }.resourceId)
 }
 
-var isExpert: Boolean
-    get() = BuildConfig.DEBUG || DataStore.isExpert
-    set(value) = TODO()
-
-val isExpertFlavor = ((BuildConfig.FLAVOR == "expert") || BuildConfig.DEBUG)
+val isExpert: Boolean by lazy { BuildConfig.DEBUG || DataStore.isExpert }
 const val isOss = BuildConfig.FLAVOR == "oss"
-const val isFdroid = BuildConfig.FLAVOR == "fdroid"
+const val isPlay = BuildConfig.FLAVOR == "play"
+const val isPreview = BuildConfig.FLAVOR == "preview"
 
 fun <T> Continuation<T>.tryResume(value: T) {
     try {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/plugin/PluginManager.kt b/app/src/main/java/io/nekohasekai/sagernet/plugin/PluginManager.kt
index 76fd704d6..10307a1f7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/plugin/PluginManager.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/plugin/PluginManager.kt
@@ -32,7 +32,8 @@ object PluginManager {
             val result = initNative(pluginId)
             if (result != null) return result
         } catch (t: Throwable) {
-            if (throwable == null) throwable = t else Logs.w(t)
+            throwable = t
+            Logs.w(t)
         }
 
         throw throwable ?: PluginNotFoundException(pluginId)
@@ -41,16 +42,41 @@ object PluginManager {
     private fun initNative(pluginId: String): InitResult? {
         val info = Plugins.getPlugin(pluginId) ?: return null
 
+        // internal so
+        if (info.applicationInfo == null) {
+            try {
+                initNativeInternal(pluginId)?.let { return InitResult(it, info) }
+            } catch (t: Throwable) {
+                Logs.w("initNativeInternal failed", t)
+            }
+            return null
+        }
+
         try {
-            initNativeFaster(info)?.also { return InitResult(it, info) }
+            initNativeFaster(info)?.let { return InitResult(it, info) }
         } catch (t: Throwable) {
-            Logs.w("Initializing native plugin faster mode failed", t)
+            Logs.w("initNativeFaster failed", t)
         }
 
         Logs.w("Init native returns empty result")
         return null
     }
 
+    private fun initNativeInternal(pluginId: String): String? {
+        fun soIfExist(soName: String): String? {
+            val f = File(SagerNet.application.applicationInfo.nativeLibraryDir, soName)
+            if (f.canExecute()) {
+                return f.absolutePath
+            }
+            return null
+        }
+        return when (pluginId) {
+            "hysteria-plugin" -> soIfExist("libhysteria.so")
+            "hysteria2-plugin" -> soIfExist("libhysteria2.so")
+            else -> null
+        }
+    }
+
     private fun initNativeFaster(provider: ProviderInfo): String? {
         return provider.loadString(Plugins.METADATA_KEY_EXECUTABLE_PATH)
             ?.let { relativePath ->
@@ -64,6 +90,7 @@ object PluginManager {
         is String -> value
         is Int -> SagerNet.application.packageManager.getResourcesForApplication(applicationInfo)
             .getString(value)
+
         null -> null
         else -> error("meta-data $key has invalid type ${value.javaClass}")
     }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/AboutFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/AboutFragment.kt
index 70760dfb8..f6afc4b3f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/AboutFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/AboutFragment.kt
@@ -10,6 +10,7 @@ import android.os.PowerManager
 import android.provider.Settings
 import android.text.util.Linkify
 import android.view.View
+import android.widget.Toast
 import androidx.activity.result.component1
 import androidx.activity.result.component2
 import androidx.activity.result.contract.ActivityResultContracts
@@ -25,9 +26,15 @@ import io.nekohasekai.sagernet.databinding.LayoutAboutBinding
 import io.nekohasekai.sagernet.ktx.*
 import io.nekohasekai.sagernet.plugin.PluginManager.loadString
 import io.nekohasekai.sagernet.utils.PackageCache
-import io.nekohasekai.sagernet.widget.ListHolderListener
+import io.nekohasekai.sagernet.widget.ListListener
 import libcore.Libcore
 import moe.matsuri.nb4a.plugin.Plugins
+import androidx.core.net.toUri
+import com.google.android.material.dialog.MaterialAlertDialogBuilder
+import io.nekohasekai.sagernet.SagerNet
+import io.nekohasekai.sagernet.database.DataStore
+import moe.matsuri.nb4a.utils.Util
+import org.json.JSONObject
 
 class AboutFragment : ToolbarFragment(R.layout.layout_about) {
 
@@ -36,7 +43,7 @@ class AboutFragment : ToolbarFragment(R.layout.layout_about) {
 
         val binding = LayoutAboutBinding.bind(view)
 
-        ViewCompat.setOnApplyWindowInsetsListener(view, ListHolderListener)
+        ViewCompat.setOnApplyWindowInsetsListener(view, ListListener)
         toolbar.setTitle(R.string.menu_about)
 
         parentFragmentManager.beginTransaction()
@@ -65,117 +72,133 @@ class AboutFragment : ToolbarFragment(R.layout.layout_about) {
         }
 
         override fun getMaterialAboutList(activityContext: Context): MaterialAboutList {
-
-            var versionName = BuildConfig.VERSION_NAME
-            if (!isOss) {
-                versionName += " ${BuildConfig.FLAVOR}"
-            }
-            if (BuildConfig.DEBUG) {
-                versionName += " DEBUG"
-            }
-
             return MaterialAboutList.Builder()
-                .addCard(MaterialAboutCard.Builder()
-                    .outline(false)
-                    .addItem(MaterialAboutActionItem.Builder()
-                        .icon(R.drawable.ic_baseline_update_24)
-                        .text(R.string.app_version)
-                        .subText(versionName)
-                        .setOnClickAction {
-                            requireContext().launchCustomTab(
-                                "https://github.com/MatsuriDayo/NekoBoxForAndroid/releases"
-                            )
-                        }
-                        .build())
-                    .addItem(MaterialAboutActionItem.Builder()
-                        .icon(R.drawable.ic_baseline_layers_24)
-                        .text(getString(R.string.version_x, "sing-box"))
-                        .subText(Libcore.versionBox())
-                        .setOnClickAction { }
-                        .build())
-                    .addItem(MaterialAboutActionItem.Builder()
-                        .icon(R.drawable.ic_baseline_card_giftcard_24)
-                        .text(R.string.donate)
-                        .subText(R.string.donate_info)
-                        .setOnClickAction {
-                            requireContext().launchCustomTab(
-                                "https://matsuridayo.github.io/#donate"
-                            )
-                        }
-                        .build())
-                    .apply {
-                        for ((_, pkg) in PackageCache.installedPluginPackages) {
-                            try {
-                                val pluginId = pkg.providers[0].loadString(Plugins.METADATA_KEY_ID)
-                                if (pluginId.isNullOrBlank() || pluginId.startsWith(Plugins.AUTHORITIES_PREFIX_NEKO_PLUGIN)) continue
-                                addItem(MaterialAboutActionItem.Builder()
-                                    .icon(R.drawable.ic_baseline_nfc_24)
-                                    .text(
-                                        getString(
-                                            R.string.version_x,
-                                            pluginId
-                                        ) + " (${Plugins.displayExeProvider(pkg.packageName)})"
+                .addCard(
+                    MaterialAboutCard.Builder()
+                        .outline(false)
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .icon(R.drawable.ic_baseline_update_24)
+                                .text(R.string.app_version)
+                                .subText(SagerNet.appVersionNameForDisplay)
+                                .setOnClickAction {
+                                    requireContext().launchCustomTab(
+                                        "https://github.com/MatsuriDayo/NekoBoxForAndroid/releases"
+                                    )
+                                }
+                                .build())
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .text(R.string.check_update_release)
+                                .setOnClickAction {
+                                    checkUpdate(false)
+                                }
+                                .build())
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .text(R.string.check_update_preview)
+                                .setOnClickAction {
+                                    checkUpdate(true)
+                                }
+                                .build())
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .icon(R.drawable.ic_baseline_layers_24)
+                                .text(getString(R.string.version_x, "sing-box"))
+                                .subText(Libcore.versionBox())
+                                .setOnClickAction { }
+                                .build())
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .icon(R.drawable.ic_baseline_card_giftcard_24)
+                                .text(R.string.donate)
+                                .subText(R.string.donate_info)
+                                .setOnClickAction {
+                                    requireContext().launchCustomTab(
+                                        "https://matsuridayo.github.io/index_docs/#donate"
                                     )
-                                    .subText("v" + pkg.versionName)
-                                    .setOnClickAction {
-                                        startActivity(Intent().apply {
-                                            action =
-                                                Settings.ACTION_APPLICATION_DETAILS_SETTINGS
-                                            data = Uri.fromParts(
-                                                "package", pkg.packageName, null
+                                }
+                                .build())
+                        .apply {
+                            PackageCache.awaitLoadSync()
+                            for ((_, pkg) in PackageCache.installedPluginPackages) {
+                                try {
+                                    val pluginId =
+                                        pkg.providers?.get(0)?.loadString(Plugins.METADATA_KEY_ID)
+                                    if (pluginId.isNullOrBlank()) continue
+                                    addItem(
+                                        MaterialAboutActionItem.Builder()
+                                            .icon(R.drawable.ic_baseline_nfc_24)
+                                            .text(
+                                                getString(
+                                                    R.string.version_x,
+                                                    pluginId
+                                                ) + " (${Plugins.displayExeProvider(pkg.packageName)})"
                                             )
-                                        })
-                                    }
-                                    .build())
-                            } catch (e: Exception) {
-                                Logs.w(e)
+                                            .subText("v" + pkg.versionName)
+                                            .setOnClickAction {
+                                                startActivity(Intent().apply {
+                                                    action =
+                                                        Settings.ACTION_APPLICATION_DETAILS_SETTINGS
+                                                    data = Uri.fromParts(
+                                                        "package", pkg.packageName, null
+                                                    )
+                                                })
+                                            }
+                                            .build())
+                                } catch (e: Exception) {
+                                    Logs.w(e)
+                                }
                             }
                         }
-                    }
-                    .apply {
-                        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                            val pm = app.getSystemService(Context.POWER_SERVICE) as PowerManager
-                            if (!pm.isIgnoringBatteryOptimizations(app.packageName)) {
-                                addItem(MaterialAboutActionItem.Builder()
-                                    .icon(R.drawable.ic_baseline_running_with_errors_24)
-                                    .text(R.string.ignore_battery_optimizations)
-                                    .subText(R.string.ignore_battery_optimizations_sum)
-                                    .setOnClickAction {
-                                        requestIgnoreBatteryOptimizations.launch(
-                                            Intent(
-                                                Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS,
-                                                Uri.parse("package:${app.packageName}")
-                                            )
-                                        )
-                                    }
-                                    .build())
+                        .apply {
+                            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                                val pm = app.getSystemService(Context.POWER_SERVICE) as PowerManager
+                                if (!pm.isIgnoringBatteryOptimizations(app.packageName)) {
+                                    addItem(
+                                        MaterialAboutActionItem.Builder()
+                                            .icon(R.drawable.ic_baseline_running_with_errors_24)
+                                            .text(R.string.ignore_battery_optimizations)
+                                            .subText(R.string.ignore_battery_optimizations_sum)
+                                            .setOnClickAction {
+                                                requestIgnoreBatteryOptimizations.launch(
+                                                    Intent(
+                                                        Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS,
+                                                        "package:${app.packageName}".toUri()
+                                                    )
+                                                )
+                                            }
+                                            .build())
+                                }
                             }
                         }
-                    }
-                    .build())
-                .addCard(MaterialAboutCard.Builder()
-                    .outline(false)
-                    .title(R.string.project)
-                    .addItem(MaterialAboutActionItem.Builder()
-                        .icon(R.drawable.ic_baseline_sanitizer_24)
-                        .text(R.string.github)
-                        .setOnClickAction {
-                            requireContext().launchCustomTab(
-                                "https://github.com/MatsuriDayo/NekoBoxForAndroid"
-
-                            )
-                        }
                         .build())
-                    .addItem(MaterialAboutActionItem.Builder()
-                        .icon(R.drawable.ic_qu_shadowsocks_foreground)
-                        .text(R.string.telegram)
-                        .setOnClickAction {
-                            requireContext().launchCustomTab(
-                                "https://t.me/MatsuriDayo"
-                            )
-                        }
+                .addCard(
+                    MaterialAboutCard.Builder()
+                        .outline(false)
+                        .title(R.string.project)
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .icon(R.drawable.ic_baseline_sanitizer_24)
+                                .text(R.string.github)
+                                .setOnClickAction {
+                                    requireContext().launchCustomTab(
+                                        "https://github.com/MatsuriDayo/NekoBoxForAndroid"
+
+                                    )
+                                }
+                                .build())
+                        .addItem(
+                            MaterialAboutActionItem.Builder()
+                                .icon(R.drawable.ic_qu_shadowsocks_foreground)
+                                .text(R.string.telegram)
+                                .setOnClickAction {
+                                    requireContext().launchCustomTab(
+                                        "https://t.me/MatsuriDayo"
+                                    )
+                                }
+                                .build())
                         .build())
-                    .build())
                 .build()
 
         }
@@ -188,6 +211,69 @@ class AboutFragment : ToolbarFragment(R.layout.layout_about) {
             }
         }
 
+        fun checkUpdate(checkPreview: Boolean) {
+            runOnIoDispatcher {
+                try {
+                    val client = Libcore.newHttpClient().apply {
+                        modernTLS()
+                        trySocks5(DataStore.mixedPort)
+                    }
+                    val response = client.newRequest().apply {
+                        if (checkPreview) {
+                            setURL("https://api.github.com/repos/MatsuriDayo/NekoBoxForAndroid/releases/tags/preview")
+                        } else {
+                            setURL("https://api.github.com/repos/MatsuriDayo/NekoBoxForAndroid/releases/latest")
+                        }
+                    }.execute()
+                    val release = JSONObject(Util.getStringBox(response.contentString))
+                    val releaseName = release.getString("name")
+                    val releaseUrl = release.getString("html_url")
+                    var haveUpdate = releaseName.isNotBlank()
+                    haveUpdate = if (isPreview) {
+                        if (checkPreview) {
+                            haveUpdate && releaseName != BuildConfig.PRE_VERSION_NAME
+                        } else {
+                            // User: 1.3.9 pre-1.4.0 Stable: 1.3.9 -> No update
+                            haveUpdate && releaseName != BuildConfig.VERSION_NAME
+                        }
+                    } else {
+                        // User: 1.4.0 Preview: pre-1.4.0 -> No update
+                        // User: 1.4.0 Preview: pre-1.4.1 -> Update
+                        // User: 1.4.0 Stable: 1.4.0 -> No update
+                        // User: 1.4.0 Stable: 1.4.1 -> Update
+                        haveUpdate && !releaseName.contains(BuildConfig.VERSION_NAME)
+                    }
+                    runOnMainDispatcher {
+                        if (haveUpdate) {
+                            val context = requireContext()
+                            MaterialAlertDialogBuilder(context)
+                                .setTitle(R.string.update_dialog_title)
+                                .setMessage(
+                                    context.getString(
+                                        R.string.update_dialog_message,
+                                        SagerNet.appVersionNameForDisplay,
+                                        releaseName
+                                    )
+                                )
+                                .setPositiveButton(R.string.yes) { _, _ ->
+                                    val intent = Intent(Intent.ACTION_VIEW, releaseUrl.toUri())
+                                    context.startActivity(intent)
+                                }
+                                .setNegativeButton(R.string.no, null)
+                                .show()
+                        } else {
+                            Toast.makeText(app, R.string.check_update_no, Toast.LENGTH_SHORT).show()
+                        }
+                    }
+                } catch (e: Exception) {
+                    Logs.w(e)
+                    runOnMainDispatcher {
+                        Toast.makeText(app, e.readableMessage, Toast.LENGTH_SHORT).show()
+                    }
+                }
+            }
+        }
+
     }
 
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/AppListActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/AppListActivity.kt
index 3c522fabb..7f3892430 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/AppListActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/AppListActivity.kt
@@ -2,20 +2,21 @@ package io.nekohasekai.sagernet.ui
 
 import android.content.Intent
 import android.content.pm.ApplicationInfo
-import android.content.pm.PackageInfo
 import android.content.pm.PackageManager
 import android.graphics.drawable.Drawable
 import android.os.Bundle
 import android.util.SparseBooleanArray
-import android.view.*
+import android.view.KeyEvent
+import android.view.Menu
+import android.view.MenuItem
+import android.view.View
+import android.view.ViewGroup
 import android.widget.Filter
 import android.widget.Filterable
 import androidx.annotation.UiThread
 import androidx.core.util.contains
 import androidx.core.util.set
 import androidx.core.view.ViewCompat
-import androidx.core.view.isGone
-import androidx.core.view.isVisible
 import androidx.core.widget.addTextChangedListener
 import androidx.lifecycle.lifecycleScope
 import androidx.recyclerview.widget.DefaultItemAnimator
@@ -24,29 +25,30 @@ import androidx.recyclerview.widget.RecyclerView
 import com.google.android.material.snackbar.Snackbar
 import com.simplecityapps.recyclerview_fastscroll.views.FastScrollRecyclerView
 import io.nekohasekai.sagernet.BuildConfig
-import io.nekohasekai.sagernet.Key
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.databinding.LayoutAppListBinding
 import io.nekohasekai.sagernet.databinding.LayoutAppsItemBinding
-import io.nekohasekai.sagernet.ktx.*
+import io.nekohasekai.sagernet.ktx.crossFadeFrom
+import io.nekohasekai.sagernet.ktx.onMainDispatcher
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import io.nekohasekai.sagernet.utils.PackageCache
-import io.nekohasekai.sagernet.widget.ListHolderListener
 import io.nekohasekai.sagernet.widget.ListListener
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.ensureActive
 import kotlinx.coroutines.withContext
-import moe.matsuri.nb4a.plugin.NekoPluginManager
-import moe.matsuri.nb4a.plugin.Plugins
-import moe.matsuri.nb4a.proxy.neko.NekoJSInterface
-import moe.matsuri.nb4a.ui.Dialogs
 import kotlin.coroutines.coroutineContext
 
 class AppListActivity : ThemedActivity() {
     companion object {
         private const val SWITCH = "switch"
+
+        private val cachedApps
+            get() = PackageCache.installedPackages.toMutableMap().apply {
+                remove(BuildConfig.APPLICATION_ID)
+            }
     }
 
     private class ProxiedApp(
@@ -73,30 +75,7 @@ class AppListActivity : ThemedActivity() {
             item = app
             binding.itemicon.setImageDrawable(app.icon)
             binding.title.text = app.name
-            if (forNeko) {
-                val packageName = app.packageName
-                val ver = getCachedApps()[packageName]?.versionName ?: ""
-                binding.desc.text = "$packageName ($ver)"
-                //
-                binding.button.isVisible = true
-                binding.button.setImageDrawable(getDrawable(R.drawable.ic_baseline_info_24))
-                binding.button.setOnClickListener {
-                    runOnIoDispatcher {
-                        val jsi = NekoJSInterface(packageName)
-                        jsi.init()
-                        val about = jsi.getAbout()
-                        jsi.destorySuspend()
-                        Dialogs.message(
-                            this@AppListActivity, app.name as String,
-                            "PackageName: ${packageName}\n" +
-                                    "Version: ${ver}\n" +
-                                    "--------\n" + about
-                        )
-                    }
-                }
-            } else {
-                binding.desc.text = "${app.packageName} (${app.uid})"
-            }
+            binding.desc.text = "${app.packageName} (${app.uid})"
             handlePayload(listOf(SWITCH))
         }
 
@@ -104,7 +83,6 @@ class AppListActivity : ThemedActivity() {
             if (payloads.contains(SWITCH)) {
                 val selected = isProxiedApp(item)
                 binding.itemcheck.isChecked = selected
-                binding.button.isVisible = forNeko && selected
             }
         }
 
@@ -112,23 +90,6 @@ class AppListActivity : ThemedActivity() {
             if (isProxiedApp(item)) proxiedUids.delete(item.uid) else proxiedUids[item.uid] = true
             DataStore.routePackages = apps.filter { isProxiedApp(it) }
                 .joinToString("\n") { it.packageName }
-
-            if (forNeko) {
-                if (isProxiedApp(item)) {
-                    runOnIoDispatcher {
-                        try {
-                            NekoPluginManager.installPlugin(item.packageName)
-                        } catch (e: Exception) {
-                            // failed UI
-                            runOnUiThread { onClick(v) }
-                            Dialogs.logExceptionAndShow(this@AppListActivity, e) { }
-                        }
-                    }
-                } else {
-                    NekoPluginManager.removeManagedPlugin(item.packageName)
-                }
-            }
-
             appsAdapter.notifyItemRangeChanged(0, appsAdapter.itemCount, SWITCH)
         }
     }
@@ -139,9 +100,10 @@ class AppListActivity : ThemedActivity() {
         var filteredApps = apps
 
         suspend fun reload() {
-            apps = getCachedApps().map { (packageName, packageInfo) ->
+            PackageCache.reload()
+            apps = cachedApps.mapNotNull { (packageName, packageInfo) ->
                 coroutineContext[Job]!!.ensureActive()
-                ProxiedApp(packageManager, packageInfo.applicationInfo, packageName)
+                packageInfo.applicationInfo?.let { ProxiedApp(packageManager, it, packageName) }
             }.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
         }
 
@@ -199,9 +161,12 @@ class AppListActivity : ThemedActivity() {
 
     private fun initProxiedUids(str: String = DataStore.routePackages) {
         proxiedUids.clear()
-        val apps = getCachedApps()
-        for (line in str.lineSequence()) proxiedUids[(apps[line]
-            ?: continue).applicationInfo.uid] = true
+        val apps = cachedApps
+        for (line in str.lineSequence()) {
+            val app = (apps[line] ?: continue)
+            val uid = app.applicationInfo?.uid ?: continue
+            proxiedUids[uid] = true
+        }
     }
 
     private fun isProxiedApp(app: ProxiedApp) = proxiedUids[app.uid]
@@ -214,28 +179,29 @@ class AppListActivity : ThemedActivity() {
             val adapter = binding.list.adapter as AppsAdapter
             withContext(Dispatchers.IO) { adapter.reload() }
             adapter.filter.filter(binding.search.text?.toString() ?: "")
-            binding.list.crossFadeFrom(loading)
-        }
-    }
-
-    private var forNeko = false
-
-    fun getCachedApps(): MutableMap<String, PackageInfo> {
-        val packages =
-            if (forNeko) PackageCache.installedPluginPackages else PackageCache.installedPackages
-        return packages.toMutableMap().apply {
-            remove(BuildConfig.APPLICATION_ID)
+            if (apps.isEmpty()) {
+                binding.list.visibility = View.GONE
+                binding.appPlaceholder.root.crossFadeFrom(loading)
+            } else {
+                binding.list.crossFadeFrom(loading)
+            }
         }
     }
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
-        forNeko = intent?.hasExtra(Key.NEKO_PLUGIN_MANAGED) == true
 
         binding = LayoutAppListBinding.inflate(layoutInflater)
         setContentView(binding.root)
 
-        ListHolderListener.setup(this)
+        binding.appPlaceholder.openSettings.setOnClickListener {
+            val intent =
+                Intent(android.provider.Settings.ACTION_APPLICATION_DETAILS_SETTINGS).apply {
+                    data = android.net.Uri.fromParts("package", packageName, null)
+                }
+            startActivity(intent)
+        }
+
         setSupportActionBar(binding.toolbar)
         supportActionBar?.apply {
             setTitle(R.string.select_apps)
@@ -260,28 +226,13 @@ class AppListActivity : ThemedActivity() {
             appsAdapter.filter.filter(binding.search.text?.toString() ?: "")
         }
 
-        if (forNeko) {
-            DataStore.routePackages = DataStore.nekoPlugins
-            binding.search.setText(Plugins.AUTHORITIES_PREFIX_NEKO_PLUGIN)
-        }
-
-        binding.searchLayout.isGone = forNeko
-        binding.hintNekoPlugin.isGone = !forNeko
-        binding.actionLearnMore.setOnClickListener {
-            launchCustomTab("https://matsuridayo.github.io/m-plugin/")
-        }
-
         loadApps()
     }
 
     private var sysApps = false
 
     override fun onCreateOptionsMenu(menu: Menu): Boolean {
-        if (forNeko) {
-            menuInflater.inflate(R.menu.app_list_neko_menu, menu)
-        } else {
-            menuInflater.inflate(R.menu.app_list_menu, menu)
-        }
+        menuInflater.inflate(R.menu.app_list_menu, menu)
         return true
     }
 
@@ -306,6 +257,7 @@ class AppListActivity : ThemedActivity() {
 
                 return true
             }
+
             R.id.action_clear_selections -> {
                 runOnDefaultDispatcher {
                     proxiedUids.clear()
@@ -316,6 +268,7 @@ class AppListActivity : ThemedActivity() {
                     }
                 }
             }
+
             R.id.action_export_clipboard -> {
                 val success = SagerNet.trySetPrimaryClip("false\n${DataStore.routePackages}")
                 Snackbar.make(
@@ -325,6 +278,7 @@ class AppListActivity : ThemedActivity() {
                 ).show()
                 return true
             }
+
             R.id.action_import_clipboard -> {
                 val proxiedAppString =
                     SagerNet.clipboard.primaryClip?.getItemAt(0)?.text?.toString()
@@ -344,19 +298,6 @@ class AppListActivity : ThemedActivity() {
                 }
                 Snackbar.make(binding.list, R.string.action_import_err, Snackbar.LENGTH_LONG).show()
             }
-            R.id.uninstall_all -> {
-                runOnDefaultDispatcher {
-                    proxiedUids.clear()
-                    DataStore.routePackages = ""
-                    apps = apps.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
-                    NekoPluginManager.plugins.forEach {
-                        NekoPluginManager.removeManagedPlugin(it)
-                    }
-                    onMainDispatcher {
-                        appsAdapter.notifyItemRangeChanged(0, appsAdapter.itemCount, SWITCH)
-                    }
-                }
-            }
         }
         return super.onOptionsItemSelected(item)
     }
@@ -375,7 +316,6 @@ class AppListActivity : ThemedActivity() {
 
     override fun onDestroy() {
         loader?.cancel()
-        if (forNeko) DataStore.nekoPlugins = DataStore.routePackages
         super.onDestroy()
     }
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/AppManagerActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/AppManagerActivity.kt
index 75d2a6b33..effbc5823 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/AppManagerActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/AppManagerActivity.kt
@@ -3,15 +3,18 @@ package io.nekohasekai.sagernet.ui
 import android.annotation.SuppressLint
 import android.content.Intent
 import android.content.pm.ApplicationInfo
-import android.content.pm.PackageInfo
 import android.content.pm.PackageManager
 import android.graphics.drawable.Drawable
 import android.os.Bundle
+import android.text.TextUtils
 import android.util.SparseBooleanArray
-import android.view.*
+import android.view.KeyEvent
+import android.view.Menu
+import android.view.MenuItem
+import android.view.View
+import android.view.ViewGroup
 import android.widget.Filter
 import android.widget.Filterable
-import android.widget.TextView
 import androidx.annotation.UiThread
 import androidx.core.util.contains
 import androidx.core.util.set
@@ -30,24 +33,18 @@ import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.databinding.LayoutAppsBinding
 import io.nekohasekai.sagernet.databinding.LayoutAppsItemBinding
-import io.nekohasekai.sagernet.databinding.LayoutLoadingBinding
 import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.app
 import io.nekohasekai.sagernet.ktx.crossFadeFrom
 import io.nekohasekai.sagernet.ktx.onMainDispatcher
 import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import io.nekohasekai.sagernet.utils.PackageCache
-import io.nekohasekai.sagernet.widget.ListHolderListener
 import io.nekohasekai.sagernet.widget.ListListener
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.ensureActive
 import kotlinx.coroutines.withContext
-import okhttp3.internal.closeQuietly
-import org.jf.dexlib2.dexbacked.DexBackedDexFile
-import org.jf.dexlib2.iface.DexFile
-import java.io.File
-import java.util.zip.ZipException
-import java.util.zip.ZipFile
+import moe.matsuri.nb4a.utils.NGUtil
 import kotlin.coroutines.coroutineContext
 
 class AppManagerActivity : ThemedActivity() {
@@ -109,9 +106,10 @@ class AppManagerActivity : ThemedActivity() {
         var filteredApps = apps
 
         suspend fun reload() {
-            apps = cachedApps.map { (packageName, packageInfo) ->
+            PackageCache.reload()
+            apps = cachedApps.mapNotNull { (packageName, packageInfo) ->
                 coroutineContext[Job]!!.ensureActive()
-                ProxiedApp(packageManager, packageInfo.applicationInfo, packageName)
+                packageInfo.applicationInfo?.let { ProxiedApp(packageManager, it, packageName) }
             }.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
         }
 
@@ -145,7 +143,8 @@ class AppManagerActivity : ThemedActivity() {
             }
 
             override fun publishResults(constraint: CharSequence, results: FilterResults) {
-                @Suppress("UNCHECKED_CAST") filteredApps = results.values as List<ProxiedApp>
+                @Suppress("UNCHECKED_CAST")
+                filteredApps = results.values as List<ProxiedApp>
                 notifyDataSetChanged()
             }
         }
@@ -169,8 +168,11 @@ class AppManagerActivity : ThemedActivity() {
     private fun initProxiedUids(str: String = DataStore.individual) {
         proxiedUids.clear()
         val apps = cachedApps
-        for (line in str.lineSequence()) proxiedUids[(apps[line]
-            ?: continue).applicationInfo.uid] = true
+        for (line in str.lineSequence()) {
+            val app = (apps[line] ?: continue)
+            val uid = app.applicationInfo?.uid ?: continue
+            proxiedUids[uid] = true
+        }
     }
 
     private fun isProxiedApp(app: ProxiedApp) = proxiedUids[app.uid]
@@ -183,7 +185,12 @@ class AppManagerActivity : ThemedActivity() {
             val adapter = binding.list.adapter as AppsAdapter
             withContext(Dispatchers.IO) { adapter.reload() }
             adapter.filter.filter(binding.search.text?.toString() ?: "")
-            binding.list.crossFadeFrom(loading)
+            if (apps.isEmpty()) {
+                binding.list.visibility = View.GONE
+                binding.appPlaceholder.root.crossFadeFrom(loading)
+            } else {
+                binding.list.crossFadeFrom(loading)
+            }
         }
     }
 
@@ -193,7 +200,14 @@ class AppManagerActivity : ThemedActivity() {
         binding = LayoutAppsBinding.inflate(layoutInflater)
         setContentView(binding.root)
 
-        ListHolderListener.setup(this)
+        binding.appPlaceholder.openSettings.setOnClickListener {
+            val intent =
+                Intent(android.provider.Settings.ACTION_APPLICATION_DETAILS_SETTINGS).apply {
+                    data = android.net.Uri.fromParts("package", packageName, null)
+                }
+            startActivity(intent)
+        }
+
         setSupportActionBar(binding.toolbar)
         supportActionBar?.apply {
             setTitle(R.string.proxied_apps)
@@ -212,10 +226,12 @@ class AppManagerActivity : ThemedActivity() {
                     DataStore.proxyApps = false
                     finish()
                 }
+
                 R.id.appProxyModeOn -> DataStore.bypass = false
                 R.id.appProxyModeBypass -> DataStore.bypass = true
             }
         }
+        binding.autoSelectProxyApps.setOnClickListener { selectProxyApp() }
 
         initProxiedUids()
         binding.list.layoutManager = LinearLayoutManager(this, RecyclerView.VERTICAL, false)
@@ -247,14 +263,11 @@ class AppManagerActivity : ThemedActivity() {
 
     override fun onOptionsItemSelected(item: MenuItem): Boolean {
         when (item.itemId) {
-            R.id.action_scan_china_apps -> {
-                scanChinaApps()
-                return true
-            }
             R.id.action_invert_selections -> {
                 runOnDefaultDispatcher {
+                    val proxiedUidsOld = proxiedUids.clone()
                     for (app in apps) {
-                        if (proxiedUids.contains(app.uid)) {
+                        if (proxiedUidsOld.contains(app.uid)) {
                             proxiedUids.delete(app.uid)
                         } else {
                             proxiedUids[app.uid] = true
@@ -270,6 +283,7 @@ class AppManagerActivity : ThemedActivity() {
 
                 return true
             }
+
             R.id.action_clear_selections -> {
                 runOnDefaultDispatcher {
                     proxiedUids.clear()
@@ -280,8 +294,10 @@ class AppManagerActivity : ThemedActivity() {
                     }
                 }
             }
+
             R.id.action_export_clipboard -> {
-                val success = SagerNet.trySetPrimaryClip("${DataStore.bypass}\n${DataStore.individual}")
+                val success =
+                    SagerNet.trySetPrimaryClip("${DataStore.bypass}\n${DataStore.individual}")
                 Snackbar.make(
                     binding.list,
                     if (success) R.string.action_export_msg else R.string.action_export_err,
@@ -289,8 +305,10 @@ class AppManagerActivity : ThemedActivity() {
                 ).show()
                 return true
             }
+
             R.id.action_import_clipboard -> {
-                val proxiedAppString = SagerNet.clipboard.primaryClip?.getItemAt(0)?.text?.toString()
+                val proxiedAppString =
+                    SagerNet.clipboard.primaryClip?.getItemAt(0)?.text?.toString()
                 if (!proxiedAppString.isNullOrEmpty()) {
                     val i = proxiedAppString.indexOf('\n')
                     try {
@@ -316,150 +334,58 @@ class AppManagerActivity : ThemedActivity() {
         return super.onOptionsItemSelected(item)
     }
 
-    @SuppressLint("SetTextI18n")
-    private fun scanChinaApps() {
-
-        val text: TextView
-
-        val dialog = MaterialAlertDialogBuilder(this).setView(
-            LayoutLoadingBinding.inflate(layoutInflater).apply {
-                text = loadingText
-            }.root
-        ).setCancelable(false).show()
-
-        val txt = text.text.toString()
-
-        runOnDefaultDispatcher {
-            val chinaApps = ArrayList<Pair<PackageInfo, String>>()
-            val chinaRegex = ("(" + arrayOf(
-                "com.tencent",
-                "com.alibaba",
-                "com.umeng",
-                "com.qihoo",
-                "com.ali",
-                "com.alipay",
-                "com.amap",
-                "com.sina",
-                "com.weibo",
-                "com.vivo",
-                "com.xiaomi",
-                "com.huawei",
-                "com.taobao",
-                "com.secneo",
-                "s.h.e.l.l",
-                "com.stub",
-                "com.kiwisec",
-                "com.secshell",
-                "com.wrapper",
-                "cn.securitystack",
-                "com.mogosec",
-                "com.secoen",
-                "com.netease",
-                "com.mx",
-                "com.qq.e",
-                "com.baidu",
-                "com.bytedance",
-                "com.bugly",
-                "com.miui",
-                "com.oppo",
-                "com.coloros",
-                "com.iqoo",
-                "com.meizu",
-                "com.gionee",
-                "cn.nubia"
-            ).joinToString("|") { "${it.replace(".", "\\.")}\\." } + ").*").toRegex()
-
-            val bypass = DataStore.bypass
-            val cachedApps = cachedApps
-
-            apps = cachedApps.map { (packageName, packageInfo) ->
-                kotlin.coroutines.coroutineContext[Job]!!.ensureActive()
-                ProxiedApp(packageManager, packageInfo.applicationInfo, packageName)
-            }.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
-
-            scan@ for ((pkg, app) in cachedApps.entries) {
-                /*if (!sysApps && app.applicationInfo.flags and ApplicationInfo.FLAG_SYSTEM != 0) {
-                    continue
-                }*/
-
-                val index = appsAdapter.filteredApps.indexOfFirst { it.uid == app.applicationInfo.uid }
-                var changed = false
-
-                onMainDispatcher {
-                    text.text = (txt + " " + app.packageName + "\n\n" + chinaApps.map { it.second }
-                        .reversed()
-                        .joinToString("\n", postfix = "\n")).trim()
-                }
-
+    private fun selectProxyApp() {
+        MaterialAlertDialogBuilder(this).setTitle(R.string.confirm)
+            .setMessage(R.string.auto_select_proxy_apps_message)
+            .setPositiveButton(R.string.yes) { _, _ ->
                 try {
-
-                    val dex = File(app.applicationInfo.publicSourceDir)
-                    val zipFile = ZipFile(dex)
-                    var dexFile: DexFile
-
-                    for (entry in zipFile.entries()) {
-                        if (entry.name.startsWith("classes") && entry.name.endsWith(".dex")) {
-                            val input = zipFile.getInputStream(entry).readBytes()
-                            dexFile = try {
-                                DexBackedDexFile.fromInputStream(null, input.inputStream())
-                            } catch (e: Exception) {
-                                Logs.w(e)
-                                break
+                    val needProxyAppsList = getAutoProxyApps("")
+                    val bypass = DataStore.bypass
+                    proxiedUids.clear()
+                    for (app in cachedApps) {
+                        val needProxy =
+                            needProxyAppsList.contains(app.key) || (app.value.applicationInfo?.uid
+                                ?: 0) == 1000
+                        if (needProxy) {
+                            if (!bypass) {
+                                app.value.applicationInfo?.apply {
+                                    proxiedUids[uid] = true
+                                }
                             }
-                            for (clazz in dexFile.classes) {
-                                val clazzName = clazz.type.substring(1, clazz.type.length - 1)
-                                    .replace("/", ".")
-                                    .replace("$", ".")
-
-                                if (clazzName.matches(chinaRegex)) {
-                                    chinaApps.add(
-                                        app to app.applicationInfo.loadLabel(packageManager)
-                                            .toString()
-                                    )
-                                    zipFile.closeQuietly()
-
-                                    if (bypass) {
-                                        changed = !proxiedUids[app.applicationInfo.uid]
-                                        proxiedUids[app.applicationInfo.uid] = true
-                                    } else {
-                                        proxiedUids.delete(app.applicationInfo.uid)
-                                    }
-
-                                    continue@scan
+                        } else {
+                            if (bypass) {
+                                app.value.applicationInfo?.apply {
+                                    proxiedUids[uid] = true
                                 }
                             }
                         }
                     }
-                    zipFile.closeQuietly()
-
-                    if (bypass) {
-                        proxiedUids.delete(app.applicationInfo.uid)
-                    } else {
-                        changed = !proxiedUids[index]
-                        proxiedUids[app.applicationInfo.uid] = true
-                    }
-
-                } catch (e: ZipException) {
-                    Logs.w("Error in pkg ${app.packageName}:${app.versionName}", e)
-                    continue
+                    DataStore.individual =
+                        apps.filter { isProxiedApp(it) }.joinToString("\n") { it.packageName }
+                    apps = apps.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
+                    appsAdapter.filter.filter(binding.search.text?.toString() ?: "")
+                } catch (e: Exception) {
+                    Logs.e(e)
                 }
-
             }
+            .setNegativeButton(R.string.no, null)
+            .show()
+    }
 
-            DataStore.individual = apps.filter { isProxiedApp(it) }
-                .joinToString("\n") { it.packageName }
-
-            apps = apps.sortedWith(compareBy({ !isProxiedApp(it) }, { it.name.toString() }))
-
-            onMainDispatcher {
-                appsAdapter.filter.filter(binding.search.text?.toString() ?: "")
-
-                dialog.dismiss()
+    private fun getAutoProxyApps(content: String): List<String> {
+        var list = listOf<String>()
+        try {
+            val proxyApps = if (TextUtils.isEmpty(content)) {
+                NGUtil.readTextFromAssets(app, "proxy_packagename.txt")
+            } else {
+                content
             }
-
+            if (!TextUtils.isEmpty(proxyApps)) {
+                list = proxyApps.split("\n")
+            }
+        } catch (_: Exception) {
         }
-
-
+        return list
     }
 
     override fun supportNavigateUpTo(upIntent: Intent) =
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/AssetsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/AssetsActivity.kt
index 21f22c696..d63848289 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/AssetsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/AssetsActivity.kt
@@ -18,6 +18,7 @@ import io.nekohasekai.sagernet.databinding.LayoutAssetsBinding
 import io.nekohasekai.sagernet.ktx.*
 import io.nekohasekai.sagernet.widget.UndoSnackbarManager
 import libcore.Libcore
+import moe.matsuri.nb4a.utils.Util
 import org.json.JSONObject
 import java.io.File
 import java.io.FileWriter
@@ -231,7 +232,7 @@ class AssetsActivity : ThemedActivity() {
                         updateAsset(file, versionFile, localVersion)
                     }.onFailure {
                         onMainDispatcher {
-                            alert(it.readableMessage).show()
+                            alert(it.readableMessage).tryToShow()
                         }
                     }
 
@@ -249,23 +250,28 @@ class AssetsActivity : ThemedActivity() {
 
     }
 
+    private val rulesProviders = listOf(
+        RuleAssetsProvider(
+            "SagerNet/sing-geoip",
+            "SagerNet/sing-geosite",
+        ),
+        RuleAssetsProvider(
+            "soffchen/sing-geoip",
+            "soffchen/sing-geosite",
+        ),
+        RuleAssetsProvider(
+            "Chocolate4U/Iran-sing-box-rules"
+        ),
+        RuleAssetsProvider(
+            "L11R/antizapret-sing-box-geo"
+        ),
+    )
+
     suspend fun updateAsset(file: File, versionFile: File, localVersion: String) {
-        val repo: String
         var fileName = file.name
 
-        if (DataStore.rulesProvider == 0) {
-            if (file.name == assetNames[0]) {
-                repo = "SagerNet/sing-geoip"
-            } else {
-                repo = "SagerNet/sing-geosite"
-            }
-        } else {
-            if (file.name == assetNames[0]) {
-                repo = "soffchen/sing-geoip"
-            } else {
-                repo = "soffchen/sing-geosite"
-            }
-        }
+        val ruleProvider = rulesProviders[DataStore.rulesProvider]
+        val repo = ruleProvider.repoByFileName[fileName]
 
         val client = Libcore.newHttpClient().apply {
             modernTLS()
@@ -278,7 +284,7 @@ class AssetsActivity : ThemedActivity() {
                 setURL("https://api.github.com/repos/$repo/releases/latest")
             }.execute()
 
-            val release = JSONObject(response.contentString)
+            val release = JSONObject(Util.getStringBox(response.contentString))
             val tagName = release.optString("tag_name")
 
             if (tagName == localVersion) {
@@ -338,5 +344,17 @@ class AssetsActivity : ThemedActivity() {
         }
     }
 
-
+    private data class RuleAssetsProvider(
+        val repoByFileName: Map<String, String>
+    ) {
+        constructor(
+            geoipRepo: String,
+            geositeRepo: String = geoipRepo,
+        ) : this(
+            mapOf(
+                "geoip.db" to geoipRepo,
+                "geosite.db" to geositeRepo,
+            )
+        )
+    }
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/BackupFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/BackupFragment.kt
index 46ac0ec4b..b439225f8 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/BackupFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/BackupFragment.kt
@@ -16,6 +16,7 @@ import com.jakewharton.processphoenix.ProcessPhoenix
 import io.nekohasekai.sagernet.BuildConfig
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.SagerNet
+import io.nekohasekai.sagernet.bg.Executable
 import io.nekohasekai.sagernet.database.*
 import io.nekohasekai.sagernet.database.preference.KeyValuePair
 import io.nekohasekai.sagernet.database.preference.PublicDatabase
@@ -23,6 +24,7 @@ import io.nekohasekai.sagernet.databinding.LayoutBackupBinding
 import io.nekohasekai.sagernet.databinding.LayoutImportBinding
 import io.nekohasekai.sagernet.databinding.LayoutProgressBinding
 import io.nekohasekai.sagernet.ktx.*
+import kotlinx.coroutines.delay
 import moe.matsuri.nb4a.utils.Util
 import org.json.JSONArray
 import org.json.JSONObject
@@ -34,33 +36,45 @@ class BackupFragment : NamedFragment(R.layout.layout_backup) {
     override fun name0() = app.getString(R.string.backup)
 
     var content = ""
-    private val exportSettings = registerForActivityResult(ActivityResultContracts.CreateDocument()) { data ->
-        if (data != null) {
-            runOnDefaultDispatcher {
-                try {
-                    requireActivity().contentResolver.openOutputStream(
-                        data
-                    )!!.bufferedWriter().use {
-                        it.write(content)
-                    }
-                    onMainDispatcher {
-                        snackbar(getString(R.string.action_export_msg)).show()
-                    }
-                } catch (e: Exception) {
-                    Logs.w(e)
-                    onMainDispatcher {
-                        snackbar(e.readableMessage).show()
+    private val exportSettings =
+        registerForActivityResult(ActivityResultContracts.CreateDocument()) { data ->
+            if (data != null) {
+                runOnDefaultDispatcher {
+                    try {
+                        requireActivity().contentResolver.openOutputStream(
+                            data
+                        )!!.bufferedWriter().use {
+                            it.write(content)
+                        }
+                        onMainDispatcher {
+                            snackbar(getString(R.string.action_export_msg)).show()
+                        }
+                    } catch (e: Exception) {
+                        Logs.w(e)
+                        onMainDispatcher {
+                            snackbar(e.readableMessage).show()
+                        }
                     }
                 }
-
             }
         }
-    }
 
     override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
         super.onViewCreated(view, savedInstanceState)
 
         val binding = LayoutBackupBinding.bind(view)
+
+        binding.resetSettings.setOnClickListener {
+            MaterialAlertDialogBuilder(requireContext()).setTitle(R.string.confirm)
+                .setMessage(R.string.reset_settings_message)
+                .setNegativeButton(R.string.no, null)
+                .setPositiveButton(R.string.yes) { _, _ ->
+                    DataStore.configurationStore.reset()
+                    triggerFullRestart(requireContext())
+                }
+                .show()
+        }
+
         binding.actionExport.setOnClickListener {
             runOnDefaultDispatcher {
                 content = doBackup(
@@ -230,13 +244,11 @@ class BackupFragment : NamedFragment(R.layout.layout_backup) {
                                 import.backupRules.isChecked,
                                 import.backupSettings.isChecked
                             )
-                            ProcessPhoenix.triggerRebirth(
-                                requireContext(), Intent(requireContext(), MainActivity::class.java)
-                            )
+                            triggerFullRestart(requireContext())
                         }.onFailure {
                             Logs.w(it)
                             onMainDispatcher {
-                                alert(it.readableMessage).show()
+                                alert(it.readableMessage).tryToShow()
                             }
                         }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/ConfigurationFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/ConfigurationFragment.kt
index 50ae989bd..054091075 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/ConfigurationFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/ConfigurationFragment.kt
@@ -1,8 +1,8 @@
 package io.nekohasekai.sagernet.ui
 
+import android.annotation.SuppressLint
 import android.content.Intent
 import android.graphics.Color
-import android.net.Uri
 import android.os.Bundle
 import android.os.SystemClock
 import android.provider.OpenableColumns
@@ -10,15 +10,19 @@ import android.text.SpannableStringBuilder
 import android.text.Spanned.SPAN_EXCLUSIVE_EXCLUSIVE
 import android.text.format.Formatter
 import android.text.style.ForegroundColorSpan
-import android.view.*
+import android.view.KeyEvent
+import android.view.LayoutInflater
+import android.view.MenuItem
+import android.view.View
+import android.view.ViewGroup
 import android.widget.ImageView
 import android.widget.LinearLayout
 import android.widget.TextView
 import androidx.activity.result.contract.ActivityResultContracts
-import androidx.appcompat.app.AlertDialog
 import androidx.appcompat.widget.PopupMenu
 import androidx.appcompat.widget.SearchView
 import androidx.appcompat.widget.Toolbar
+import androidx.core.net.toUri
 import androidx.core.view.isGone
 import androidx.core.view.isVisible
 import androidx.core.view.size
@@ -32,45 +36,84 @@ import androidx.viewpager2.widget.ViewPager2
 import com.google.android.material.dialog.MaterialAlertDialogBuilder
 import com.google.android.material.tabs.TabLayout
 import com.google.android.material.tabs.TabLayoutMediator
-import io.nekohasekai.sagernet.*
+import io.nekohasekai.sagernet.GroupOrder
+import io.nekohasekai.sagernet.GroupType
+import io.nekohasekai.sagernet.Key
+import io.nekohasekai.sagernet.R
+import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.aidl.TrafficData
 import io.nekohasekai.sagernet.bg.BaseService
 import io.nekohasekai.sagernet.bg.proto.UrlTest
-import io.nekohasekai.sagernet.database.*
+import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.database.GroupManager
+import io.nekohasekai.sagernet.database.ProfileManager
+import io.nekohasekai.sagernet.database.ProxyEntity
+import io.nekohasekai.sagernet.database.ProxyGroup
+import io.nekohasekai.sagernet.database.SagerDatabase
 import io.nekohasekai.sagernet.database.preference.OnPreferenceDataStoreChangeListener
-import io.nekohasekai.sagernet.databinding.LayoutAppsItemBinding
 import io.nekohasekai.sagernet.databinding.LayoutProfileListBinding
 import io.nekohasekai.sagernet.databinding.LayoutProgressListBinding
 import io.nekohasekai.sagernet.fmt.AbstractBean
 import io.nekohasekai.sagernet.fmt.toUniversalLink
+import io.nekohasekai.sagernet.group.GroupUpdater
 import io.nekohasekai.sagernet.group.RawUpdater
-import io.nekohasekai.sagernet.ktx.*
+import io.nekohasekai.sagernet.ktx.FixedLinearLayoutManager
+import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.SubscriptionFoundException
+import io.nekohasekai.sagernet.ktx.alert
+import io.nekohasekai.sagernet.ktx.app
+import io.nekohasekai.sagernet.ktx.dp2px
+import io.nekohasekai.sagernet.ktx.getColorAttr
+import io.nekohasekai.sagernet.ktx.getColour
+import io.nekohasekai.sagernet.ktx.isIpAddress
+import io.nekohasekai.sagernet.ktx.onMainDispatcher
+import io.nekohasekai.sagernet.ktx.readableMessage
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
+import io.nekohasekai.sagernet.ktx.runOnLifecycleDispatcher
+import io.nekohasekai.sagernet.ktx.runOnMainDispatcher
+import io.nekohasekai.sagernet.ktx.scrollTo
+import io.nekohasekai.sagernet.ktx.showAllowingStateLoss
+import io.nekohasekai.sagernet.ktx.snackbar
+import io.nekohasekai.sagernet.ktx.startFilesForResult
+import io.nekohasekai.sagernet.ktx.tryToShow
 import io.nekohasekai.sagernet.plugin.PluginManager
-import io.nekohasekai.sagernet.ui.profile.*
-import io.nekohasekai.sagernet.utils.PackageCache
+import io.nekohasekai.sagernet.ui.profile.ChainSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.HttpSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.HysteriaSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.MieruSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.NaiveSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.SSHSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.ShadowsocksSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.SocksSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.TrojanGoSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.TrojanSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.TuicSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.VMessSettingsActivity
+import io.nekohasekai.sagernet.ui.profile.WireGuardSettingsActivity
 import io.nekohasekai.sagernet.widget.QRCodeDialog
 import io.nekohasekai.sagernet.widget.UndoSnackbarManager
-import kotlinx.coroutines.*
+import kotlinx.coroutines.DelicateCoroutinesApi
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.isActive
+import kotlinx.coroutines.joinAll
+import kotlinx.coroutines.launch
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import moe.matsuri.nb4a.Protocols
 import moe.matsuri.nb4a.Protocols.getProtocolColor
-import moe.matsuri.nb4a.plugin.NekoPluginManager
+import moe.matsuri.nb4a.proxy.anytls.AnyTLSSettingsActivity
 import moe.matsuri.nb4a.proxy.config.ConfigSettingActivity
-import moe.matsuri.nb4a.proxy.neko.NekoJSInterface
-import moe.matsuri.nb4a.proxy.neko.NekoSettingActivity
-import moe.matsuri.nb4a.proxy.neko.canShare
 import moe.matsuri.nb4a.proxy.shadowtls.ShadowTLSSettingsActivity
+import moe.matsuri.nb4a.ui.ConnectionTestNotification
 import okhttp3.internal.closeQuietly
-import java.net.InetAddress
 import java.net.InetSocketAddress
 import java.net.Socket
 import java.net.UnknownHostException
-import java.util.*
+import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.ConcurrentLinkedQueue
 import java.util.concurrent.atomic.AtomicInteger
 import java.util.zip.ZipInputStream
-import kotlin.collections.set
 
 class ConfigurationFragment @JvmOverloads constructor(
     val select: Boolean = false, val selectedItem: ProxyEntity? = null, val titleRes: Int = 0
@@ -91,7 +134,12 @@ class ConfigurationFragment @JvmOverloads constructor(
     val alwaysShowAddress by lazy { DataStore.alwaysShowAddress }
 
     fun getCurrentGroupFragment(): GroupFragment? {
-        return childFragmentManager.findFragmentByTag("f" + DataStore.selectedGroup) as GroupFragment?
+        return try {
+            childFragmentManager.findFragmentByTag("f" + DataStore.selectedGroup) as GroupFragment?
+        } catch (e: Exception) {
+            Logs.e(e)
+            null
+        }
     }
 
     val updateSelectedCallback = object : ViewPager2.OnPageChangeCallback() {
@@ -111,6 +159,7 @@ class ConfigurationFragment @JvmOverloads constructor(
 
     override fun onQueryTextSubmit(query: String): Boolean = false
 
+    @SuppressLint("DetachAndAttachSameFragment")
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
 
@@ -141,6 +190,12 @@ class ConfigurationFragment @JvmOverloads constructor(
         if (searchView != null) {
             searchView.setOnQueryTextListener(this)
             searchView.maxWidth = Int.MAX_VALUE
+
+            searchView.setOnQueryTextFocusChangeListener { _, hasFocus ->
+                if (!hasFocus) {
+                    cancelSearch(searchView)
+                }
+            }
         }
 
         groupPager = view.findViewById(R.id.group_pager)
@@ -262,7 +317,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                         snackbar(getString(R.string.no_proxies_found_in_file)).show()
                     } else import(proxies)
                 } catch (e: SubscriptionFoundException) {
-                    (requireActivity() as MainActivity).importSubscription(Uri.parse(e.link))
+                    (requireActivity() as MainActivity).importSubscription(e.link.toUri())
                 } catch (e: Exception) {
                     Logs.w(e)
                     onMainDispatcher {
@@ -293,6 +348,7 @@ class ConfigurationFragment @JvmOverloads constructor(
             R.id.action_scan_qr_code -> {
                 startActivity(Intent(context, ScannerActivity::class.java))
             }
+
             R.id.action_import_clipboard -> {
                 val text = SagerNet.getClipboardText()
                 if (text.isBlank()) {
@@ -304,7 +360,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                             snackbar(getString(R.string.no_proxies_found_in_clipboard)).show()
                         } else import(proxies)
                     } catch (e: SubscriptionFoundException) {
-                        (requireActivity() as MainActivity).importSubscription(Uri.parse(e.link))
+                        (requireActivity() as MainActivity).importSubscription(e.link.toUri())
                     } catch (e: Exception) {
                         Logs.w(e)
 
@@ -314,87 +370,93 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
             }
+
             R.id.action_import_file -> {
                 startFilesForResult(importFile, "*/*")
             }
+
             R.id.action_new_socks -> {
                 startActivity(Intent(requireActivity(), SocksSettingsActivity::class.java))
             }
+
             R.id.action_new_http -> {
                 startActivity(Intent(requireActivity(), HttpSettingsActivity::class.java))
             }
+
             R.id.action_new_ss -> {
                 startActivity(Intent(requireActivity(), ShadowsocksSettingsActivity::class.java))
             }
+
             R.id.action_new_vmess -> {
                 startActivity(Intent(requireActivity(), VMessSettingsActivity::class.java))
             }
+
             R.id.action_new_vless -> {
                 startActivity(Intent(requireActivity(), VMessSettingsActivity::class.java).apply {
                     putExtra("vless", true)
                 })
             }
+
             R.id.action_new_trojan -> {
                 startActivity(Intent(requireActivity(), TrojanSettingsActivity::class.java))
             }
+
             R.id.action_new_trojan_go -> {
                 startActivity(Intent(requireActivity(), TrojanGoSettingsActivity::class.java))
             }
+
+            R.id.action_new_mieru -> {
+                startActivity(Intent(requireActivity(), MieruSettingsActivity::class.java))
+            }
+
             R.id.action_new_naive -> {
                 startActivity(Intent(requireActivity(), NaiveSettingsActivity::class.java))
             }
+
             R.id.action_new_hysteria -> {
                 startActivity(Intent(requireActivity(), HysteriaSettingsActivity::class.java))
             }
+
             R.id.action_new_tuic -> {
                 startActivity(Intent(requireActivity(), TuicSettingsActivity::class.java))
             }
+
             R.id.action_new_ssh -> {
                 startActivity(Intent(requireActivity(), SSHSettingsActivity::class.java))
             }
+
             R.id.action_new_wg -> {
                 startActivity(Intent(requireActivity(), WireGuardSettingsActivity::class.java))
             }
+
             R.id.action_new_shadowtls -> {
                 startActivity(Intent(requireActivity(), ShadowTLSSettingsActivity::class.java))
             }
+
+            R.id.action_new_anytls -> {
+                startActivity(Intent(requireActivity(), AnyTLSSettingsActivity::class.java))
+            }
+
             R.id.action_new_config -> {
                 startActivity(Intent(requireActivity(), ConfigSettingActivity::class.java))
             }
+
             R.id.action_new_chain -> {
                 startActivity(Intent(requireActivity(), ChainSettingsActivity::class.java))
             }
-            R.id.action_new_neko -> {
-                val context = requireContext()
-                lateinit var dialog: AlertDialog
-                val linearLayout = LinearLayout(context).apply {
-                    orientation = LinearLayout.VERTICAL
-
-                    NekoPluginManager.getProtocols().forEach { obj ->
-                        LayoutAppsItemBinding.inflate(layoutInflater, this, true).apply {
-                            itemcheck.isGone = true
-                            button.isGone = false
-                            itemicon.setImageDrawable(
-                                PackageCache.installedApps[obj.plgId]?.loadIcon(
-                                    context.packageManager
-                                )
-                            )
-                            title.text = obj.protocolId
-                            desc.text = obj.plgId
-                            button.setOnClickListener {
-                                dialog.dismiss()
-                                val intent = Intent(context, NekoSettingActivity::class.java)
-                                intent.putExtra("plgId", obj.plgId)
-                                intent.putExtra("protocolId", obj.protocolId)
-                                startActivity(intent)
-                            }
-                        }
+
+            R.id.action_update_subscription -> {
+                val group = DataStore.currentGroup()
+                if (group.type != GroupType.SUBSCRIPTION) {
+                    snackbar(R.string.group_not_subscription).show()
+                    Logs.e("onMenuItemClick: Group(${group.displayName()}) is not subscription")
+                } else {
+                    runOnLifecycleDispatcher {
+                        GroupUpdater.startUpdate(group, true)
                     }
                 }
-                dialog = MaterialAlertDialogBuilder(context).setTitle(R.string.neko_plugin)
-                    .setView(linearLayout)
-                    .show()
             }
+
             R.id.action_clear_traffic_statistics -> {
                 runOnDefaultDispatcher {
                     val profiles = SagerDatabase.proxyDao.getByGroup(DataStore.currentGroupId())
@@ -411,6 +473,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
             }
+
             R.id.action_connection_test_clear_results -> {
                 runOnDefaultDispatcher {
                     val profiles = SagerDatabase.proxyDao.getByGroup(DataStore.currentGroupId())
@@ -428,6 +491,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
             }
+
             R.id.action_connection_test_delete_unavailable -> {
                 runOnDefaultDispatcher {
                     val profiles = SagerDatabase.proxyDao.getByGroup(DataStore.currentGroupId())
@@ -466,6 +530,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
             }
+
             R.id.action_remove_duplicate -> {
                 runOnDefaultDispatcher {
                     val profiles = SagerDatabase.proxyDao.getByGroup(DataStore.currentGroupId())
@@ -517,9 +582,11 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
             }
+
             R.id.action_connection_tcp_ping -> {
                 pingTest(false)
             }
+
             R.id.action_connection_url_test -> {
                 urlTest()
             }
@@ -530,28 +597,41 @@ class ConfigurationFragment @JvmOverloads constructor(
     inner class TestDialog {
         val binding = LayoutProgressListBinding.inflate(layoutInflater)
         val builder = MaterialAlertDialogBuilder(requireContext()).setView(binding.root)
-            .setNegativeButton(android.R.string.cancel) { _, _ ->
-                cancel()
+            .setPositiveButton(R.string.minimize) { _, _ ->
+                minimize()
             }
-            .setOnDismissListener {
+            .setNegativeButton(android.R.string.cancel) { _, _ ->
                 cancel()
             }
             .setCancelable(false)
 
         lateinit var cancel: () -> Unit
-        val fragment by lazy { getCurrentGroupFragment() }
-        val results = Collections.synchronizedList(mutableListOf<ProxyEntity?>())
+        lateinit var minimize: () -> Unit
+
+        val dialogStatus = AtomicInteger(0) // 1: hidden 2: cancelled
+        var notification: ConnectionTestNotification? = null
+
+        val results: MutableSet<ProxyEntity> = ConcurrentHashMap.newKeySet()
         var proxyN = 0
         val finishedN = AtomicInteger(0)
 
-        suspend fun insert(profile: ProxyEntity?) {
-            results.add(profile)
-        }
+        fun update(profile: ProxyEntity) {
+            if (dialogStatus.get() != 2) {
+                results.add(profile)
+            }
+            runOnMainDispatcher {
+                val context = context ?: return@runOnMainDispatcher
+                val progress = finishedN.addAndGet(1)
+                val status = dialogStatus.get()
+                notification?.updateNotification(
+                    progress,
+                    proxyN,
+                    progress >= proxyN || status == 2
+                )
+                if (status >= 1) return@runOnMainDispatcher
+                if (!isAdded) return@runOnMainDispatcher
 
-        suspend fun update(profile: ProxyEntity) {
-            fragment?.configurationListView?.post {
-                val context = context ?: return@post
-                if (!isAdded) return@post
+                // refresh dialog
 
                 var profileStatusText: String? = null
                 var profileStatusColor = 0
@@ -561,18 +641,22 @@ class ConfigurationFragment @JvmOverloads constructor(
                         profileStatusText = profile.error
                         profileStatusColor = context.getColorAttr(android.R.attr.textColorSecondary)
                     }
+
                     0 -> {
                         profileStatusText = getString(R.string.connection_test_testing)
                         profileStatusColor = context.getColorAttr(android.R.attr.textColorSecondary)
                     }
+
                     1 -> {
                         profileStatusText = getString(R.string.available, profile.ping)
                         profileStatusColor = context.getColour(R.color.material_green_500)
                     }
+
                     2 -> {
                         profileStatusText = profile.error
                         profileStatusColor = context.getColour(R.color.material_red_500)
                     }
+
                     3 -> {
                         val err = profile.error ?: ""
                         val msg = Protocols.genFriendlyMsg(err)
@@ -599,64 +683,46 @@ class ConfigurationFragment @JvmOverloads constructor(
                 }
 
                 binding.nowTesting.text = text
-                binding.progress.text = "${finishedN.addAndGet(1)} / $proxyN"
+                binding.progress.text = "$progress / $proxyN"
             }
         }
 
     }
 
-    fun stopService() {
-        if (DataStore.serviceState.started) SagerNet.stopService()
-    }
-
     @OptIn(DelicateCoroutinesApi::class)
     @Suppress("EXPERIMENTAL_API_USAGE")
     fun pingTest(icmpPing: Boolean) {
+        if (DataStore.runningTest) return else DataStore.runningTest = true
         val test = TestDialog()
-        val testJobs = mutableListOf<Job>()
         val dialog = test.builder.show()
+        val testJobs = mutableListOf<Job>()
+        val group = DataStore.currentGroup()
+
         val mainJob = runOnDefaultDispatcher {
-            if (DataStore.serviceState.started) {
-                stopService()
-                delay(500) // wait for service stop
-            }
-            val group = DataStore.currentGroup()
-            val profilesUnfiltered = SagerDatabase.proxyDao.getByGroup(group.id)
-            test.proxyN = profilesUnfiltered.size
-            val profiles = ConcurrentLinkedQueue(profilesUnfiltered)
-            val testPool = newFixedThreadPoolContext(
-                DataStore.connectionTestConcurrent,
-                "pingTest"
-            )
+            val profilesList = SagerDatabase.proxyDao.getByGroup(group.id).filter {
+                if (icmpPing) {
+                    if (it.requireBean().canICMPing()) {
+                        return@filter true
+                    }
+                } else {
+                    if (it.requireBean().canTCPing()) {
+                        return@filter true
+                    }
+                }
+                return@filter false
+            }
+            test.proxyN = profilesList.size
+            val profiles = ConcurrentLinkedQueue(profilesList)
             repeat(DataStore.connectionTestConcurrent) {
-                testJobs.add(launch(testPool) {
+                testJobs.add(launch(Dispatchers.IO) {
                     while (isActive) {
                         val profile = profiles.poll() ?: break
 
-                        if (icmpPing) {
-                            if (!profile.requireBean().canICMPing()) {
-                                profile.status = -1
-                                profile.error =
-                                    app.getString(R.string.connection_test_icmp_ping_unavailable)
-                                test.insert(profile)
-                                continue
-                            }
-                        } else {
-                            if (!profile.requireBean().canTCPing()) {
-                                profile.status = -1
-                                profile.error =
-                                    app.getString(R.string.connection_test_tcp_ping_unavailable)
-                                test.insert(profile)
-                                continue
-                            }
-                        }
-
                         profile.status = 0
-                        test.insert(profile)
                         var address = profile.requireBean().serverAddress
                         if (!address.isIpAddress()) {
                             try {
-                                InetAddress.getAllByName(address).apply {
+                                SagerNet.underlyingNetwork!!.getAllByName(address).apply {
                                     if (isNotEmpty()) {
                                         address = this[0].hostAddress
                                     }
@@ -675,7 +741,9 @@ class ConfigurationFragment @JvmOverloads constructor(
                             if (icmpPing) {
                                 // removed
                             } else {
-                                val socket = Socket()
+                                val socket =
+                                    SagerNet.underlyingNetwork?.socketFactory?.createSocket()
+                                        ?: Socket()
                                 try {
                                     socket.soTimeout = 3000
                                     socket.bind(InetSocketAddress(0))
@@ -705,15 +773,18 @@ class ConfigurationFragment @JvmOverloads constructor(
                                 when {
                                     !message.contains("failed:") -> profile.error =
                                         getString(R.string.connection_test_timeout)
+
                                     else -> when {
                                         message.contains("ECONNREFUSED") -> {
                                             profile.error =
                                                 getString(R.string.connection_test_refused)
                                         }
+
                                         message.contains("ENETUNREACH") -> {
                                             profile.error =
                                                 getString(R.string.connection_test_unreachable)
                                         }
+
                                         else -> {
                                             profile.status = 3
                                             profile.error = message
@@ -728,15 +799,18 @@ class ConfigurationFragment @JvmOverloads constructor(
             }
 
             testJobs.joinAll()
-            testPool.close()
 
-            onMainDispatcher {
-                dialog.dismiss()
+            runOnMainDispatcher {
+                test.cancel()
             }
         }
         test.cancel = {
+            test.dialogStatus.set(2)
+            dialog.dismiss()
             runOnDefaultDispatcher {
-                test.results.filterNotNull().forEach {
+                mainJob.cancel()
+                testJobs.forEach { it.cancel() }
+                test.results.forEach {
                     try {
                         ProfileManager.updateProfile(it)
                     } catch (e: Exception) {
@@ -744,38 +818,37 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
                 GroupManager.postReload(DataStore.currentGroupId())
-                mainJob.cancel()
-                testJobs.forEach { it.cancel() }
+                DataStore.runningTest = false
             }
         }
+        test.minimize = {
+            test.dialogStatus.set(1)
+            test.notification = ConnectionTestNotification(
+                dialog.context,
+                "[${group.displayName()}] ${getString(R.string.connection_test)}"
+            )
+            dialog.hide()
+        }
     }
 
     @OptIn(DelicateCoroutinesApi::class)
     fun urlTest() {
+        if (DataStore.runningTest) return else DataStore.runningTest = true
         val test = TestDialog()
         val dialog = test.builder.show()
         val testJobs = mutableListOf<Job>()
+        val group = DataStore.currentGroup()
 
         val mainJob = runOnDefaultDispatcher {
-            if (DataStore.serviceState.started) {
-                stopService()
-                delay(500) // wait for service stop
-            }
-            val group = DataStore.currentGroup()
-            val profilesUnfiltered = SagerDatabase.proxyDao.getByGroup(group.id)
-            test.proxyN = profilesUnfiltered.size
-            val profiles = ConcurrentLinkedQueue(profilesUnfiltered)
-            val testPool = newFixedThreadPoolContext(
-                DataStore.connectionTestConcurrent,
-                "urlTest"
-            )
+            val profilesList = SagerDatabase.proxyDao.getByGroup(group.id)
+            test.proxyN = profilesList.size
+            val profiles = ConcurrentLinkedQueue(profilesList)
             repeat(DataStore.connectionTestConcurrent) {
-                testJobs.add(launch(testPool) {
+                testJobs.add(launch(Dispatchers.IO) {
                     val urlTest = UrlTest() // note: this is NOT in bg process
                     while (isActive) {
                         val profile = profiles.poll() ?: break
                         profile.status = 0
-                        test.insert(profile)
 
                         try {
                             val result = urlTest.doTest(profile)
@@ -796,13 +869,17 @@ class ConfigurationFragment @JvmOverloads constructor(
 
             testJobs.joinAll()
 
-            onMainDispatcher {
-                dialog.dismiss()
+            runOnMainDispatcher {
+                test.cancel()
             }
         }
         test.cancel = {
+            test.dialogStatus.set(2)
+            dialog.dismiss()
             runOnDefaultDispatcher {
-                test.results.filterNotNull().forEach {
+                mainJob.cancel()
+                testJobs.forEach { it.cancel() }
+                test.results.forEach {
                     try {
                         ProfileManager.updateProfile(it)
                     } catch (e: Exception) {
@@ -810,11 +887,17 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
                 GroupManager.postReload(DataStore.currentGroupId())
-                NekoJSInterface.Default.destroyAllJsi()
-                mainJob.cancel()
-                testJobs.forEach { it.cancel() }
+                DataStore.runningTest = false
             }
         }
+        test.minimize = {
+            test.dialogStatus.set(1)
+            test.notification = ConnectionTestNotification(
+                dialog.context,
+                "[${group.displayName()}] ${getString(R.string.connection_test)}"
+            )
+            dialog.hide()
+        }
     }
 
     inner class GroupPagerAdapter : FragmentStateAdapter(this),
@@ -855,16 +938,18 @@ class ConfigurationFragment @JvmOverloads constructor(
                     }
                 }
 
-                val runFunc = if (now) requireActivity()::runOnUiThread else groupPager::post
-                runFunc {
-                    groupList = newGroupList
-                    notifyDataSetChanged()
-                    if (set) groupPager.setCurrentItem(selectedGroupIndex, false)
-                    val hideTab = groupList.size < 2
-                    tabLayout.isGone = hideTab
-                    toolbar.elevation = if (hideTab) 0F else dp2px(4).toFloat()
-                    if (!select) {
-                        groupPager.registerOnPageChangeCallback(updateSelectedCallback)
+                val runFunc = if (now) activity?.let { it::runOnUiThread } else groupPager::post
+                if (runFunc != null) {
+                    runFunc {
+                        groupList = newGroupList
+                        notifyDataSetChanged()
+                        if (set) groupPager.setCurrentItem(selectedGroupIndex, false)
+                        val hideTab = groupList.size < 2
+                        tabLayout.isGone = hideTab
+                        toolbar.elevation = if (hideTab) 0F else dp2px(4).toFloat()
+                        if (!select) {
+                            groupPager.registerOnPageChangeCallback(updateSelectedCallback)
+                        }
                     }
                 }
             }
@@ -939,7 +1024,7 @@ class ConfigurationFragment @JvmOverloads constructor(
 
         override suspend fun onUpdated(data: TrafficData) = Unit
 
-        override suspend fun onUpdated(profile: ProxyEntity) = Unit
+        override suspend fun onUpdated(profile: ProxyEntity, noTraffic: Boolean) = Unit
 
         override suspend fun onRemoved(groupId: Long, profileId: Long) {
             val group = groupList.find { it.id == groupId } ?: return
@@ -1034,9 +1119,11 @@ class ConfigurationFragment @JvmOverloads constructor(
                 GroupOrder.ORIGIN -> {
                     origin.isChecked = true
                 }
+
                 GroupOrder.BY_NAME -> {
                     byName.isChecked = true
                 }
+
                 GroupOrder.BY_DELAY -> {
                     byDelay.isChecked = true
                 }
@@ -1267,7 +1354,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                 }
             }
 
-            override suspend fun onUpdated(profile: ProxyEntity) {
+            override suspend fun onUpdated(profile: ProxyEntity, noTraffic: Boolean) {
                 if (profile.groupId != proxyGroup.id) return
                 val index = configurationIdList.indexOf(profile.id)
                 if (index < 0) return
@@ -1275,9 +1362,21 @@ class ConfigurationFragment @JvmOverloads constructor(
                     if (::undoManager.isInitialized) {
                         undoManager.flush()
                     }
-                    val oldProfile = configurationList[profile.id]
                     configurationList[profile.id] = profile
                     notifyItemChanged(index)
+                    //
+                    val oldProfile = configurationList[profile.id]
+                    if (noTraffic && oldProfile != null) {
+                        runOnDefaultDispatcher {
+                            onUpdated(
+                                TrafficData(
+                                    id = profile.id,
+                                    rx = oldProfile.rx,
+                                    tx = oldProfile.tx
+                                )
+                            )
+                        }
+                    }
                 }
             }
 
@@ -1327,12 +1426,12 @@ class ConfigurationFragment @JvmOverloads constructor(
 
             fun reloadProfiles() {
                 var newProfiles = SagerDatabase.proxyDao.getByGroup(proxyGroup.id)
-                val subscription = proxyGroup.subscription
                 when (proxyGroup.order) {
                     GroupOrder.BY_NAME -> {
                         newProfiles = newProfiles.sortedBy { it.displayName() }
 
                     }
+
                     GroupOrder.BY_DELAY -> {
                         newProfiles =
                             newProfiles.sortedBy { if (it.status == 1) it.ping else 114514 }
@@ -1486,7 +1585,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                     val msg = Protocols.genFriendlyMsg(err)
                     profileStatus.text = if (msg != err) msg else getString(R.string.unavailable)
                     profileStatus.setOnClickListener {
-                        alert(err).show()
+                        alert(err).tryToShow()
                     }
                 } else {
                     profileStatus.setOnClickListener(null)
@@ -1514,7 +1613,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                 removeButton.isGone = select
 
                 proxyEntity.nekoBean?.apply {
-                    shareLayout.isGone = !canShare()
+                    shareLayout.isGone = true
                 }
 
                 runOnDefaultDispatcher {
@@ -1538,6 +1637,7 @@ class ConfigurationFragment @JvmOverloads constructor(
                                     R.id.action_standard_clipboard
                                 )
                             }
+
                             !proxyEntity.haveLink() -> {
                                 popup.menu.removeItem(R.id.action_group_qr)
                                 popup.menu.removeItem(R.id.action_group_clipboard)
@@ -1583,12 +1683,13 @@ class ConfigurationFragment @JvmOverloads constructor(
                 try {
                     currentName = entity.displayName()!!
                     when (item.itemId) {
-                        R.id.action_standard_qr -> showCode(entity.toStdLink()!!)
-                        R.id.action_standard_clipboard -> export(entity.toStdLink()!!)
+                        R.id.action_standard_qr -> showCode(entity.toStdLink())
+                        R.id.action_standard_clipboard -> export(entity.toStdLink())
                         R.id.action_universal_qr -> showCode(entity.requireBean().toUniversalLink())
                         R.id.action_universal_clipboard -> export(
                             entity.requireBean().toUniversalLink()
                         )
+
                         R.id.action_config_export_clipboard -> export(entity.exportConfig().first)
                         R.id.action_config_export_file -> {
                             val cfg = entity.exportConfig()
@@ -1633,4 +1734,9 @@ class ConfigurationFragment @JvmOverloads constructor(
             }
         }
 
-}
\ No newline at end of file
+    private fun cancelSearch(searchView: SearchView) {
+        searchView.onActionViewCollapsed()
+        searchView.clearFocus()
+    }
+
+}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/DebugFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/DebugFragment.kt
deleted file mode 100644
index a5d33a35f..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/DebugFragment.kt
+++ /dev/null
@@ -1,28 +0,0 @@
-package io.nekohasekai.sagernet.ui
-
-import android.os.Bundle
-import android.view.View
-import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.databinding.LayoutDebugBinding
-import io.nekohasekai.sagernet.ktx.snackbar
-
-class DebugFragment : NamedFragment(R.layout.layout_debug) {
-
-    override fun name0() = "Debug"
-
-    override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
-        super.onViewCreated(view, savedInstanceState)
-
-        val binding = LayoutDebugBinding.bind(view)
-
-        binding.debugCrash.setOnClickListener {
-            error("test crash")
-        }
-        binding.resetSettings.setOnClickListener {
-            DataStore.configurationStore.reset()
-            snackbar("Cleared").show()
-        }
-    }
-
-}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/GroupFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/GroupFragment.kt
index 6c063d342..ffc1f55ba 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/GroupFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/GroupFragment.kt
@@ -23,12 +23,13 @@ import io.nekohasekai.sagernet.databinding.LayoutGroupItemBinding
 import io.nekohasekai.sagernet.fmt.toUniversalLink
 import io.nekohasekai.sagernet.group.GroupUpdater
 import io.nekohasekai.sagernet.ktx.*
-import io.nekohasekai.sagernet.widget.ListHolderListener
+import io.nekohasekai.sagernet.widget.ListListener
 import io.nekohasekai.sagernet.widget.QRCodeDialog
 import io.nekohasekai.sagernet.widget.UndoSnackbarManager
 import kotlinx.coroutines.delay
 import moe.matsuri.nb4a.utils.Util
 import moe.matsuri.nb4a.utils.toBytesString
+import java.lang.NumberFormatException
 import java.util.*
 
 class GroupFragment : ToolbarFragment(R.layout.layout_group),
@@ -44,7 +45,7 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
         super.onViewCreated(view, savedInstanceState)
         activity = requireActivity() as MainActivity
 
-        ViewCompat.setOnApplyWindowInsetsListener(view, ListHolderListener)
+        ViewCompat.setOnApplyWindowInsetsListener(view, ListListener)
         toolbar.setTitle(R.string.menu_group)
         toolbar.inflateMenu(R.menu.add_group_menu)
         toolbar.setOnMenuItemClickListener(this)
@@ -111,6 +112,7 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
             R.id.action_new_group -> {
                 startActivity(Intent(context, GroupSettingsActivity::class.java))
             }
+
             R.id.action_update_all -> {
                 MaterialAlertDialogBuilder(requireContext()).setTitle(R.string.confirm)
                     .setMessage(R.string.update_all_subscription)
@@ -339,9 +341,11 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
                         proxyGroup.toUniversalLink(), proxyGroup.displayName()
                     ).showAllowingStateLoss(parentFragmentManager)
                 }
+
                 R.id.action_universal_clipboard -> {
                     export(proxyGroup.toUniversalLink())
                 }
+
                 R.id.action_export_clipboard -> {
                     runOnDefaultDispatcher {
                         val profiles = SagerDatabase.proxyDao.getByGroup(selectedGroup.id)
@@ -352,9 +356,11 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
                         }
                     }
                 }
+
                 R.id.action_export_file -> {
                     startFilesForResult(exportProfiles, "profiles_${proxyGroup.displayName()}.txt")
                 }
+
                 R.id.action_clear -> {
                     MaterialAlertDialogBuilder(requireContext()).setTitle(R.string.confirm)
                         .setMessage(R.string.clear_profiles_message)
@@ -415,9 +421,10 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
                     subscriptionUpdateProgress.isIndeterminate = true
                 } else {
                     subscriptionUpdateProgress.isIndeterminate = false
-                    val progress = GroupUpdater.progress[proxyGroup.id]!!
-                    subscriptionUpdateProgress.max = progress.max
-                    subscriptionUpdateProgress.progress = progress.progress
+                    GroupUpdater.progress[proxyGroup.id]?.let {
+                        subscriptionUpdateProgress.max = it.max
+                        subscriptionUpdateProgress.progress = it.progress
+                    }
                 }
 
                 updateButton.isInvisible = true
@@ -436,17 +443,17 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
             if (subscription != null && subscription.bytesUsed > 0L) { // SIP008 & Open Online Config
                 groupTraffic.isVisible = true
                 groupTraffic.text = if (subscription.bytesRemaining > 0L) {
-                    getString(
+                    app.getString(
                         R.string.subscription_traffic, Formatter.formatFileSize(
-                            context, subscription.bytesUsed
+                            app, subscription.bytesUsed
                         ), Formatter.formatFileSize(
-                            context, subscription.bytesRemaining
+                            app, subscription.bytesRemaining
                         )
                     )
                 } else {
-                    getString(
+                    app.getString(
                         R.string.subscription_used, Formatter.formatFileSize(
-                            context, subscription.bytesUsed
+                            app, subscription.bytesUsed
                         )
                     )
                 }
@@ -460,27 +467,31 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
                     }.firstOrNull()
                 }
 
-                var used: Long = 0
-                get("upload=([0-9]+)")?.apply {
-                    used += toLong()
-                }
-                get("download=([0-9]+)")?.apply {
-                    used += toLong()
-                }
-                val total = get("total=([0-9]+)")?.toLong() ?: 0
-                if (used > 0 || total > 0) {
-                    text += getString(
-                        R.string.subscription_traffic,
-                        used.toBytesString(),
-                        (total - used).toBytesString()
-                    )
-                }
-                get("expire=([0-9]+)")?.apply {
-                    text += "\n"
-                    text += getString(
-                        R.string.subscription_expire,
-                        Util.timeStamp2Text(this.toLong() * 1000)
-                    )
+                try {
+                    var used: Long = 0
+                    get("upload=([0-9]+)")?.apply {
+                        used += toLong()
+                    }
+                    get("download=([0-9]+)")?.apply {
+                        used += toLong()
+                    }
+                    val total = get("total=([0-9]+)")?.toLong() ?: 0
+                    if (used > 0 || total > 0) {
+                        text += getString(
+                            R.string.subscription_traffic,
+                            used.toBytesString(),
+                            (total - used).toBytesString()
+                        )
+                    }
+                    get("expire=([0-9]+)")?.apply {
+                        text += "\n"
+                        text += getString(
+                            R.string.subscription_expire,
+                            Util.timeStamp2Text(this.toLong() * 1000)
+                        )
+                    }
+                } catch (_: NumberFormatException) {
+                    // ignore
                 }
 
                 if (text.isNotEmpty()) {
@@ -506,6 +517,7 @@ class GroupFragment : ToolbarFragment(R.layout.layout_group),
                                 groupStatus.text = getString(R.string.group_status_proxies, size)
                             }
                         }
+
                         GroupType.SUBSCRIPTION -> {
                             groupStatus.text = if (size == 0L) {
                                 getString(R.string.group_status_empty_subscription)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/GroupSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/GroupSettingsActivity.kt
index cf27dd053..e8440bf1c 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/GroupSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/GroupSettingsActivity.kt
@@ -29,7 +29,6 @@ import io.nekohasekai.sagernet.ktx.onMainDispatcher
 import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import io.nekohasekai.sagernet.widget.ListListener
 import io.nekohasekai.sagernet.widget.OutboundPreference
-import io.nekohasekai.sagernet.widget.UserAgentPreference
 import kotlinx.parcelize.Parcelize
 import moe.matsuri.nb4a.ui.SimpleMenuPreference
 
@@ -163,13 +162,6 @@ class GroupSettingsActivity(
         }
     }
 
-    fun PreferenceFragmentCompat.viewCreated(view: View, savedInstanceState: Bundle?) {
-    }
-
-    fun PreferenceFragmentCompat.displayPreferenceDialog(preference: Preference): Boolean {
-        return false
-    }
-
     class UnsavedChangesDialogFragment : AlertDialogFragment<Empty, Empty>() {
         override fun AlertDialog.Builder.prepare(listener: DialogInterface.OnClickListener) {
             setTitle(R.string.unsaved_changes_prompt)
@@ -233,9 +225,7 @@ class GroupSettingsActivity(
 
                 onMainDispatcher {
                     supportFragmentManager.beginTransaction()
-                        .replace(R.id.settings, MyPreferenceFragmentCompat().apply {
-                            activity = this@GroupSettingsActivity
-                        })
+                        .replace(R.id.settings, MyPreferenceFragmentCompat())
                         .commit()
 
                     DataStore.dirty = false
@@ -258,7 +248,12 @@ class GroupSettingsActivity(
                 finish()
                 return
             }
-            entity.subscription?.subscriptionUserinfo = "";
+            val keepUserInfo = (entity.type == GroupType.SUBSCRIPTION &&
+                    DataStore.groupType == GroupType.SUBSCRIPTION &&
+                    entity.subscription?.link == DataStore.subscriptionLink)
+            if (!keepUserInfo) {
+                entity.subscription?.subscriptionUserinfo = "";
+            }
             GroupManager.updateGroup(entity.apply { serialize() })
         }
 
@@ -299,12 +294,12 @@ class GroupSettingsActivity(
 
     class MyPreferenceFragmentCompat : PreferenceFragmentCompat() {
 
-        lateinit var activity: GroupSettingsActivity
+        var activity: GroupSettingsActivity? = null
 
         override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
             preferenceManager.preferenceDataStore = DataStore.profileCacheStore
             try {
-                activity.apply {
+                activity = (requireActivity() as GroupSettingsActivity).apply {
                     createPreferences(savedInstanceState, rootKey)
                 }
             } catch (e: Exception) {
@@ -321,10 +316,6 @@ class GroupSettingsActivity(
             super.onViewCreated(view, savedInstanceState)
 
             ViewCompat.setOnApplyWindowInsetsListener(listView, ListListener)
-
-            activity.apply {
-                viewCreated(view, savedInstanceState)
-            }
         }
 
         override fun onOptionsItemSelected(item: MenuItem) = when (item.itemId) {
@@ -339,20 +330,15 @@ class GroupSettingsActivity(
                 }
                 true
             }
+
             R.id.action_apply -> {
                 runOnDefaultDispatcher {
-                    activity.saveAndExit()
+                    activity?.saveAndExit()
                 }
                 true
             }
-            else -> false
-        }
 
-        override fun onDisplayPreferenceDialog(preference: Preference) {
-            activity.apply {
-                if (displayPreferenceDialog(preference)) return
-            }
-            super.onDisplayPreferenceDialog(preference)
+            else -> false
         }
 
     }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/LogcatFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/LogcatFragment.kt
index d2fd8a9d4..2f276ee9f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/LogcatFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/LogcatFragment.kt
@@ -9,11 +9,14 @@ import android.text.Spanned.SPAN_EXCLUSIVE_EXCLUSIVE
 import android.text.style.ForegroundColorSpan
 import android.view.MenuItem
 import android.view.View
-import android.widget.ScrollView
+import android.view.ViewGroup
 import androidx.appcompat.widget.Toolbar
+import androidx.core.view.ViewCompat
+import androidx.core.view.doOnLayout
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.databinding.LayoutLogcatBinding
 import io.nekohasekai.sagernet.ktx.*
+import io.nekohasekai.sagernet.widget.ListListener
 import libcore.Libcore
 import moe.matsuri.nb4a.utils.SendLog
 
@@ -36,20 +39,23 @@ class LogcatFragment : ToolbarFragment(R.layout.layout_logcat),
             binding.textview.breakStrategy = 0 // simple
         }
 
+        ViewCompat.setOnApplyWindowInsetsListener(binding.root, ListListener)
+
         reloadSession()
-        // TODO new logcat
     }
 
     private fun getColorForLine(line: String): ForegroundColorSpan {
         var color = ForegroundColorSpan(Color.GRAY)
         when {
-            line.contains(" INFO[") || line.contains(" [Info]") -> {
+            line.contains("INFO[") || line.contains(" [Info]") -> {
                 color = ForegroundColorSpan((0xFF86C166).toInt())
             }
-            line.contains(" ERROR[") || line.contains(" [Error]") -> {
+
+            line.contains("ERROR[") || line.contains(" [Error]") -> {
                 color = ForegroundColorSpan(Color.RED)
             }
-            line.contains(" WARN[") || line.contains(" [Warning]") -> {
+
+            line.contains("WARN[") || line.contains(" [Warning]") -> {
                 color = ForegroundColorSpan(Color.RED)
             }
         }
@@ -69,9 +75,10 @@ class LogcatFragment : ToolbarFragment(R.layout.layout_logcat),
             offset += line.length + 1
         }
         binding.textview.text = span
-
-        binding.scroolview.post {
-            binding.scroolview.fullScroll(ScrollView.FOCUS_DOWN)
+        binding.textview.clearFocus()
+        // 等 textview 完成最终 layout 再滚动到底部
+        binding.textview.doOnLayout {
+            binding.scroolview.scrollTo(0, binding.textview.height)
         }
     }
 
@@ -94,12 +101,14 @@ class LogcatFragment : ToolbarFragment(R.layout.layout_logcat),
                 }
 
             }
+
             R.id.action_send_logcat -> {
                 val context = requireContext()
                 runOnDefaultDispatcher {
                     SendLog.sendLog(context, "NB4A")
                 }
             }
+
             R.id.action_refresh -> {
                 reloadSession()
             }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/MainActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/MainActivity.kt
index 1954d1517..a60012e10 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/MainActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/MainActivity.kt
@@ -10,22 +10,29 @@ import android.os.Bundle
 import android.os.RemoteException
 import android.view.KeyEvent
 import android.view.MenuItem
-import android.widget.Toast
+import androidx.activity.addCallback
 import androidx.annotation.IdRes
 import androidx.core.app.ActivityCompat
 import androidx.core.content.ContextCompat
-import androidx.core.view.ViewCompat
 import androidx.preference.PreferenceDataStore
 import com.google.android.material.dialog.MaterialAlertDialogBuilder
 import com.google.android.material.navigation.NavigationView
 import com.google.android.material.snackbar.Snackbar
-import io.nekohasekai.sagernet.*
+import io.nekohasekai.sagernet.BuildConfig
+import io.nekohasekai.sagernet.GroupType
+import io.nekohasekai.sagernet.Key
+import io.nekohasekai.sagernet.R
+import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.aidl.ISagerNetService
 import io.nekohasekai.sagernet.aidl.SpeedDisplayData
 import io.nekohasekai.sagernet.aidl.TrafficData
 import io.nekohasekai.sagernet.bg.BaseService
 import io.nekohasekai.sagernet.bg.SagerConnection
-import io.nekohasekai.sagernet.database.*
+import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.database.GroupManager
+import io.nekohasekai.sagernet.database.ProfileManager
+import io.nekohasekai.sagernet.database.ProxyGroup
+import io.nekohasekai.sagernet.database.SubscriptionBean
 import io.nekohasekai.sagernet.database.preference.OnPreferenceDataStoreChangeListener
 import io.nekohasekai.sagernet.databinding.LayoutMainBinding
 import io.nekohasekai.sagernet.fmt.AbstractBean
@@ -33,12 +40,15 @@ import io.nekohasekai.sagernet.fmt.KryoConverters
 import io.nekohasekai.sagernet.fmt.PluginEntry
 import io.nekohasekai.sagernet.group.GroupInterfaceAdapter
 import io.nekohasekai.sagernet.group.GroupUpdater
-import io.nekohasekai.sagernet.ktx.*
-import io.nekohasekai.sagernet.widget.ListHolderListener
-import libcore.Libcore
+import io.nekohasekai.sagernet.ktx.alert
+import io.nekohasekai.sagernet.ktx.isPlay
+import io.nekohasekai.sagernet.ktx.isPreview
+import io.nekohasekai.sagernet.ktx.launchCustomTab
+import io.nekohasekai.sagernet.ktx.onMainDispatcher
+import io.nekohasekai.sagernet.ktx.parseProxies
+import io.nekohasekai.sagernet.ktx.readableMessage
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
 import moe.matsuri.nb4a.utils.Util
-import java.text.SimpleDateFormat
-import java.util.*
 
 class MainActivity : ThemedActivity(),
     SagerConnection.Callback,
@@ -68,6 +78,13 @@ class MainActivity : ThemedActivity(),
         if (savedInstanceState == null) {
             displayFragmentWithId(R.id.nav_configuration)
         }
+        onBackPressedDispatcher.addCallback {
+            if (supportFragmentManager.findFragmentById(R.id.fragment_holder) is ConfigurationFragment) {
+                moveTaskToBack(true)
+            } else {
+                displayFragmentWithId(R.id.nav_configuration)
+            }
+        }
 
         binding.fab.setOnClickListener {
             if (DataStore.serviceState.canStop) SagerNet.stopService() else connect.launch(
@@ -77,7 +94,6 @@ class MainActivity : ThemedActivity(),
         binding.stats.setOnClickListener { if (DataStore.serviceState.connected) binding.stats.testConnection() }
 
         setContentView(binding.root)
-        ViewCompat.setOnApplyWindowInsetsListener(binding.coordinator, ListHolderListener)
         changeState(BaseService.State.Idle)
         connection.connect(this, this)
         DataStore.configurationStore.registerChangeListener(this)
@@ -87,6 +103,8 @@ class MainActivity : ThemedActivity(),
             onNewIntent(intent)
         }
 
+        refreshNavMenu(DataStore.enableClashAPI)
+
         // sdk 33 notification
         if (Build.VERSION.SDK_INT >= 33) {
             val checkPermission =
@@ -94,10 +112,25 @@ class MainActivity : ThemedActivity(),
             if (checkPermission != PackageManager.PERMISSION_GRANTED) {
                 //动态申请
                 ActivityCompat.requestPermissions(
-                    this@MainActivity, arrayOf<String>(POST_NOTIFICATIONS), 0
+                    this@MainActivity, arrayOf(POST_NOTIFICATIONS), 0
                 )
             }
         }
+
+        if (isPreview) {
+            MaterialAlertDialogBuilder(this)
+                .setTitle(BuildConfig.PRE_VERSION_NAME)
+                .setMessage(R.string.preview_version_hint)
+                .setPositiveButton(android.R.string.ok, null)
+                .show()
+        }
+    }
+
+    fun refreshNavMenu(clashApi: Boolean) {
+        if (::navigation.isInitialized) {
+            navigation.menu.findItem(R.id.nav_traffic)?.isVisible = clashApi
+            navigation.menu.findItem(R.id.nav_tuiguang)?.isVisible = !isPlay
+        }
     }
 
     override fun onNewIntent(intent: Intent) {
@@ -237,7 +270,7 @@ class MainActivity : ThemedActivity(),
             }
             .setNeutralButton(android.R.string.cancel, null)
             .setNeutralButton(R.string.action_learn_more) { _, _ ->
-                launchCustomTab("https://matsuridayo.github.io/m-plugin/")
+                launchCustomTab("https://matsuridayo.github.io/nb4a-plugin/")
             }
             .show()
     }
@@ -300,6 +333,7 @@ class MainActivity : ThemedActivity(),
             R.id.nav_configuration -> {
                 displayFragment(ConfigurationFragment())
             }
+
             R.id.nav_group -> displayFragment(GroupFragment())
             R.id.nav_route -> displayFragment(RouteFragment())
             R.id.nav_settings -> displayFragment(SettingsFragment())
@@ -310,30 +344,19 @@ class MainActivity : ThemedActivity(),
                 launchCustomTab("https://matsuridayo.github.io/")
                 return false
             }
+
             R.id.nav_about -> displayFragment(AboutFragment())
             R.id.nav_tuiguang -> {
-                launchCustomTab("https://matsuricom.github.io/")
+                launchCustomTab("https://neko-box.pages.dev/喵")
                 return false
             }
+
             else -> return false
         }
         navigation.menu.findItem(id).isChecked = true
         return true
     }
 
-    @SuppressLint("CommitTransaction")
-    fun ruleCreated() {
-        navigation.menu.findItem(R.id.nav_route).isChecked = true
-        supportFragmentManager.beginTransaction()
-            .replace(R.id.fragment_holder, RouteFragment())
-            .commitAllowingStateLoss()
-        if (DataStore.serviceState.started) {
-            snackbar(getString(R.string.need_reload)).setAction(R.string.apply) {
-                SagerNet.reloadService()
-            }.show()
-        }
-    }
-
     private fun changeState(
         state: BaseService.State,
         msg: String? = null,
@@ -344,16 +367,6 @@ class MainActivity : ThemedActivity(),
         binding.fab.changeState(state, DataStore.serviceState, animate)
         binding.stats.changeState(state)
         if (msg != null) snackbar(getString(R.string.vpn_error, msg)).show()
-
-        when (state) {
-            BaseService.State.Stopped -> {
-                runOnDefaultDispatcher {
-                    // refresh view
-                    ProfileManager.postUpdate(DataStore.currentProfile)
-                }
-            }
-            else -> {}
-        }
     }
 
     override fun snackbarInternal(text: CharSequence): Snackbar {
@@ -369,18 +382,6 @@ class MainActivity : ThemedActivity(),
         changeState(state, msg, true)
     }
 
-    override fun routeAlert(type: Int, routeName: String) {
-        when (type) {
-            0 -> {
-                // need vpn
-
-                Toast.makeText(
-                    this, getString(R.string.route_need_vpn, routeName), Toast.LENGTH_SHORT
-                ).show()
-            }
-        }
-    }
-
     val connection = SagerConnection(SagerConnection.CONNECTION_ID_MAIN_ACTIVITY_FOREGROUND, true)
     override fun onServiceConnected(service: ISagerNetService) = changeState(
         try {
@@ -412,6 +413,16 @@ class MainActivity : ThemedActivity(),
         }
     }
 
+    override fun cbSelectorUpdate(id: Long) {
+        val old = DataStore.selectedProxy
+        DataStore.selectedProxy = id
+        DataStore.currentProfile = id
+        runOnDefaultDispatcher {
+            ProfileManager.postUpdate(old, true)
+            ProfileManager.postUpdate(id, true)
+        }
+    }
+
     override fun onPreferenceDataStoreChanged(store: PreferenceDataStore, key: String) {
         when (key) {
             Key.SERVICE_MODE -> onBinderDied()
@@ -449,6 +460,7 @@ class MainActivity : ThemedActivity(),
                 binding.drawerLayout.open()
                 navigation.requestFocus()
             }
+
             KeyEvent.KEYCODE_DPAD_RIGHT -> {
                 if (binding.drawerLayout.isOpen) {
                     binding.drawerLayout.close()
@@ -465,42 +477,4 @@ class MainActivity : ThemedActivity(),
         return fragment != null && fragment.onKeyDown(keyCode, event)
     }
 
-    @SuppressLint("SimpleDateFormat")
-    override fun onResume() {
-        super.onResume()
-
-        val sdf = SimpleDateFormat("yyyy-MM-dd")
-        val now = System.currentTimeMillis()
-        val expire = Libcore.getExpireTime() * 1000
-        val dateExpire = Date(expire)
-        val build = Libcore.getBuildTime() * 1000
-        val dateBuild = Date(build)
-
-        var text: String? = null
-        if (now > expire) {
-            text = getString(
-                R.string.please_update_force, sdf.format(dateBuild), sdf.format(dateExpire)
-            )
-        } else if (now > (expire - 2592000000)) {
-            // 30 days remind :D
-            text = getString(
-                R.string.please_update, sdf.format(dateBuild), sdf.format(dateExpire)
-            )
-        }
-
-
-        if (text != null) {
-            MaterialAlertDialogBuilder(this@MainActivity).setTitle(R.string.insecure)
-                .setMessage(text)
-                .setPositiveButton(R.string.action_download) { _, _ ->
-                    launchCustomTab(
-                        "https://github.com/MatsuriDayo/NekoBoxForAndroid/releases"
-                    )
-                }
-                .setNegativeButton(android.R.string.cancel, null)
-                .setCancelable(false)
-                .show()
-        }
-    }
-
 }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/NetworkFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/NetworkFragment.kt
index 6ef29c114..b8bb94145 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/NetworkFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/NetworkFragment.kt
@@ -3,18 +3,9 @@ package io.nekohasekai.sagernet.ui
 import android.content.Intent
 import android.os.Bundle
 import android.view.View
-import androidx.appcompat.app.AlertDialog
 import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.database.ProfileManager
 import io.nekohasekai.sagernet.databinding.LayoutNetworkBinding
-import io.nekohasekai.sagernet.databinding.LayoutProgressBinding
-import io.nekohasekai.sagernet.ktx.*
-import io.nekohasekai.sagernet.utils.Cloudflare
-import kotlinx.coroutines.Job
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.isActive
-import kotlinx.coroutines.runBlocking
+import io.nekohasekai.sagernet.ktx.app
 
 class NetworkFragment : NamedFragment(R.layout.layout_network) {
 
@@ -27,58 +18,6 @@ class NetworkFragment : NamedFragment(R.layout.layout_network) {
         binding.stunTest.setOnClickListener {
             startActivity(Intent(requireContext(), StunActivity::class.java))
         }
-
-        //Markwon.create(requireContext())
-        //    .setMarkdown(binding.wrapLicense, getString(R.string.warp_license))
-
-        binding.warpGenerate.setOnClickListener {
-            runBlocking {
-                generateWarpConfiguration()
-            }
-        }
-    }
-
-    suspend fun generateWarpConfiguration() {
-        val activity = requireActivity() as MainActivity
-        val binding = LayoutProgressBinding.inflate(layoutInflater).apply {
-            content.setText(R.string.generating)
-        }
-        var job: Job? = null
-        val dialog = AlertDialog.Builder(requireContext())
-            .setView(binding.root)
-            .setCancelable(false)
-            .setNegativeButton(android.R.string.cancel) { _, _ ->
-                job?.cancel()
-            }
-            .show()
-        job = runOnDefaultDispatcher {
-            try {
-                val bean = Cloudflare.makeWireGuardConfiguration()
-                if (isActive) {
-                    val groupId = DataStore.selectedGroupForImport()
-                    if (DataStore.selectedGroup != groupId) {
-                        DataStore.selectedGroup = groupId
-                    }
-                    onMainDispatcher {
-                        activity.displayFragmentWithId(R.id.nav_configuration)
-                    }
-                    delay(1000L)
-                    onMainDispatcher {
-                        dialog.dismiss()
-                    }
-                    ProfileManager.createProfile(groupId, bean)
-                }
-            } catch (e: Exception) {
-                Logs.w(e)
-                onMainDispatcher {
-                    if (isActive) {
-                        dialog.dismiss()
-                        activity.snackbar(e.readableMessage).show()
-                    }
-                }
-            }
-        }
-
     }
 
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/RouteFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/RouteFragment.kt
index 312a1226a..9fcf93e4a 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/RouteFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/RouteFragment.kt
@@ -18,7 +18,7 @@ import io.nekohasekai.sagernet.database.SagerDatabase
 import io.nekohasekai.sagernet.databinding.LayoutEmptyRouteBinding
 import io.nekohasekai.sagernet.databinding.LayoutRouteItemBinding
 import io.nekohasekai.sagernet.ktx.*
-import io.nekohasekai.sagernet.widget.ListHolderListener
+import io.nekohasekai.sagernet.widget.ListListener
 import io.nekohasekai.sagernet.widget.UndoSnackbarManager
 
 class RouteFragment : ToolbarFragment(R.layout.layout_route), Toolbar.OnMenuItemClickListener {
@@ -33,7 +33,7 @@ class RouteFragment : ToolbarFragment(R.layout.layout_route), Toolbar.OnMenuItem
 
         activity = requireActivity() as MainActivity
 
-        ViewCompat.setOnApplyWindowInsetsListener(view, ListHolderListener)
+        ViewCompat.setOnApplyWindowInsetsListener(view, ListListener)
         toolbar.setTitle(R.string.menu_route)
         toolbar.inflateMenu(R.menu.add_route_menu)
         toolbar.setOnMenuItemClickListener(this)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/RouteSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/RouteSettingsActivity.kt
index 85ef9a778..aaa062de3 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/RouteSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/RouteSettingsActivity.kt
@@ -39,6 +39,7 @@ import io.nekohasekai.sagernet.widget.AppListPreference
 import io.nekohasekai.sagernet.widget.ListListener
 import io.nekohasekai.sagernet.widget.OutboundPreference
 import kotlinx.parcelize.Parcelize
+import moe.matsuri.nb4a.ui.EditConfigPreference
 
 @Suppress("UNCHECKED_CAST")
 class RouteSettingsActivity(
@@ -49,7 +50,7 @@ class RouteSettingsActivity(
     fun init(packageName: String?) {
         RuleEntity().apply {
             if (!packageName.isNullOrBlank()) {
-                packages = listOf(packageName)
+                packages = setOf(packageName)
                 name = app.getString(R.string.route_for, PackageCache.loadLabel(packageName))
             }
         }.init()
@@ -57,6 +58,7 @@ class RouteSettingsActivity(
 
     fun RuleEntity.init() {
         DataStore.routeName = name
+        DataStore.serverConfig = config
         DataStore.routeDomain = domains
         DataStore.routeIP = ip
         DataStore.routePort = port
@@ -76,6 +78,7 @@ class RouteSettingsActivity(
 
     fun RuleEntity.serialize() {
         name = DataStore.routeName
+        config = DataStore.serverConfig
         domains = DataStore.routeDomain
         ip = DataStore.routeIP
         port = DataStore.routePort
@@ -89,19 +92,17 @@ class RouteSettingsActivity(
             2 -> -2L
             else -> DataStore.routeOutboundRule
         }
-        packages = DataStore.routePackages.split("\n").filter { it.isNotBlank() }
+        packages = DataStore.routePackages.split("\n").filter { it.isNotBlank() }.toSet()
 
         if (DataStore.editingId == 0L) {
             enabled = true
         }
     }
 
+    private lateinit var editConfigPreference: EditConfigPreference
+
     fun needSave(): Boolean {
-        if (!DataStore.dirty) return false
-        if (DataStore.routePackages.isBlank() && DataStore.routeDomain.isBlank() && DataStore.routeIP.isBlank() && DataStore.routePort.isBlank() && DataStore.routeSourcePort.isBlank() && DataStore.routeNetwork.isBlank() && DataStore.routeSource.isBlank() && DataStore.routeProtocol.isBlank()) {
-            return false
-        }
-        return true
+        return DataStore.dirty
     }
 
     fun PreferenceFragmentCompat.createPreferences(
@@ -109,6 +110,16 @@ class RouteSettingsActivity(
         rootKey: String?,
     ) {
         addPreferencesFromResource(R.xml.route_preferences)
+
+        editConfigPreference = findPreference(Key.SERVER_CONFIG)!!
+    }
+
+    override fun onResume() {
+        super.onResume()
+
+        if (::editConfigPreference.isInitialized) {
+            editConfigPreference.notifyChanged()
+        }
     }
 
     val selectProfileForAdd = registerForActivityResult(
@@ -163,7 +174,7 @@ class RouteSettingsActivity(
         }
     }
 
-    fun PreferenceFragmentCompat.displayPreferenceDialog(preference: Preference): Boolean {
+    fun displayPreferenceDialog(preference: Preference): Boolean {
         return false
     }
 
@@ -230,9 +241,7 @@ class RouteSettingsActivity(
 
                 onMainDispatcher {
                     supportFragmentManager.beginTransaction()
-                        .replace(R.id.settings, MyPreferenceFragmentCompat().apply {
-                            activity = this@RouteSettingsActivity
-                        })
+                        .replace(R.id.settings, MyPreferenceFragmentCompat())
                         .commit()
 
                     DataStore.dirty = false
@@ -309,12 +318,12 @@ class RouteSettingsActivity(
 
     class MyPreferenceFragmentCompat : PreferenceFragmentCompat() {
 
-        lateinit var activity: RouteSettingsActivity
+        var activity: RouteSettingsActivity? = null
 
         override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
             preferenceManager.preferenceDataStore = DataStore.profileCacheStore
             try {
-                activity.apply {
+                activity = (requireActivity() as RouteSettingsActivity).apply {
                     createPreferences(savedInstanceState, rootKey)
                 }
             } catch (e: Exception) {
@@ -332,7 +341,7 @@ class RouteSettingsActivity(
 
             ViewCompat.setOnApplyWindowInsetsListener(listView, ListListener)
 
-            activity.apply {
+            activity?.apply {
                 viewCreated(view, savedInstanceState)
             }
         }
@@ -349,17 +358,19 @@ class RouteSettingsActivity(
                 }
                 true
             }
+
             R.id.action_apply -> {
                 runOnDefaultDispatcher {
-                    activity.saveAndExit()
+                    activity?.saveAndExit()
                 }
                 true
             }
+
             else -> false
         }
 
         override fun onDisplayPreferenceDialog(preference: Preference) {
-            activity.apply {
+            activity?.apply {
                 if (displayPreferenceDialog(preference)) return
             }
             super.onDisplayPreferenceDialog(preference)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/ScannerActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/ScannerActivity.kt
index c8477f599..99f6f6468 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/ScannerActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/ScannerActivity.kt
@@ -1,12 +1,9 @@
 package io.nekohasekai.sagernet.ui
 
 import android.Manifest
-import android.annotation.SuppressLint
 import android.content.Intent
-import android.content.pm.ActivityInfo
 import android.content.pm.ShortcutManager
 import android.graphics.ImageDecoder
-import android.net.Uri
 import android.os.Build
 import android.os.Bundle
 import android.provider.MediaStore
@@ -15,6 +12,7 @@ import android.view.MenuItem
 import android.widget.Toast
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.core.content.getSystemService
+import androidx.core.net.toUri
 import com.google.zxing.Result
 import com.king.zxing.CameraScan
 import com.king.zxing.DefaultCameraScan
@@ -28,7 +26,6 @@ import io.nekohasekai.sagernet.database.ProfileManager
 import io.nekohasekai.sagernet.databinding.LayoutScannerBinding
 import io.nekohasekai.sagernet.group.RawUpdater
 import io.nekohasekai.sagernet.ktx.*
-import io.nekohasekai.sagernet.widget.ListHolderListener
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicInteger
 
@@ -39,16 +36,12 @@ class ScannerActivity : ThemedActivity(),
     lateinit var binding: LayoutScannerBinding
     lateinit var cameraScan: CameraScan
 
-    @SuppressLint("SourceLockedOrientationActivity")
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
-        if (Build.VERSION.SDK_INT != Build.VERSION_CODES.O) {
-            requestedOrientation = ActivityInfo.SCREEN_ORIENTATION_PORTRAIT
-        }
+
         if (Build.VERSION.SDK_INT >= 25) getSystemService<ShortcutManager>()!!.reportShortcutUsed("scan")
         binding = LayoutScannerBinding.inflate(layoutInflater)
         setContentView(binding.root)
-        ListHolderListener.setup(this)
         setSupportActionBar(findViewById(R.id.toolbar))
         supportActionBar?.apply {
             setDisplayHomeAsUpEnabled(true)
@@ -145,7 +138,7 @@ class ScannerActivity : ThemedActivity(),
             } catch (e: SubscriptionFoundException) {
                 startActivity(Intent(this@ScannerActivity, MainActivity::class.java).apply {
                     action = Intent.ACTION_VIEW
-                    data = Uri.parse(e.link)
+                    data = e.link.toUri()
                 })
             } catch (e: Throwable) {
                 Logs.w(e)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsFragment.kt
index 0bc105a5b..c50f1274f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsFragment.kt
@@ -4,14 +4,14 @@ import android.os.Bundle
 import android.view.View
 import androidx.core.view.ViewCompat
 import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.widget.ListHolderListener
+import io.nekohasekai.sagernet.widget.ListListener
 
 class SettingsFragment : ToolbarFragment(R.layout.layout_config_settings) {
 
     override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
         super.onViewCreated(view, savedInstanceState)
 
-        ViewCompat.setOnApplyWindowInsetsListener(view, ListHolderListener)
+        ViewCompat.setOnApplyWindowInsetsListener(view, ListListener)
         toolbar.setTitle(R.string.settings)
 
         parentFragmentManager.beginTransaction()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsPreferenceFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsPreferenceFragment.kt
index 118b1760d..18d645455 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsPreferenceFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/SettingsPreferenceFragment.kt
@@ -16,14 +16,14 @@ import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.database.preference.EditTextPreferenceModifiers
 import io.nekohasekai.sagernet.ktx.*
 import io.nekohasekai.sagernet.utils.Theme
-import io.nekohasekai.sagernet.widget.AppListPreference
-import moe.matsuri.nb4a.Protocols
 import moe.matsuri.nb4a.ui.*
 
 class SettingsPreferenceFragment : PreferenceFragmentCompat() {
 
     private lateinit var isProxyApps: SwitchPreference
-    private lateinit var nekoPlugins: AppListPreference
+
+    private lateinit var globalCustomConfig: EditConfigPreference
+
 
     override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
         super.onViewCreated(view, savedInstanceState)
@@ -41,16 +41,6 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
         DataStore.initGlobal()
         addPreferencesFromResource(R.xml.global_preferences)
 
-        DataStore.routePackages = DataStore.nekoPlugins
-        nekoPlugins = findPreference(Key.NEKO_PLUGIN_MANAGED)!!
-        nekoPlugins.setOnPreferenceClickListener {
-            // borrow from route app settings
-            startActivity(Intent(
-                context, AppListActivity::class.java
-            ).apply { putExtra(Key.NEKO_PLUGIN_MANAGED, true) })
-            true
-        }
-
         val appTheme = findPreference<ColorPickerPreference>(Key.APP_THEME)!!
         appTheme.setOnPreferenceChangeListener { _, newTheme ->
             if (DataStore.serviceState.started) {
@@ -76,42 +66,22 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
         val allowAccess = findPreference<Preference>(Key.ALLOW_ACCESS)!!
         val appendHttpProxy = findPreference<SwitchPreference>(Key.APPEND_HTTP_PROXY)!!
 
-        val portLocalDns = findPreference<EditTextPreference>(Key.LOCAL_DNS_PORT)!!
         val showDirectSpeed = findPreference<SwitchPreference>(Key.SHOW_DIRECT_SPEED)!!
         val ipv6Mode = findPreference<Preference>(Key.IPV6_MODE)!!
-//        val domainStrategy = findPreference<Preference>(Key.DOMAIN_STRATEGY)!!
         val trafficSniffing = findPreference<Preference>(Key.TRAFFIC_SNIFFING)!!
 
-        val muxConcurrency = findPreference<EditTextPreference>(Key.MUX_CONCURRENCY)!!
-        val tcpKeepAliveInterval = findPreference<EditTextPreference>(Key.TCP_KEEP_ALIVE_INTERVAL)!!
-        tcpKeepAliveInterval.isVisible = false
-
         val bypassLan = findPreference<SwitchPreference>(Key.BYPASS_LAN)!!
         val bypassLanInCore = findPreference<SwitchPreference>(Key.BYPASS_LAN_IN_CORE)!!
 
         val remoteDns = findPreference<EditTextPreference>(Key.REMOTE_DNS)!!
         val directDns = findPreference<EditTextPreference>(Key.DIRECT_DNS)!!
-        val directDnsUseSystem = findPreference<SwitchPreference>(Key.DIRECT_DNS_USE_SYSTEM)!!
         val enableDnsRouting = findPreference<SwitchPreference>(Key.ENABLE_DNS_ROUTING)!!
         val enableFakeDns = findPreference<SwitchPreference>(Key.ENABLE_FAKEDNS)!!
 
-        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
-            DataStore.directDnsUseSystem = false
-            directDnsUseSystem.remove()
-        } else {
-            directDns.isEnabled = !directDnsUseSystem.isChecked
-            directDnsUseSystem.setOnPreferenceChangeListener { _, newValue ->
-                directDns.isEnabled = !(newValue as Boolean)
-                needReload()
-                true
-            }
-        }
-
-        val requireTransproxy = findPreference<SwitchPreference>(Key.REQUIRE_TRANSPROXY)!!
-        val transproxyPort = findPreference<EditTextPreference>(Key.TRANSPROXY_PORT)!!
-        val transproxyMode = findPreference<SimpleMenuPreference>(Key.TRANSPROXY_MODE)!!
         val logLevel = findPreference<LongClickListPreference>(Key.LOG_LEVEL)!!
         val mtu = findPreference<MTUPreference>(Key.MTU)!!
+        globalCustomConfig = findPreference(Key.GLOBAL_CUSTOM_CONFIG)!!
+        globalCustomConfig.useConfigStore(Key.GLOBAL_CUSTOM_CONFIG)
 
         logLevel.dialogLayoutResource = R.layout.layout_loglevel_help
         logLevel.setOnPreferenceChangeListener { _, _ ->
@@ -140,28 +110,6 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
             true
         }
 
-        transproxyPort.isEnabled = requireTransproxy.isChecked
-        transproxyMode.isEnabled = requireTransproxy.isChecked
-
-        requireTransproxy.setOnPreferenceChangeListener { _, newValue ->
-            transproxyPort.isEnabled = newValue as Boolean
-            transproxyMode.isEnabled = newValue
-            needReload()
-            true
-        }
-
-        val muxProtocols = findPreference<MultiSelectListPreference>(Key.MUX_PROTOCOLS)!!
-
-        muxProtocols.apply {
-            val e = Protocols.getCanMuxList().toTypedArray()
-            entries = e
-            entryValues = e
-        }
-
-        val dnsNetwork = findPreference<MultiSelectListPreference>(Key.DNS_NETWORK)!!
-
-        portLocalDns.setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
-        muxConcurrency.setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
         mixedPort.setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
 
         val metedNetwork = findPreference<Preference>(Key.METERED_NETWORK)!!
@@ -185,19 +133,25 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
             true
         }
 
+        serviceMode.setOnPreferenceChangeListener { _, _ ->
+            if (DataStore.serviceState.started) SagerNet.stopService()
+            true
+        }
+
         val tunImplementation = findPreference<SimpleMenuPreference>(Key.TUN_IMPLEMENTATION)!!
         val resolveDestination = findPreference<SwitchPreference>(Key.RESOLVE_DESTINATION)!!
         val acquireWakeLock = findPreference<SwitchPreference>(Key.ACQUIRE_WAKE_LOCK)!!
         val enableClashAPI = findPreference<SwitchPreference>(Key.ENABLE_CLASH_API)!!
+        enableClashAPI.setOnPreferenceChangeListener { _, newValue ->
+            (activity as MainActivity?)?.refreshNavMenu(newValue as Boolean)
+            needReload()
+            true
+        }
 
-        serviceMode.onPreferenceChangeListener = reloadListener
         mixedPort.onPreferenceChangeListener = reloadListener
         appendHttpProxy.onPreferenceChangeListener = reloadListener
         showDirectSpeed.onPreferenceChangeListener = reloadListener
-//        domainStrategy.onPreferenceChangeListener = reloadListener
         trafficSniffing.onPreferenceChangeListener = reloadListener
-        muxConcurrency.onPreferenceChangeListener = reloadListener
-        tcpKeepAliveInterval.onPreferenceChangeListener = reloadListener
         bypassLan.onPreferenceChangeListener = reloadListener
         bypassLanInCore.onPreferenceChangeListener = reloadListener
         mtu.onPreferenceChangeListener = reloadListener
@@ -206,20 +160,14 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
         remoteDns.onPreferenceChangeListener = reloadListener
         directDns.onPreferenceChangeListener = reloadListener
         enableDnsRouting.onPreferenceChangeListener = reloadListener
-        dnsNetwork.onPreferenceChangeListener = reloadListener
 
-        portLocalDns.onPreferenceChangeListener = reloadListener
         ipv6Mode.onPreferenceChangeListener = reloadListener
         allowAccess.onPreferenceChangeListener = reloadListener
 
-        transproxyPort.onPreferenceChangeListener = reloadListener
-        transproxyMode.onPreferenceChangeListener = reloadListener
-
         resolveDestination.onPreferenceChangeListener = reloadListener
         tunImplementation.onPreferenceChangeListener = reloadListener
         acquireWakeLock.onPreferenceChangeListener = reloadListener
-        enableClashAPI.onPreferenceChangeListener = reloadListener
-
+        globalCustomConfig.onPreferenceChangeListener = reloadListener
     }
 
     override fun onResume() {
@@ -228,8 +176,8 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
         if (::isProxyApps.isInitialized) {
             isProxyApps.isChecked = DataStore.proxyApps
         }
-        if (::nekoPlugins.isInitialized) {
-            nekoPlugins.postUpdate()
+        if (::globalCustomConfig.isInitialized) {
+            globalCustomConfig.notifyChanged()
         }
     }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/SwitchActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/SwitchActivity.kt
index 44dddb33a..be205288a 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/SwitchActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/SwitchActivity.kt
@@ -16,7 +16,10 @@ class SwitchActivity : ThemedActivity(R.layout.layout_empty),
         super.onCreate(savedInstanceState)
 
         supportFragmentManager.beginTransaction()
-            .replace(R.id.fragment_holder, ConfigurationFragment(true, null, R.string.action_switch))
+            .replace(
+                R.id.fragment_holder,
+                ConfigurationFragment(true, null, R.string.action_switch)
+            )
             .commitAllowingStateLoss()
     }
 
@@ -24,8 +27,8 @@ class SwitchActivity : ThemedActivity(R.layout.layout_empty),
         val old = DataStore.selectedProxy
         DataStore.selectedProxy = profileId
         runOnMainDispatcher {
-            ProfileManager.postUpdate(old)
-            ProfileManager.postUpdate(profileId)
+            ProfileManager.postUpdate(old, true)
+            ProfileManager.postUpdate(profileId, true)
         }
         SagerNet.reloadService()
         finish()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/ThemedActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/ThemedActivity.kt
index 4c57f200e..050c874b7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/ThemedActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/ThemedActivity.kt
@@ -1,12 +1,18 @@
 package io.nekohasekai.sagernet.ui
 
 import android.content.res.Configuration
+import android.os.Build
 import android.os.Bundle
 import android.widget.TextView
 import androidx.annotation.StringRes
 import androidx.appcompat.app.AppCompatActivity
 import androidx.core.app.ActivityCompat
+import androidx.core.view.ViewCompat
+import androidx.core.view.WindowInsetsCompat
+import androidx.core.view.updatePadding
+import com.google.android.material.appbar.AppBarLayout
 import com.google.android.material.snackbar.Snackbar
+import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.utils.Theme
 
 abstract class ThemedActivity : AppCompatActivity {
@@ -28,6 +34,20 @@ abstract class ThemedActivity : AppCompatActivity {
         super.onCreate(savedInstanceState)
 
         uiMode = resources.configuration.uiMode
+
+        if (Build.VERSION.SDK_INT >= 35) {
+            ViewCompat.setOnApplyWindowInsetsListener(findViewById(android.R.id.content)) { _, insets ->
+                val top = insets.getInsets(WindowInsetsCompat.Type.systemBars()).top
+                findViewById<AppBarLayout>(R.id.appbar)?.apply {
+                    updatePadding(top = top)
+//                Logs.w("appbar $top")
+                }
+//            findViewById<NavigationView>(R.id.nav_view)?.apply {
+//                updatePadding(top = top)
+//            }
+                insets
+            }
+        }
     }
 
     override fun setTheme(resId: Int) {
@@ -51,6 +71,7 @@ abstract class ThemedActivity : AppCompatActivity {
             maxLines = 10
         }
     }
+
     internal open fun snackbarInternal(text: CharSequence): Snackbar = throw NotImplementedError()
 
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/ToolsFragment.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/ToolsFragment.kt
index bf73ca1d9..32738ea98 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/ToolsFragment.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/ToolsFragment.kt
@@ -7,7 +7,6 @@ import androidx.viewpager2.adapter.FragmentStateAdapter
 import com.google.android.material.tabs.TabLayoutMediator
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.databinding.LayoutToolsBinding
-import io.nekohasekai.sagernet.ktx.isExpert
 
 class ToolsFragment : ToolbarFragment(R.layout.layout_tools) {
 
@@ -19,8 +18,6 @@ class ToolsFragment : ToolbarFragment(R.layout.layout_tools) {
         tools.add(NetworkFragment())
         tools.add(BackupFragment())
 
-        if (isExpert) tools.add(DebugFragment())
-
         val binding = LayoutToolsBinding.bind(view)
         binding.toolsPager.adapter = ToolsAdapter(tools)
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/VpnRequestActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/VpnRequestActivity.kt
index 55a7b33ae..a1d81afc6 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/VpnRequestActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/VpnRequestActivity.kt
@@ -7,6 +7,7 @@ import android.content.Context
 import android.content.Intent
 import android.content.IntentFilter
 import android.net.VpnService
+import android.os.Build.VERSION.SDK_INT
 import android.os.Bundle
 import android.widget.Toast
 import androidx.activity.result.contract.ActivityResultContract
@@ -26,7 +27,15 @@ class VpnRequestActivity : AppCompatActivity() {
         super.onCreate(savedInstanceState)
         if (getSystemService<KeyguardManager>()!!.isKeyguardLocked) {
             receiver = broadcastReceiver { _, _ -> connect.launch(null) }
-            registerReceiver(receiver, IntentFilter(Intent.ACTION_USER_PRESENT))
+            if (SDK_INT >= 33) {
+                registerReceiver(
+                    receiver,
+                    IntentFilter(Intent.ACTION_USER_PRESENT),
+                    Context.RECEIVER_EXPORTED
+                )
+            } else {
+                registerReceiver(receiver, IntentFilter(Intent.ACTION_USER_PRESENT))
+            }
         } else connect.launch(null)
     }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ConfigEditActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ConfigEditActivity.kt
index 9f4274043..e144a26ef 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ConfigEditActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ConfigEditActivity.kt
@@ -5,7 +5,12 @@ import android.content.DialogInterface
 import android.os.Bundle
 import android.view.Menu
 import android.view.MenuItem
+import android.view.ViewGroup.MarginLayoutParams
+import android.widget.LinearLayout
 import androidx.appcompat.app.AlertDialog
+import androidx.core.view.ViewCompat
+import androidx.core.view.WindowInsetsCompat
+import androidx.core.view.updateLayoutParams
 import androidx.core.widget.addTextChangedListener
 import com.blacksquircle.ui.editorkit.insert
 import com.blacksquircle.ui.language.json.JsonLanguage
@@ -16,8 +21,11 @@ import io.nekohasekai.sagernet.Key
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.databinding.LayoutEditConfigBinding
-import io.nekohasekai.sagernet.ktx.*
+import io.nekohasekai.sagernet.ktx.getColorAttr
+import io.nekohasekai.sagernet.ktx.readableMessage
+import io.nekohasekai.sagernet.ktx.toStringPretty
 import io.nekohasekai.sagernet.ui.ThemedActivity
+import io.nekohasekai.sagernet.widget.ListListener
 import moe.matsuri.nb4a.ui.ExtendedKeyboard
 import org.json.JSONObject
 
@@ -25,6 +33,7 @@ class ConfigEditActivity : ThemedActivity() {
 
     var dirty = false
     var key = Key.SERVER_CONFIG
+    var useConfigStore = false
 
     class UnsavedChangesDialogFragment : AlertDialogFragment<Empty, Empty>() {
         override fun AlertDialog.Builder.prepare(listener: DialogInterface.OnClickListener) {
@@ -47,6 +56,7 @@ class ConfigEditActivity : ThemedActivity() {
 
         intent?.extras?.apply {
             getString("key")?.let { key = it }
+            getString("useConfigStore")?.let { useConfigStore = true }
         }
 
         binding = LayoutEditConfigBinding.inflate(layoutInflater)
@@ -62,7 +72,11 @@ class ConfigEditActivity : ThemedActivity() {
         binding.editor.apply {
             language = JsonLanguage()
             setHorizontallyScrolling(true)
-            setTextContent(DataStore.profileCacheStore.getString(key)!!)
+            if (useConfigStore) {
+                setTextContent(DataStore.configurationStore.getString(key) ?: "")
+            } else {
+                setTextContent(DataStore.profileCacheStore.getString(key) ?: "")
+            }
             addTextChangedListener {
                 if (!dirty) {
                     dirty = true
@@ -72,7 +86,10 @@ class ConfigEditActivity : ThemedActivity() {
         }
 
         binding.actionTab.setOnClickListener {
-            binding.editor.insert(binding.editor.tab())
+            try {
+                binding.editor.insert(binding.editor.tab())
+            } catch (e: Exception) {
+            }
         }
         binding.actionUndo.setOnClickListener {
             try {
@@ -93,10 +110,34 @@ class ConfigEditActivity : ThemedActivity() {
         }
 
         val extendedKeyboard = findViewById<ExtendedKeyboard>(R.id.extended_keyboard)
-        extendedKeyboard.setKeyListener { char -> binding.editor.insert(char) }
+        extendedKeyboard.setKeyListener { char ->
+            try {
+                binding.editor.insert(char)
+            } catch (e: Exception) {
+            }
+        }
         extendedKeyboard.setHasFixedSize(true)
         extendedKeyboard.submitList("{},:_\"".map { it.toString() })
         extendedKeyboard.setBackgroundColor(getColorAttr(R.attr.primaryOrTextPrimary))
+
+        val keyboardContainer = findViewById<LinearLayout>(R.id.keyboard_container)
+        ViewCompat.setOnApplyWindowInsetsListener(keyboardContainer) { v, windowInsets ->
+            val imeInsets = windowInsets.getInsets(WindowInsetsCompat.Type.ime())
+            val systemBarInsets = windowInsets.getInsets(WindowInsetsCompat.Type.systemBars())
+            val imeVisible = windowInsets.isVisible(WindowInsetsCompat.Type.ime())
+            v.updateLayoutParams<MarginLayoutParams> {
+                // systemBar insets are applied to the bottom of the keyboard
+                if (imeVisible) {
+                    bottomMargin = imeInsets.bottom - systemBarInsets.bottom
+                } else {
+                    bottomMargin = 0
+                }
+            }
+
+            WindowInsetsCompat.CONSUMED
+        }
+
+        ViewCompat.setOnApplyWindowInsetsListener(binding.root, ListListener)
     }
 
     fun formatText(): String? {
@@ -115,7 +156,11 @@ class ConfigEditActivity : ThemedActivity() {
 
     fun saveAndExit() {
         formatText()?.let {
-            DataStore.profileCacheStore.putString(key, it)
+            if (useConfigStore) {
+                DataStore.configurationStore.putString(key, it)
+            } else {
+                DataStore.profileCacheStore.putString(key, it)
+            }
             finish()
         }
     }
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/HysteriaSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/HysteriaSettingsActivity.kt
index 02534b593..82bef5933 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/HysteriaSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/HysteriaSettingsActivity.kt
@@ -3,6 +3,7 @@ package io.nekohasekai.sagernet.ui.profile
 import android.os.Bundle
 import androidx.preference.EditTextPreference
 import androidx.preference.PreferenceFragmentCompat
+import androidx.preference.SwitchPreference
 import io.nekohasekai.sagernet.Key
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.database.DataStore
@@ -17,11 +18,12 @@ class HysteriaSettingsActivity : ProfileSettingsActivity<HysteriaBean>() {
 
     override fun HysteriaBean.init() {
         DataStore.profileName = name
+        DataStore.protocolVersion = protocolVersion
         DataStore.serverAddress = serverAddress
-        DataStore.serverPort = serverPort
+        DataStore.serverPorts = serverPorts
         DataStore.serverObfs = obfuscation
         DataStore.serverAuthType = authPayloadType
-        DataStore.serverProtocolVersion = protocol
+        DataStore.serverProtocolInt = protocol
         DataStore.serverPassword = authPayload
         DataStore.serverSNI = sni
         DataStore.serverALPN = alpn
@@ -37,12 +39,13 @@ class HysteriaSettingsActivity : ProfileSettingsActivity<HysteriaBean>() {
 
     override fun HysteriaBean.serialize() {
         name = DataStore.profileName
+        protocolVersion = DataStore.protocolVersion
         serverAddress = DataStore.serverAddress
-        serverPort = DataStore.serverPort
+        serverPorts = DataStore.serverPorts
         obfuscation = DataStore.serverObfs
         authPayloadType = DataStore.serverAuthType
         authPayload = DataStore.serverPassword
-        protocol = DataStore.serverProtocolVersion
+        protocol = DataStore.serverProtocolInt
         sni = DataStore.serverSNI
         alpn = DataStore.serverALPN
         caText = DataStore.serverCertificates
@@ -69,6 +72,47 @@ class HysteriaSettingsActivity : ProfileSettingsActivity<HysteriaBean>() {
             true
         }
 
+        val protocol = findPreference<SimpleMenuPreference>(Key.SERVER_PROTOCOL)!!
+        val alpn = findPreference<EditTextPreference>(Key.SERVER_ALPN)!!
+
+        fun updateVersion(v: Int) {
+            if (v == 2) {
+                authPayload.isVisible = true
+                //
+                authType.isVisible = false
+                protocol.isVisible = false
+                alpn.isVisible = false
+                //
+                findPreference<EditTextPreference>(Key.SERVER_STREAM_RECEIVE_WINDOW)!!.isVisible =
+                    false
+                findPreference<EditTextPreference>(Key.SERVER_CONNECTION_RECEIVE_WINDOW)!!.isVisible =
+                    false
+                findPreference<SwitchPreference>(Key.SERVER_DISABLE_MTU_DISCOVERY)!!.isVisible =
+                    false
+                //
+                authPayload.title = resources.getString(R.string.password)
+            } else {
+                authType.isVisible = true
+                authPayload.isVisible = true
+                protocol.isVisible = true
+                alpn.isVisible = true
+                //
+                findPreference<EditTextPreference>(Key.SERVER_STREAM_RECEIVE_WINDOW)!!.isVisible =
+                    true
+                findPreference<EditTextPreference>(Key.SERVER_CONNECTION_RECEIVE_WINDOW)!!.isVisible =
+                    true
+                findPreference<SwitchPreference>(Key.SERVER_DISABLE_MTU_DISCOVERY)!!.isVisible =
+                    true
+                //
+                authPayload.title = resources.getString(R.string.hysteria_auth_payload)
+            }
+        }
+        findPreference<SimpleMenuPreference>(Key.PROTOCOL_VERSION)!!.setOnPreferenceChangeListener { _, newValue ->
+            updateVersion(newValue.toString().toIntOrNull() ?: 1)
+            true
+        }
+        updateVersion(DataStore.protocolVersion)
+
         findPreference<EditTextPreference>(Key.SERVER_UPLOAD_SPEED)!!.apply {
             setOnBindEditTextListener(EditTextPreferenceModifiers.Number)
         }
@@ -82,13 +126,12 @@ class HysteriaSettingsActivity : ProfileSettingsActivity<HysteriaBean>() {
             setOnBindEditTextListener(EditTextPreferenceModifiers.Number)
         }
 
-        findPreference<EditTextPreference>(Key.SERVER_PORT)!!.apply {
-            setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
-        }
-
         findPreference<EditTextPreference>(Key.SERVER_PASSWORD)!!.apply {
             summaryProvider = PasswordSummaryProvider
         }
+        findPreference<EditTextPreference>(Key.SERVER_OBFS)!!.apply {
+            summaryProvider = PasswordSummaryProvider
+        }
 
         findPreference<EditTextPreference>(Key.SERVER_HOP_INTERVAL)!!.apply {
             setOnBindEditTextListener(EditTextPreferenceModifiers.Number)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/MieruSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/MieruSettingsActivity.kt
new file mode 100644
index 000000000..41c12cf7b
--- /dev/null
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/MieruSettingsActivity.kt
@@ -0,0 +1,77 @@
+/******************************************************************************
+ *                                                                            *
+ * Copyright (C) 2021 by nekohasekai <contact-sagernet@sekai.icu>             *
+ *                                                                            *
+ * This program is free software: you can redistribute it and/or modify       *
+ * it under the terms of the GNU General Public License as published by       *
+ * the Free Software Foundation, either version 3 of the License, or          *
+ *  (at your option) any later version.                                       *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.       *
+ *                                                                            *
+ ******************************************************************************/
+
+package io.nekohasekai.sagernet.ui.profile
+
+import android.os.Bundle
+import androidx.preference.EditTextPreference
+import androidx.preference.PreferenceFragmentCompat
+import io.nekohasekai.sagernet.Key
+import io.nekohasekai.sagernet.R
+import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.database.preference.EditTextPreferenceModifiers
+import io.nekohasekai.sagernet.fmt.mieru.MieruBean
+import io.nekohasekai.sagernet.ktx.applyDefaultValues
+import moe.matsuri.nb4a.ui.SimpleMenuPreference
+
+class MieruSettingsActivity : ProfileSettingsActivity<MieruBean>() {
+
+    override fun createEntity() = MieruBean().applyDefaultValues()
+
+    override fun MieruBean.init() {
+        DataStore.profileName = name
+        DataStore.serverAddress = serverAddress
+        DataStore.serverPort = serverPort
+        DataStore.serverProtocol = protocol
+        DataStore.serverUsername = username
+        DataStore.serverPassword = password
+        DataStore.serverMTU = mtu
+    }
+
+    override fun MieruBean.serialize() {
+        name = DataStore.profileName
+        serverAddress = DataStore.serverAddress
+        serverPort = DataStore.serverPort
+        protocol = DataStore.serverProtocol
+        username = DataStore.serverUsername
+        password = DataStore.serverPassword
+        mtu = DataStore.serverMTU
+    }
+
+    override fun PreferenceFragmentCompat.createPreferences(
+        savedInstanceState: Bundle?,
+        rootKey: String?,
+    ) {
+        addPreferencesFromResource(R.xml.mieru_preferences)
+        findPreference<EditTextPreference>(Key.SERVER_PORT)!!.apply {
+            setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
+        }
+        findPreference<EditTextPreference>(Key.SERVER_PASSWORD)!!.apply {
+            summaryProvider = PasswordSummaryProvider
+        }
+        val protocol = findPreference<SimpleMenuPreference>(Key.SERVER_PROTOCOL)!!
+        val mtu = findPreference<EditTextPreference>(Key.SERVER_MTU)!!
+        mtu.isVisible = protocol.value.equals("UDP")
+        protocol.setOnPreferenceChangeListener { _, newValue ->
+            mtu.isVisible = newValue.equals("UDP")
+            true
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/NaiveSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/NaiveSettingsActivity.kt
index 0c0068f3a..88dcaaf3c 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/NaiveSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/NaiveSettingsActivity.kt
@@ -24,6 +24,7 @@ class NaiveSettingsActivity : ProfileSettingsActivity<NaiveBean>() {
         DataStore.serverCertificates = certificates
         DataStore.serverHeaders = extraHeaders
         DataStore.serverInsecureConcurrency = insecureConcurrency
+        DataStore.profileCacheStore.putBoolean("sUoT", sUoT)
     }
 
     override fun NaiveBean.serialize() {
@@ -37,6 +38,7 @@ class NaiveSettingsActivity : ProfileSettingsActivity<NaiveBean>() {
         certificates = DataStore.serverCertificates
         extraHeaders = DataStore.serverHeaders.replace("\r\n", "\n")
         insecureConcurrency = DataStore.serverInsecureConcurrency
+        sUoT = DataStore.profileCacheStore.getBoolean("sUoT")
     }
 
     override fun PreferenceFragmentCompat.createPreferences(
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ProfileSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ProfileSettingsActivity.kt
index 596c34bf1..6424502ba 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ProfileSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ProfileSettingsActivity.kt
@@ -120,9 +120,8 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
 
                 onMainDispatcher {
                     supportFragmentManager.beginTransaction()
-                        .replace(R.id.settings, MyPreferenceFragmentCompat().apply {
-                            activity = this@ProfileSettingsActivity
-                        }).commit()
+                        .replace(R.id.settings, MyPreferenceFragmentCompat())
+                        .commit()
                 }
             }
 
@@ -210,12 +209,12 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
 
     class MyPreferenceFragmentCompat : PreferenceFragmentCompat() {
 
-        lateinit var activity: ProfileSettingsActivity<*>
+        var activity: ProfileSettingsActivity<*>? = null
 
         override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
             preferenceManager.preferenceDataStore = DataStore.profileCacheStore
             try {
-                activity.apply {
+                activity = (requireActivity() as ProfileSettingsActivity<*>).apply {
                     createPreferences(savedInstanceState, rootKey)
                 }
             } catch (e: Exception) {
@@ -233,12 +232,11 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
 
             ViewCompat.setOnApplyWindowInsetsListener(listView, ListListener)
 
-            activity.apply {
+            activity?.apply {
                 viewCreated(view, savedInstanceState)
+                DataStore.dirty = false
+                DataStore.profileCacheStore.registerChangeListener(this)
             }
-
-            DataStore.dirty = false
-            DataStore.profileCacheStore.registerChangeListener(activity)
         }
 
         var callbackCustom: ((String) -> Unit)? = null
@@ -273,14 +271,16 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
                 }
                 true
             }
+
             R.id.action_apply -> {
                 runOnDefaultDispatcher {
-                    activity.saveAndExit()
+                    activity?.saveAndExit()
                 }
                 true
             }
+
             R.id.action_custom_outbound_json -> {
-                activity.proxyEntity?.apply {
+                activity?.proxyEntity?.apply {
                     val bean = requireBean()
                     DataStore.serverCustomOutbound = bean.customOutboundJson
                     callbackCustomOutbound = { bean.customOutboundJson = it }
@@ -294,8 +294,9 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
                 }
                 true
             }
+
             R.id.action_custom_config_json -> {
-                activity.proxyEntity?.apply {
+                activity?.proxyEntity?.apply {
                     val bean = requireBean()
                     DataStore.serverCustom = bean.customConfigJson
                     callbackCustom = { bean.customConfigJson = it }
@@ -309,7 +310,9 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
                 }
                 true
             }
+
             R.id.action_create_shortcut -> {
+                val activity = requireActivity() as ProfileSettingsActivity<*>
                 val ent = activity.proxyEntity!!
                 val shortcut = ShortcutInfoCompat.Builder(activity, "shortcut-profile-${ent.id}")
                     .setShortLabel(ent.displayName())
@@ -326,7 +329,9 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
                     }).build()
                 ShortcutManagerCompat.requestPinShortcut(activity, shortcut, null)
             }
+
             R.id.action_move -> {
+                val activity = requireActivity() as ProfileSettingsActivity<*>
                 val view = LinearLayout(context).apply {
                     val ent = activity.proxyEntity!!
                     orientation = LinearLayout.VERTICAL
@@ -362,11 +367,12 @@ abstract class ProfileSettingsActivity<T : AbstractBean>(
                 MaterialAlertDialogBuilder(activity).setView(scrollView).show()
                 true
             }
+
             else -> false
         }
 
         override fun onDisplayPreferenceDialog(preference: Preference) {
-            activity.apply {
+            activity?.apply {
                 if (displayPreferenceDialog(preference)) return
             }
             super.onDisplayPreferenceDialog(preference)
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ShadowsocksSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ShadowsocksSettingsActivity.kt
index cdf3ccd20..6b3bb850f 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ShadowsocksSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/ShadowsocksSettingsActivity.kt
@@ -39,7 +39,7 @@ class ShadowsocksSettingsActivity : ProfileSettingsActivity<ShadowsocksBean>() {
 
         val pn = pluginName.readStringFromCache()
         val pc = pluginConfig.readStringFromCache()
-        plugin = if (pn.isNotBlank() && pc.isNotBlank()) "$pn;$pc" else ""
+        plugin = if (pn.isNotBlank()) "$pn;$pc" else ""
     }
 
     override fun PreferenceFragmentCompat.createPreferences(
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/SocksSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/SocksSettingsActivity.kt
index 3d5d8e333..11005ed13 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/SocksSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/SocksSettingsActivity.kt
@@ -18,9 +18,11 @@ class SocksSettingsActivity : ProfileSettingsActivity<SOCKSBean>() {
         DataStore.serverAddress = serverAddress
         DataStore.serverPort = serverPort
 
-        DataStore.serverProtocolVersion = protocol
+        DataStore.serverProtocolInt = protocol
         DataStore.serverUsername = username
         DataStore.serverPassword = password
+
+        DataStore.profileCacheStore.putBoolean("sUoT", sUoT)
     }
 
     override fun SOCKSBean.serialize() {
@@ -28,9 +30,11 @@ class SocksSettingsActivity : ProfileSettingsActivity<SOCKSBean>() {
         serverAddress = DataStore.serverAddress
         serverPort = DataStore.serverPort
 
-        protocol = DataStore.serverProtocolVersion
+        protocol = DataStore.serverProtocolInt
         username = DataStore.serverUsername
         password = DataStore.serverPassword
+
+        sUoT = DataStore.profileCacheStore.getBoolean("sUoT")
     }
 
     override fun PreferenceFragmentCompat.createPreferences(
@@ -50,7 +54,7 @@ class SocksSettingsActivity : ProfileSettingsActivity<SOCKSBean>() {
             password.isVisible = version == SOCKSBean.PROTOCOL_SOCKS5
         }
 
-        updateProtocol(DataStore.serverProtocolVersion)
+        updateProtocol(DataStore.protocolVersion)
         protocol.setOnPreferenceChangeListener { _, newValue ->
             updateProtocol((newValue as String).toInt())
             true
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/StandardV2RaySettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/StandardV2RaySettingsActivity.kt
index 9c242e77b..cc769bbc1 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/StandardV2RaySettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/StandardV2RaySettingsActivity.kt
@@ -44,6 +44,14 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
     private val realityPubKey = pbm.add(PreferenceBinding(Type.Text, "realityPubKey"))
     private val realityShortId = pbm.add(PreferenceBinding(Type.Text, "realityShortId"))
 
+    private val enableECH = pbm.add(PreferenceBinding(Type.Bool, "enableECH"))
+    private val echConfig = pbm.add(PreferenceBinding(Type.Text, "echConfig"))
+
+    private val enableMux = pbm.add(PreferenceBinding(Type.Bool, "enableMux"))
+    private val muxPadding = pbm.add(PreferenceBinding(Type.Bool, "muxPadding"))
+    private val muxType = pbm.add(PreferenceBinding(Type.TextToInt, "muxType"))
+    private val muxConcurrency = pbm.add(PreferenceBinding(Type.TextToInt, "muxConcurrency"))
+
     override fun StandardV2RayBean.init() {
         if (this is TrojanBean) {
             this@StandardV2RaySettingsActivity.uuid.fieldName = "password"
@@ -58,9 +66,10 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         pbm.fromCacheAll(this)
     }
 
-    lateinit var securityCategory: PreferenceCategory
-    lateinit var tlsCamouflageCategory: PreferenceCategory
-    lateinit var wsCategory: PreferenceCategory
+    private lateinit var securityCategory: PreferenceCategory
+    private lateinit var tlsCamouflageCategory: PreferenceCategory
+    private lateinit var wsCategory: PreferenceCategory
+    private lateinit var echCategory: PreferenceCategory
 
     override fun PreferenceFragmentCompat.createPreferences(
         savedInstanceState: Bundle?,
@@ -70,6 +79,7 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         pbm.setPreferenceFragment(this)
         securityCategory = findPreference(Key.SERVER_SECURITY_CATEGORY)!!
         tlsCamouflageCategory = findPreference(Key.SERVER_TLS_CAMOUFLAGE_CATEGORY)!!
+        echCategory = findPreference(Key.SERVER_ECH_CATEORY)!!
         wsCategory = findPreference(Key.SERVER_WS_CATEGORY)!!
 
 
@@ -104,7 +114,7 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
 
         encryption.preference.apply {
             this as SimpleMenuPreference
-            if (tmpBean!!.isVLESS) {
+            if (isVless) {
                 title = resources.getString(R.string.xtls_flow)
                 setIcon(R.drawable.ic_baseline_stream_24)
                 setEntries(R.array.xtls_flow_value)
@@ -127,16 +137,16 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         }
 
         security.preference.apply {
-            updateTle(security.readStringFromCache())
+            updateTls(security.readStringFromCache())
             this as SimpleMenuPreference
             setOnPreferenceChangeListener { _, newValue ->
-                updateTle(newValue as String)
+                updateTls(newValue as String)
                 true
             }
         }
     }
 
-    fun updateView(network: String) {
+    private fun updateView(network: String) {
         host.preference.isVisible = false
         path.preference.isVisible = false
         wsCategory.isVisible = false
@@ -146,12 +156,14 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
                 host.preference.setTitle(R.string.http_host)
                 path.preference.setTitle(R.string.http_path)
             }
+
             "http" -> {
                 host.preference.setTitle(R.string.http_host)
                 path.preference.setTitle(R.string.http_path)
                 host.preference.isVisible = true
                 path.preference.isVisible = true
             }
+
             "ws" -> {
                 host.preference.setTitle(R.string.ws_host)
                 path.preference.setTitle(R.string.ws_path)
@@ -159,17 +171,26 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
                 path.preference.isVisible = true
                 wsCategory.isVisible = true
             }
+
             "grpc" -> {
                 path.preference.setTitle(R.string.grpc_service_name)
                 path.preference.isVisible = true
             }
+
+            "httpupgrade" -> {
+                host.preference.setTitle(R.string.http_upgrade_host)
+                path.preference.setTitle(R.string.http_upgrade_path)
+                host.preference.isVisible = true
+                path.preference.isVisible = true
+            }
         }
     }
 
-    fun updateTle(tle: String) {
-        val isTLS = tle == "tls"
+    private fun updateTls(tls: String) {
+        val isTLS = "tls" in tls
         securityCategory.isVisible = isTLS
         tlsCamouflageCategory.isVisible = isTLS
+        echCategory.isVisible = isTLS
     }
 
 }
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/TuicSettingsActivity.kt b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/TuicSettingsActivity.kt
index b54849960..dfcf97b99 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/ui/profile/TuicSettingsActivity.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/ui/profile/TuicSettingsActivity.kt
@@ -18,6 +18,7 @@ class TuicSettingsActivity : ProfileSettingsActivity<TuicBean>() {
         DataStore.profileName = name
         DataStore.serverAddress = serverAddress
         DataStore.serverPort = serverPort
+        DataStore.serverUsername = uuid
         DataStore.serverPassword = token
         DataStore.serverALPN = alpn
         DataStore.serverCertificates = caText
@@ -26,8 +27,6 @@ class TuicSettingsActivity : ProfileSettingsActivity<TuicBean>() {
         DataStore.serverDisableSNI = disableSNI
         DataStore.serverSNI = sni
         DataStore.serverReduceRTT = reduceRTT
-        DataStore.serverMTU = mtu
-        DataStore.serverFastConnect = fastConnect
         DataStore.serverAllowInsecure = allowInsecure
     }
 
@@ -35,6 +34,7 @@ class TuicSettingsActivity : ProfileSettingsActivity<TuicBean>() {
         name = DataStore.profileName
         serverAddress = DataStore.serverAddress
         serverPort = DataStore.serverPort
+        uuid = DataStore.serverUsername
         token = DataStore.serverPassword
         alpn = DataStore.serverALPN
         caText = DataStore.serverCertificates
@@ -43,8 +43,6 @@ class TuicSettingsActivity : ProfileSettingsActivity<TuicBean>() {
         disableSNI = DataStore.serverDisableSNI
         sni = DataStore.serverSNI
         reduceRTT = DataStore.serverReduceRTT
-        mtu = DataStore.serverMTU
-        fastConnect = DataStore.serverFastConnect
         allowInsecure = DataStore.serverAllowInsecure
     }
 
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/Cloudflare.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/Cloudflare.kt
deleted file mode 100644
index eee031f88..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/Cloudflare.kt
+++ /dev/null
@@ -1,72 +0,0 @@
-package io.nekohasekai.sagernet.utils
-
-import com.wireguard.crypto.KeyPair
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.fmt.wireguard.WireGuardBean
-import io.nekohasekai.sagernet.ktx.Logs
-import io.nekohasekai.sagernet.utils.cf.DeviceResponse
-import io.nekohasekai.sagernet.utils.cf.RegisterRequest
-import io.nekohasekai.sagernet.utils.cf.UpdateDeviceRequest
-import libcore.Libcore
-import moe.matsuri.nb4a.utils.JavaUtil.gson
-
-// kang from wgcf
-object Cloudflare {
-
-    private const val API_URL = "https://api.cloudflareclient.com"
-    private const val API_VERSION = "v0a1922"
-
-    private const val CLIENT_VERSION_KEY = "CF-Client-Version"
-    private const val CLIENT_VERSION = "a-6.3-1922"
-
-    fun makeWireGuardConfiguration(): WireGuardBean {
-        val keyPair = KeyPair()
-        val client = Libcore.newHttpClient().apply {
-            pinnedTLS12()
-            trySocks5(DataStore.mixedPort)
-        }
-
-        try {
-            val response = client.newRequest().apply {
-                setMethod("POST")
-                setURL("$API_URL/$API_VERSION/reg")
-                setHeader(CLIENT_VERSION_KEY, CLIENT_VERSION)
-                setHeader("Accept", "application/json")
-                setHeader("Content-Type", "application/json")
-                setContentString(RegisterRequest.newRequest(keyPair.publicKey))
-                setUserAgent("okhttp/3.12.1")
-            }.execute()
-
-            Logs.d(response.contentString)
-            val device = gson.fromJson(response.contentString, DeviceResponse::class.java)
-            val accessToken = device.token
-
-            client.newRequest().apply {
-                setMethod("PATCH")
-                setURL(API_URL + "/" + API_VERSION + "/reg/" + device.id + "/account/reg/" + device.id)
-                setHeader("Accept", "application/json")
-                setHeader("Content-Type", "application/json")
-                setHeader("Authorization", "Bearer $accessToken")
-                setHeader(CLIENT_VERSION_KEY, CLIENT_VERSION)
-                setContentString(UpdateDeviceRequest.newRequest())
-                setUserAgent("okhttp/3.12.1")
-            }.execute()
-
-            val peer = device.config.peers[0]
-            val localAddresses = device.config.interfaceX.addresses
-            return WireGuardBean().apply {
-                name = "CloudFlare Warp ${device.account.id}"
-                privateKey = keyPair.privateKey.toBase64()
-                peerPublicKey = peer.publicKey
-                serverAddress = peer.endpoint.host.substringBeforeLast(":")
-                serverPort = peer.endpoint.host.substringAfterLast(":").toInt()
-                localAddress = localAddresses.v4 + "/32" + "\n" + localAddresses.v6 + "/128"
-                mtu = 1280
-                reserved = device.config.clientId
-            }
-        } finally {
-            client.close()
-        }
-    }
-
-}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/CrashHandler.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/CrashHandler.kt
index 292f929dc..2aa93fac7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/CrashHandler.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/utils/CrashHandler.kt
@@ -6,6 +6,7 @@ import android.os.Build
 import android.util.Log
 import com.jakewharton.processphoenix.ProcessPhoenix
 import io.nekohasekai.sagernet.BuildConfig
+import io.nekohasekai.sagernet.SagerNet
 import io.nekohasekai.sagernet.database.preference.PublicDatabase
 import io.nekohasekai.sagernet.ktx.Logs
 import io.nekohasekai.sagernet.ktx.app
@@ -61,7 +62,7 @@ object CrashHandler : Thread.UncaughtExceptionHandler {
 
     fun buildReportHeader(): String {
         var report = ""
-        report += "NekoBox for Andoird ${BuildConfig.VERSION_NAME} (${BuildConfig.VERSION_CODE}) ${BuildConfig.FLAVOR.uppercase()}\n"
+        report += "NekoBox for Android ${SagerNet.appVersionNameForDisplay} (${BuildConfig.VERSION_CODE})\n"
         report += "Date: ${getCurrentMilliSecondUTCTimeStamp()}\n\n"
         report += "OS_VERSION: ${getSystemPropertyWithAndroidAPI("os.version")}\n"
         report += "SDK_INT: ${Build.VERSION.SDK_INT}\n"
@@ -102,7 +103,7 @@ object CrashHandler : Thread.UncaughtExceptionHandler {
                 report += "\n"
                 report += pair.key + ": " + pair.toString()
             }
-        }catch (e: Exception) {
+        } catch (e: Exception) {
             report += "Export settings failed: " + formatThrowable(e)
         }
 
@@ -136,7 +137,8 @@ object CrashHandler : Thread.UncaughtExceptionHandler {
                 if (matcher.matches()) {
                     key = matcher.group(1)
                     value = matcher.group(2)
-                    if (key != null && value != null && !key.isEmpty() && !value.isEmpty()) systemProperties[key] = value
+                    if (key != null && value != null && !key.isEmpty() && !value.isEmpty()) systemProperties[key] =
+                        value
                 }
             }
             bufferedReader.close()
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/DeviceStorageApp.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/DeviceStorageApp.kt
deleted file mode 100644
index fc4f63244..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/DeviceStorageApp.kt
+++ /dev/null
@@ -1,20 +0,0 @@
-package io.nekohasekai.sagernet.utils
-
-import android.annotation.SuppressLint
-import android.annotation.TargetApi
-import android.app.Application
-import android.content.Context
-
-@SuppressLint("Registered")
-@TargetApi(24)
-class DeviceStorageApp(context: Context) : Application() {
-    init {
-        attachBaseContext(context.createDeviceProtectedStorageContext())
-    }
-
-    /**
-     * Thou shalt not get the REAL underlying application context which would no longer be operating under device
-     * protected storage.
-     */
-    override fun getApplicationContext() = this
-}
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/PackageCache.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/PackageCache.kt
index 136563d7a..c5e9370c7 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/PackageCache.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/utils/PackageCache.kt
@@ -11,6 +11,7 @@ import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import moe.matsuri.nb4a.plugin.Plugins
+import java.util.concurrent.atomic.AtomicBoolean
 
 object PackageCache {
 
@@ -20,9 +21,11 @@ object PackageCache {
     lateinit var packageMap: Map<String, Int>
     val uidMap = HashMap<Int, HashSet<String>>()
     val loaded = Mutex(true)
+    var registerd = AtomicBoolean(false)
 
     // called from init (suspend)
     fun register() {
+        if (registerd.getAndSet(true)) return
         reload()
         app.listenForPackageChanges(false) {
             reload()
@@ -48,7 +51,7 @@ object PackageCache {
         }.associateBy { it.packageName }
 
         installedPluginPackages = rawPackageInfo.filter {
-            Plugins.isExeOrPlugin(it)
+            Plugins.isExe(it)
         }.associateBy { it.packageName }
 
         val installed = app.packageManager.getInstalledApplications(PackageManager.GET_META_DATA)
@@ -64,17 +67,12 @@ object PackageCache {
     operator fun get(uid: Int) = uidMap[uid]
     operator fun get(packageName: String) = packageMap[packageName]
 
-    suspend fun awaitLoad() {
+    fun awaitLoadSync() {
         if (::packageMap.isInitialized) {
             return
         }
-        loaded.withLock {
-            // just await
-        }
-    }
-
-    fun awaitLoadSync() {
-        if (::packageMap.isInitialized) {
+        if (!registerd.get()) {
+            register()
             return
         }
         runBlocking {
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/DeviceResponse.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/cf/DeviceResponse.kt
deleted file mode 100644
index 874304dc2..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/DeviceResponse.kt
+++ /dev/null
@@ -1,114 +0,0 @@
-package io.nekohasekai.sagernet.utils.cf
-
-
-import com.google.gson.annotations.SerializedName
-
-data class DeviceResponse(
-    @SerializedName("created")
-    var created: String = "",
-    @SerializedName("type")
-    var type: String = "",
-    @SerializedName("locale")
-    var locale: String = "",
-    @SerializedName("enabled")
-    var enabled: Boolean = false,
-    @SerializedName("token")
-    var token: String = "",
-    @SerializedName("waitlist_enabled")
-    var waitlistEnabled: Boolean = false,
-    @SerializedName("install_id")
-    var installId: String = "",
-    @SerializedName("warp_enabled")
-    var warpEnabled: Boolean = false,
-    @SerializedName("name")
-    var name: String = "",
-    @SerializedName("fcm_token")
-    var fcmToken: String = "",
-    @SerializedName("tos")
-    var tos: String = "",
-    @SerializedName("model")
-    var model: String = "",
-    @SerializedName("id")
-    var id: String = "",
-    @SerializedName("place")
-    var place: Int = 0,
-    @SerializedName("config")
-    var config: Config = Config(),
-    @SerializedName("updated")
-    var updated: String = "",
-    @SerializedName("key")
-    var key: String = "",
-    @SerializedName("account")
-    var account: Account = Account()
-) {
-    data class Config(
-        @SerializedName("peers")
-        var peers: List<Peer> = listOf(),
-        @SerializedName("services")
-        var services: Services = Services(),
-        @SerializedName("interface")
-        var interfaceX: Interface = Interface(),
-        @SerializedName("client_id")
-        var clientId: String = ""
-    ) {
-        data class Peer(
-            @SerializedName("public_key")
-            var publicKey: String = "",
-            @SerializedName("endpoint")
-            var endpoint: Endpoint = Endpoint()
-        ) {
-            data class Endpoint(
-                @SerializedName("v6")
-                var v6: String = "",
-                @SerializedName("host")
-                var host: String = "",
-                @SerializedName("v4")
-                var v4: String = ""
-            )
-        }
-
-        data class Services(
-            @SerializedName("http_proxy")
-            var httpProxy: String = ""
-        )
-
-        data class Interface(
-            @SerializedName("addresses")
-            var addresses: Addresses = Addresses()
-        ) {
-            data class Addresses(
-                @SerializedName("v6")
-                var v6: String = "",
-                @SerializedName("v4")
-                var v4: String = ""
-            )
-        }
-    }
-
-    data class Account(
-        @SerializedName("account_type")
-        var accountType: String = "",
-        @SerializedName("role")
-        var role: String = "",
-        @SerializedName("referral_renewal_countdown")
-        var referralRenewalCountdown: Int = 0,
-        @SerializedName("created")
-        var created: String = "",
-        @SerializedName("usage")
-        var usage: Int = 0,
-        @SerializedName("warp_plus")
-        var warpPlus: Boolean = false,
-        @SerializedName("referral_count")
-        var referralCount: Int = 0,
-        @SerializedName("license")
-        var license: String = "",
-        @SerializedName("quota")
-        var quota: Int = 0,
-        @SerializedName("premium_data")
-        var premiumData: Int = 0,
-        @SerializedName("id")
-        var id: String = "",
-        @SerializedName("updated")
-        var updated: String = ""
-    )
-}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/RegisterRequest.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/cf/RegisterRequest.kt
deleted file mode 100644
index 34bbe7c16..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/RegisterRequest.kt
+++ /dev/null
@@ -1,33 +0,0 @@
-package io.nekohasekai.sagernet.utils.cf
-
-import com.google.gson.Gson
-import com.google.gson.annotations.SerializedName
-import com.wireguard.crypto.Key
-import java.text.SimpleDateFormat
-import java.util.*
-
-data class RegisterRequest(
-    @SerializedName("fcm_token") var fcmToken: String = "",
-    @SerializedName("install_id") var installedId: String = "",
-    var key: String = "",
-    var locale: String = "",
-    var model: String = "",
-    var tos: String = "",
-    var type: String = ""
-) {
-
-    companion object {
-        fun newRequest(publicKey: Key): String {
-            val request = RegisterRequest()
-            request.fcmToken = ""
-            request.installedId = ""
-            request.key = publicKey.toBase64()
-            request.locale = "en_US"
-            request.model = "PC"
-            val format = SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'000000'+08:00", Locale.US)
-            request.tos = format.format(Date())
-            request.type = "Android"
-            return Gson().toJson(request)
-        }
-    }
-}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/UpdateDeviceRequest.kt b/app/src/main/java/io/nekohasekai/sagernet/utils/cf/UpdateDeviceRequest.kt
deleted file mode 100644
index e12915b41..000000000
--- a/app/src/main/java/io/nekohasekai/sagernet/utils/cf/UpdateDeviceRequest.kt
+++ /dev/null
@@ -1,12 +0,0 @@
-package io.nekohasekai.sagernet.utils.cf
-
-import com.google.gson.Gson
-
-data class UpdateDeviceRequest(
-    var name: String, var active: Boolean
-) {
-    companion object {
-        fun newRequest(name: String = "SagerNet Client", active: Boolean = true) =
-            Gson().toJson(UpdateDeviceRequest(name, active))
-    }
-}
\ No newline at end of file
diff --git a/app/src/main/java/io/nekohasekai/sagernet/widget/LinkOrContentPreference.kt b/app/src/main/java/io/nekohasekai/sagernet/widget/LinkOrContentPreference.kt
index b4f03afcc..d9da726a3 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/widget/LinkOrContentPreference.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/widget/LinkOrContentPreference.kt
@@ -48,6 +48,9 @@ constructor(
                     } else {
                         linkLayout.isErrorEnabled = false
                     }
+                    if (link.contains("\n")) {
+                        linkLayout.error = "Unexpected new line"
+                    }
                 } catch (e: Exception) {
                     linkLayout.error = e.readableMessage
                     linkLayout.isErrorEnabled = true
diff --git a/app/src/main/java/io/nekohasekai/sagernet/widget/WindowInsetsListeners.kt b/app/src/main/java/io/nekohasekai/sagernet/widget/WindowInsetsListeners.kt
index fc35dd0f6..0f13ebc82 100644
--- a/app/src/main/java/io/nekohasekai/sagernet/widget/WindowInsetsListeners.kt
+++ b/app/src/main/java/io/nekohasekai/sagernet/widget/WindowInsetsListeners.kt
@@ -1,37 +1,9 @@
 package io.nekohasekai.sagernet.widget
 
 import android.view.View
-import androidx.appcompat.app.AppCompatActivity
-import androidx.core.graphics.Insets
-import androidx.core.view.*
-import io.nekohasekai.sagernet.R
-
-object ListHolderListener : OnApplyWindowInsetsListener {
-    override fun onApplyWindowInsets(view: View, insets: WindowInsetsCompat): WindowInsetsCompat {
-        val statusBarInsets = insets.getInsets(WindowInsetsCompat.Type.statusBars())
-        view.setPadding(statusBarInsets.left,
-            statusBarInsets.top,
-            statusBarInsets.right,
-            statusBarInsets.bottom)
-        return WindowInsetsCompat.Builder(insets).apply {
-            setInsets(WindowInsetsCompat.Type.statusBars(), Insets.NONE)
-            /*setInsets(WindowInsetsCompat.Type.navigationBars(),
-                insets.getInsets(WindowInsetsCompat.Type.navigationBars()))*/
-        }.build()
-    }
-
-    fun setup(activity: AppCompatActivity) = activity.findViewById<View>(android.R.id.content).let {
-        ViewCompat.setOnApplyWindowInsetsListener(it, ListHolderListener)
-        WindowCompat.setDecorFitsSystemWindows(activity.window, false)
-    }
-}
-
-object MainListListener : OnApplyWindowInsetsListener {
-    override fun onApplyWindowInsets(view: View, insets: WindowInsetsCompat) = insets.apply {
-        view.updatePadding(bottom = view.resources.getDimensionPixelOffset(R.dimen.main_list_padding_bottom) +
-                insets.getInsets(WindowInsetsCompat.Type.navigationBars()).bottom)
-    }
-}
+import androidx.core.view.OnApplyWindowInsetsListener
+import androidx.core.view.WindowInsetsCompat
+import androidx.core.view.updatePadding
 
 object ListListener : OnApplyWindowInsetsListener {
     override fun onApplyWindowInsets(view: View, insets: WindowInsetsCompat) = insets.apply {
diff --git a/app/src/main/java/moe/matsuri/nb4a/NativeInterface.kt b/app/src/main/java/moe/matsuri/nb4a/NativeInterface.kt
new file mode 100644
index 000000000..f06e26d84
--- /dev/null
+++ b/app/src/main/java/moe/matsuri/nb4a/NativeInterface.kt
@@ -0,0 +1,109 @@
+package moe.matsuri.nb4a
+
+import android.content.Context
+import android.net.ConnectivityManager
+import android.net.wifi.WifiManager
+import android.os.Build
+import android.os.Build.VERSION_CODES
+import androidx.annotation.RequiresApi
+import io.nekohasekai.sagernet.SagerNet
+import io.nekohasekai.sagernet.bg.ServiceNotification
+import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.database.SagerDatabase
+import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.app
+import io.nekohasekai.sagernet.ktx.runOnDefaultDispatcher
+import io.nekohasekai.sagernet.utils.PackageCache
+import libcore.BoxPlatformInterface
+import libcore.Libcore
+import libcore.NB4AInterface
+import java.net.InetSocketAddress
+
+class NativeInterface : BoxPlatformInterface, NB4AInterface {
+
+    //  libbox interface
+
+    override fun autoDetectInterfaceControl(fd: Int) {
+        DataStore.vpnService?.protect(fd)
+    }
+
+    override fun openTun(singTunOptionsJson: String, tunPlatformOptionsJson: String): Long {
+        if (DataStore.vpnService == null) {
+            throw Exception("no VpnService")
+        }
+        return DataStore.vpnService!!.startVpn(singTunOptionsJson, tunPlatformOptionsJson).toLong()
+    }
+
+    override fun useProcFS(): Boolean {
+        return Build.VERSION.SDK_INT < Build.VERSION_CODES.Q
+    }
+
+    @RequiresApi(Build.VERSION_CODES.Q)
+    override fun findConnectionOwner(
+        ipProto: Int, srcIp: String, srcPort: Int, destIp: String, destPort: Int
+    ): Int {
+        return SagerNet.connectivity.getConnectionOwnerUid(
+            ipProto, InetSocketAddress(srcIp, srcPort), InetSocketAddress(destIp, destPort)
+        )
+    }
+
+    override fun packageNameByUid(uid: Int): String {
+        PackageCache.awaitLoadSync()
+
+        if (uid <= 1000L) {
+            return "android"
+        }
+
+        val packageNames = PackageCache.uidMap[uid]
+        if (!packageNames.isNullOrEmpty()) for (packageName in packageNames) {
+            return packageName
+        }
+
+        error("unknown uid $uid")
+    }
+
+    override fun uidByPackageName(packageName: String): Int {
+        PackageCache.awaitLoadSync()
+        return PackageCache[packageName] ?: 0
+    }
+
+    // TODO: 'getter for connectionInfo: WifiInfo!' is deprecated
+    override fun wifiState(): String {
+        val wifiManager =
+            app.applicationContext.getSystemService(Context.WIFI_SERVICE) as WifiManager
+        val connectionInfo = wifiManager.connectionInfo
+        return "${connectionInfo.ssid},${connectionInfo.bssid}"
+    }
+
+    // nb4a interface
+
+    override fun useOfficialAssets(): Boolean {
+        return DataStore.rulesProvider == 0
+    }
+
+    override fun selector_OnProxySelected(selectorTag: String, tag: String) {
+        if (selectorTag != "proxy") {
+            Logs.d("other selector: $selectorTag")
+            return
+        }
+        Libcore.resetAllConnections(true)
+        DataStore.baseService?.apply {
+            runOnDefaultDispatcher {
+                val id = data.proxy!!.config.profileTagMap
+                    .filterValues { it == tag }.keys.firstOrNull() ?: -1
+                val ent = SagerDatabase.proxyDao.getById(id) ?: return@runOnDefaultDispatcher
+                // traffic & title
+                data.proxy?.apply {
+                    looper?.selectMain(id)
+                    displayProfileName = ServiceNotification.genTitle(ent)
+                    data.notification?.postNotificationTitle(displayProfileName)
+                }
+                // post binder
+                data.binder.broadcast { b ->
+                    b.cbSelectorUpdate(id)
+                }
+            }
+        }
+    }
+
+}
diff --git a/app/src/main/java/moe/matsuri/nb4a/Protocols.kt b/app/src/main/java/moe/matsuri/nb4a/Protocols.kt
index 1cda9044d..e280d6fcd 100644
--- a/app/src/main/java/moe/matsuri/nb4a/Protocols.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/Protocols.kt
@@ -2,34 +2,14 @@ package moe.matsuri.nb4a
 
 import android.content.Context
 import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.database.DataStore
 import io.nekohasekai.sagernet.database.ProxyEntity.Companion.TYPE_NEKO
 import io.nekohasekai.sagernet.fmt.AbstractBean
 import io.nekohasekai.sagernet.ktx.app
 import io.nekohasekai.sagernet.ktx.getColorAttr
-import moe.matsuri.nb4a.plugin.NekoPluginManager
+import moe.matsuri.nb4a.proxy.config.ConfigBean
 
 // Settings for all protocols, built-in or plugin
 object Protocols {
-    // Mux
-
-    fun shouldEnableMux(protocol: String): Boolean {
-        return DataStore.muxProtocols.contains(protocol)
-    }
-
-    fun getCanMuxList(): List<String> {
-        // built-in and support mux
-        // sing-box support ss & vmess & trojan smux
-        val list = mutableListOf("vmess", "trojan", "trojan-go", "shadowsocks")
-
-        NekoPluginManager.getProtocols().forEach {
-            if (it.protocolConfig.optBoolean("canMux")) {
-                list.add(it.protocolId)
-            }
-        }
-
-        return list
-    }
 
     // Deduplication
 
@@ -38,6 +18,9 @@ object Protocols {
     ) {
 
         fun hash(): String {
+            if (bean is ConfigBean) {
+                return bean.config
+            }
             return bean.serverAddress + bean.serverPort + type
         }
 
@@ -73,9 +56,11 @@ object Protocols {
             msgL.contains("timeout") || msgL.contains("deadline") -> {
                 app.getString(R.string.connection_test_timeout)
             }
+
             msgL.contains("refused") || msgL.contains("closed pipe") -> {
                 app.getString(R.string.connection_test_refused)
             }
+
             else -> msg
         }
     }
diff --git a/app/src/main/java/moe/matsuri/nb4a/SingBoxOptions.java b/app/src/main/java/moe/matsuri/nb4a/SingBoxOptions.java
index 21fe7ba0b..05f89275f 100644
--- a/app/src/main/java/moe/matsuri/nb4a/SingBoxOptions.java
+++ b/app/src/main/java/moe/matsuri/nb4a/SingBoxOptions.java
@@ -1,19 +1,97 @@
 package moe.matsuri.nb4a;
 
-import static moe.matsuri.nb4a.utils.JavaUtil.gson;
-
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonSerializationContext;
+import com.google.gson.JsonSerializer;
+import com.google.gson.ToNumberPolicy;
+import com.google.gson.TypeAdapter;
+import com.google.gson.TypeAdapterFactory;
 import com.google.gson.annotations.SerializedName;
+import com.google.gson.reflect.TypeToken;
 
+import java.lang.reflect.Type;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import moe.matsuri.nb4a.utils.Util;
+
 public class SingBoxOptions {
 
     // base
 
+    private static final Gson gsonSingbox = new GsonBuilder()
+            .registerTypeHierarchyAdapter(SingBoxOption.class, new SingBoxOptionSerializer())
+            .setPrettyPrinting()
+            .setNumberToNumberStrategy(ToNumberPolicy.LONG_OR_DOUBLE)
+            .setObjectToNumberStrategy(ToNumberPolicy.LONG_OR_DOUBLE)
+            .setLenient()
+            .disableHtmlEscaping()
+            .create();
+
     public static class SingBoxOption {
+
+        public transient Map<String, Object> _hack_config_map; // 仍然用普通json方式合并，所以Object内不要使用 _hack
+
+        public transient String _hack_custom_config;
+
+        public SingBoxOption() {
+            _hack_config_map = new HashMap<>();
+        }
+
         public Map<String, Object> asMap() {
-            return gson.fromJson(gson.toJson(this), Map.class);
+            return gsonSingbox.fromJson(gsonSingbox.toJson(this), Map.class);
+        }
+
+    }
+
+    public static final class CustomSingBoxOption extends SingBoxOption {
+
+        public transient String config;
+
+        public CustomSingBoxOption(String config) {
+            super();
+            this.config = config;
+        }
+
+        public Map<String, Object> getBasicMap() {
+            Map<String, Object> map = gsonSingbox.fromJson(config, Map.class);
+            if (map == null) {
+                map = new HashMap<>();
+            }
+            return map;
+        }
+    }
+
+    // 自定义序列化器
+    public static class SingBoxOptionSerializer implements JsonSerializer<SingBoxOption> {
+        @Override
+        public JsonElement serialize(SingBoxOption src, Type typeOfSrc, JsonSerializationContext context) {
+            // 拿到原始的 delegate（默认序列化器）
+            TypeAdapter<?> delegate = gsonSingbox.getDelegateAdapter(
+                    new TypeAdapterFactory() {
+                        @Override
+                        public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type) {
+                            return null; // 返回 null，表示只作为“跳过当前自定义”的 marker
+                        }
+                    },
+                    TypeToken.get(src.getClass())
+            );
+            Map<String, Object> map;
+            if (src instanceof CustomSingBoxOption) {
+                map = ((CustomSingBoxOption) src).getBasicMap();
+            } else {
+                map = gsonSingbox.fromJson(((TypeAdapter<SingBoxOption>) delegate).toJson(src), Map.class);
+            }
+            if (src._hack_config_map != null && !src._hack_config_map.isEmpty()) {
+                Util.INSTANCE.mergeMap(map, src._hack_config_map);
+            }
+            if (src._hack_custom_config != null && !src._hack_custom_config.isBlank()) {
+                Util.INSTANCE.mergeJSON(map, src._hack_custom_config);
+            }
+            return gsonSingbox.toJsonTree(map);
         }
     }
 
@@ -33,11 +111,12 @@ public static class MyOptions extends SingBoxOption {
 
         public List<Inbound> inbounds;
 
-        public List<Map<String, Object>> outbounds;
+        public List<SingBoxOption> outbounds;
 
         public RouteOptions route;
 
         public ExperimentalOptions experimental;
+
     }
 
     // paste generate output here
@@ -48,13 +127,15 @@ public static class ClashAPIOptions extends SingBoxOption {
 
         public String external_ui;
 
+        public String external_ui_download_url;
+
+        public String external_ui_download_detour;
+
         public String secret;
 
         public String default_mode;
 
-        public Boolean store_selected;
-
-        public String cache_file;
+        // Generate note: option type:  public List<String> ModeList;
 
     }
 
@@ -116,6 +197,8 @@ public static class LogOptions extends SingBoxOption {
 
     public static class DebugOptions extends SingBoxOption {
 
+        public String listen;
+
         public Integer gc_percent;
 
         public Integer max_stack;
@@ -142,6 +225,8 @@ public static class DirectInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -196,6 +281,8 @@ public static class DirectOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -223,6 +310,10 @@ public static class DNSOptions extends SingBoxOption {
         @SerializedName("final")
         public String final_;
 
+        public Boolean reverse_mapping;
+
+        public DNSFakeIPOptions fakeip;
+
         // Generate note: nested type DNSClientOptions
         public String strategy;
 
@@ -230,17 +321,9 @@ public static class DNSOptions extends SingBoxOption {
 
         public Boolean disable_expire;
 
-        // End of public DNSClientOptions ;
-
-    }
-
-    public static class DNSClientOptions extends SingBoxOption {
-
-        public String strategy;
-
-        public Boolean disable_cache;
+        public Boolean independent_cache;
 
-        public Boolean disable_expire;
+        // End of public DNSClientOptions ;
 
     }
 
@@ -262,117 +345,49 @@ public static class DNSServerOptions extends SingBoxOption {
 
     }
 
+    public static class DNSClientOptions extends SingBoxOption {
 
-    public static class DNSRule extends SingBoxOption {
+        public String strategy;
 
-        public String type;
+        public Boolean disable_cache;
 
-        // Generate note: option type:  public DefaultDNSRule DefaultOptions;
+        public Boolean disable_expire;
 
-        // Generate note: option type:  public LogicalDNSRule LogicalOptions;
+        public Boolean independent_cache;
 
     }
 
-    public static class DefaultDNSRule extends SingBoxOption {
+    public static class DNSFakeIPOptions extends SingBoxOption {
 
-        // Generate note: Listable
-        public List<String> inbound;
-
-        public Integer ip_version;
-
-        // Generate note: Listable
-        public List<String> query_type;
-
-        public String network;
-
-        // Generate note: Listable
-        public List<String> auth_user;
-
-        // Generate note: Listable
-        public List<String> protocol;
-
-        // Generate note: Listable
-        public List<String> domain;
-
-        // Generate note: Listable
-        public List<String> domain_suffix;
-
-        // Generate note: Listable
-        public List<String> domain_keyword;
-
-        // Generate note: Listable
-        public List<String> domain_regex;
-
-        // Generate note: Listable
-        public List<String> geosite;
-
-        // Generate note: Listable
-        public List<String> source_geoip;
-
-        // Generate note: Listable
-        public List<String> source_ip_cidr;
-
-        // Generate note: Listable
-        public List<Integer> source_port;
-
-        // Generate note: Listable
-        public List<String> source_port_range;
-
-        // Generate note: Listable
-        public List<Integer> port;
-
-        // Generate note: Listable
-        public List<String> port_range;
-
-        // Generate note: Listable
-        public List<String> process_name;
-
-        // Generate note: Listable
-        public List<String> process_path;
-
-        // Generate note: Listable
-        public List<String> package_name;
-
-        // Generate note: Listable
-        public List<String> user;
-
-        // Generate note: Listable
-        public List<Integer> user_id;
-
-        // Generate note: Listable
-        public List<String> outbound;
-
-        public String clash_mode;
-
-        public Boolean invert;
+        public Boolean enabled;
 
-        public String server;
+        public String inet4_range;
 
-        public Boolean disable_cache;
+        public String inet6_range;
 
     }
 
-    public static class LogicalDNSRule extends SingBoxOption {
-
-        public String mode;
+    public static class ExperimentalOptions extends SingBoxOption {
 
-        public List<DefaultDNSRule> rules;
+        public ClashAPIOptions clash_api;
 
-        public Boolean invert;
+        public V2RayAPIOptions v2ray_api;
 
-        public String server;
+        public CacheFile cache_file;
 
-        public Boolean disable_cache;
+        public DebugOptions debug;
 
     }
 
-    public static class ExperimentalOptions extends SingBoxOption {
+    public static class CacheFile extends SingBoxOption {
 
-        public ClashAPIOptions clash_api;
+        public Boolean enabled;
 
-        public V2RayAPIOptions v2ray_api;
+        public Boolean store_fakeip;
 
-        public DebugOptions debug;
+        public String path;
+
+        public String cache_id;
 
     }
 
@@ -385,6 +400,8 @@ public static class HysteriaInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -466,6 +483,8 @@ public static class HysteriaOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -508,6 +527,136 @@ public static class HysteriaOutboundOptions extends SingBoxOption {
 
         public OutboundTLSOptions tls;
 
+        public List<String> server_ports;
+
+        public String hop_interval;
+
+    }
+
+    public static class Hysteria2InboundOptions extends SingBoxOption {
+
+        // Generate note: nested type ListenOptions
+        public String listen;
+
+        public Integer listen_port;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+        // Generate note: option type:  public Boolean UDPFragmentDefault;
+
+        public Long udp_timeout;
+
+        public Boolean proxy_protocol;
+
+        public Boolean proxy_protocol_accept_no_header;
+
+        public String detour;
+
+        // Generate note: nested type InboundOptions
+        public Boolean sniff;
+
+        public Boolean sniff_override_destination;
+
+        public Long sniff_timeout;
+
+        public String domain_strategy;
+
+        // End of public InboundOptions ;
+
+        // End of public ListenOptions ;
+
+        public Integer up_mbps;
+
+        public Integer down_mbps;
+
+        public Hysteria2Obfs obfs;
+
+        public List<Hysteria2User> users;
+
+        public Boolean ignore_client_bandwidth;
+
+        public InboundTLSOptions tls;
+
+        public String masquerade;
+
+    }
+
+    public static class Hysteria2Obfs extends SingBoxOption {
+
+        public String type;
+
+        public String password;
+
+    }
+
+    public static class Hysteria2User extends SingBoxOption {
+
+        public String name;
+
+        public String password;
+
+    }
+
+    public static class Hysteria2OutboundOptions extends SingBoxOption {
+
+        // Generate note: nested type DialerOptions
+        public String detour;
+
+        public String bind_interface;
+
+        public String inet4_bind_address;
+
+        public String inet6_bind_address;
+
+        public String protect_path;
+
+        public Integer routing_mark;
+
+        public Boolean reuse_addr;
+
+        public Long connect_timeout;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+        // Generate note: option type:  public Boolean UDPFragmentDefault;
+
+        public String domain_strategy;
+
+        public Long fallback_delay;
+
+        // End of public DialerOptions ;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
+        public Integer up_mbps;
+
+        public Integer down_mbps;
+
+        public Hysteria2Obfs obfs;
+
+        public String password;
+
+        public String network;
+
+        public OutboundTLSOptions tls;
+
+        public List<String> server_ports;
+
+        public String hop_interval;
+
     }
 
 
@@ -545,6 +694,10 @@ public static class Inbound extends SingBoxOption {
 
         // Generate note: option type:  public VLESSInboundOptions VLESSOptions;
 
+        // Generate note: option type:  public TUICInboundOptions TUICOptions;
+
+        // Generate note: option type:  public Hysteria2InboundOptions Hysteria2Options;
+
     }
 
     public static class InboundOptions extends SingBoxOption {
@@ -567,6 +720,8 @@ public static class ListenOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -601,6 +756,8 @@ public static class NaiveInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -668,6 +825,8 @@ public static class NTPOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -711,7 +870,11 @@ public static class Outbound extends SingBoxOption {
 
         // Generate note: option type:  public ShadowsocksROutboundOptions ShadowsocksROptions;
 
-        // Generate note: option type:  public VLESSOutboundOptions VLESSOptions;
+        // Generate note: option type:  public VLESSOutboundOptions VLESSOptions;
+
+        // Generate note: option type:  public TUICOutboundOptions TUICOptions;
+
+        // Generate note: option type:  public Hysteria2OutboundOptions Hysteria2Options;
 
         // Generate note: option type:  public SelectorOutboundOptions SelectorOptions;
 
@@ -739,6 +902,8 @@ public static class DialerOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -769,6 +934,8 @@ public static class MultiplexOptions extends SingBoxOption {
 
         public Integer max_streams;
 
+        public Boolean padding;
+
     }
 
     public static class OnDemandOptions extends SingBoxOption {
@@ -808,6 +975,8 @@ public static class RedirectInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -844,6 +1013,8 @@ public static class TProxyInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -875,12 +1046,10 @@ public static class TProxyInboundOptions extends SingBoxOption {
 
     public static class RouteOptions extends SingBoxOption {
 
-        public GeoIPOptions geoip;
-
-        public GeositeOptions geosite;
-
         public List<Rule> rules;
 
+        public List<RuleSet> rule_set;
+
         @SerializedName("final")
         public String final_;
 
@@ -896,34 +1065,28 @@ public static class RouteOptions extends SingBoxOption {
 
     }
 
-    public static class GeoIPOptions extends SingBoxOption {
 
-        public String path;
-
-        public String download_url;
-
-        public String download_detour;
-
-    }
-
-    public static class GeositeOptions extends SingBoxOption {
+    public static class Rule extends SingBoxOption {
 
-        public String path;
+        public String type;
 
-        public String download_url;
+        // Generate note: option type:  public DefaultRule DefaultOptions;
 
-        public String download_detour;
+        // Generate note: option type:  public LogicalRule LogicalOptions;
 
     }
 
-
-    public static class Rule extends SingBoxOption {
+    public static class RuleSet extends SingBoxOption {
 
         public String type;
 
-        // Generate note: option type:  public DefaultRule DefaultOptions;
+        public String tag;
 
-        // Generate note: option type:  public LogicalRule LogicalOptions;
+        public String format;
+
+        public String path;
+
+        public String url;
 
     }
 
@@ -934,7 +1097,8 @@ public static class DefaultRule extends SingBoxOption {
 
         public Integer ip_version;
 
-        public String network;
+        // Generate note: Listable
+        public List<String> network;
 
         // Generate note: Listable
         public List<String> auth_user;
@@ -954,15 +1118,6 @@ public static class DefaultRule extends SingBoxOption {
         // Generate note: Listable
         public List<String> domain_regex;
 
-        // Generate note: Listable
-        public List<String> geosite;
-
-        // Generate note: Listable
-        public List<String> source_geoip;
-
-        // Generate note: Listable
-        public List<String> geoip;
-
         // Generate note: Listable
         public List<String> source_ip_cidr;
 
@@ -1004,15 +1159,93 @@ public static class DefaultRule extends SingBoxOption {
 
     }
 
-    public static class LogicalRule extends SingBoxOption {
 
-        public String mode;
+    public static class DNSRule extends SingBoxOption {
+
+        public String type;
+
+        // Generate note: option type:  public DefaultDNSRule DefaultOptions;
+
+        // Generate note: option type:  public LogicalDNSRule LogicalOptions;
+
+    }
+
+    public static class DefaultDNSRule extends SingBoxOption {
+
+        // Generate note: Listable
+        public List<String> inbound;
+
+        public Integer ip_version;
+
+        // Generate note: Listable
+        public List<String> query_type;
+
+        // Generate note: Listable
+        public List<String> network;
+
+        // Generate note: Listable
+        public List<String> auth_user;
+
+        // Generate note: Listable
+        public List<String> protocol;
+
+        // Generate note: Listable
+        public List<String> domain;
+
+        // Generate note: Listable
+        public List<String> domain_suffix;
+
+        // Generate note: Listable
+        public List<String> domain_keyword;
+
+        // Generate note: Listable
+        public List<String> domain_regex;
+
+        // Generate note: Listable
+        public List<String> geosite;
+
+        // Generate note: Listable
+        public List<String> source_ip_cidr;
+
+        // Generate note: Listable
+        public List<Integer> source_port;
+
+        // Generate note: Listable
+        public List<String> source_port_range;
+
+        // Generate note: Listable
+        public List<Integer> port;
+
+        // Generate note: Listable
+        public List<String> port_range;
+
+        // Generate note: Listable
+        public List<String> process_name;
+
+        // Generate note: Listable
+        public List<String> process_path;
+
+        // Generate note: Listable
+        public List<String> package_name;
+
+        // Generate note: Listable
+        public List<String> user;
+
+        // Generate note: Listable
+        public List<Integer> user_id;
+
+        // Generate note: Listable
+        public List<String> outbound;
 
-        public List<DefaultRule> rules;
+        public String clash_mode;
 
         public Boolean invert;
 
-        public String outbound;
+        public String server;
+
+        public Boolean disable_cache;
+
+        public Integer rewrite_ttl;
 
     }
 
@@ -1025,6 +1258,8 @@ public static class ShadowsocksInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1106,6 +1341,8 @@ public static class ShadowsocksOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1160,6 +1397,8 @@ public static class ShadowsocksROutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1202,6 +1441,8 @@ public static class ShadowTLSInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1277,6 +1518,8 @@ public static class ShadowTLSHandshakeOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1310,6 +1553,8 @@ public static class ShadowTLSOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1344,6 +1589,8 @@ public static class SocksInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1382,6 +1629,8 @@ public static class HTTPMixedInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1436,6 +1685,8 @@ public static class SocksOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1486,6 +1737,8 @@ public static class HTTPOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1509,6 +1762,10 @@ public static class HTTPOutboundOptions extends SingBoxOption {
 
         public OutboundTLSOptions tls;
 
+        public String path;
+
+        public Map<String, String> headers;
+
     }
 
     public static class SSHOutboundOptions extends SingBoxOption {
@@ -1532,6 +1789,8 @@ public static class SSHOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1587,16 +1846,20 @@ public static class InboundTLSOptions extends SingBoxOption {
         // Generate note: Listable
         public List<String> cipher_suites;
 
-        public String certificate;
+        // Generate note: Listable
+        public List<String> certificate;
 
         public String certificate_path;
 
-        public String key;
+        // Generate note: Listable
+        public List<String> key;
 
         public String key_path;
 
         public InboundACMEOptions acme;
 
+        public InboundECHOptions ech;
+
         public InboundRealityOptions reality;
 
     }
@@ -1676,6 +1939,8 @@ public static class InboundRealityHandshakeOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1688,15 +1953,25 @@ public static class InboundRealityHandshakeOptions extends SingBoxOption {
 
     }
 
-    public static class OutboundECHOptions extends SingBoxOption {
+    public static class InboundECHOptions extends SingBoxOption {
 
         public Boolean enabled;
 
-        public Boolean pq_signature_schemes_enabled;
+        // Generate note: Listable
+        public List<String> key;
+
+        public String key_path;
+
+    }
+
+    public static class OutboundECHOptions extends SingBoxOption {
+
+        public Boolean enabled;
 
-        public Boolean dynamic_record_sizing_disabled;
+        // Generate note: Listable
+        public List<String> config;
 
-        public String config;
+        public String config_path;
 
     }
 
@@ -1772,6 +2047,8 @@ public static class TorOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1801,6 +2078,116 @@ public static class TrojanInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+        // Generate note: option type:  public Boolean UDPFragmentDefault;
+
+        public Long udp_timeout;
+
+        public Boolean proxy_protocol;
+
+        public Boolean proxy_protocol_accept_no_header;
+
+        public String detour;
+
+        // Generate note: nested type InboundOptions
+        public Boolean sniff;
+
+        public Boolean sniff_override_destination;
+
+        public Long sniff_timeout;
+
+        public String domain_strategy;
+
+        // End of public InboundOptions ;
+
+        // End of public ListenOptions ;
+
+        public List<TrojanUser> users;
+
+        public InboundTLSOptions tls;
+
+        public ServerOptions fallback;
+
+        public Map<String, ServerOptions> fallback_for_alpn;
+
+        public V2RayTransportOptions transport;
+
+    }
+
+    public static class TrojanUser extends SingBoxOption {
+
+        public String name;
+
+        public String password;
+
+    }
+
+    public static class TrojanOutboundOptions extends SingBoxOption {
+
+        // Generate note: nested type DialerOptions
+        public String detour;
+
+        public String bind_interface;
+
+        public String inet4_bind_address;
+
+        public String inet6_bind_address;
+
+        public String protect_path;
+
+        public Integer routing_mark;
+
+        public Boolean reuse_addr;
+
+        public Long connect_timeout;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+        // Generate note: option type:  public Boolean UDPFragmentDefault;
+
+        public String domain_strategy;
+
+        public Long fallback_delay;
+
+        // End of public DialerOptions ;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
+        public String password;
+
+        public String network;
+
+        public OutboundTLSOptions tls;
+
+        public MultiplexOptions multiplex;
+
+        public V2RayTransportOptions transport;
+
+    }
+
+    public static class TUICInboundOptions extends SingBoxOption {
+
+        // Generate note: nested type ListenOptions
+        public String listen;
+
+        public Integer listen_port;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1826,27 +2213,31 @@ public static class TrojanInboundOptions extends SingBoxOption {
 
         // End of public ListenOptions ;
 
-        public List<TrojanUser> users;
+        public List<TUICUser> users;
 
-        public InboundTLSOptions tls;
+        public String congestion_control;
 
-        public ServerOptions fallback;
+        public Long auth_timeout;
 
-        public Map<String, ServerOptions> fallback_for_alpn;
+        public Boolean zero_rtt_handshake;
 
-        public V2RayTransportOptions transport;
+        public Long heartbeat;
+
+        public InboundTLSOptions tls;
 
     }
 
-    public static class TrojanUser extends SingBoxOption {
+    public static class TUICUser extends SingBoxOption {
 
         public String name;
 
+        public String uuid;
+
         public String password;
 
     }
 
-    public static class TrojanOutboundOptions extends SingBoxOption {
+    public static class TUICOutboundOptions extends SingBoxOption {
 
         // Generate note: nested type DialerOptions
         public String detour;
@@ -1867,6 +2258,8 @@ public static class TrojanOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -1884,15 +2277,23 @@ public static class TrojanOutboundOptions extends SingBoxOption {
 
         // End of public ServerOptions ;
 
+        public String uuid;
+
         public String password;
 
-        public String network;
+        public String congestion_control;
 
-        public OutboundTLSOptions tls;
+        public String udp_relay_mode;
 
-        public MultiplexOptions multiplex;
+        public Boolean udp_over_stream;
 
-        public V2RayTransportOptions transport;
+        public Boolean zero_rtt_handshake;
+
+        public Long heartbeat;
+
+        public String network;
+
+        public OutboundTLSOptions tls;
 
     }
 
@@ -1918,6 +2319,12 @@ public static class TunInboundOptions extends SingBoxOption {
         // Generate note: Listable
         public List<String> inet6_route_address;
 
+        // Generate note: Listable
+        public List<String> include_interface;
+
+        // Generate note: Listable
+        public List<String> exclude_interface;
+
         // Generate note: Listable
         public List<Integer> include_uid;
 
@@ -2067,6 +2474,16 @@ public static class V2RayGRPCOptions extends SingBoxOption {
 
     }
 
+    public static class V2RayHTTPUpgradeOptions extends SingBoxOption {
+
+        public String host;
+
+        public String path;
+
+        public Map<String, String> headers;
+
+    }
+
     public static class VLESSInboundOptions extends SingBoxOption {
 
         // Generate note: nested type ListenOptions
@@ -2076,6 +2493,8 @@ public static class VLESSInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -2140,6 +2559,8 @@ public static class VLESSOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -2165,6 +2586,8 @@ public static class VLESSOutboundOptions extends SingBoxOption {
 
         public OutboundTLSOptions tls;
 
+        public MultiplexOptions multiplex;
+
         public V2RayTransportOptions transport;
 
         public String packet_encoding;
@@ -2180,6 +2603,8 @@ public static class VMessInboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -2244,6 +2669,8 @@ public static class VMessOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -2304,6 +2731,8 @@ public static class WireGuardOutboundOptions extends SingBoxOption {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
         // Generate note: option type:  public Boolean UDPFragmentDefault;
@@ -2314,13 +2743,6 @@ public static class WireGuardOutboundOptions extends SingBoxOption {
 
         // End of public DialerOptions ;
 
-        // Generate note: nested type ServerOptions
-        public String server;
-
-        public Integer server_port;
-
-        // End of public ServerOptions ;
-
         public Boolean system_interface;
 
         public String interface_name;
@@ -2330,6 +2752,15 @@ public static class WireGuardOutboundOptions extends SingBoxOption {
 
         public String private_key;
 
+        public List<WireGuardPeer> peers;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
         public String peer_public_key;
 
         public String pre_shared_key;
@@ -2345,96 +2776,24 @@ public static class WireGuardOutboundOptions extends SingBoxOption {
 
     }
 
-    public static class DNSRule_DefaultOptions extends DNSRule {
-
-        // Generate note: Listable
-        public List<String> inbound;
-
-        public Integer ip_version;
-
-        // Generate note: Listable
-        public List<String> query_type;
-
-        public String network;
-
-        // Generate note: Listable
-        public List<String> auth_user;
-
-        // Generate note: Listable
-        public List<String> protocol;
-
-        // Generate note: Listable
-        public List<String> domain;
-
-        // Generate note: Listable
-        public List<String> domain_suffix;
-
-        // Generate note: Listable
-        public List<String> domain_keyword;
-
-        // Generate note: Listable
-        public List<String> domain_regex;
-
-        // Generate note: Listable
-        public List<String> geosite;
-
-        // Generate note: Listable
-        public List<String> source_geoip;
-
-        // Generate note: Listable
-        public List<String> source_ip_cidr;
-
-        // Generate note: Listable
-        public List<Integer> source_port;
-
-        // Generate note: Listable
-        public List<String> source_port_range;
-
-        // Generate note: Listable
-        public List<Integer> port;
-
-        // Generate note: Listable
-        public List<String> port_range;
-
-        // Generate note: Listable
-        public List<String> process_name;
-
-        // Generate note: Listable
-        public List<String> process_path;
-
-        // Generate note: Listable
-        public List<String> package_name;
-
-        // Generate note: Listable
-        public List<String> user;
-
-        // Generate note: Listable
-        public List<Integer> user_id;
-
-        // Generate note: Listable
-        public List<String> outbound;
-
-        public String clash_mode;
-
-        public Boolean invert;
+    public static class WireGuardPeer extends SingBoxOption {
 
+        // Generate note: nested type ServerOptions
         public String server;
 
-        public Boolean disable_cache;
-
-    }
-
-    public static class DNSRule_LogicalOptions extends DNSRule {
+        public Integer server_port;
 
-        public String mode;
+        // End of public ServerOptions ;
 
-        public List<DefaultDNSRule> rules;
+        public String public_key;
 
-        public Boolean invert;
+        public String pre_shared_key;
 
-        public String server;
+        // Generate note: Listable
+        public List<String> allowed_ips;
 
-        public Boolean disable_cache;
+        // Generate note: Base64 String
+        public String reserved;
 
     }
 
@@ -2460,6 +2819,12 @@ public static class Inbound_TunOptions extends Inbound {
         // Generate note: Listable
         public List<String> inet6_route_address;
 
+        // Generate note: Listable
+        public List<String> include_interface;
+
+        // Generate note: Listable
+        public List<String> exclude_interface;
+
         // Generate note: Listable
         public List<Integer> include_uid;
 
@@ -2511,6 +2876,8 @@ public static class Inbound_RedirectOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2546,6 +2913,8 @@ public static class Inbound_TProxyOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2583,6 +2952,8 @@ public static class Inbound_DirectOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2624,6 +2995,8 @@ public static class Inbound_SocksOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2661,6 +3034,8 @@ public static class Inbound_HTTPOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2702,6 +3077,8 @@ public static class Inbound_MixedOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2743,6 +3120,8 @@ public static class Inbound_ShadowsocksOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2788,6 +3167,8 @@ public static class Inbound_VMessOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2829,6 +3210,8 @@ public static class Inbound_TrojanOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2874,6 +3257,8 @@ public static class Inbound_NaiveOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2915,6 +3300,8 @@ public static class Inbound_HysteriaOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -2972,6 +3359,8 @@ public static class Inbound_ShadowTLSOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3019,6 +3408,8 @@ public static class Inbound_VLESSOptions extends Inbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3051,6 +3442,106 @@ public static class Inbound_VLESSOptions extends Inbound {
 
     }
 
+    public static class Inbound_TUICOptions extends Inbound {
+
+        // Generate note: nested type ListenOptions
+        public String listen;
+
+        public Integer listen_port;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+
+        public Long udp_timeout;
+
+        public Boolean proxy_protocol;
+
+        public Boolean proxy_protocol_accept_no_header;
+
+        public String detour;
+
+        // Generate note: nested type InboundOptions
+        public Boolean sniff;
+
+        public Boolean sniff_override_destination;
+
+        public Long sniff_timeout;
+
+        public String domain_strategy;
+
+        // End of public InboundOptions ;
+
+        // End of public ListenOptions ;
+
+        public List<TUICUser> users;
+
+        public String congestion_control;
+
+        public Long auth_timeout;
+
+        public Boolean zero_rtt_handshake;
+
+        public Long heartbeat;
+
+        public InboundTLSOptions tls;
+
+    }
+
+    public static class Inbound_Hysteria2Options extends Inbound {
+
+        // Generate note: nested type ListenOptions
+        public String listen;
+
+        public Integer listen_port;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+
+        public Long udp_timeout;
+
+        public Boolean proxy_protocol;
+
+        public Boolean proxy_protocol_accept_no_header;
+
+        public String detour;
+
+        // Generate note: nested type InboundOptions
+        public Boolean sniff;
+
+        public Boolean sniff_override_destination;
+
+        public Long sniff_timeout;
+
+        public String domain_strategy;
+
+        // End of public InboundOptions ;
+
+        // End of public ListenOptions ;
+
+        public Integer up_mbps;
+
+        public Integer down_mbps;
+
+        public Hysteria2Obfs obfs;
+
+        public List<Hysteria2User> users;
+
+        public Boolean ignore_client_bandwidth;
+
+        public InboundTLSOptions tls;
+
+        public String masquerade;
+
+    }
+
     public static class Outbound_DirectOptions extends Outbound {
 
         // Generate note: nested type DialerOptions
@@ -3072,6 +3563,8 @@ public static class Outbound_DirectOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3110,6 +3603,8 @@ public static class Outbound_SocksOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3159,6 +3654,8 @@ public static class Outbound_HTTPOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3181,6 +3678,10 @@ public static class Outbound_HTTPOptions extends Outbound {
 
         public OutboundTLSOptions tls;
 
+        public String path;
+
+        public Map<String, String> headers;
+
     }
 
     public static class Outbound_ShadowsocksOptions extends Outbound {
@@ -3204,6 +3705,8 @@ public static class Outbound_ShadowsocksOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3257,6 +3760,8 @@ public static class Outbound_VMessOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3316,6 +3821,8 @@ public static class Outbound_TrojanOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3365,6 +3872,8 @@ public static class Outbound_WireGuardOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3374,13 +3883,6 @@ public static class Outbound_WireGuardOptions extends Outbound {
 
         // End of public DialerOptions ;
 
-        // Generate note: nested type ServerOptions
-        public String server;
-
-        public Integer server_port;
-
-        // End of public ServerOptions ;
-
         public Boolean system_interface;
 
         public String interface_name;
@@ -3390,6 +3892,15 @@ public static class Outbound_WireGuardOptions extends Outbound {
 
         public String private_key;
 
+        public List<WireGuardPeer> peers;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
         public String peer_public_key;
 
         public String pre_shared_key;
@@ -3426,6 +3937,8 @@ public static class Outbound_HysteriaOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3467,6 +3980,10 @@ public static class Outbound_HysteriaOptions extends Outbound {
 
         public OutboundTLSOptions tls;
 
+        public List<String> server_ports;
+
+        public String hop_interval;
+
     }
 
     public static class Outbound_TorOptions extends Outbound {
@@ -3490,6 +4007,8 @@ public static class Outbound_TorOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3530,6 +4049,8 @@ public static class Outbound_SSHOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3587,6 +4108,8 @@ public static class Outbound_ShadowTLSOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3632,6 +4155,8 @@ public static class Outbound_ShadowsocksROptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3685,6 +4210,8 @@ public static class Outbound_VLESSOptions extends Outbound {
 
         public Boolean tcp_fast_open;
 
+        public Boolean tcp_multi_path;
+
         public Boolean udp_fragment;
 
 
@@ -3709,12 +4236,130 @@ public static class Outbound_VLESSOptions extends Outbound {
 
         public OutboundTLSOptions tls;
 
+        public MultiplexOptions multiplex;
+
         public V2RayTransportOptions transport;
 
         public String packet_encoding;
 
     }
 
+    public static class Outbound_TUICOptions extends Outbound {
+
+        // Generate note: nested type DialerOptions
+        public String detour;
+
+        public String bind_interface;
+
+        public String inet4_bind_address;
+
+        public String inet6_bind_address;
+
+        public String protect_path;
+
+        public Integer routing_mark;
+
+        public Boolean reuse_addr;
+
+        public Long connect_timeout;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+
+        public String domain_strategy;
+
+        public Long fallback_delay;
+
+        // End of public DialerOptions ;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
+        public String uuid;
+
+        public String password;
+
+        public String congestion_control;
+
+        public String udp_relay_mode;
+
+        public Boolean udp_over_stream;
+
+        public Boolean zero_rtt_handshake;
+
+        public Long heartbeat;
+
+        public String network;
+
+        public OutboundTLSOptions tls;
+
+    }
+
+    public static class Outbound_Hysteria2Options extends Outbound {
+
+        // Generate note: nested type DialerOptions
+        public String detour;
+
+        public String bind_interface;
+
+        public String inet4_bind_address;
+
+        public String inet6_bind_address;
+
+        public String protect_path;
+
+        public Integer routing_mark;
+
+        public Boolean reuse_addr;
+
+        public Long connect_timeout;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+
+        public String domain_strategy;
+
+        public Long fallback_delay;
+
+        // End of public DialerOptions ;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // End of public ServerOptions ;
+
+        public Integer up_mbps;
+
+        public Integer down_mbps;
+
+        public Hysteria2Obfs obfs;
+
+        public String password;
+
+        public String network;
+
+        public OutboundTLSOptions tls;
+
+        public List<String> server_ports;
+
+        public String hop_interval;
+
+    }
+
     public static class Outbound_SelectorOptions extends Outbound {
 
         public List<String> outbounds;
@@ -3743,7 +4388,8 @@ public static class Rule_DefaultOptions extends Rule {
 
         public Integer ip_version;
 
-        public String network;
+        // Generate note: Listable
+        public List<String> network;
 
         // Generate note: Listable
         public List<String> auth_user;
@@ -3763,14 +4409,11 @@ public static class Rule_DefaultOptions extends Rule {
         // Generate note: Listable
         public List<String> domain_regex;
 
-        // Generate note: Listable
-        public List<String> geosite;
+        public List<String> rule_set;
 
-        // Generate note: Listable
-        public List<String> source_geoip;
+        public Boolean source_ip_is_private;
 
-        // Generate note: Listable
-        public List<String> geoip;
+        public Boolean ip_is_private;
 
         // Generate note: Listable
         public List<String> source_ip_cidr;
@@ -3809,19 +4452,87 @@ public static class Rule_DefaultOptions extends Rule {
 
         public Boolean invert;
 
+        public String action;
+
         public String outbound;
 
     }
 
-    public static class Rule_LogicalOptions extends Rule {
+    public static class DNSRule_DefaultOptions extends DNSRule {
+
+        // Generate note: Listable
+        public List<String> inbound;
+
+        public Integer ip_version;
+
+        // Generate note: Listable
+        public List<String> query_type;
+
+        // Generate note: Listable
+        public List<String> network;
+
+        // Generate note: Listable
+        public List<String> auth_user;
+
+        // Generate note: Listable
+        public List<String> protocol;
+
+        // Generate note: Listable
+        public List<String> domain;
+
+        // Generate note: Listable
+        public List<String> domain_suffix;
+
+        // Generate note: Listable
+        public List<String> domain_keyword;
+
+        // Generate note: Listable
+        public List<String> domain_regex;
+
+        public List<String> rule_set;
+
+        // Generate note: Listable
+        public List<String> source_ip_cidr;
+
+        // Generate note: Listable
+        public List<Integer> source_port;
+
+        // Generate note: Listable
+        public List<String> source_port_range;
+
+        // Generate note: Listable
+        public List<Integer> port;
+
+        // Generate note: Listable
+        public List<String> port_range;
+
+        // Generate note: Listable
+        public List<String> process_name;
+
+        // Generate note: Listable
+        public List<String> process_path;
+
+        // Generate note: Listable
+        public List<String> package_name;
+
+        // Generate note: Listable
+        public List<String> user;
+
+        // Generate note: Listable
+        public List<Integer> user_id;
 
-        public String mode;
+        // Generate note: Listable
+        public List<String> outbound;
 
-        public List<DefaultRule> rules;
+        public String clash_mode;
 
         public Boolean invert;
 
-        public String outbound;
+        public String server;
+
+        public Boolean disable_cache;
+
+        public Integer rewrite_ttl;
 
     }
 
@@ -3868,4 +4579,66 @@ public static class V2RayTransportOptions_GRPCOptions extends V2RayTransportOpti
 
     }
 
+    public static class V2RayTransportOptions_HTTPUpgradeOptions extends V2RayTransportOptions {
+
+        public String host;
+
+        public String path;
+
+
+    }
+
+    // sing-box Options 生成器已经坏了，以下是从 husi 抄的
+
+    public static class Outbound_AnyTLSOptions extends Outbound {
+
+        // Generate note: nested type DialerOptions
+        public String detour;
+
+        public String bind_interface;
+
+        public String inet4_bind_address;
+
+        public String inet6_bind_address;
+
+        public String protect_path;
+
+        public Integer routing_mark;
+
+        public Boolean reuse_addr;
+
+        public String connect_timeout;
+
+        public Boolean tcp_fast_open;
+
+        public Boolean tcp_multi_path;
+
+        public Boolean udp_fragment;
+
+        public String domain_strategy;
+
+        public String network_strategy;
+
+        public List<String> network_type;
+
+        public List<String> fallback_network_type;
+
+        public String fallback_delay;
+
+        // Generate note: nested type ServerOptions
+        public String server;
+
+        public Integer server_port;
+
+        // Generate note: nested type OutboundTLSOptionsContainer
+        public OutboundTLSOptions tls;
+
+        public String password;
+
+        public String idle_session_check_interval;
+
+        public String idle_session_timeout;
+
+    }
+
 }
diff --git a/app/src/main/java/moe/matsuri/nb4a/SingBoxOptionsUtil.kt b/app/src/main/java/moe/matsuri/nb4a/SingBoxOptionsUtil.kt
index e4186d9ed..d3971b2b2 100644
--- a/app/src/main/java/moe/matsuri/nb4a/SingBoxOptionsUtil.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/SingBoxOptionsUtil.kt
@@ -1,26 +1,41 @@
 package moe.matsuri.nb4a
 
 import io.nekohasekai.sagernet.database.DataStore
+import moe.matsuri.nb4a.SingBoxOptions.RuleSet
 
-fun SingBoxOptions.DNSServerOptions.applyDNSNetworkSettings(isDirect: Boolean) {
-    if (isDirect) {
-        if (DataStore.dnsNetwork.contains("NoDirectIPv4")) this.strategy = "ipv6_only"
-        if (DataStore.dnsNetwork.contains("NoDirectIPv6")) this.strategy = "ipv4_only"
-    } else {
-        if (DataStore.dnsNetwork.contains("NoRemoteIPv4")) this.strategy = "ipv6_only"
-        if (DataStore.dnsNetwork.contains("NoRemoteIPv6")) this.strategy = "ipv4_only"
+object SingBoxOptionsUtil {
+
+    fun domainStrategy(tag: String): String {
+        fun auto2(key: String, newS: String): String {
+            return (DataStore.configurationStore.getString(key) ?: "").replace("auto", newS)
+        }
+        return when (tag) {
+            "dns-remote" -> {
+                auto2("domain_strategy_for_remote", "")
+            }
+
+            "dns-direct" -> {
+                auto2("domain_strategy_for_direct", "")
+            }
+
+            // server
+            else -> {
+                auto2("domain_strategy_for_server", "prefer_ipv4")
+            }
+        }
     }
+
 }
 
 fun SingBoxOptions.DNSRule_DefaultOptions.makeSingBoxRule(list: List<String>) {
-    geosite = mutableListOf<String>()
+    rule_set = mutableListOf<String>()
     domain = mutableListOf<String>()
     domain_suffix = mutableListOf<String>()
     domain_regex = mutableListOf<String>()
     domain_keyword = mutableListOf<String>()
     list.forEach {
         if (it.startsWith("geosite:")) {
-            geosite.plusAssign(it.removePrefix("geosite:"))
+            rule_set.plusAssign(it)
         } else if (it.startsWith("full:")) {
             domain.plusAssign(it.removePrefix("full:").lowercase())
         } else if (it.startsWith("domain:")) {
@@ -30,16 +45,15 @@ fun SingBoxOptions.DNSRule_DefaultOptions.makeSingBoxRule(list: List<String>) {
         } else if (it.startsWith("keyword:")) {
             domain_keyword.plusAssign(it.removePrefix("keyword:").lowercase())
         } else {
-            // https://github.com/SagerNet/sing-box/commit/5d41e328d4a9f7549dd27f11b4ccc43710a73664
-            domain.plusAssign(it.lowercase())
+            domain_suffix.plusAssign(it.lowercase())
         }
     }
-    geosite?.removeIf { it.isNullOrBlank() }
+    rule_set?.removeIf { it.isNullOrBlank() }
     domain?.removeIf { it.isNullOrBlank() }
     domain_suffix?.removeIf { it.isNullOrBlank() }
     domain_regex?.removeIf { it.isNullOrBlank() }
     domain_keyword?.removeIf { it.isNullOrBlank() }
-    if (geosite?.isEmpty() == true) geosite = null
+    if (rule_set?.isEmpty() == true) rule_set = null
     if (domain?.isEmpty() == true) domain = null
     if (domain_suffix?.isEmpty() == true) domain_suffix = null
     if (domain_regex?.isEmpty() == true) domain_regex = null
@@ -47,7 +61,7 @@ fun SingBoxOptions.DNSRule_DefaultOptions.makeSingBoxRule(list: List<String>) {
 }
 
 fun SingBoxOptions.DNSRule_DefaultOptions.checkEmpty(): Boolean {
-    if (geosite?.isNotEmpty() == true) return false
+    if (rule_set?.isNotEmpty() == true) return false
     if (domain?.isNotEmpty() == true) return false
     if (domain_suffix?.isNotEmpty() == true) return false
     if (domain_regex?.isNotEmpty() == true) return false
@@ -56,12 +70,36 @@ fun SingBoxOptions.DNSRule_DefaultOptions.checkEmpty(): Boolean {
     return true
 }
 
+fun generateRuleSet(ruleSetString: List<String>, ruleSet: MutableList<RuleSet>) {
+    ruleSetString.forEach {
+        when {
+            it.startsWith("geoip:") -> {
+                ruleSet.add(RuleSet().apply {
+                    type = "local"
+                    tag = it
+                    format = "binary"
+                    path = it
+                })
+            }
+
+            it.startsWith("geosite:") -> {
+                ruleSet.add(RuleSet().apply {
+                    type = "local"
+                    tag = it
+                    format = "binary"
+                    path = it
+                })
+            }
+        }
+    }
+}
+
 fun SingBoxOptions.Rule_DefaultOptions.makeSingBoxRule(list: List<String>, isIP: Boolean) {
     if (isIP) {
         ip_cidr = mutableListOf<String>()
-        geoip = mutableListOf<String>()
+        rule_set = mutableListOf<String>()
     } else {
-        geosite = mutableListOf<String>()
+        rule_set = mutableListOf<String>()
         domain = mutableListOf<String>()
         domain_suffix = mutableListOf<String>()
         domain_regex = mutableListOf<String>()
@@ -70,14 +108,18 @@ fun SingBoxOptions.Rule_DefaultOptions.makeSingBoxRule(list: List<String>, isIP:
     list.forEach {
         if (isIP) {
             if (it.startsWith("geoip:")) {
-                geoip.plusAssign(it.removePrefix("geoip:"))
+                if (it == "geoip:private") {
+                    ip_is_private = true
+                } else {
+                    rule_set.plusAssign(it)
+                }
             } else {
                 ip_cidr.plusAssign(it)
             }
             return@forEach
         }
         if (it.startsWith("geosite:")) {
-            geosite.plusAssign(it.removePrefix("geosite:"))
+            rule_set.plusAssign(it)
         } else if (it.startsWith("full:")) {
             domain.plusAssign(it.removePrefix("full:").lowercase())
         } else if (it.startsWith("domain:")) {
@@ -87,20 +129,16 @@ fun SingBoxOptions.Rule_DefaultOptions.makeSingBoxRule(list: List<String>, isIP:
         } else if (it.startsWith("keyword:")) {
             domain_keyword.plusAssign(it.removePrefix("keyword:").lowercase())
         } else {
-            // https://github.com/SagerNet/sing-box/commit/5d41e328d4a9f7549dd27f11b4ccc43710a73664
-            domain.plusAssign(it.lowercase())
+            domain_suffix.plusAssign(it.lowercase())
         }
     }
     ip_cidr?.removeIf { it.isNullOrBlank() }
-    geoip?.removeIf { it.isNullOrBlank() }
-    geosite?.removeIf { it.isNullOrBlank() }
+    rule_set?.removeIf { it.isNullOrBlank() }
     domain?.removeIf { it.isNullOrBlank() }
     domain_suffix?.removeIf { it.isNullOrBlank() }
     domain_regex?.removeIf { it.isNullOrBlank() }
     domain_keyword?.removeIf { it.isNullOrBlank() }
     if (ip_cidr?.isEmpty() == true) ip_cidr = null
-    if (geoip?.isEmpty() == true) geoip = null
-    if (geosite?.isEmpty() == true) geosite = null
     if (domain?.isEmpty() == true) domain = null
     if (domain_suffix?.isEmpty() == true) domain_suffix = null
     if (domain_regex?.isEmpty() == true) domain_regex = null
@@ -109,9 +147,8 @@ fun SingBoxOptions.Rule_DefaultOptions.makeSingBoxRule(list: List<String>, isIP:
 
 fun SingBoxOptions.Rule_DefaultOptions.checkEmpty(): Boolean {
     if (ip_cidr?.isNotEmpty() == true) return false
-    if (geoip?.isNotEmpty() == true) return false
-    if (geosite?.isNotEmpty() == true) return false
     if (domain?.isNotEmpty() == true) return false
+    if (rule_set?.isNotEmpty() == true) return false
     if (domain_suffix?.isNotEmpty() == true) return false
     if (domain_regex?.isNotEmpty() == true) return false
     if (domain_keyword?.isNotEmpty() == true) return false
@@ -120,5 +157,7 @@ fun SingBoxOptions.Rule_DefaultOptions.checkEmpty(): Boolean {
     if (port?.isNotEmpty() == true) return false
     if (port_range?.isNotEmpty() == true) return false
     if (source_ip_cidr?.isNotEmpty() == true) return false
+    //
+    if (!_hack_custom_config.isNullOrBlank()) return false
     return true
 }
diff --git a/app/src/main/java/moe/matsuri/nb4a/net/LocalResolverImpl.kt b/app/src/main/java/moe/matsuri/nb4a/net/LocalResolverImpl.kt
index 8a5a21907..9b125aeea 100644
--- a/app/src/main/java/moe/matsuri/nb4a/net/LocalResolverImpl.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/net/LocalResolverImpl.kt
@@ -3,77 +3,148 @@ package moe.matsuri.nb4a.net
 import android.net.DnsResolver
 import android.os.Build
 import android.os.CancellationSignal
+import android.system.ErrnoException
+import androidx.annotation.RequiresApi
 import io.nekohasekai.sagernet.SagerNet
-import io.nekohasekai.sagernet.ktx.tryResume
-import io.nekohasekai.sagernet.ktx.tryResumeWithException
+import io.nekohasekai.sagernet.ktx.Logs
+import io.nekohasekai.sagernet.ktx.runOnIoDispatcher
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.asExecutor
-import kotlinx.coroutines.runBlocking
+import libcore.ExchangeContext
+import libcore.LocalDNSTransport
 import java.net.InetAddress
-import kotlin.coroutines.suspendCoroutine
+import java.net.UnknownHostException
 
-object LocalResolverImpl : libcore.LocalResolver {
+object LocalResolverImpl : LocalDNSTransport {
 
-    override fun lookupIP(network: String, domain: String): String {
+    // new local
+
+    private const val RCODE_NXDOMAIN = 3
+
+    override fun raw(): Boolean {
+        return Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q
+    }
+
+    override fun networkHandle(): Long {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
-            return runBlocking {
-                suspendCoroutine { continuation ->
-                    val signal = CancellationSignal()
-                    val callback = object : DnsResolver.Callback<Collection<InetAddress>> {
-                        @Suppress("ThrowableNotThrown")
-                        override fun onAnswer(answer: Collection<InetAddress>, rcode: Int) {
-                            // libcore/v2ray.go
-                            when {
-                                answer.isNotEmpty() -> {
-                                    continuation.tryResume((answer as Collection<InetAddress?>).mapNotNull { it?.hostAddress }
-                                        .joinToString(","))
-                                }
-                                rcode == 0 -> {
-                                    // fuck AAAA no record
-                                    // features/dns/client.go
-                                    continuation.tryResume("")
-                                }
-                                else -> {
-                                    // Need return rcode
-                                    // proxy/dns/dns.go
-                                    continuation.tryResumeWithException(Exception("$rcode"))
-                                }
-                            }
-                        }
+            return SagerNet.underlyingNetwork?.networkHandle ?: 0
+        }
+        return 0
+    }
+
+    @RequiresApi(Build.VERSION_CODES.Q)
+    override fun exchange(ctx: ExchangeContext, message: ByteArray) {
+        val signal = CancellationSignal()
+        ctx.onCancel(signal::cancel)
+
+        val callback = object : DnsResolver.Callback<ByteArray> {
+            override fun onAnswer(answer: ByteArray, rcode: Int) {
+                ctx.rawSuccess(answer)
+            }
+
+            override fun onError(error: DnsResolver.DnsException) {
+                val cause = error.cause
+                if (cause is ErrnoException) {
+                    ctx.errnoCode(cause.errno)
+                } else {
+                    Logs.w(error)
+                    ctx.errnoCode(114514)
+                }
+            }
+        }
 
-                        override fun onError(error: DnsResolver.DnsException) {
-                            continuation.tryResumeWithException(error)
+        DnsResolver.getInstance().rawQuery(
+            SagerNet.underlyingNetwork,
+            message,
+            DnsResolver.FLAG_NO_RETRY,
+            Dispatchers.IO.asExecutor(),
+            signal,
+            callback
+        )
+    }
+
+    override fun lookup(ctx: ExchangeContext, network: String, domain: String) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+            val signal = CancellationSignal()
+            ctx.onCancel(signal::cancel)
+
+            val callback = object : DnsResolver.Callback<Collection<InetAddress>> {
+                override fun onAnswer(answer: Collection<InetAddress>, rcode: Int) {
+                    try {
+                        if (rcode == 0) {
+                            ctx.success(answer.mapNotNull { it.hostAddress }.joinToString("\n"))
+                        } else {
+                            ctx.errorCode(rcode)
                         }
+                    } catch (e: Exception) {
+                        Logs.w(e)
+                        ctx.errnoCode(114514)
                     }
-                    val type = when {
-                        network.endsWith("4") -> DnsResolver.TYPE_A
-                        network.endsWith("6") -> DnsResolver.TYPE_AAAA
-                        else -> null
+                }
+
+                override fun onError(error: DnsResolver.DnsException) {
+                    try {
+                        val cause = error.cause
+                        if (cause is ErrnoException) {
+                            ctx.errnoCode(cause.errno)
+                        } else {
+                            Logs.w(error)
+                            ctx.errnoCode(114514)
+                        }
+                    } catch (e: Exception) {
+                        Logs.w(e)
+                        ctx.errnoCode(114514)
                     }
-                    if (type != null) {
-                        DnsResolver.getInstance().query(
-                            SagerNet.underlyingNetwork,
-                            domain,
-                            type,
-                            DnsResolver.FLAG_EMPTY,
-                            Dispatchers.IO.asExecutor(),
-                            signal,
-                            callback
-                        )
+                }
+            }
+
+            val type = when {
+                network.endsWith("4") -> DnsResolver.TYPE_A
+                network.endsWith("6") -> DnsResolver.TYPE_AAAA
+                else -> null
+            }
+            if (type != null) {
+                DnsResolver.getInstance().query(
+                    SagerNet.underlyingNetwork,
+                    domain,
+                    type,
+                    DnsResolver.FLAG_NO_RETRY,
+                    Dispatchers.IO.asExecutor(),
+                    signal,
+                    callback
+                )
+            } else {
+                DnsResolver.getInstance().query(
+                    SagerNet.underlyingNetwork,
+                    domain,
+                    DnsResolver.FLAG_NO_RETRY,
+                    Dispatchers.IO.asExecutor(),
+                    signal,
+                    callback
+                )
+            }
+        } else {
+            runOnIoDispatcher {
+                // 老版本系统，继续用阻塞的 InetAddress
+                try {
+                    val u = SagerNet.underlyingNetwork
+                    val answer = try {
+                        u?.getAllByName(domain)
+                    } catch (e: UnknownHostException) {
+                        null
+                    } ?: InetAddress.getAllByName(domain)
+                    if (answer != null) {
+                        ctx.success(answer.mapNotNull { it.hostAddress }.joinToString("\n"))
                     } else {
-                        DnsResolver.getInstance().query(
-                            SagerNet.underlyingNetwork,
-                            domain,
-                            DnsResolver.FLAG_EMPTY,
-                            Dispatchers.IO.asExecutor(),
-                            signal,
-                            callback
-                        )
+                        ctx.errnoCode(114514)
                     }
+                } catch (e: UnknownHostException) {
+                    ctx.errorCode(RCODE_NXDOMAIN)
+                } catch (e: Exception) {
+                    Logs.w(e)
+                    ctx.errnoCode(114514)
                 }
             }
-        } else {
-            throw Exception("114514")
         }
     }
 
diff --git a/app/src/main/java/moe/matsuri/nb4a/plugin/NekoPluginManager.kt b/app/src/main/java/moe/matsuri/nb4a/plugin/NekoPluginManager.kt
deleted file mode 100644
index d7ae50e10..000000000
--- a/app/src/main/java/moe/matsuri/nb4a/plugin/NekoPluginManager.kt
+++ /dev/null
@@ -1,153 +0,0 @@
-package moe.matsuri.nb4a.plugin
-
-import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.SagerNet
-import io.nekohasekai.sagernet.bg.BaseService
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.ktx.forEach
-import io.nekohasekai.sagernet.utils.PackageCache
-import moe.matsuri.nb4a.proxy.neko.NekoJSInterface
-import okhttp3.internal.closeQuietly
-import org.json.JSONObject
-import java.io.File
-import java.util.zip.CRC32
-import java.util.zip.ZipFile
-
-object NekoPluginManager {
-    const val managerVersion = 2
-
-    val plugins get() = DataStore.nekoPlugins.split("\n").filter { it.isNotBlank() }
-
-    // plgID to plgConfig object
-    fun getManagedPlugins(): Map<String, JSONObject> {
-        val ret = mutableMapOf<String, JSONObject>()
-        plugins.forEach {
-            tryGetPlgConfig(it)?.apply {
-                ret[it] = this
-            }
-        }
-        return ret
-    }
-
-    class Protocol(
-        val protocolId: String, val plgId: String, val protocolConfig: JSONObject
-    )
-
-    fun getProtocols(): List<Protocol> {
-        val ret = mutableListOf<Protocol>()
-        getManagedPlugins().forEach { (t, u) ->
-            u.optJSONArray("protocols")?.forEach { _, any ->
-                if (any is JSONObject) {
-                    val name = any.optString("protocolId")
-                    ret.add(Protocol(name, t, any))
-                }
-            }
-        }
-        return ret
-    }
-
-    fun findProtocol(protocolId: String): Protocol? {
-        getManagedPlugins().forEach { (t, u) ->
-            u.optJSONArray("protocols")?.forEach { _, any ->
-                if (any is JSONObject) {
-                    if (protocolId == any.optString("protocolId")) {
-                        return Protocol(protocolId, t, any)
-                    }
-                }
-            }
-        }
-        return null
-    }
-
-    fun removeManagedPlugin(plgId: String) {
-        DataStore.configurationStore.remove(plgId)
-        val dir = File(SagerNet.application.filesDir.absolutePath + "/plugins/" + plgId)
-        if (dir.exists()) {
-            dir.deleteRecursively()
-        }
-    }
-
-    fun extractPlugin(plgId: String, install: Boolean) {
-        val app = PackageCache.installedApps[plgId] ?: return
-        val apk = File(app.publicSourceDir)
-        if (!apk.exists()) {
-            return
-        }
-        if (!install && !plugins.contains(plgId)) {
-            return
-        }
-
-        val zipFile = ZipFile(apk)
-        val unzipDir = File(SagerNet.application.filesDir.absolutePath + "/plugins/" + plgId)
-        unzipDir.mkdirs()
-        for (entry in zipFile.entries()) {
-            if (entry.name.startsWith("assets/")) {
-                val relativePath = entry.name.removePrefix("assets/")
-                val outFile = File(unzipDir, relativePath)
-                if (entry.isDirectory) {
-                    outFile.mkdirs()
-                    continue
-                }
-
-                if (outFile.isDirectory) {
-                    outFile.delete()
-                } else if (outFile.exists()) {
-                    val checksum = CRC32()
-                    checksum.update(outFile.readBytes())
-                    if (checksum.value == entry.crc) {
-                        continue
-                    }
-                }
-
-                val input = zipFile.getInputStream(entry)
-                outFile.outputStream().use {
-                    input.copyTo(it)
-                }
-            }
-        }
-        zipFile.closeQuietly()
-    }
-
-    suspend fun installPlugin(plgId: String) {
-        if (plgId == "moe.matsuri.plugin.singbox" || plgId == "moe.matsuri.plugin.xray") {
-            throw Exception("This plugin is deprecated")
-        }
-        extractPlugin(plgId, true)
-        NekoJSInterface.Default.destroyJsi(plgId)
-        NekoJSInterface.Default.requireJsi(plgId).init()
-        NekoJSInterface.Default.destroyJsi(plgId)
-    }
-
-    const val PLUGIN_APP_VERSION = "_v_vc"
-    const val PLUGIN_APP_VERSION_NAME = "_v_vn"
-
-    // Return null if not managed
-    fun tryGetPlgConfig(plgId: String): JSONObject? {
-        return try {
-            JSONObject(DataStore.configurationStore.getString(plgId)!!)
-        } catch (e: Exception) {
-            null
-        }
-    }
-
-    fun updatePlgConfig(plgId: String, plgConfig: JSONObject) {
-        PackageCache.installedPluginPackages[plgId]?.apply {
-            // longVersionCode requires API 28
-//            plgConfig.put(PLUGIN_APP_VERSION, versionCode)
-            plgConfig.put(PLUGIN_APP_VERSION_NAME, versionName)
-        }
-        DataStore.configurationStore.putString(plgId, plgConfig.toString())
-    }
-
-    fun htmlPath(plgId: String): String {
-        val htmlFile = File(SagerNet.application.filesDir.absolutePath + "/plugins/" + plgId)
-        return htmlFile.absolutePath
-    }
-
-    class PluginInternalException(val protocolId: String) : Exception(),
-        BaseService.ExpectedException {
-        override fun getLocalizedMessage() =
-            SagerNet.application.getString(R.string.neko_plugin_internal_error, protocolId)
-    }
-
-}
\ No newline at end of file
diff --git a/app/src/main/java/moe/matsuri/nb4a/plugin/Plugins.kt b/app/src/main/java/moe/matsuri/nb4a/plugin/Plugins.kt
index 677710d4b..a584cadfa 100644
--- a/app/src/main/java/moe/matsuri/nb4a/plugin/Plugins.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/plugin/Plugins.kt
@@ -14,20 +14,18 @@ import io.nekohasekai.sagernet.utils.PackageCache
 object Plugins {
     const val AUTHORITIES_PREFIX_SEKAI_EXE = "io.nekohasekai.sagernet.plugin."
     const val AUTHORITIES_PREFIX_NEKO_EXE = "moe.matsuri.exe."
-    const val AUTHORITIES_PREFIX_NEKO_PLUGIN = "moe.matsuri.plugin."
 
     const val ACTION_NATIVE_PLUGIN = "io.nekohasekai.sagernet.plugin.ACTION_NATIVE_PLUGIN"
 
     const val METADATA_KEY_ID = "io.nekohasekai.sagernet.plugin.id"
     const val METADATA_KEY_EXECUTABLE_PATH = "io.nekohasekai.sagernet.plugin.executable_path"
 
-    fun isExeOrPlugin(pkg: PackageInfo): Boolean {
-        if (pkg.providers == null || pkg.providers.isEmpty()) return false
-        val provider = pkg.providers[0] ?: return false
+    fun isExe(pkg: PackageInfo): Boolean {
+        if (pkg.providers?.isEmpty() == true) return false
+        val provider = pkg.providers?.get(0) ?: return false
         val auth = provider.authority ?: return false
         return auth.startsWith(AUTHORITIES_PREFIX_SEKAI_EXE)
                 || auth.startsWith(AUTHORITIES_PREFIX_NEKO_EXE)
-                || auth.startsWith(AUTHORITIES_PREFIX_NEKO_PLUGIN)
     }
 
     fun preferExePrefix(): String {
@@ -55,12 +53,19 @@ object Plugins {
 
     fun getPlugin(pluginId: String): ProviderInfo? {
         if (pluginId.isBlank()) return null
+        getPluginExternal(pluginId)?.let { return it }
+        // internal so
+        return ProviderInfo().apply { authority = AUTHORITIES_PREFIX_NEKO_EXE }
+    }
+
+    fun getPluginExternal(pluginId: String): ProviderInfo? {
+        if (pluginId.isBlank()) return null
 
         // try queryIntentContentProviders
-        var providers = getPluginOld(pluginId)
+        var providers = getExtPluginOld(pluginId)
 
         // try PackageCache
-        if (providers.isEmpty()) providers = getPluginNew(pluginId)
+        if (providers.isEmpty()) providers = getExtPluginNew(pluginId)
 
         // not found
         if (providers.isEmpty()) return null
@@ -81,12 +86,12 @@ object Plugins {
         return providers[0]
     }
 
-    fun getPluginNew(pluginId: String): List<ProviderInfo> {
+    private fun getExtPluginNew(pluginId: String): List<ProviderInfo> {
         PackageCache.awaitLoadSync()
         val pkgs = PackageCache.installedPluginPackages
             .map { it.value }
-            .filter { it.providers[0].loadString(METADATA_KEY_ID) == pluginId }
-        return pkgs.map { it.providers[0] }
+            .filter { it.providers?.get(0)?.loadString(METADATA_KEY_ID) == pluginId }
+        return pkgs.mapNotNull { it.providers?.get(0) }
     }
 
     private fun buildUri(id: String, auth: String) = Uri.Builder()
@@ -95,7 +100,7 @@ object Plugins {
         .path("/$id")
         .build()
 
-    private fun getPluginOld(pluginId: String): List<ProviderInfo> {
+    private fun getExtPluginOld(pluginId: String): List<ProviderInfo> {
         var flags = PackageManager.GET_META_DATA
         if (Build.VERSION.SDK_INT >= 24) {
             flags =
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSBean.java b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSBean.java
new file mode 100644
index 000000000..43f4144c0
--- /dev/null
+++ b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSBean.java
@@ -0,0 +1,82 @@
+package moe.matsuri.nb4a.proxy.anytls;
+
+import androidx.annotation.NonNull;
+
+import com.esotericsoftware.kryo.io.ByteBufferInput;
+import com.esotericsoftware.kryo.io.ByteBufferOutput;
+
+import org.jetbrains.annotations.NotNull;
+
+import io.nekohasekai.sagernet.fmt.AbstractBean;
+import io.nekohasekai.sagernet.fmt.KryoConverters;
+
+public class AnyTLSBean extends AbstractBean {
+
+    public static final Creator<AnyTLSBean> CREATOR = new CREATOR<AnyTLSBean>() {
+        @NonNull
+        @Override
+        public AnyTLSBean newInstance() {
+            return new AnyTLSBean();
+        }
+
+        @Override
+        public AnyTLSBean[] newArray(int size) {
+            return new AnyTLSBean[size];
+        }
+    };
+    public String password;
+    public String sni;
+    public String alpn;
+    public String certificates;
+    public String utlsFingerprint;
+    public Boolean allowInsecure;
+    // In sing-box, this seemed can be used with REALITY.
+    // But even mihomo appended many options, it still not provide REALITY.
+    // https://github.com/anytls/anytls-go/blob/4636d90462fa21a510420512d7706a9acf69c7b9/docs/faq.md?plain=1#L25-L37
+
+    public String echConfig;
+
+    @Override
+    public void initializeDefaultValues() {
+        super.initializeDefaultValues();
+        if (password == null) password = "";
+        if (sni == null) sni = "";
+        if (alpn == null) alpn = "";
+        if (certificates == null) certificates = "";
+        if (utlsFingerprint == null) utlsFingerprint = "";
+        if (allowInsecure == null) allowInsecure = false;
+        if (echConfig == null) echConfig = "";
+    }
+
+    @Override
+    public void serialize(ByteBufferOutput output) {
+        output.writeInt(0);
+        super.serialize(output);
+        output.writeString(password);
+        output.writeString(sni);
+        output.writeString(alpn);
+        output.writeString(certificates);
+        output.writeString(utlsFingerprint);
+        output.writeBoolean(allowInsecure);
+        output.writeString(echConfig);
+    }
+
+    @Override
+    public void deserialize(ByteBufferInput input) {
+        int version = input.readInt();
+        super.deserialize(input);
+        password = input.readString();
+        sni = input.readString();
+        alpn = input.readString();
+        certificates = input.readString();
+        utlsFingerprint = input.readString();
+        allowInsecure = input.readBoolean();
+        echConfig = input.readString();
+    }
+
+    @NotNull
+    @Override
+    public AnyTLSBean clone() {
+        return KryoConverters.deserialize(new AnyTLSBean(), KryoConverters.serialize(this));
+    }
+}
\ No newline at end of file
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSFmt.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSFmt.kt
new file mode 100644
index 000000000..2fb7b4513
--- /dev/null
+++ b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSFmt.kt
@@ -0,0 +1,81 @@
+package moe.matsuri.nb4a.proxy.anytls
+
+import io.nekohasekai.sagernet.ktx.blankAsNull
+import io.nekohasekai.sagernet.ktx.linkBuilder
+import io.nekohasekai.sagernet.ktx.toLink
+import io.nekohasekai.sagernet.ktx.urlSafe
+import moe.matsuri.nb4a.SingBoxOptions
+import moe.matsuri.nb4a.utils.listByLineOrComma
+import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
+
+fun buildSingBoxOutboundAnyTLSBean(bean: AnyTLSBean): SingBoxOptions.Outbound_AnyTLSOptions {
+    return SingBoxOptions.Outbound_AnyTLSOptions().apply {
+        type = "anytls"
+        server = bean.serverAddress
+        server_port = bean.serverPort
+        password = bean.password
+
+        tls = SingBoxOptions.OutboundTLSOptions().apply {
+            enabled = true
+            server_name = bean.sni.blankAsNull()
+            if (bean.allowInsecure) insecure = true
+            alpn = bean.alpn.blankAsNull()?.listByLineOrComma()
+            bean.certificates.blankAsNull()?.let {
+                certificate = it
+            }
+            bean.utlsFingerprint.blankAsNull()?.let {
+                utls = SingBoxOptions.OutboundUTLSOptions().apply {
+                    enabled = true
+                    fingerprint = it
+                }
+            }
+            bean.echConfig.blankAsNull()?.let {
+                // In new version, some complex options will be deprecated, so we just do this.
+                ech = SingBoxOptions.OutboundECHOptions().apply {
+                    enabled = true
+                    config = listOf(it)
+                }
+            }
+        }
+    }
+}
+
+fun AnyTLSBean.toUri(): String {
+    val builder = linkBuilder()
+        .host(serverAddress)
+        .port(serverPort)
+        .username(password)
+    if (!name.isNullOrBlank()) {
+        builder.encodedFragment(name.urlSafe())
+    }
+    if (allowInsecure) {
+        builder.addQueryParameter("insecure", "1")
+    }
+    if (!sni.isNullOrBlank()) {
+        builder.addQueryParameter("sni", sni)
+    }
+    if (!utlsFingerprint.isNullOrBlank()) {
+        builder.addQueryParameter("fp", utlsFingerprint)
+    }
+    return builder.toLink("anytls")
+}
+
+fun parseAnytls(url: String): AnyTLSBean {
+    // https://github.com/anytls/anytls-go/blob/main/docs/uri_scheme.md
+    val link = url.replace("anytls://", "https://").toHttpUrlOrNull() ?: error(
+        "invalid anytls link $url"
+    )
+    return AnyTLSBean().apply {
+        serverAddress = link.host
+        serverPort = link.port
+        name = link.fragment
+        password = link.username
+        sni = link.queryParameter("sni") ?: ""
+        link.queryParameter("insecure")?.also {
+            allowInsecure = it == "1" || it == "true"
+        }
+        link.queryParameter("fp")?.let {
+            utlsFingerprint = it
+        }
+    }
+}
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSSettingsActivity.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSSettingsActivity.kt
new file mode 100644
index 000000000..13d256d1b
--- /dev/null
+++ b/app/src/main/java/moe/matsuri/nb4a/proxy/anytls/AnyTLSSettingsActivity.kt
@@ -0,0 +1,51 @@
+package moe.matsuri.nb4a.proxy.anytls
+
+import android.os.Bundle
+import androidx.preference.EditTextPreference
+import androidx.preference.PreferenceFragmentCompat
+import io.nekohasekai.sagernet.Key
+import io.nekohasekai.sagernet.R
+import io.nekohasekai.sagernet.database.preference.EditTextPreferenceModifiers
+import io.nekohasekai.sagernet.ktx.applyDefaultValues
+import io.nekohasekai.sagernet.ui.profile.ProfileSettingsActivity
+import moe.matsuri.nb4a.proxy.PreferenceBinding
+import moe.matsuri.nb4a.proxy.PreferenceBindingManager
+import moe.matsuri.nb4a.proxy.Type
+
+class AnyTLSSettingsActivity : ProfileSettingsActivity<AnyTLSBean>() {
+    override fun createEntity() = AnyTLSBean().applyDefaultValues()
+
+    private val pbm = PreferenceBindingManager()
+    private val name = pbm.add(PreferenceBinding(Type.Text, "name"))
+    private val serverAddress = pbm.add(PreferenceBinding(Type.Text, "serverAddress"))
+    private val serverPort = pbm.add(PreferenceBinding(Type.TextToInt, "serverPort"))
+    private val password = pbm.add(PreferenceBinding(Type.Text, "password"))
+    private val sni = pbm.add(PreferenceBinding(Type.Text, "sni"))
+    private val alpn = pbm.add(PreferenceBinding(Type.Text, "alpn"))
+    private val certificates = pbm.add(PreferenceBinding(Type.Text, "certificates"))
+    private val allowInsecure = pbm.add(PreferenceBinding(Type.Bool, "allowInsecure"))
+    private val utlsFingerprint = pbm.add(PreferenceBinding(Type.Text, "utlsFingerprint"))
+
+    override fun AnyTLSBean.init() {
+        pbm.writeToCacheAll(this)
+
+    }
+
+    override fun AnyTLSBean.serialize() {
+        pbm.fromCacheAll(this)
+    }
+
+    override fun PreferenceFragmentCompat.createPreferences(
+        savedInstanceState: Bundle?,
+        rootKey: String?
+    ) {
+        addPreferencesFromResource(R.xml.anytls_preferences)
+
+        findPreference<EditTextPreference>(Key.SERVER_PORT)!!.apply {
+            setOnBindEditTextListener(EditTextPreferenceModifiers.Port)
+        }
+        findPreference<EditTextPreference>("password")!!.apply {
+            summaryProvider = PasswordSummaryProvider
+        }
+    }
+}
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoBean.java b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoBean.java
index 3a86b7fce..434d54923 100644
--- a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoBean.java
+++ b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoBean.java
@@ -8,18 +8,12 @@
 import org.jetbrains.annotations.NotNull;
 import org.json.JSONObject;
 
-import io.nekohasekai.sagernet.R;
-import io.nekohasekai.sagernet.SagerNet;
 import io.nekohasekai.sagernet.fmt.AbstractBean;
 import io.nekohasekai.sagernet.fmt.KryoConverters;
 import io.nekohasekai.sagernet.ktx.Logs;
-import moe.matsuri.nb4a.plugin.NekoPluginManager;
 
 public class NekoBean extends AbstractBean {
 
-    // BoxInstance use this
-    public JSONObject allConfig = null;
-
     public String plgId;
     public String protocolId;
     public JSONObject sharedStorage = new JSONObject();
@@ -62,31 +56,22 @@ public static JSONObject tryParseJSON(String input) {
     }
 
     public String displayType() {
-        NekoPluginManager.Protocol p = NekoPluginManager.INSTANCE.findProtocol(protocolId);
-        String neko = SagerNet.application.getResources().getString(R.string.neko_plugin);
-        if (p == null) return neko;
-        return p.getProtocolId();
+        return "invalid";
     }
 
     @Override
     public boolean canMapping() {
-        NekoPluginManager.Protocol p = NekoPluginManager.INSTANCE.findProtocol(protocolId);
-        if (p == null) return false;
-        return p.getProtocolConfig().optBoolean("canMapping");
+        return false;
     }
 
     @Override
     public boolean canICMPing() {
-        NekoPluginManager.Protocol p = NekoPluginManager.INSTANCE.findProtocol(protocolId);
-        if (p == null) return false;
-        return p.getProtocolConfig().optBoolean("canICMPing");
+        return false;
     }
 
     @Override
     public boolean canTCPing() {
-        NekoPluginManager.Protocol p = NekoPluginManager.INSTANCE.findProtocol(protocolId);
-        if (p == null) return false;
-        return p.getProtocolConfig().optBoolean("canTCPing");
+        return false;
     }
 
     @NotNull
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoFmt.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoFmt.kt
deleted file mode 100644
index 88e45ec58..000000000
--- a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoFmt.kt
+++ /dev/null
@@ -1,123 +0,0 @@
-package moe.matsuri.nb4a.proxy.neko
-
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.ktx.Logs
-import io.nekohasekai.sagernet.ktx.getStr
-import io.nekohasekai.sagernet.ktx.runOnIoDispatcher
-import libcore.Libcore
-import moe.matsuri.nb4a.Protocols
-import moe.matsuri.nb4a.plugin.NekoPluginManager
-import org.json.JSONObject
-import kotlin.coroutines.resume
-import kotlin.coroutines.suspendCoroutine
-
-suspend fun parseShareLink(plgId: String, protocolId: String, link: String): NekoBean =
-    suspendCoroutine {
-        runOnIoDispatcher {
-            val jsi = NekoJSInterface.Default.requireJsi(plgId)
-            jsi.lock()
-
-            try {
-                jsi.init()
-
-                val jsip = jsi.switchProtocol(protocolId)
-                val sharedStorage = jsip.parseShareLink(link)
-
-                // NekoBean from link
-                val bean = NekoBean()
-                bean.plgId = plgId
-                bean.protocolId = protocolId
-                bean.sharedStorage = NekoBean.tryParseJSON(sharedStorage)
-                bean.onSharedStorageSet()
-
-                it.resume(bean)
-            } catch (e: Exception) {
-                Logs.e(e)
-                it.resume(NekoBean().apply {
-                    this.plgId = plgId
-                    this.protocolId = protocolId
-                })
-            }
-
-            jsi.unlock()
-            // destroy when all link parsed
-        }
-    }
-
-fun NekoBean.shareLink(): String {
-    return sharedStorage.optString("shareLink")
-}
-
-// Only run in bg process
-// seems no concurrent
-suspend fun NekoBean.updateAllConfig(port: Int) = suspendCoroutine<Unit> {
-    allConfig = null
-
-    runOnIoDispatcher {
-        val jsi = NekoJSInterface.Default.requireJsi(plgId)
-        jsi.lock()
-
-        try {
-            jsi.init()
-            val jsip = jsi.switchProtocol(protocolId)
-
-            // runtime arguments
-            val otherArgs = mutableMapOf<String, Any>()
-            otherArgs["finalAddress"] = finalAddress
-            otherArgs["finalPort"] = finalPort
-            otherArgs["muxEnabled"] = Protocols.shouldEnableMux(protocolId)
-            otherArgs["muxConcurrency"] = DataStore.muxConcurrency
-
-            val ret = jsip.buildAllConfig(port, this@updateAllConfig, otherArgs)
-
-            // result
-            allConfig = JSONObject(ret)
-        } catch (e: Exception) {
-            Logs.e(e)
-        }
-
-        jsi.unlock()
-        it.resume(Unit)
-        // destroy when config generated / all tests finished
-    }
-}
-
-fun NekoBean.cacheGet(id: String): String? {
-    return DataStore.profileCacheStore.getString("neko_${hash()}_$id")
-}
-
-fun NekoBean.cacheSet(id: String, value: String) {
-    DataStore.profileCacheStore.putString("neko_${hash()}_$id", value)
-}
-
-fun NekoBean.hash(): String {
-    var a = plgId
-    a += protocolId
-    a += sharedStorage.toString()
-    return Libcore.sha256Hex(a.toByteArray())
-}
-
-// must call it to update something like serverAddress
-fun NekoBean.onSharedStorageSet() {
-    serverAddress = sharedStorage.getStr("serverAddress")
-    serverPort = sharedStorage.getStr("serverPort")?.toInt() ?: 1080
-    if (serverAddress == null || serverAddress.isBlank()) {
-        serverAddress = "127.0.0.1"
-    }
-    name = sharedStorage.optString("name")
-}
-
-fun NekoBean.needBypassRootUid(): Boolean {
-    val p = NekoPluginManager.findProtocol(protocolId) ?: return false
-    return p.protocolConfig.optBoolean("needBypassRootUid")
-}
-
-fun NekoBean.haveStandardLink(): Boolean {
-    val p = NekoPluginManager.findProtocol(protocolId) ?: return false
-    return p.protocolConfig.optBoolean("haveStandardLink")
-}
-
-fun NekoBean.canShare(): Boolean {
-    val p = NekoPluginManager.findProtocol(protocolId) ?: return false
-    return p.protocolConfig.optBoolean("canShare")
-}
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoJSInterface.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoJSInterface.kt
deleted file mode 100644
index df165c75f..000000000
--- a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoJSInterface.kt
+++ /dev/null
@@ -1,388 +0,0 @@
-package moe.matsuri.nb4a.proxy.neko
-
-import android.annotation.SuppressLint
-import android.webkit.*
-import android.widget.Toast
-import androidx.preference.Preference
-import androidx.preference.PreferenceScreen
-import io.nekohasekai.sagernet.BuildConfig
-import io.nekohasekai.sagernet.SagerNet
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.ktx.*
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.sync.Mutex
-import kotlinx.coroutines.withContext
-import moe.matsuri.nb4a.plugin.NekoPluginManager
-import moe.matsuri.nb4a.ui.SimpleMenuPreference
-import moe.matsuri.nb4a.utils.JavaUtil
-import moe.matsuri.nb4a.utils.Util
-import moe.matsuri.nb4a.utils.WebViewUtil
-import org.json.JSONObject
-import java.io.File
-import java.io.FileInputStream
-import java.util.*
-import java.util.concurrent.CountDownLatch
-import java.util.concurrent.TimeUnit
-import java.util.concurrent.atomic.AtomicBoolean
-import kotlin.coroutines.resume
-import kotlin.coroutines.resumeWithException
-import kotlin.coroutines.suspendCoroutine
-
-class NekoJSInterface(val plgId: String) {
-
-    private val mutex = Mutex()
-    private var webView: WebView? = null
-    val jsObject = JsObject()
-    var plgConfig: JSONObject? = null
-    var plgConfigException: Exception? = null
-    val protocols = mutableMapOf<String, NekoProtocol>()
-    val loaded = AtomicBoolean()
-
-    suspend fun lock() {
-        mutex.lock(null)
-    }
-
-    fun unlock() {
-        mutex.unlock(null)
-    }
-
-    // load webview and js
-    // Return immediately when already loaded
-    // Return plgConfig or throw exception
-    suspend fun init() = withContext(Dispatchers.Main) {
-        initInternal()
-    }
-
-    @SuppressLint("SetJavaScriptEnabled")
-    private suspend fun initInternal() = suspendCoroutine<JSONObject> {
-        if (loaded.get()) {
-            plgConfig?.apply {
-                it.resume(this)
-                return@suspendCoroutine
-            }
-            plgConfigException?.apply {
-                it.resumeWithException(this)
-                return@suspendCoroutine
-            }
-            it.resumeWithException(Exception("wtf"))
-            return@suspendCoroutine
-        }
-
-        WebView.setWebContentsDebuggingEnabled(BuildConfig.DEBUG)
-        NekoPluginManager.extractPlugin(plgId, false)
-
-        webView = WebView(SagerNet.application.applicationContext)
-        webView!!.settings.javaScriptEnabled = true
-        webView!!.addJavascriptInterface(jsObject, "neko")
-        webView!!.webViewClient = object : WebViewClient() {
-            // provide files
-            override fun shouldInterceptRequest(
-                view: WebView?, request: WebResourceRequest?
-            ): WebResourceResponse {
-                return WebViewUtil.interceptRequest(
-                    { res ->
-                        val f = File(NekoPluginManager.htmlPath(plgId), res)
-                        if (f.exists()) {
-                            FileInputStream(f)
-                        } else {
-                            null
-                        }
-                    },
-                    view,
-                    request
-                )
-            }
-
-            override fun onReceivedError(
-                view: WebView?, request: WebResourceRequest?, error: WebResourceError?
-            ) {
-                WebViewUtil.onReceivedError(view, request, error)
-            }
-
-            override fun onPageFinished(view: WebView?, url: String?) {
-                super.onPageFinished(view, url)
-                if (loaded.getAndSet(true)) return
-
-                runOnIoDispatcher {
-                    // Process nekoInit
-                    var ret = ""
-                    try {
-                        ret = nekoInit()
-                        val obj = JSONObject(ret)
-                        if (!obj.getBoolean("ok")) {
-                            throw Exception("plugin refuse to run: ${obj.optString("reason")}")
-                        }
-                        val min = obj.getInt("minVersion")
-                        if (min > NekoPluginManager.managerVersion) {
-                            throw Exception("manager version ${NekoPluginManager.managerVersion} too old, this plugin requires >= $min")
-                        }
-                        plgConfig = obj
-                        NekoPluginManager.updatePlgConfig(plgId, obj)
-                        it.resume(obj)
-                    } catch (e: Exception) {
-                        val e2 = Exception("nekoInit: " + e.readableMessage + "\n\n" + ret)
-                        plgConfigException = e2
-                        it.resumeWithException(e2)
-                    }
-                }
-            }
-        }
-        webView!!.loadUrl("http://$plgId/plugin.html")
-    }
-
-    // Android call JS
-
-    private suspend fun callJS(script: String): String = suspendCoroutine {
-        val jsLatch = CountDownLatch(1)
-        var jsReceivedValue = ""
-
-        runOnMainDispatcher {
-            if (webView != null) {
-                webView!!.evaluateJavascript(script) { value ->
-                    jsReceivedValue = value
-                    jsLatch.countDown()
-                }
-            } else {
-                jsReceivedValue = "webView is null"
-                jsLatch.countDown()
-            }
-        }
-
-        jsLatch.await(5, TimeUnit.SECONDS)
-
-        // evaluateJavascript escapes Javascript's String
-        jsReceivedValue = JavaUtil.unescapeString(jsReceivedValue.removeSurrounding("\""))
-        if (BuildConfig.DEBUG) Logs.d("$script: $jsReceivedValue")
-        it.resume(jsReceivedValue)
-    }
-
-    // call once
-    private suspend fun nekoInit(): String {
-        val sendData = JSONObject()
-        sendData.put("lang", Locale.getDefault().toLanguageTag())
-        sendData.put("plgId", plgId)
-        sendData.put("managerVersion", NekoPluginManager.managerVersion)
-
-        return callJS(
-            "nekoInit(\"${
-                Util.b64EncodeUrlSafe(
-                    sendData.toString().toByteArray()
-                )
-            }\")"
-        )
-    }
-
-    fun switchProtocol(id: String): NekoProtocol {
-        lateinit var p: NekoProtocol
-        if (protocols.containsKey(id)) {
-            p = protocols[id]!!
-        } else {
-            p = NekoProtocol(id) { callJS(it) }
-            protocols[id] = p
-        }
-        jsObject.protocol = p
-        return p
-    }
-
-    suspend fun getAbout(): String {
-        return callJS("nekoAbout()")
-    }
-
-    inner class NekoProtocol(val protocolId: String, val callJS: suspend (String) -> String) {
-        private suspend fun callProtocol(method: String, b64Str: String?): String {
-            var arg = ""
-            if (b64Str != null) {
-                arg = "\"" + b64Str + "\""
-            }
-            return callJS("nekoProtocol(\"$protocolId\").$method($arg)")
-        }
-
-        suspend fun buildAllConfig(
-            port: Int, bean: NekoBean, otherArgs: Map<String, Any>?
-        ): String {
-            val sendData = JSONObject()
-            sendData.put("port", port)
-            sendData.put(
-                "sharedStorage",
-                Util.b64EncodeUrlSafe(bean.sharedStorage.toString().toByteArray())
-            )
-            otherArgs?.forEach { (t, u) -> sendData.put(t, u) }
-
-            return callProtocol(
-                "buildAllConfig", Util.b64EncodeUrlSafe(sendData.toString().toByteArray())
-            )
-        }
-
-        suspend fun parseShareLink(shareLink: String): String {
-            val sendData = JSONObject()
-            sendData.put("shareLink", shareLink)
-
-            return callProtocol(
-                "parseShareLink", Util.b64EncodeUrlSafe(sendData.toString().toByteArray())
-            )
-        }
-
-        // UI Interface
-
-        suspend fun setSharedStorage(sharedStorage: String) {
-            callProtocol(
-                "setSharedStorage",
-                Util.b64EncodeUrlSafe(sharedStorage.toByteArray())
-            )
-        }
-
-        suspend fun requireSetProfileCache() {
-            callProtocol("requireSetProfileCache", null)
-        }
-
-        suspend fun requirePreferenceScreenConfig(): String {
-            return callProtocol("requirePreferenceScreenConfig", null)
-        }
-
-        suspend fun sharedStorageFromProfileCache(): String {
-            return callProtocol("sharedStorageFromProfileCache", null)
-        }
-
-        suspend fun onPreferenceCreated() {
-            callProtocol("onPreferenceCreated", null)
-        }
-
-        suspend fun onPreferenceChanged(key: String, v: Any) {
-            val sendData = JSONObject()
-            sendData.put("key", key)
-            sendData.put("newValue", v)
-
-            callProtocol(
-                "onPreferenceChanged",
-                Util.b64EncodeUrlSafe(sendData.toString().toByteArray())
-            )
-        }
-
-    }
-
-    inner class JsObject {
-        var preferenceScreen: PreferenceScreen? = null
-        var protocol: NekoProtocol? = null
-
-        // JS call Android
-
-        @JavascriptInterface
-        fun toast(s: String) {
-            Toast.makeText(SagerNet.application.applicationContext, s, Toast.LENGTH_SHORT).show()
-        }
-
-        @JavascriptInterface
-        fun logError(s: String) {
-            Logs.e("logError: $s")
-        }
-
-        @JavascriptInterface
-        fun setPreferenceVisibility(key: String, isVisible: Boolean) {
-            runBlockingOnMainDispatcher {
-                preferenceScreen?.findPreference<Preference>(key)?.isVisible = isVisible
-            }
-        }
-
-        @JavascriptInterface
-        fun setPreferenceTitle(key: String, title: String) {
-            runBlockingOnMainDispatcher {
-                preferenceScreen?.findPreference<Preference>(key)?.title = title
-            }
-        }
-
-        @JavascriptInterface
-        fun setMenu(key: String, entries: String) {
-            runBlockingOnMainDispatcher {
-                preferenceScreen?.findPreference<SimpleMenuPreference>(key)?.apply {
-                    NekoPreferenceInflater.setMenu(this, JSONObject(entries))
-                }
-            }
-        }
-
-        @JavascriptInterface
-        fun listenOnPreferenceChanged(key: String) {
-            preferenceScreen?.findPreference<Preference>(key)
-                ?.setOnPreferenceChangeListener { preference, newValue ->
-                    runOnIoDispatcher {
-                        protocol?.onPreferenceChanged(preference.key, newValue)
-                    }
-                    true
-                }
-        }
-
-        @JavascriptInterface
-        fun setKV(type: Int, key: String, jsonStr: String) {
-            try {
-                val v = JSONObject(jsonStr)
-                when (type) {
-                    0 -> DataStore.profileCacheStore.putBoolean(key, v.getBoolean("v"))
-                    1 -> DataStore.profileCacheStore.putFloat(key, v.getDouble("v").toFloat())
-                    2 -> DataStore.profileCacheStore.putInt(key, v.getInt("v"))
-                    3 -> DataStore.profileCacheStore.putLong(key, v.getLong("v"))
-                    4 -> DataStore.profileCacheStore.putString(key, v.getString("v"))
-                }
-            } catch (e: Exception) {
-                Logs.e("setKV: $e")
-            }
-        }
-
-        @JavascriptInterface
-        fun getKV(type: Int, key: String): String {
-            val v = JSONObject()
-            try {
-                when (type) {
-                    0 -> v.put("v", DataStore.profileCacheStore.getBoolean(key))
-                    1 -> v.put("v", DataStore.profileCacheStore.getFloat(key))
-                    2 -> v.put("v", DataStore.profileCacheStore.getInt(key))
-                    3 -> v.put("v", DataStore.profileCacheStore.getLong(key))
-                    4 -> v.put("v", DataStore.profileCacheStore.getString(key))
-                }
-            } catch (e: Exception) {
-                Logs.e("getKV: $e")
-            }
-            return v.toString()
-        }
-
-    }
-
-    fun destroy() {
-        webView?.onPause()
-        webView?.removeAllViews()
-        webView?.destroy()
-        webView = null
-    }
-
-    suspend fun destorySuspend() = withContext(Dispatchers.Main) {
-        destroy()
-    }
-
-    object Default {
-        val map = mutableMapOf<String, NekoJSInterface>()
-
-        suspend fun destroyJsi(plgId: String) = withContext(Dispatchers.Main) {
-            if (map.containsKey(plgId)) {
-                map[plgId]!!.destroy()
-                map.remove(plgId)
-            }
-        }
-
-        // now it's manually managed
-        suspend fun destroyAllJsi() = withContext(Dispatchers.Main) {
-            map.forEach { (t, u) ->
-                u.destroy()
-                map.remove(t)
-            }
-        }
-
-        suspend fun requireJsi(plgId: String): NekoJSInterface = withContext(Dispatchers.Main) {
-            lateinit var jsi: NekoJSInterface
-            if (map.containsKey(plgId)) {
-                jsi = map[plgId]!!
-            } else {
-                jsi = NekoJSInterface(plgId)
-                map[plgId] = jsi
-            }
-            return@withContext jsi
-        }
-    }
-}
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoPreferenceInflater.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoPreferenceInflater.kt
deleted file mode 100644
index cd2fdff2e..000000000
--- a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoPreferenceInflater.kt
+++ /dev/null
@@ -1,97 +0,0 @@
-package moe.matsuri.nb4a.proxy.neko
-
-import androidx.preference.*
-import io.nekohasekai.sagernet.database.preference.EditTextPreferenceModifiers
-import io.nekohasekai.sagernet.ktx.forEach
-import io.nekohasekai.sagernet.ktx.getStr
-import io.nekohasekai.sagernet.ui.profile.ProfileSettingsActivity
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.withContext
-import moe.matsuri.nb4a.ui.SimpleMenuPreference
-import moe.matsuri.nb4a.utils.getDrawableByName
-import org.json.JSONArray
-import org.json.JSONObject
-
-object NekoPreferenceInflater {
-    suspend fun inflate(pref: JSONArray, preferenceScreen: PreferenceScreen) =
-        withContext(Dispatchers.Main) {
-            val context = preferenceScreen.context
-            pref.forEach { _, category ->
-                category as JSONObject
-
-                val preferenceCategory = PreferenceCategory(context)
-                preferenceScreen.addPreference(preferenceCategory)
-
-                category.getStr("key")?.apply { preferenceCategory.key = this }
-                category.getStr("title")?.apply { preferenceCategory.title = this }
-
-                category.optJSONArray("preferences")?.forEach { _, any ->
-                    if (any is JSONObject) {
-                        lateinit var p: Preference
-                        // Create Preference
-                        when (any.getStr("type")) {
-                            "EditTextPreference" -> {
-                                p = EditTextPreference(context).apply {
-                                    when (any.getStr("summaryProvider")) {
-                                        null -> summaryProvider =
-                                            EditTextPreference.SimpleSummaryProvider.getInstance()
-                                        "PasswordSummaryProvider" -> summaryProvider =
-                                            ProfileSettingsActivity.PasswordSummaryProvider
-                                    }
-                                    when (any.getStr("EditTextPreferenceModifiers")) {
-                                        "Monospace" -> setOnBindEditTextListener(
-                                            EditTextPreferenceModifiers.Monospace
-                                        )
-                                        "Hosts" -> setOnBindEditTextListener(
-                                            EditTextPreferenceModifiers.Hosts
-                                        )
-                                        "Port" -> setOnBindEditTextListener(
-                                            EditTextPreferenceModifiers.Port
-                                        )
-                                        "Number" -> setOnBindEditTextListener(
-                                            EditTextPreferenceModifiers.Number
-                                        )
-                                    }
-                                }
-                            }
-                            "SwitchPreference" -> {
-                                p = SwitchPreference(context)
-                            }
-                            "SimpleMenuPreference" -> {
-                                p = SimpleMenuPreference(context).apply {
-                                    val entries = any.optJSONObject("entries")
-                                    if (entries != null) setMenu(this, entries)
-                                }
-                            }
-                        }
-                        // Set key & title
-                        p.key = any.getString("key")
-                        any.getStr("title")?.apply { p.title = this }
-                        // Set icon
-                        any.getStr("icon")?.apply {
-                            p.icon = context.getDrawableByName(this)
-                        }
-                        // Set summary
-                        any.getStr("summary")?.apply {
-                            p.summary = this
-                        }
-                        // Add to category
-                        preferenceCategory.addPreference(p)
-                    }
-                }
-            }
-        }
-
-    fun setMenu(p: SimpleMenuPreference, entries: JSONObject) {
-        val menuEntries = mutableListOf<String>()
-        val menuEntryValues = mutableListOf<String>()
-        entries.forEach { s, b ->
-            menuEntryValues.add(s)
-            menuEntries.add(b as String)
-        }
-        entries.apply {
-            p.entries = menuEntries.toTypedArray()
-            p.entryValues = menuEntryValues.toTypedArray()
-        }
-    }
-}
\ No newline at end of file
diff --git a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoSettingActivity.kt b/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoSettingActivity.kt
deleted file mode 100644
index e167fd6e4..000000000
--- a/app/src/main/java/moe/matsuri/nb4a/proxy/neko/NekoSettingActivity.kt
+++ /dev/null
@@ -1,102 +0,0 @@
-package moe.matsuri.nb4a.proxy.neko
-
-import android.os.Bundle
-import android.view.View
-import androidx.core.view.isVisible
-import androidx.preference.PreferenceDataStore
-import androidx.preference.PreferenceFragmentCompat
-import io.nekohasekai.sagernet.Key
-import io.nekohasekai.sagernet.R
-import io.nekohasekai.sagernet.database.DataStore
-import io.nekohasekai.sagernet.ktx.runOnIoDispatcher
-import io.nekohasekai.sagernet.ui.profile.ProfileSettingsActivity
-import moe.matsuri.nb4a.ui.Dialogs
-import org.json.JSONArray
-
-class NekoSettingActivity : ProfileSettingsActivity<NekoBean>() {
-
-    lateinit var jsi: NekoJSInterface
-    lateinit var jsip: NekoJSInterface.NekoProtocol
-    lateinit var plgId: String
-    lateinit var protocolId: String
-    var loaded = false
-
-    override fun createEntity() = NekoBean()
-
-    override fun NekoBean.init() {
-        if (!this@NekoSettingActivity::plgId.isInitialized) this@NekoSettingActivity.plgId = plgId
-        if (!this@NekoSettingActivity::protocolId.isInitialized) this@NekoSettingActivity.protocolId = protocolId
-        DataStore.profileCacheStore.putString("name", name)
-        DataStore.sharedStorage = sharedStorage.toString()
-    }
-
-    override fun NekoBean.serialize() {
-        // NekoBean from input
-        plgId = this@NekoSettingActivity.plgId
-        protocolId = this@NekoSettingActivity.protocolId
-
-        sharedStorage = NekoBean.tryParseJSON(DataStore.sharedStorage)
-        onSharedStorageSet()
-    }
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        intent?.getStringExtra("plgId")?.apply { plgId = this }
-        intent?.getStringExtra("protocolId")?.apply { protocolId = this }
-        super.onCreate(savedInstanceState)
-    }
-
-    override fun PreferenceFragmentCompat.viewCreated(view: View, savedInstanceState: Bundle?) {
-        listView.isVisible = false
-    }
-
-    override fun onPreferenceDataStoreChanged(store: PreferenceDataStore, key: String) {
-        if (loaded && key != Key.PROFILE_DIRTY) {
-            DataStore.dirty = true
-        }
-    }
-
-    override fun PreferenceFragmentCompat.createPreferences(
-        savedInstanceState: Bundle?,
-        rootKey: String?,
-    ) {
-        addPreferencesFromResource(R.xml.neko_preferences)
-
-        // Create a jsi
-        jsi = NekoJSInterface(plgId)
-        runOnIoDispatcher {
-            try {
-                jsi.init()
-                jsip = jsi.switchProtocol(protocolId)
-                jsi.jsObject.preferenceScreen = preferenceScreen
-
-                // Because of the Preference problem, first require the KV and then inflate the UI
-                jsip.setSharedStorage(DataStore.sharedStorage)
-                jsip.requireSetProfileCache()
-
-                val config = jsip.requirePreferenceScreenConfig()
-                val pref = JSONArray(config)
-
-                NekoPreferenceInflater.inflate(pref, preferenceScreen)
-                jsip.onPreferenceCreated()
-
-                runOnUiThread {
-                    loaded = true
-                    listView.isVisible = true
-                }
-            } catch (e: Exception) {
-                Dialogs.logExceptionAndShow(this@NekoSettingActivity, e) { finish() }
-            }
-        }
-    }
-
-    override suspend fun saveAndExit() {
-        DataStore.sharedStorage = jsip.sharedStorageFromProfileCache()
-        super.saveAndExit() // serialize & finish
-    }
-
-    override fun onDestroy() {
-        jsi.destroy()
-        super.onDestroy()
-    }
-
-}
\ No newline at end of file
diff --git a/app/src/main/java/moe/matsuri/nb4a/ui/ColorPickerPreference.kt b/app/src/main/java/moe/matsuri/nb4a/ui/ColorPickerPreference.kt
index ee0728edf..da87e9c24 100644
--- a/app/src/main/java/moe/matsuri/nb4a/ui/ColorPickerPreference.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/ui/ColorPickerPreference.kt
@@ -20,7 +20,6 @@ import androidx.preference.PreferenceViewHolder
 import com.google.android.material.dialog.MaterialAlertDialogBuilder
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.ktx.getColorAttr
-import io.nekohasekai.sagernet.ktx.isExpertFlavor
 import kotlin.math.roundToInt
 
 class ColorPickerPreference
@@ -91,7 +90,6 @@ class ColorPickerPreference
 
             for (color in colors) {
                 i++ //Theme.kt
-                if (!isExpertFlavor && i in listOf(21)) continue
 
                 val themeId = i
                 val view = getNekoImageViewAtColor(color, 64, 0).apply {
@@ -117,4 +115,4 @@ class ColorPickerPreference
             .setNegativeButton(android.R.string.cancel, null)
             .show()
     }
-}
\ No newline at end of file
+}
diff --git a/app/src/main/java/moe/matsuri/nb4a/ui/ConnectionTestNotification.kt b/app/src/main/java/moe/matsuri/nb4a/ui/ConnectionTestNotification.kt
new file mode 100644
index 000000000..31bc7a193
--- /dev/null
+++ b/app/src/main/java/moe/matsuri/nb4a/ui/ConnectionTestNotification.kt
@@ -0,0 +1,29 @@
+package moe.matsuri.nb4a.ui
+
+import android.content.Context
+import androidx.core.app.NotificationCompat
+import io.nekohasekai.sagernet.R
+import io.nekohasekai.sagernet.SagerNet
+import io.nekohasekai.sagernet.ktx.Logs
+
+class ConnectionTestNotification(val context: Context, val title: String) {
+    private val channelId = "connection-test"
+    private val notificationId = 1001
+
+    fun updateNotification(progress: Int, max: Int, finished: Boolean) {
+        try {
+            if (finished) {
+                SagerNet.notification.cancel(notificationId)
+                return
+            }
+            val builder = NotificationCompat.Builder(context, channelId)
+                .setSmallIcon(R.drawable.ic_service_active)
+                .setContentTitle(title)
+                .setOnlyAlertOnce(true)
+                .setContentText("$progress / $max").setProgress(max, progress, false)
+            SagerNet.notification.notify(notificationId, builder.build())
+        } catch (e: Exception) {
+            Logs.w(e)
+        }
+    }
+}
\ No newline at end of file
diff --git a/app/src/main/java/moe/matsuri/nb4a/ui/EditConfigPreference.kt b/app/src/main/java/moe/matsuri/nb4a/ui/EditConfigPreference.kt
index 6b2ea819a..1292ed5c5 100644
--- a/app/src/main/java/moe/matsuri/nb4a/ui/EditConfigPreference.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/ui/EditConfigPreference.kt
@@ -4,8 +4,10 @@ import android.content.Context
 import android.content.Intent
 import android.util.AttributeSet
 import androidx.preference.Preference
+import io.nekohasekai.sagernet.Key
 import io.nekohasekai.sagernet.R
 import io.nekohasekai.sagernet.database.DataStore
+import io.nekohasekai.sagernet.ktx.Logs
 import io.nekohasekai.sagernet.ktx.app
 import io.nekohasekai.sagernet.ui.profile.ConfigEditActivity
 
@@ -26,9 +28,27 @@ class EditConfigPreference : Preference {
         intent = Intent(context, ConfigEditActivity::class.java)
     }
 
+    var configKey = Key.SERVER_CONFIG
+    var useConfigStore = false
+
+    fun useConfigStore(key: String) {
+        try {
+            this.configKey = key
+            useConfigStore = true
+            intent = intent!!.apply {
+                putExtra("useConfigStore", "1")
+                putExtra("key", key)
+            }
+        } catch (e: Exception) {
+            Logs.w(e)
+        }
+    }
+
     override fun getSummary(): CharSequence {
-        val config = DataStore.serverConfig
-        return if (DataStore.serverConfig.isBlank()) {
+        val config =
+            (if (useConfigStore) DataStore.configurationStore.getString(configKey) else DataStore.serverConfig)
+                ?: ""
+        return if (config.isBlank()) {
             return app.resources.getString(androidx.preference.R.string.not_set)
         } else {
             app.resources.getString(R.string.lines, config.split('\n').size)
diff --git a/app/src/main/java/moe/matsuri/nb4a/utils/KotlinUtil.kt b/app/src/main/java/moe/matsuri/nb4a/utils/KotlinUtil.kt
index 0b4509528..14f2240fd 100644
--- a/app/src/main/java/moe/matsuri/nb4a/utils/KotlinUtil.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/utils/KotlinUtil.kt
@@ -1,5 +1,6 @@
 package moe.matsuri.nb4a.utils
 
+import android.annotation.SuppressLint
 import android.content.Context
 import android.graphics.drawable.Drawable
 import androidx.appcompat.content.res.AppCompatResources
@@ -9,6 +10,10 @@ import java.io.File
 
 // SagerNet Class
 
+const val KB = 1024L
+const val MB = KB * 1024
+const val GB = MB * 1024
+
 fun SagerNet.cleanWebview() {
     var pathToClean = "app_webview"
     if (isBgProcess) pathToClean += "_$process"
@@ -34,6 +39,7 @@ fun File.recreate(dir: Boolean) {
 
 // Context utils
 
+@SuppressLint("DiscouragedApi")
 fun Context.getDrawableByName(name: String?): Drawable? {
     val resourceId: Int = resources.getIdentifier(name, "drawable", packageName)
     return AppCompatResources.getDrawable(this, resourceId)
@@ -42,12 +48,17 @@ fun Context.getDrawableByName(name: String?): Drawable? {
 // Traffic display
 
 fun Long.toBytesString(): String {
+    val size = this.toDouble()
     return when {
-        this > 1024 * 1024 * 1024 -> String.format(
-            "%.2f GiB", (this.toDouble() / 1024 / 1024 / 1024)
-        )
-        this > 1024 * 1024 -> String.format("%.2f MiB", (this.toDouble() / 1024 / 1024))
-        this > 1024 -> String.format("%.2f KiB", (this.toDouble() / 1024))
+        this >= GB -> String.format("%.2f GiB", size / GB)
+        this >= MB -> String.format("%.2f MiB", size / MB)
+        this >= KB -> String.format("%.2f KiB", size / KB)
         else -> "$this Bytes"
     }
 }
+
+// List
+
+fun String.listByLineOrComma(): List<String> {
+    return this.split(",","\n").map { it.trim() }.filter { it.isNotEmpty() }
+}
diff --git a/app/src/main/java/moe/matsuri/nb4a/utils/Util.kt b/app/src/main/java/moe/matsuri/nb4a/utils/Util.kt
index 66cdfbbc0..c5ae09abb 100644
--- a/app/src/main/java/moe/matsuri/nb4a/utils/Util.kt
+++ b/app/src/main/java/moe/matsuri/nb4a/utils/Util.kt
@@ -3,7 +3,10 @@ package moe.matsuri.nb4a.utils
 import android.annotation.SuppressLint
 import android.content.Context
 import android.util.Base64
+import libcore.StringBox
 import java.io.ByteArrayOutputStream
+import java.net.URLDecoder
+import java.nio.charset.StandardCharsets
 import java.text.SimpleDateFormat
 import java.util.*
 import java.util.zip.Deflater
@@ -21,7 +24,7 @@ object Util {
      */
     fun getSubString(text: String, left: String?, right: String?): String {
         var zLen: Int
-        if (left == null || left.isEmpty()) {
+        if (left.isNullOrEmpty()) {
             zLen = 0
         } else {
             zLen = text.indexOf(left)
@@ -32,7 +35,7 @@ object Util {
             }
         }
         var yLen = if (right == null) -1 else text.indexOf(right, zLen)
-        if (yLen < 0 || right == null || right.isEmpty()) {
+        if (yLen < 0 || right.isNullOrEmpty()) {
             yLen = text.length
         }
         return text.substring(zLen, yLen)
@@ -72,7 +75,7 @@ object Util {
         for (flag in flags) {
             try {
                 ret = Base64.decode(str, flag)
-            } catch (e: Exception) {
+            } catch (_: Exception) {
             }
             if (ret != null) return ret
         }
@@ -113,6 +116,48 @@ object Util {
         }
     }
 
+    fun map2StringMap(m: Map<*, *>): MutableMap<String, Any?> {
+        val o = mutableMapOf<String, Any?>()
+        m.forEach {
+            if (it.key is String) {
+                o[it.key as String] = it.value as Any
+            }
+        }
+        return o
+    }
+
+    fun mergeMap(dst: MutableMap<String, Any?>, src: Map<String, Any?>): MutableMap<String, Any?> {
+        src.forEach { (k, v) ->
+            if (v is Map<*, *> && dst[k] is Map<*, *>) {
+                val currentMap = (dst[k] as Map<*, *>).toMutableMap()
+                dst[k] = mergeMap(map2StringMap(currentMap), map2StringMap(v))
+            } else if (v is List<*>) {
+                if (k.startsWith("+")) {  // prepend
+                    val dstKey = k.removePrefix("+")
+                    var currentList = (dst[dstKey] as? List<*>)?.toMutableList() ?: mutableListOf()
+                    currentList = (v + currentList).toMutableList()
+                    dst[dstKey] = currentList
+                } else if (k.endsWith("+")) {  // append
+                    val dstKey = k.removeSuffix("+")
+                    var currentList = (dst[dstKey] as? List<*>)?.toMutableList() ?: mutableListOf()
+                    currentList = (currentList + v).toMutableList()
+                    dst[dstKey] = currentList
+                } else {
+                    dst[k] = v
+                }
+            } else {
+                dst[k] = v
+            }
+        }
+        return dst
+    }
+
+    fun mergeJSON(dst: MutableMap<String, Any?>, j: String) {
+        if (j.isBlank()) return
+        val src = JavaUtil.gson.fromJson(j, dst.javaClass)
+        mergeMap(dst, src)
+    }
+
     // Format Time
 
     @SuppressLint("SimpleDateFormat")
@@ -139,4 +184,17 @@ object Util {
         }
     }
 
+    fun getStringBox(b: StringBox?): String {
+        if (b != null && b.value != null) {
+            return b.value
+        }
+        return ""
+    }
+
+    fun decodeFilename(headerValue: String): String {
+        val regex = Regex("filename\\*=[^']*''(.+)")
+        val match = regex.find(headerValue)
+        val encoded = match?.groupValues?.get(1) ?: ""
+        return URLDecoder.decode(encoded, StandardCharsets.UTF_8.name())
+    }
 }
diff --git a/app/src/main/res/layout/layout_about.xml b/app/src/main/res/layout/layout_about.xml
index 2363c50f1..7e677577d 100644
--- a/app/src/main/res/layout/layout_about.xml
+++ b/app/src/main/res/layout/layout_about.xml
@@ -57,8 +57,7 @@
             <androidx.coordinatorlayout.widget.CoordinatorLayout
                 android:id="@+id/about_fragment_holder"
                 android:layout_width="match_parent"
-                android:layout_height="match_parent"
-                android:fitsSystemWindows="true" />
+                android:layout_height="match_parent" />
 
             <com.google.android.material.card.MaterialCardView
                 android:layout_width="match_parent"
diff --git a/app/src/main/res/layout/layout_app_list.xml b/app/src/main/res/layout/layout_app_list.xml
index f8c211bb9..4128a887f 100644
--- a/app/src/main/res/layout/layout_app_list.xml
+++ b/app/src/main/res/layout/layout_app_list.xml
@@ -8,8 +8,10 @@
     android:orientation="vertical">
 
     <com.google.android.material.appbar.AppBarLayout
+        android:id="@+id/appbar"
         android:layout_width="match_parent"
-        android:layout_height="wrap_content">
+        android:layout_height="wrap_content"
+        android:background="?attr/colorPrimary">
 
         <com.google.android.material.appbar.CollapsingToolbarLayout
             android:layout_width="match_parent"
@@ -80,61 +82,6 @@
 
                 </LinearLayout>
 
-                <LinearLayout
-                    android:id="@+id/hint_neko_plugin"
-                    android:layout_width="match_parent"
-                    android:layout_height="match_parent"
-                    android:orientation="vertical">
-
-                    <com.google.android.material.card.MaterialCardView
-                        android:layout_width="match_parent"
-                        android:layout_height="wrap_content"
-                        android:layout_margin="8dp"
-                        android:clickable="true"
-                        android:focusable="true"
-                        app:cardElevation="2dp">
-
-                        <LinearLayout
-                            android:layout_width="match_parent"
-                            android:layout_height="wrap_content"
-                            android:orientation="vertical">
-
-                            <LinearLayout
-                                android:layout_width="match_parent"
-                                android:layout_height="wrap_content"
-                                android:orientation="vertical"
-                                android:padding="16dp">
-
-                                <TextView
-                                    android:layout_width="wrap_content"
-                                    android:layout_height="wrap_content"
-                                    android:layout_marginTop="16dp"
-                                    android:text="@string/neko_plugin_summary"
-                                    android:textAppearance="?attr/textAppearanceBody2"
-                                    android:textColor="?android:attr/textColorSecondary" />
-
-                            </LinearLayout>
-
-                            <LinearLayout
-                                android:layout_width="match_parent"
-                                android:layout_height="wrap_content"
-                                android:gravity="end"
-                                android:orientation="horizontal">
-
-                                <Button
-                                    android:id="@+id/action_learn_more"
-                                    style="@style/Widget.AppCompat.Button.Borderless"
-                                    android:layout_width="wrap_content"
-                                    android:layout_height="wrap_content"
-                                    android:layout_marginEnd="8dp"
-                                    android:text="@string/action_learn_more"
-                                    android:textColor="?primaryOrTextPrimary" />
-                            </LinearLayout>
-
-                        </LinearLayout>
-                    </com.google.android.material.card.MaterialCardView>
-                </LinearLayout>
-
             </LinearLayout>
 
         </com.google.android.material.appbar.CollapsingToolbarLayout>
@@ -169,4 +116,8 @@
         app:layout_behavior="@string/appbar_scrolling_view_behavior"
         tools:listitem="@layout/layout_apps_item" />
 
+    <include
+        android:id="@+id/app_placeholder"
+        layout="@layout/layout_app_placeholder" />
+
 </androidx.coordinatorlayout.widget.CoordinatorLayout>
diff --git a/app/src/main/res/layout/layout_app_placeholder.xml b/app/src/main/res/layout/layout_app_placeholder.xml
new file mode 100644
index 000000000..456ac8a2b
--- /dev/null
+++ b/app/src/main/res/layout/layout_app_placeholder.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:gravity="center"
+    android:orientation="vertical"
+    android:padding="32dp"
+    android:visibility="gone">
+
+    <TextView
+        android:id="@+id/empty_message"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:gravity="center"
+        android:paddingBottom="16dp"
+        android:text="@string/app_list_permission_denied"
+        android:textColor="?attr/colorOnBackground"
+        android:textSize="16sp" />
+
+    <com.google.android.material.button.MaterialButton
+        android:id="@+id/open_settings"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="@string/open_app_settings" />
+</LinearLayout>
diff --git a/app/src/main/res/layout/layout_appbar.xml b/app/src/main/res/layout/layout_appbar.xml
index 62c0c7c34..12f675521 100644
--- a/app/src/main/res/layout/layout_appbar.xml
+++ b/app/src/main/res/layout/layout_appbar.xml
@@ -4,6 +4,7 @@
     android:id="@+id/appbar"
     android:layout_width="match_parent"
     android:layout_height="?attr/actionBarSize"
+    android:background="?attr/colorPrimary"
     android:elevation="4dp">
 
     <com.google.android.material.appbar.MaterialToolbar
diff --git a/app/src/main/res/layout/layout_apps.xml b/app/src/main/res/layout/layout_apps.xml
index b05d93ac6..e648248a2 100644
--- a/app/src/main/res/layout/layout_apps.xml
+++ b/app/src/main/res/layout/layout_apps.xml
@@ -8,8 +8,10 @@
     android:orientation="vertical">
 
     <com.google.android.material.appbar.AppBarLayout
+        android:id="@+id/appbar"
         android:layout_width="match_parent"
-        android:layout_height="wrap_content">
+        android:layout_height="wrap_content"
+        android:background="?attr/colorPrimary">
 
         <com.google.android.material.appbar.CollapsingToolbarLayout
             android:layout_width="match_parent"
@@ -77,13 +79,28 @@
 
                         </com.google.android.material.chip.ChipGroup>
 
-                        <com.google.android.material.chip.Chip
-                            android:id="@+id/show_system_apps"
-                            style="@style/Widget.MaterialComponents.Chip.Filter"
+                        <LinearLayout
                             android:layout_width="wrap_content"
                             android:layout_height="wrap_content"
-                            android:layout_marginBottom="4dp"
-                            android:text="@string/show_system_apps" />
+                            android:orientation="horizontal">
+
+                            <com.google.android.material.chip.Chip
+                                android:id="@+id/show_system_apps"
+                                style="@style/Widget.MaterialComponents.Chip.Filter"
+                                android:layout_width="wrap_content"
+                                android:layout_height="wrap_content"
+                                android:layout_marginEnd="8dp"
+                                android:layout_marginBottom="4dp"
+                                android:text="@string/show_system_apps" />
+
+                            <com.google.android.material.chip.Chip
+                                android:id="@+id/autoSelectProxyApps"
+                                android:layout_width="wrap_content"
+                                android:layout_height="wrap_content"
+                                android:checkable="false"
+                                android:text="@string/auto_select_proxy_apps" />
+
+                        </LinearLayout>
 
                         <com.google.android.material.textfield.TextInputLayout
                             android:layout_width="match_parent"
@@ -136,4 +153,8 @@
         app:layout_behavior="@string/appbar_scrolling_view_behavior"
         tools:listitem="@layout/layout_apps_item" />
 
+    <include
+        android:id="@+id/app_placeholder"
+        layout="@layout/layout_app_placeholder" />
+
 </androidx.coordinatorlayout.widget.CoordinatorLayout>
diff --git a/app/src/main/res/layout/layout_apps_item.xml b/app/src/main/res/layout/layout_apps_item.xml
index 173678446..055d83608 100644
--- a/app/src/main/res/layout/layout_apps_item.xml
+++ b/app/src/main/res/layout/layout_apps_item.xml
@@ -58,15 +58,6 @@
 
         </LinearLayout>
 
-        <ImageButton
-            android:id="@+id/button"
-            style="@style/Widget.AppCompat.Button.Borderless"
-            android:layout_width="48dp"
-            android:layout_height="48dp"
-            android:adjustViewBounds="true"
-            android:src="@drawable/ic_action_note_add"
-            android:visibility="gone" />
-
         <androidx.appcompat.widget.SwitchCompat
             android:id="@+id/itemcheck"
             android:layout_width="wrap_content"
diff --git a/app/src/main/res/layout/layout_backup.xml b/app/src/main/res/layout/layout_backup.xml
index fb61aaf98..81a7decee 100644
--- a/app/src/main/res/layout/layout_backup.xml
+++ b/app/src/main/res/layout/layout_backup.xml
@@ -5,6 +5,14 @@
     android:orientation="vertical"
     android:padding="16dp">
 
+    <Button
+        android:id="@+id/reset_settings"
+        style="@style/Widget.AppCompat.Button.Colored"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:text="@string/reset_settings"
+        android:textColor="?whiteOrTextPrimary" />
+
     <CheckBox
         android:id="@+id/backup_configurations"
         android:layout_width="wrap_content"
diff --git a/app/src/main/res/layout/layout_empty.xml b/app/src/main/res/layout/layout_empty.xml
index 1fcb6c7c6..de99fcc68 100644
--- a/app/src/main/res/layout/layout_empty.xml
+++ b/app/src/main/res/layout/layout_empty.xml
@@ -3,4 +3,4 @@
     android:id="@+id/fragment_holder"
     android:layout_width="match_parent"
     android:layout_height="match_parent"
-    android:fitsSystemWindows="true" />
\ No newline at end of file
+/>
\ No newline at end of file
diff --git a/app/src/main/res/layout/layout_group.xml b/app/src/main/res/layout/layout_group.xml
index 0aab4933e..caf90435b 100644
--- a/app/src/main/res/layout/layout_group.xml
+++ b/app/src/main/res/layout/layout_group.xml
@@ -9,7 +9,10 @@
         android:layout_height="match_parent"
         android:orientation="vertical">
 
-        <include layout="@layout/layout_appbar" />
+        <include
+            layout="@layout/layout_appbar"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content" />
 
         <com.simplecityapps.recyclerview_fastscroll.views.FastScrollRecyclerView
             android:id="@+id/group_list"
diff --git a/app/src/main/res/layout/layout_license.xml b/app/src/main/res/layout/layout_license.xml
deleted file mode 100644
index 90db2d0c0..000000000
--- a/app/src/main/res/layout/layout_license.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    android:layout_width="match_parent"
-    android:layout_height="match_parent"
-    android:orientation="vertical">
-
-    <include
-        layout="@layout/layout_appbar"
-        android:layout_width="match_parent"
-        android:layout_height="wrap_content" />
-
-    <androidx.coordinatorlayout.widget.CoordinatorLayout
-        android:id="@+id/fragment_holder"
-        android:layout_width="match_parent"
-        android:layout_height="match_parent"
-        android:fitsSystemWindows="true" />
-
-
-</LinearLayout>
\ No newline at end of file
diff --git a/app/src/main/res/layout/layout_main.xml b/app/src/main/res/layout/layout_main.xml
index 216b23947..0d59a387e 100644
--- a/app/src/main/res/layout/layout_main.xml
+++ b/app/src/main/res/layout/layout_main.xml
@@ -5,21 +5,18 @@
     android:id="@+id/drawer_layout"
     android:layout_width="match_parent"
     android:layout_height="match_parent"
-    android:fitsSystemWindows="true"
     tools:openDrawer="start">
 
     <androidx.coordinatorlayout.widget.CoordinatorLayout
         android:id="@+id/coordinator"
         android:layout_width="match_parent"
         android:layout_height="match_parent"
-        android:clipChildren="false"
-        android:fitsSystemWindows="true">
+        android:clipChildren="false">
 
         <androidx.coordinatorlayout.widget.CoordinatorLayout
             android:id="@+id/fragment_holder"
             android:layout_width="match_parent"
-            android:layout_height="match_parent"
-            android:fitsSystemWindows="true" />
+            android:layout_height="match_parent" />
 
         <!-- We double trackThickness as half of it will be invisible -->
         <com.google.android.material.progressindicator.CircularProgressIndicator
@@ -51,7 +48,6 @@
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:layout_gravity="bottom"
-            android:fitsSystemWindows="true"
             android:nextFocusUp="@+id/fab"
             app:backgroundTint="?colorMaterial300"
             app:contentInsetStart="0dp"
@@ -110,7 +106,6 @@
         android:layout_width="wrap_content"
         android:layout_height="match_parent"
         android:layout_gravity="start"
-        android:fitsSystemWindows="true"
         app:itemIconTint="@color/navigation_icon"
         app:itemTextColor="@color/navigation_icon"
         app:menu="@menu/main_drawer_menu" />
@@ -121,7 +116,6 @@
         android:layout_width="wrap_content"
         android:layout_height="match_parent"
         android:layout_gravity="start"
-        android:fitsSystemWindows="true"
         app:itemIconTint="@color/navigation_icon"
         app:itemShapeAppearance="@style/ShapeAppearance.MaterialComponents.MediumComponent"
         app:itemShapeFillColor="@color/navigation_item"
diff --git a/app/src/main/res/layout/layout_network.xml b/app/src/main/res/layout/layout_network.xml
index a0df5bca0..e09df65b9 100644
--- a/app/src/main/res/layout/layout_network.xml
+++ b/app/src/main/res/layout/layout_network.xml
@@ -60,61 +60,4 @@
         </LinearLayout>
     </com.google.android.material.card.MaterialCardView>
 
-    <com.google.android.material.card.MaterialCardView
-        android:layout_width="match_parent"
-        android:layout_height="wrap_content"
-        android:layout_margin="8dp"
-        android:clickable="true"
-        android:focusable="true"
-        app:cardElevation="2dp">
-
-        <LinearLayout
-            android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:orientation="vertical">
-
-            <LinearLayout
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:orientation="vertical"
-                android:padding="16dp">
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:text="@string/cloudflare_wrap"
-                    android:textAppearance="?attr/textAppearanceHeadline6" />
-
-                <TextView
-                    android:id="@+id/wrap_license"
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:text="@string/warp_license"
-                    android:textAppearance="?attr/textAppearanceBody2"
-                    android:textColor="?android:attr/textColorSecondary" />
-
-            </LinearLayout>
-
-            <LinearLayout
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:layout_margin="8dp"
-                android:gravity="end"
-                android:orientation="horizontal">
-
-                <Button
-                    android:id="@+id/warpGenerate"
-                    style="@style/Widget.AppCompat.Button.Borderless"
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginEnd="8dp"
-                    android:text="@string/warp_generate"
-                    android:textColor="?primaryOrTextPrimary" />
-            </LinearLayout>
-
-        </LinearLayout>
-    </com.google.android.material.card.MaterialCardView>
-
-
 </LinearLayout>
\ No newline at end of file
diff --git a/app/src/main/res/layout/layout_route.xml b/app/src/main/res/layout/layout_route.xml
index fa51d83e8..971231f36 100644
--- a/app/src/main/res/layout/layout_route.xml
+++ b/app/src/main/res/layout/layout_route.xml
@@ -9,7 +9,10 @@
         android:layout_height="match_parent"
         android:orientation="vertical">
 
-        <include layout="@layout/layout_appbar" />
+        <include
+            layout="@layout/layout_appbar"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content" />
 
         <com.simplecityapps.recyclerview_fastscroll.views.FastScrollRecyclerView
             android:id="@+id/route_list"
diff --git a/app/src/main/res/layout/layout_scanner.xml b/app/src/main/res/layout/layout_scanner.xml
index abf282262..0eb4555e6 100644
--- a/app/src/main/res/layout/layout_scanner.xml
+++ b/app/src/main/res/layout/layout_scanner.xml
@@ -3,7 +3,10 @@
     android:layout_width="match_parent"
     android:layout_height="match_parent">
 
-    <include layout="@layout/layout_appbar" />
+    <include
+        layout="@layout/layout_appbar"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content" />
 
     <androidx.camera.view.PreviewView
         android:id="@+id/previewView"
diff --git a/app/src/main/res/layout/layout_stun.xml b/app/src/main/res/layout/layout_stun.xml
index 1329dbf42..9a427af91 100644
--- a/app/src/main/res/layout/layout_stun.xml
+++ b/app/src/main/res/layout/layout_stun.xml
@@ -70,7 +70,7 @@
                             android:layout_height="wrap_content"
                             android:ems="10"
                             android:inputType="text"
-                            android:text="stun.syncthing.net:3478" />
+                            android:text="stun.voipgate.com:3478" />
 
                     </LinearLayout>
                 </com.google.android.material.card.MaterialCardView>
diff --git a/app/src/main/res/layout/layout_urltest_preference_dialog.xml b/app/src/main/res/layout/layout_urltest_preference_dialog.xml
index 6562b1009..94ba69bfc 100644
--- a/app/src/main/res/layout/layout_urltest_preference_dialog.xml
+++ b/app/src/main/res/layout/layout_urltest_preference_dialog.xml
@@ -24,10 +24,9 @@
                 android:id="@android:id/edit"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
-                android:inputType="textUri"
+                android:inputType="textUri|textMultiLine"
                 android:minHeight="48dp"
                 android:paddingTop="12dp"
-                android:singleLine="true"
                 android:typeface="monospace" />
 
             <LinearLayout
diff --git a/app/src/main/res/menu/add_profile_menu.xml b/app/src/main/res/menu/add_profile_menu.xml
index b6a6524b2..ee99044a6 100644
--- a/app/src/main/res/menu/add_profile_menu.xml
+++ b/app/src/main/res/menu/add_profile_menu.xml
@@ -45,6 +45,9 @@
                     <item
                         android:id="@+id/action_new_trojan_go"
                         android:title="@string/action_trojan_go" />
+                    <item
+                        android:id="@+id/action_new_mieru"
+                        android:title="@string/action_mieru" />
                     <item
                         android:id="@+id/action_new_naive"
                         android:title="@string/action_naive" />
@@ -54,15 +57,18 @@
                     <item
                         android:id="@+id/action_new_tuic"
                         android:title="@string/action_tuic" />
+                    <item
+                        android:id="@+id/action_new_shadowtls"
+                        android:title="@string/action_shadowtls" />
+                    <item
+                        android:id="@+id/action_new_anytls"
+                        android:title="@string/action_anytls" />
                     <item
                         android:id="@+id/action_new_ssh"
                         android:title="@string/action_ssh" />
                     <item
                         android:id="@+id/action_new_wg"
                         android:title="@string/action_wireguard" />
-                    <item
-                        android:id="@+id/action_new_shadowtls"
-                        android:title="@string/action_shadowtls" />
                     <item
                         android:id="@+id/action_new_config"
                         android:title="@string/custom_config" />
@@ -71,9 +77,6 @@
                         android:title="@string/proxy_chain" />
                 </menu>
             </item>
-            <item
-                android:id="@+id/action_new_neko"
-                android:title="@string/neko_plugin" />
         </menu>
     </item>
 
@@ -83,6 +86,9 @@
         android:title=""
         app:showAsAction="always">
         <menu>
+            <item
+                android:id="@+id/action_update_subscription"
+                android:title="@string/update_current_subscription" />
             <item
                 android:id="@+id/action_clear_traffic_statistics"
                 android:title="@string/clear_traffic_statistics" />
@@ -90,23 +96,17 @@
                 android:id="@+id/action_remove_duplicate"
                 android:title="@string/remove_duplicate" />
             <item
-                android:id="@+id/action_connection_test"
-                android:title="@string/connection_test">
-                <menu>
-                    <item
-                        android:id="@+id/action_connection_tcp_ping"
-                        android:title="@string/connection_test_tcp_ping" />
-                    <item
-                        android:id="@+id/action_connection_url_test"
-                        android:title="@string/connection_test_url_test" />
-                    <item
-                        android:id="@+id/action_connection_test_clear_results"
-                        android:title="@string/connection_test_clear_results" />
-                    <item
-                        android:id="@+id/action_connection_test_delete_unavailable"
-                        android:title="@string/connection_test_delete_unavailable" />
-                </menu>
-            </item>
+                android:id="@+id/action_connection_tcp_ping"
+                android:title="@string/connection_test_tcp_ping" />
+            <item
+                android:id="@+id/action_connection_url_test"
+                android:title="@string/connection_test_url_test" />
+            <item
+                android:id="@+id/action_connection_test_clear_results"
+                android:title="@string/connection_test_clear_results" />
+            <item
+                android:id="@+id/action_connection_test_delete_unavailable"
+                android:title="@string/connection_test_delete_unavailable" />
             <item
                 android:id="@+id/action_order"
                 android:title="@string/group_order">
diff --git a/app/src/main/res/menu/app_list_neko_menu.xml b/app/src/main/res/menu/app_list_neko_menu.xml
deleted file mode 100644
index 94cbd0782..000000000
--- a/app/src/main/res/menu/app_list_neko_menu.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<menu xmlns:android="http://schemas.android.com/apk/res/android">
-    <item
-        android:id="@+id/uninstall_all"
-        android:title="Uninstall All Plugins" />
-</menu>
diff --git a/app/src/main/res/menu/per_app_proxy_menu.xml b/app/src/main/res/menu/per_app_proxy_menu.xml
index a810e6fbb..7eb29c079 100644
--- a/app/src/main/res/menu/per_app_proxy_menu.xml
+++ b/app/src/main/res/menu/per_app_proxy_menu.xml
@@ -1,9 +1,5 @@
 <menu xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto">
-    <item
-        android:id="@+id/action_scan_china_apps"
-        android:title="@string/action_scan_china_apps"
-        app:showAsAction="never" />
     <item
         android:id="@+id/action_invert_selections"
         android:title="@string/invert_selections"
diff --git a/app/src/main/res/menu/yacd_menu.xml b/app/src/main/res/menu/yacd_menu.xml
index ba1b1fd05..c60ceb60a 100644
--- a/app/src/main/res/menu/yacd_menu.xml
+++ b/app/src/main/res/menu/yacd_menu.xml
@@ -1,12 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<menu xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:app="http://schemas.android.com/apk/reyas-auto">
+<menu xmlns:android="http://schemas.android.com/apk/res/android">
     <item
         android:id="@+id/action_set_url"
-        android:title="@string/set_panel_url"
-        app:showAsAction="false" />
+        android:title="@string/set_panel_url" />
     <item
         android:id="@+id/close"
-        android:title="@string/mal_close"
-        app:showAsAction="false" />
+        android:title="@string/mal_close" />
 </menu>
diff --git a/app/src/main/res/resources.properties b/app/src/main/res/resources.properties
new file mode 100644
index 000000000..467b3efec
--- /dev/null
+++ b/app/src/main/res/resources.properties
@@ -0,0 +1 @@
+unqualifiedResLocale=en-US
diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
index c48c7467a..e0301bcf7 100644
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -80,8 +80,7 @@
     <string name="cag_dns">Ajustes de DNS</string> 
     <string name="remote_dns">DNS remoto</string> 
     <string name="direct_dns">DNS directo</string> 
-    <string name="direct_dns_use_system">Utilizar DNS del sistema como DNS directo</string> 
-    <string name="enable_dns_routing">Activar enrutamiento DNS</string> 
+    <string name="enable_dns_routing">Activar enrutamiento DNS</string>
     <string name="dns_routing_message">Resuelve dominios en rutas de omisión con el DNS directo. Tenga en cuenta las posibles fugas de DNS</string> 
     <string name="enable_fakedns">Activar DNS falso</string> 
     <string name="fakedns_message">Puede hacer que sea necesario reiniciar otras aplicaciones para volver a conectarse a la red después de detener el proxy</string> 
@@ -447,7 +446,5 @@
     <string name="action_switch">Cambiar</string> 
  
     <string name="connection_test_delete_unavailable">Borrado no disponible</string> 
-    <string name="neko_plugin">Complemento avanzado</string> 
-    <string name="neko_plugin_internal_error">%s error interno</string> 
- 
+
 </resources> 
diff --git a/app/src/main/res/values-fa/strings.xml b/app/src/main/res/values-fa/strings.xml
index 41a30bdf6..de972072d 100644
--- a/app/src/main/res/values-fa/strings.xml
+++ b/app/src/main/res/values-fa/strings.xml
@@ -1,443 +1,532 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
-    <string name="app_desc">زنجیره ابزار پروکسی جهانی برای اندروید، نوشته شده در کاتولین.</string>
+    <string name="app_name" translatable="false">NekoBox</string>
+    <string name="app_name_long" translatable="false">NekoBox for Android</string>
+    <string name="app_desc">مجموعه ابزار جامع پراکسی برای اندروید، نوشته‌شده با کاتلین.</string>
     <string name="project">پروژه</string>
     <string name="github">کد منبع</string>
-    <string name="telegram">کانال آپدیت تلگرام</string>
-    <string name="oss_licenses">مجوزهای منبع باز</string>
-    <string name="app_version">نسخه</string>
+    <string name="telegram">کانال دریافت نسخه‌های به‌روز در تلگرام</string>
+    <string name="oss_licenses">مجوزهای متن‌باز</string>
+    <string name="app_version">نسخه برنامه</string>
     <string name="version_x">نسخه (%s)</string>
-    <string name="logcat">صادر اطلاعات اشکال زدایی</string>
+    <string name="logcat">صدور اطلاعات عیب‌یابی</string>
     <string name="menu_configuration">پیکربندی</string>
-    <string name="menu_group">گروه</string>
-    <string name="menu_about">در باره</string>
-    <string name="theme">تم</string>
+    <string name="menu_group">گروه‌ها</string>
+    <string name="menu_about">درباره برنامه</string>
+    <string name="theme">ظاهر</string>
     <string name="document">مستندات</string>
-    <string name="group_default">گروه بندی نشده</string>
+    <string name="group_default">گروه پیش‌فرض</string>
     <string name="quick_toggle">تغییر وضعیت</string>
     <string name="tile_title">سوییچر</string>
     <string name="menu_traffic">ترافیک</string>
+    <string name="menu_dashboard">sing-box تنظیمات</string>
     <!-- externel -->
     <string name="action_copy">کپی</string>
     <string name="action_open">باز کردن</string>
     <!-- group -->
-    <string name="group_name">اسم گروه</string>
-    <string name="group_update">به روز رسانی</string>
+    <string name="group_name">نام گروه</string>
+    <string name="group_update">به‌روزرسانی گروه</string>
     <string name="group_subscription_link">لینک اشتراک</string>
-    <string name="group_name_required">نام گروه مورد نیاز است</string>
+    <string name="group_name_required">نام گروه را وارد کنید</string>
     <string name="group_create">ایجاد گروه</string>
     <string name="group_create_subscription">ایجاد اشتراک</string>
-    <string name="update_all_subscription">به روز رسانی تمام اشتراک ها</string>
+    <string name="update_all_subscription">به‌روزرسانی همه اشتراک‌ها</string>
     <string name="group_edit">ویرایش گروه</string>
     <string name="group_edit_subscription">ویرایش اشتراک</string>
-    <string name="group_status_empty">گروه خالی</string>
-    <string name="group_status_empty_subscription">هنوز آپدیت نشده</string>
-    <string name="group_status_proxies">%d پراکسی ها</string>
-    <string name="group_status_proxies_subscription">%d پراگسی ها | اپدیت شدند در %s</string>
-    <string name="group_no_difference">%s: بدون تغییر</string>
-    <string name="group_updated">%s: اپدیت شد %d پراکسی ها</string>
-    <string name="group_show_diff">تفاوت</string>
-    <string name="group_diff">تفاوت (%s)</string>
-    <string name="group_delete_confirm_prompt">آیا مطمئن هستید که می خواهید این گروه را حذف کنید?</string>
-    <string name="group_added">اضافه شده:\n%s</string>
-    <string name="group_changed">اپدیت شد: \n%s</string>
-    <string name="group_deleted">حذف شد\n%s</string>
+    <string name="group_status_empty">خالی</string>
+    <string name="group_status_empty_subscription">هنوز به‌روزرسانی نشده است</string>
+    <string name="group_status_proxies">%d پراکسی‌ها</string>
+    <string name="group_status_proxies_subscription">%d پراکسی‌ها | به‌روزرسانی شدند در %s</string>
+    <string name="group_no_difference">%s: بدون تفاوت</string>
+    <string name="group_updated">%s: Updated %d proxies</string>
+    <string name="group_show_diff">تفاوت‌ها</string>
+    <string name="group_diff">تفاوت‌ها (%s)</string>
+    <string name="group_delete_confirm_prompt">آیا مطمئن هستید که می‌خواهید این گروه را حذف کنید؟</string>
+    <string name="group_added">اضافه شده: \n%s</string>
+    <string name="group_changed">به‌روز شد \n%s</string>
+    <string name="group_deleted">حذف شد: \n%s</string>
     <string name="group_duplicate">تکراری: \n%s</string>
     <!-- misc -->
     <string name="service_mode">حالت سرویس</string>
-    <string name="service_mode_proxy">فقط پروکسی</string>
-    <string name="port_proxy">پورت پروکسی SOCKS5</string>
-    <string name="port_http">پورت پروکسی HTTP</string>
-    <string name="port_transproxy">پورت ترانسپروکسی</string>
-    <string name="cag_route">تنظیمات مسیر</string>
-    <string name="allow_access">اتصالات از LAN را مجاز کنید</string>
-    <string name="allow_access_sum">سرورهای ورودی را به 0.0.0.0 متصل کنید</string>
-    <string name="inbound_settings">تنظیمات ورودی</string>
+    <string name="service_mode_proxy">فقط به حالت پراکسی</string>
+    <string name="service_mode_vpn" translatable="false">VPN</string>
+    <string name="port_proxy">پورت پراکسی</string>
+    <string name="port_http">پورت پراکسی HTTP</string>
+    <string name="port_transproxy">پورت Transproxy</string>
+    <string name="cag_route">تنظیمات مسیردهی</string>
+    <string name="allow_access">اجازه اتصال از شبکه محلی</string>
+    <string name="allow_access_sum">اجازه اتصال سرورهای ورودی به 0.0.0.0</string>
+    <string name="inbound_settings">تنظیمات اتصالات ورودی</string>
     <string name="general_settings">تنظیمات برنامه</string>
-    <string name="require_http">ورودی HTTP را فعال کنید</string>
-    <string name="cag_ws">تنظیمات وب سوکت</string>
-    <string name="ws_browser_forwarding">ارسال مرورگر</string>
-    <string name="ws_browser_forwarding_sum">وب‌سوکت‌های مربوط را از طریق مرورگر ارسال کنید.</string>
-    <string name="speed_interval">فاصله به روز رسانی اعلان سرعت</string>
+    <string name="require_http">فعال‌کردن ورودی HTTP</string>
+    <string name="cag_ws">تنظیمات WebSocket</string>
+    <string name="ws_max_early_data" translatable="false">Max early data</string>
+    <string name="ws_browser_forwarding">اتصال مرورگر</string>
+    <string name="ws_browser_forwarding_sum">ارسال WebSocketهای مربوطه از طریق مرورگر</string>
+    <string name="speed_interval">تنظیم فاصله زمانی نمایش سرعت</string>
     <string name="cag_misc">تنظیمات متفرقه</string>
     <string name="show_stop">نمایش دکمه توقف</string>
-    <string name="show_stop_sum">اگر نمی خواهید از Quick Tile به عنوان سوئیچ استفاده کنید</string>
-    <string name="show_direct_speed">نمایش سرعت مستقیم</string>
-    <string name="show_direct_speed_sum">سرعت ترافیک را بدون پروکسی نیز در اعلان نشان دهید</string>
-    <string name="security_settings">تنظیمات امنیتی</string>
-    <string name="allow_insecure">اجازه ناامن</string>
-    <string name="allow_insecure_sum">غیرفعال کردن بررسی گواهی وقتی فعال باشد، این پیکربندی به اندازه متن ساده ایمن است</string>
-    <string name="speed_detail">پروکسی：%1$s↑%2$s↓\nمستقیم：%3$s↑%4$s↓</string>
-    <string name="speed">%s/ثانیه</string>
-    <string name="connection_test_testing">آزمایش کردن…</string>
-    <string name="connection_test_available">موفقیت: ارتباط HTTPS انجام شد %dمیلی ثانیه</string>
-    <string name="connection_test_available_http">موفقیت: ارتباط HTTP انجام شد %dمیلی ثانیه</string>
-    <string name="connection_test_error">ناموفق: %s</string>
-    <string name="connection_test_fail">اینترنت در دسترس نیست</string>
-    <string name="connection_test_error_status_code">کد خطا: #%d</string>
-    <string name="cag_dns">تنظیمات DNS</string>
-    <string name="remote_dns">DNS از راه دور</string>
+    <string name="show_stop_sum">اگر دکمه تغییر وضعیت در نوار اعلان را نمی‌خواهید</string>
+    <string name="show_direct_speed">نمایش سرعت</string>
+    <string name="show_direct_speed_sum">نمایش سرعت اتصال، حتی در هنگام غیرفعال بودن پراکسی</string>
+    <string name="security_settings">تنظیمات امنیت TLS</string>
+    <string name="allow_insecure">اتصال محافظت نشده</string>
+    <string name="allow_insecure_sum">اگر بررسی گواهی‌ها غیرفعال باشد، اتصال بدون رمزنگاری خواهد بود.</string>
+    <string name="traffic" translatable="false">%1$s↑ %2$s↓</string>
+    <string name="speed_detail">سرعت： %1$s↑ %2$s↓\nمستقیم： %3$s↑ %4$s↓</string>
+    <string name="speed">%s/s</string>
+    <string name="connection_test_testing">در حال آزمایش</string>
+    <string name="connection_test_available">اتصال موفق! سرعت برقراری ارتباط HTTPS: %dms</string>
+    <string name="connection_test_available_http">اتصال موفق! سرعت برقراری ارتباط HTTP: %dms</string>
+    <string name="connection_test_error">ناموفق بود: %s</string>
+    <string name="connection_test_fail">اینترنت متصل نیست</string>
+    <string name="connection_test_error_status_code">کد ارور: #%d</string>
+    <string name="cag_dns">تنظیمات DNs</string>
+    <string name="remote_dns">DNS ریموت</string>
     <string name="direct_dns">DNS مستقیم</string>
-    <string name="direct_dns_use_system">از DNS سیستم به عنوان Direct DNS استفاده کنید</string>
-    <string name="enable_dns_routing">مسیریابی DNS را فعال کنید</string>
-    <string name="dns_routing_message">حل دامنه ها در مسیرهای بای پس با Direct DNS. از نشت های احتمالی DNS آگاه باشید</string>
-    <string name="enable_fakedns">FakeDNS را فعال کنید</string>
-    <string name="fakedns_message">ممکن است باعث شود پس از توقف پراکسی، برنامه‌های دیگر برای اتصال مجدد به شبکه مجدداً راه‌اندازی شوند</string>
+    <string name="enable_dns_routing">فعال‌کردن مسیریابی DNS</string>
+    <string name="dns_routing_message">بررسی دامنه‌ها در دورزدن مسیرها با DNS مستقیم. احتمال افشای نشانی DNS وجود دارد.</string>
+    <string name="enable_fakedns">فعال کردن FakeDNS</string>
+    <string name="fakedns_message">ممکن است نیاز باشد که برنامه‌های دیگر را برای اتصال مجدد، دوباره راه‌اندازی کنید.</string>
     <string name="dns_hosts">بازنویسی دامنه</string>
     <string name="port_local_dns">پورت DNS محلی</string>
-    <string name="require_transproxy">Transproxy Inbound را فعال کنید</string>
-    <string name="transproxy_mode">پورت ترانسپروکسی</string>
-    <string name="connection_test_url">URL تست اتصال</string>
+    <string name="require_transproxy">فعال کردن Transproxy ورودی</string>
+    <string name="transproxy_mode">حالت Transproxy</string>
+    <string name="connection_test_url">آزمایش اتصال به لینک</string>
     <!-- proxy category -->
-    <string name="profile_name">نام پروفایل</string>
-    <string name="server_address">سرور</string>
-    <string name="server_port">پورت از راه دور</string>
+    <string name="profile_name">نام</string>
+    <string name="server_address">آدرس سرور</string>
+    <string name="server_port">پورت سرور</string>
     <string name="username">نام کاربری</string>
     <string name="username_opt">نام کاربری (اختیاری)</string>
     <string name="password_opt">رمز عبور (اختیاری)</string>
     <string name="key_opt">کلید (اختیاری)</string>
-    <string name="password">کلمه عبور</string>
-    <string name="enc_method">روش رمزگذاری</string>
-    <string name="protocol">پروتکل</string>
-    <string name="protocol_param">پارامتر پروتکل</string>
-    <string name="obfs">Obfs</string>
-    <string name="obfs_param">Obfs پارامتر</string>
-    <string name="uuid">شناسه کاربر</string>
-    <string name="alter_id">تغییر ایدی</string>
-    <string name="security">رمزگذاری لایه انتقال</string>
+    <string name="password">Pرمز عبور</string>
+    <string name="enc_method">نوع رمزنگاری</string>
+    <string name="protocol">دستورالعمل</string>
+    <string name="protocol_param">مؤلفه دستورالعمل</string>
+    <string name="obfs">دستورالعمل درهم‌سازی obfs</string>
+    <string name="obfs_param">مؤلفه Obfs</string>
+    <string name="uuid">شناسه کاربری</string>
+    <string name="alter_id">شناسه دیگر</string>
+    <string name="security">رمزنگاری لایه Transport</string>
     <string name="network">شبکه</string>
-    <string name="header_type">نوع هدر</string>
-    <string name="ws_host">میزبان وب سوکت</string>
-    <string name="ws_path">میزبان وب سوکت</string>
+    <string name="header_type">نوع سرآیند</string>
+    <string name="ws_host">میزبان WebSocket</string>
+    <string name="ws_path">مسیر WebSocket</string>
     <string name="http_host">میزبان HTTP</string>
     <string name="http_path">مسیر HTTP</string>
     <string name="grpc_service_name">نام سرویس gRPC</string>
-    <string name="tls">از TLS استفاده کنید</string>
-    <string name="sni">نشانگر نام سرور</string>
-    <string name="alpn">سطح کاربردی مذاکرات پروتکل</string>
-    <string name="certificates">گواهینامه ها</string>
-    <string name="early_data_header_name">نام هدر داده اولیه</string>
-    <string name="encryption">رمزگذاری</string>
-    <string name="extra_headers">هدر های اضافی</string>
+    <string name="tls">استفاده از TLS</string>
+    <string name="sni">SNI</string>
+    <string name="alpn">ALPN</string>
+    <string name="certificates">گواهی‌ها</string>
+    <string name="early_data_header_name">نام سرآیند درخواست داده‌های اولیه</string>
+    <string name="encryption">رمزنگاری</string>
+    <string name="extra_headers">سرآیندهای اضافی</string>
     <string name="config_type">نوع پیکربندی</string>
     <string name="edit_config">ویرایش پیکربندی</string>
     <!-- feature category -->
-    <string name="ipv6">مسیر IPv6</string>
-    <string name="prefer">ترجیح دادن</string>
+    <string name="ipv6">مسیریابی IP نسخه 6</string>
+    <string name="prefer">ترجیح</string>
     <string name="only">فقط</string>
-    <string name="metered">اشاره گر اندازه گیری شده</string>
-    <string name="metered_summary">سیستم راهنمایی برای برخورد با VPN به عنوان اندازه‌گیری شده</string>
-    <string name="menu_route">مسیر</string>
-    <string name="route_add">ایجاد مسیر</string>
-    <string name="delete_route_prompt">آیا مطمئن هستید که می خواهید این مسیر را حذف کنید?</string>
+    <string name="metered">اتصال اندازه‌گیری‌شده</string>
+    <string name="metered_summary">تنظیم VPN برای سیستم به عنوان اتصال اندازه‌گیری‌شده</string>
+    <string name="menu_route">مسیریابی</string>
+    <string name="route_add">ایجاد مسیر اختصاصی جدید</string>
+    <string name="delete_route_prompt">آیا مطمئن هستید که این مسیر را می‌خواهید حذف کنید؟</string>
     <string name="route_name">نام مسیر</string>
-    <string name="route_proxy">پروکسی</string>
-    <string name="route_bypass">بایپس</string>
-    <string name="route_block">مسدود کردن</string>
-    <string name="route_profile">انتخاب پروفایل…</string>
+    <string name="route_proxy">اتصال با پراکسی</string>
+    <string name="route_bypass">اتصال مستقیم بدون پراکسی</string>
+    <string name="route_block">مسدودکردن اتصال</string>
+    <string name="route_profile">انتخاب پراکسی...</string>
     <string name="empty_route">مسیر خالی</string>
-    <string name="empty_route_notice">قبل از ذخیره چند قانون تنظیم کنید</string>
-    <string name="route_bypass_domain">قانون دامنه برای %s</string>
-    <string name="route_play_store">قانون فروشگاه Play برای %s</string>
-    <string name="route_bypass_ip">قانون IP برای %s</string>
-    <string name="route_reset">بازنشانی کنید</string>
-    <string name="route_manage_assets">مدیریت مسیر</string>
-    <string name="route_assets">دارایی</string>
-    <string name="route_rules_provider">ارائه دهنده دارایی های قانون</string>
+    <string name="empty_route_notice">قبل از ثبت، دستورالعملی اضافه کنید.</string>
+    <string name="route_bypass_domain">دستورالعمل برای دامنه‌های %s</string>
+    <string name="route_play_store">دستورالعمل برای فروشگاه Play %s</string>
+    <string name="route_bypass_ip">دستورالعمل برای IPهای %s</string>
+    <string name="route_reset">بازنشانی</string>
+    <string name="route_manage_assets">مدیریت جزئیات مسیریابی</string>
+    <string name="route_assets">جزئیات</string>
+    <string name="route_rules_provider">تأمین‌کننده جزئیات دستورالعمل‌ها</string>
     <string name="route_rules_official">رسمی</string>
     <string name="route_asset_status">نسخه محلی: %s</string>
-    <string name="route_asset_no_update">بدون آپدیت</string>
-    <string name="route_asset_updated">به روز رسانی</string>
-    <string name="route_not_asset">نه یک فایل پشتیبان: به جز .db، اما %s</string>
-    <string name="route_opt_bypass_lan">دور زدن LAN</string>
+    <string name="route_asset_no_update">به‌روزرسانی یافت نشد</string>
+    <string name="route_asset_updated">به‌روزرسانی شد</string>
+    <string name="route_not_asset">مشکل: ot an asset file: excepted .db, but %s</string>
+    <string name="route_opt_bypass_lan">دورزدن شبکه محلی</string>
     <string name="route_opt_block_ads">مسدود کردن تبلیغات</string>
-    <string name="route_opt_block_analysis">بلاک کردن انالیز ها</string>
-    <string name="route_opt_block_quic">QUIC را مسدود کنید</string>
-    <string name="domain_strategy">استراتژی حل و فصل دامنه</string>
-    <string name="traffic_sniffing">بو کشیدن ترافیک را فعال کنید</string>
-    <string name="enable_mux">مولتی پلکسر را فعال کنید</string>
-    <string name="mux_concurrency">Mux اتصالات همزمان</string>
-    <string name="tcp_keep_alive_interval">TCP بازه تحویل بسته را فعال نگه می دارد</string>
-    <string name="proxied_apps">حالت VPN برنامه ها</string>
-    <string name="proxied_apps_summary">حالت VPN را برای برنامه های انتخابی پیکربندی کنید</string>
+    <string name="route_opt_block_analysis">مسدود کردن ردیاب‌های اینترنتی</string>
+    <string name="route_opt_block_quic">مسدود کردن QUIC</string>
+    <string name="domain_strategy">راهبرد شناسایی دامنه</string>
+    <string name="traffic_sniffing">فعال کردن ثبت ترافیک</string>
+    <string name="enable_mux">فعال کردن مالتی‌پلکسر</string>
+    <string name="mux_sum">باید سرور هم امکان پشتیبانی از مالتی‌پلکسر را داشته باشد. مالتی‌پلکسر برای کاهش زمان تأخیر در اتصال TCP طراحی شده است و نه برای افزایش توان اتصال. استفاده از مالتی‌پلکسر برای تماشای فیلم، دانلود فایل یا آزمایش سرعت معمولاً نتیجه‌ای ندارد.</string>
+    <string name="mux_concurrency">تعداد اتصال همزمان با مالتی‌پلکسر</string>
+    <string name="tcp_keep_alive_interval">فعال نگه‌داشتن بازه دریافت بسته‌های TCP</string>
+    <string name="proxied_apps">تانل‌کردن اپلیکیشن‌ها</string>
+    <string name="proxied_apps_summary">انتخاب اپلیکیشن‌های مورد نظر برای پراکسی شدن</string>
     <string name="on">روشن</string>
     <string name="off">خاموش</string>
-    <string name="search_apps">جستجو کردن…</string>
-    <string name="scanning">اسکن کردن…</string>
-    <string name="invert_selections">انتخاب ها را معکوس کنید</string>
-    <string name="clear_selections">پاک کردن انتخاب ها</string>
-    <string name="bypass_apps">بایپس</string>
-    <string name="show_system_apps">نمایش برنامه های سیستم</string>
-    <string name="auto_connect">ارتباط خودکار</string>
-    <string name="auto_connect_summary">فعال کردن پروکسی در هنگام راه‌اندازی/به‌روزرسانی برنامه اگر قبلاً اجرا می‌شد</string>
-    <string name="direct_boot_aware">تغییر در صفحه قفل مجاز است</string>
-    <string name="direct_boot_aware_summary">اطلاعات نمایه انتخابی شما کمتر محافظت می شود</string>
+    <string name="search_apps">در حال جستجو...</string>
+    <string name="scanning">در حال اسکن...</string>
+    <string name="invert_selections">برعکس‌کردن گزینه‌های انتخاب‌شده</string>
+    <string name="clear_selections">برداشتن انتخاب‌ها</string>
+    <string name="bypass_apps">پراکسی نشوند</string>
+    <string name="show_system_apps">نمایش برنامه‌های سیستمی</string>
+    <string name="auto_connect">اتصال خودکار</string>
+    <string name="auto_connect_summary">فعال کردن پراکسی در هنگام راه‌اندازی/به‌روزرسانی برنامه اگر قبلاً در حال اجرا بوده است</string>
+    <string name="direct_boot_aware">امکان تغییر وضعیت پراکسی در صفحه قفل</string>
+    <string name="direct_boot_aware_summary">اطلاعات پراکسی انتخابی شما، کمتر محافظت می‌شود.</string>
     <!-- notification category -->
-    <string name="service_vpn">سرویس VPN</string>
-    <string name="service_proxy">سرویس پروکسی</string>
-    <string name="forward_success">پروکسی شروع شد.</string>
-    <string name="invalid_server">نام سرور نامعتبر است</string>
+    <string name="service_vpn">VPN سراسری</string>
+    <string name="service_proxy">پراکسی</string>
+    <string name="forward_success">پراکسی راه‌اندازی شد.</string>
+    <string name="invalid_server">نام سرور نادرست است</string>
     <string name="service_failed">ناموفق: </string>
-    <string name="stop">متوقف کردن</string>
-    <string name="stopping">خاموش شدن…</string>
+    <string name="stop">توقف</string>
+    <string name="stopping">خاموش کردن...</string>
     <string name="vpn_error">%s</string>
-    <string name="vpn_permission_denied">اجازه ایجاد سرویس VPN رد شد</string>
-    <string name="reboot_required">سرویس VPN راه اندازی نشد. ممکن است لازم باشد دستگاه خود را مجددا راه اندازی کنید.</string>
+    <string name="vpn_permission_denied">اجازه ایجاد سرویس VPN داده نشد.</string>
+    <string name="reboot_required">راه‌اندازی VPN ناموفق بود، بهتر است یک‌بار دستگاهتان را خاموش و راه‌اندازی مجدد کنید.</string>
     <!-- alert category -->
-    <string name="profile_empty">لطفا یک پروفایل انتخاب کنید</string>
+    <string name="profile_empty">لطفاً یک پراکسی را انتخاب کنید.</string>
     <string name="connect">اتصال</string>
-    <string name="clipboard_empty">کلیپ برد خالی است</string>
+    <string name="clipboard_empty">بریده‌دان خالی است.</string>
     <!-- menu category -->
     <string name="settings">تنظیمات</string>
     <string name="edit">ویرایش</string>
-    <string name="share">اشتراک گذاری</string>
-    <string name="add_profile">افزودن پروفایل</string>
-    <string name="select_profile">انتخاب پروفایل</string>
-    <string name="proxy_chain">زنجیره پروکسی</string>
-    <string name="custom_config">پیکربندی سفارشی</string>
-    <string name="balancer">متعادل کننده</string>
-    <string name="balancer_settings">تنظیمات متعادل کننده</string>
+    <string name="share">اشتراک‌گذاری</string>
+    <string name="add_profile">اضافه‌کردن پراکسی جدید</string>
+    <string name="select_profile">انتخاب پراکسی</string>
+    <string name="action_socks" translatable="false">SOCKS</string>
+    <string name="action_http" translatable="false">HTTP</string>
+    <string name="action_shadowsocks" translatable="false">Shadowsocks</string>
+    <string name="action_shadowsocksr" translatable="false">ShadowsocksR</string>
+    <string name="action_vmess" translatable="false">VMess</string>
+    <string name="action_trojan" translatable="false">Trojan</string>
+    <string name="action_trojan_go" translatable="false">Trojan Go</string>
+    <string name="action_mieru" translatable="false">Mieru</string>
+    <string name="action_naive" translatable="false">Naïve</string>
+    <string name="action_hysteria" translatable="false">Hysteria</string>
+    <string name="action_ssh" translatable="false">SSH</string>
+    <string name="action_wireguard" translatable="false">WireGuard</string>
+    <string name="action_tuic" translatable="false">TUIC</string>
+    <string name="proxy_chain">زنجیره پراکسی</string>
+    <string name="custom_config">پیکربندی اختصاصی</string>
+    <string name="balancer">برابرکننده</string>
+    <string name="balancer_settings">تنظیمات برابرکننده</string>
     <string name="balancer_type">نوع</string>
-    <string name="balancer_strategy">استراتژی</string>
-    <string name="chain_settings">تنظیمات زنجیره ای</string>
+    <string name="balancer_strategy">راهبرد</string>
+    <string name="chain_settings">تنظیمات زنجیره</string>
     <string name="config_settings">تنظیمات پیکربندی</string>
-    <string name="circular_reference">مرجع دایره ای</string>
-    <string name="circular_reference_sum">مسیر نمی تواند خود را در بر بگیرد.</string>
-    <string name="clear_profiles">پاک کردن</string>
+    <string name="circular_reference">ارجاع حلقه‌ای</string>
+    <string name="circular_reference_sum">مسیر نمی‌تواند شامل خودش باشد.</string>
+    <string name="clear_profiles">پاک‌کردن</string>
     <string name="action_create_group">گروه خالی</string>
     <string name="action_from_link">از اشتراک</string>
-    <string name="action_scan_china_apps">اسکن برنامه های چین</string>
-    <string name="action_export_file">صادر به فایل</string>
-    <string name="action_export_clipboard">صادر به کلیپ بورد</string>
-    <string name="action_export">صادر</string>
-    <string name="action_import">وارد کردن از کلیپ بورد</string>
-    <string name="action_import_file">وارد کردن از فایل</string>
-    <string name="action_export_msg">صادر با موفقیت انجام شد!</string>
-    <string name="action_export_err">صادر نشد.</string>
-    <string name="action_import_msg">با موفقیت وارد شد!</string>
-    <string name="action_import_err">وارد کردن ناموفق بود.</string>
-    <string name="file_manager_missing">دستگاه شما فاقد انتخابگر فایل استاندارد Android است، لطفاً یکی مانند Material Files را نصب کنید.</string>
+    <string name="action_scan_china_apps">اسکن برنامه‌های چینی</string>
+    <string name="action_export_file">صدور به صورت فایل</string>
+    <string name="action_export_clipboard">صدور در بریده‌دان</string>
+    <string name="action_export">صدور</string>
+    <string name="action_import">وارد کردن از بریده‌دان</string>
+    <string name="action_import_file">وارد کردن از یک فایل</string>
+    <string name="action_export_msg">صدور موفق</string>
+    <string name="action_export_err">صدور انجام نشد.</string>
+    <string name="action_import_msg">با موفقیت اضافه شد!</string>
+    <string name="action_import_err">وارد نشد.</string>
+    <string name="file_manager_missing">لطفاً دستگاه شما فاقد انتخابگر فایل استاندارد Android است
+ یکی مانند Material Files را نصب کنید.</string>
     <!-- share -->
     <!-- profile -->
-    <string name="profile_config">پیکربندی پروفایل</string>
+    <string name="profile_config">پیکربندی پراکسی</string>
     <string name="delete">حذف</string>
-    <string name="delete_confirm_prompt">آیا مطمئنید که می خواهید این پروفایل را حذف کنید؟</string>
+    <string name="delete_confirm_prompt">آیا مطمئن هستید که می‌خواهید این پراکسی را حذف کنید؟</string>
     <string name="share_qr_nfc">کد QR</string>
-    <string name="add_profile_methods_scan_qr_code">کد QR را اسکن کنید</string>
+    <string name="add_profile_methods_scan_qr_code">اسکن از کد QR</string>
     <string name="add_profile_methods_manual_settings">تنظیمات دستی</string>
     <plurals name="removed">
-        <item quantity="one">Removed</item>
-        <item quantity="other">%d موارد حذف شدند</item>
+        <item quantity="one">حذف شد</item>
+        <item quantity="other">%d حذف شدند</item>
     </plurals>
     <plurals name="added">
-        <item quantity="one">Added</item>
-        <item quantity="other">%d پروکسی اضافه شد</item>
+        <item quantity="one">پراکسی اضافه شد</item>
+        <item quantity="other">%d پراکسی اضافه شدند</item>
     </plurals>
-    <string name="undo">واگرد</string>
+    <string name="undo">برگشت</string>
     <string name="insecure">ناامن</string>
-    <string name="deprecated">Deprecated</string>
+    <string name="deprecated">منسوخ</string>
     <!-- tasker -->
     <!-- status -->
-    <string name="connecting">برقراری ارتباط…</string>
-    <string name="vpn_connected">متصل است، برای بررسی اتصال ضربه بزنید</string>
-    <string name="not_connected">Not connected</string>
+    <string name="connecting">در حال اتصال...</string>
+    <string name="vpn_connected">متصل شد! برای بررسی اتصال، اینجا کلیک کنید.</string>
+    <string name="not_connected">وصل نیست</string>
     <!-- subscriptions -->
-    <string name="subscriptions">اشتراک ها</string>
-    <string name="cleartext_http_warning">ترافیک HTTP Cleartext ناامن است</string>
+    <string name="subscriptions">اشتراک‌ها</string>
+    <string name="cleartext_http_warning">ترافیک HTTP شفاف ناامن است</string>
     <string name="error_title">خطا</string>
-    <string name="no_proxies_found">هیچ پروکسی در پیوند یافت نشد</string>
-    <string name="no_proxies_found_in_subscription">هیچ پروکسی در اشتراک یافت نشد</string>
-    <string name="no_proxies_found_in_file">هیچ پروکسی در فایل یافت نشد</string>
-    <string name="no_proxies_found_in_clipboard">هیچ پروکسی در کلیپ بورد یافت نشد</string>
-    <string name="deduplication">کپی برداری</string>
-    <string name="donate">هدیه دادن</string>
-    <string name="donate_info">من عاشق پول هستم</string>
-    <string name="ignore_battery_optimizations">بهینه سازی باتری را نادیده بگیرید</string>
-    <string name="ignore_battery_optimizations_sum">برخی محدودیت ها را بردارید</string>
+    <string name="no_proxies_found">هیچ پراکسی در لینک مورد نظر یافت نشد.</string>
+    <string name="no_proxies_found_in_subscription">هیچ پراکسی در اشتراک مورد نظر یافت نشد.</string>
+    <string name="no_proxies_found_in_file">هیچ پراکسی در فایل مورد نظر یافت نشد.</string>
+    <string name="no_proxies_found_in_clipboard">هیچ پراکسی در بریده‌دان یافت نشد.</string>
+    <string name="deduplication">حذف موارد تکراری</string>
+    <string name="donate">حمایت از برنامه‌نویس</string>
+    <string name="donate_info">عاشق پول هستم!</string>
+    <string name="ignore_battery_optimizations">بهینه‌سازی باتری را برای این برنامه غیرفعال کنید</string>
+    <string name="ignore_battery_optimizations_sum">چند محدودیت برداشته می‌شود</string>
     <!-- plugin -->
-    <string name="plugin">پلاگین</string>
-    <string name="plugin_configure">پیکربندی…</string>
-    <string name="plugin_disabled">غیر فعال شده</string>
-    <string name="plugin_unknown">افزونه ناشناخته %s</string>
-    <string name="plugin_untrusted">هشدار: به نظر نمی رسد این افزونه از یک منبع معتبر شناخته شده باشد.</string>
-    <string name="plugin_auto_connect_unlock_only">این افزونه ممکن است با Auto Connect کار نکند</string>
+    <string name="plugin">افزونه</string>
+    <string name="plugin_configure">پیکربندی...</string>
+    <string name="plugin_disabled">غیرفعال</string>
+    <string name="plugin_unknown">افزونه نامشخص %s</string>
+    <string name="plugin_untrusted">هشدار: به نظر می‌رسد این افزونه از منابع شناخته‌شده نیست و ممکن است ناامن باشد.</string>
+    <string name="plugin_auto_connect_unlock_only">این افزونه ممکن است با اتصال خودکار، کار نکند</string>
     <string name="proxy_cat">تنظیمات سرور</string>
-    <string name="ss_cat">تنظیمات Shadowsocks</string>
-    <string name="unsaved_changes_prompt">تغییرات ذخیره نشد. آیا می خواهید ذخیره کنید؟</string>
-    <string name="yes">آره</string>
-    <string name="no">نه</string>
-    <string name="apply">اعمال کردن</string>
-    <string name="need_reload">برای اعمال تغییرات، سرویس پروکسی را دوباره بارگیری کنید</string>
+    <string name="ss_cat">تنظیمات سرور</string>
+    <string name="unsaved_changes_prompt">تغییرات جدید هنوز ذخیره نشدند، آیا می‌خواهید ذخیره شوند؟</string>
+    <string name="yes">بله</string>
+    <string name="no">خیر</string>
+    <string name="apply">اعمال تغییرات</string>
+    <string name="need_reload">برای اعمال تغییرات، سرویس پراکسی را دوباره راه‌اندازی کنید</string>
     <string name="license">مجوز</string>
-    <string name="route_warn">قبل از افزودن قوانین سفارشی مطمئن شوید که اسناد را مطالعه کرده اید، در غیر این صورت ممکن است نتوانید به اینترنت متصل شوید.</string>
-    <string name="lines">%d خطوط</string>
-    <string name="night_mode">حالت شب</string>
-    <string name="follow_system">سیستم را دنبال کنید</string>
-    <string name="enable">فعال کردن</string>
-    <string name="disable">غیر فعال</string>
+    <string name="route_warn">اطمینان حاصل کنید که مستندات فنی را قبل از افزودن قوانین سفارشی مطالعه کرده‌اید،
+ در غیر این صورت ممکن است نتوانید به اینترنت وصل شوید.</string>
+    <string name="lines">%d خط</string>
+    <string name="night_mode">حالت تاریک</string>
+    <string name="follow_system">مانند سیستم</string>
+    <string name="enable">فعال</string>
+    <string name="disable">غیرفعال</string>
     <string name="auto">خودکار</string>
-    <string name="enable_log">Log را فعال کنید</string>
-    <string name="enable_log_sum">برای اهداف اشکال زدایی</string>
+    <string name="enable_log">فعال کردن ثبت آمار</string>
+    <string name="enable_log_sum">برای اهداف عیب‌یابی</string>
     <string name="list">فهرست</string>
     <string name="random">تصادفی</string>
+    <string name="leastPing" translatable="false">Ping</string>
     <string name="api_port">پورت API</string>
-    <string name="probe_interval">فاصله مشاهده متعادل کننده</string>
+    <string name="probe_interval">مدت زمان Balancer observation</string>
     <string name="standard">استاندارد</string>
-    <string name="unavailable">غیر قابل دسترسی</string>
-    <string name="always_show_address">همیشه ادرس نشان داده شود</string>
-    <string name="always_show_address_sum">همیشه آدرس سرور را روی کارت پیکربندی نمایش دهید</string>
-    <string name="clear_traffic_statistics">پاک کردن آمار ترافیک</string>
-    <string name="connection_test">تست اتصال</string>
-    <string name="connection_test_clear_results">نتایج آزمایش را پاک کنید</string>
+    <string name="v2rayn" translatable="false">V2RayN</string>
+    <string name="available" translatable="false">%dms</string>
+    <string name="unavailable">در دسترس نیست</string>
+    <string name="always_show_address">نشانی‌ها همواره نمایش داده شود</string>
+    <string name="always_show_address_sum">همیشه نشانی سرور را روی کارت پیکربندی نمایش دهید</string>
+    <string name="clear_traffic_statistics">پاک کردن اطلاعات ترافیک</string>
+    <string name="connection_test">آزمایش اتصال</string>
+    <string name="connection_test_clear_results">پاک کردن نتایج آزمایش</string>
+    <string name="connection_test_tcp_ping" translatable="false">TCPing</string>
     <string name="connection_test_tcp_ping_unavailable">TCPing در دسترس نیست</string>
-    <string name="connection_test_icmp_ping_unavailable">پینگ ICM در دسترس نیست</string>
-    <string name="connection_test_domain_not_found">دامنه پیدا نشد</string>
-    <string name="connection_test_refused">ارتباط رد شد</string>
-    <string name="connection_test_unreachable">غیر قابل دسترسی</string>
-    <string name="connection_test_timeout">تایم اوت</string>
-    <string name="append_http_proxy">پروکسی HTTP را به VPN اضافه کنید</string>
-    <string name="append_http_proxy_sum">پروکسی HTTP مستقیماً از (مرورگر/برخی برنامه‌های پشتیبانی‌شده) بدون استفاده از دستگاه NIC مجازی (Android 10+) استفاده می‌شود.</string>
-    <string name="protocol_settings">تنظیمات پروتکل</string>
-    <string name="trojan_provider">ارائه دهنده تروجان</string>
-    <string name="group_basic">پایه ای</string>
+    <string name="connection_test_icmp_ping" translatable="false">ICMPing</string>
+    <string name="connection_test_icmp_ping_unavailable">ICMPing در دسترس نیست</string>
+    <string name="connection_test_url_test" translatable="false">آزمایش اتصال به لینک</string>
+    <string name="connection_test_domain_not_found">دامنه یافت نشد</string>
+    <string name="connection_test_refused">اتصال رد شد</string>
+    <string name="connection_test_unreachable">متصل نمی‌شود</string>
+    <string name="connection_test_timeout">بدون پاسخ</string>
+    <string name="append_http_proxy">پراکسی HTTP را به VPN اضافه کنید</string>
+    <string name="append_http_proxy_sum">پروکسی HTTP مستقیماً از (مرورگر/برخی برنامه‌های پشتیبانی‌شده) بدون استفاده از دستگاه NIC مجازی (نسخه اندروید بالاتر از 10) استفاده می‌شود.</string>
+    <string name="protocol_settings">تنظیمات پروتکل‌ها</string>
+    <string name="trojan_provider">تأمین‌کننده Trojan</string>
+    <string name="group_basic">ابتدایی</string>
     <string name="group_settings">تنظیمات گروه</string>
     <string name="subscription">اشتراک</string>
     <string name="subscription_settings">تنظیمات اشتراک</string>
     <string name="group_type">نوع گروه</string>
     <string name="subscription_type">نوع اشتراک</string>
-    <string name="delete_group_prompt">آیا مطمئن هستید که می خواهید این گروه را حذف کنید؟</string>
-    <string name="force_resolve">اجبار حل و فصل</string>
-    <string name="force_resolve_sum">هنگام به روز رسانی، همه نام های دامنه را به آدرس های IP حل کنید. هاست و SNI در صورت امکان به طور خودکار اضافه می شوند</string>
-    <string name="deduplication_sum">هنگام به روز رسانی تنظیمات تکراری را حذف کنید</string>
+    <string name="delete_group_prompt">آیا می‌خواهید این گروه را حذف کنید؟</string>
+    <string name="force_resolve">بررسی اجباری</string>
+    <string name="force_resolve_sum">هنگام به‌روزرسانی گروه، همه نام‌های دامنه را به نشانی IP تفسیر کنید. میزبان و SNI در صورت امکان به صورت خودکار اضافه می‌شوند.</string>
+    <string name="deduplication_sum">حذف خودکار پراکسی‌های تکراری، بعد از به‌روزرسانی</string>
     <string name="raw">خام</string>
-    <string name="update_settings">به روز رسانی تنظیمات</string>
-    <string name="auto_update">به روز رسانی خودکار</string>
-    <string name="auto_update_delay">تأخیر به‌روزرسانی خودکار (در چند دقیقه)</string>
-    <string name="update_when_connected_only">فقط در صورت اتصال به روز رسانی کنید</string>
-    <string name="update_when_connected_only_sum">جلوگیری از نشت آدرس IP</string>
-    <string name="subscription_user_agent">عامل کاربر</string>
-    <string name="confirm">تایید</string>
-    <string name="missing_plugin">افزونه از دست رفته</string>
-    <string name="profile_requiring_plugin">پروفایل %s نیاز دارد %s افزونه نصب شود، اما پیدا نشد.</string>
-    <string name="action_learn_more">بیشتر بدانید</string>
+    <string name="update_settings">اعمال تغییرات</string>
+    <string name="auto_update">به‌روزرسانی خودکار</string>
+    <string name="auto_update_delay">به‌روزرسانی خودکار گروه (در مدت زمان مورد نظر به دقیقه)</string>
+    <string name="update_when_connected_only">به‌روزرسانی هنگام متصل بودن</string>
+    <string name="update_when_connected_only_sum">از افشای IP جلوگیری می‌شود.</string>
+    <string name="subscription_user_agent">UserAgent</string>
+    <string name="confirm">تأیید</string>
+    <string name="missing_plugin">افزونه مورد نیاز یافت‌ نشد</string>
+    <string name="profile_requiring_plugin">پراکسی %s نیاز به نصب افزونه %s دارد، اما پیدا نشد.</string>
+    <string name="action_learn_more">اطلاعات بیشتر</string>
     <string name="action_download">دانلود</string>
-    <string name="install_from_play_store">از پلی استور نصب کنید</string>
-    <string name="install_from_fdroid">از F-Droid نصب کنید</string>
+    <string name="install_from_play_store">نصب از فروشگاه Play</string>
+    <string name="install_from_fdroid">نصب از F-Droid</string>
     <string name="download">دانلود</string>
-    <string name="ooc_subscription_token_invalid">توکن OOCv1 نامعتبر است</string>
-    <string name="update_subscription_warning">پروکسی متصل نیست، آیا مطمئن هستید که می خواهید به روز رسانی ادامه دهید؟</string>
+    <string name="ooc_subscription_token">مشخصه OOCv1 API</string>
+    <string name="ooc_subscription_token_invalid">مشخصه OOCv1 نادرست</string>
+    <string name="update_subscription_warning">پروکسی متصل نیست، آیا مطمئن هستید که می خواهید به‌روزرسانی کنید؟</string>
     <string name="ooc_warning">هشدار</string>
-    <string name="ooc_missing_protocol">اشتراک به پشتیبانی از پروتکل نیاز دارد%s، اما پیدا نمی شود. نمایه های پشتیبانی نشده نادیده گرفته می شوند.</string>
-    <string name="service_subscription">سرویس به روز رسانی اشتراک</string>
-    <string name="subscription_update">به روز رسانی اشتراک</string>
-    <string name="subscription_update_message">در حال بروز رسانی %s …</string>
-    <string name="group_filter">فیلتر</string>
-    <string name="subscription_used">%s استفاده شده</string>
-    <string name="subscription_traffic">%s استفاده شده / %s باقی مانده است</string>
+    <string name="ooc_missing_protocol">اشتراک به پشتیبانی از پروتکل %s نیاز دارد، اما یافت نشد. پراکسی های پشتیبانی نشده نادیده گرفته می شوند.</string>
+    <string name="service_subscription">سرویس به‌روزسانی اشتراک</string>
+    <string name="subscription_update">به‌روزرسانی اشتراک</string>
+    <string name="subscription_update_message">به‌روزرسانی %s …</string>
+    <string name="group_filter">پالایش</string>
+    <string name="subscription_used">%s استفاده‌شده</string>
+    <string name="subscription_traffic">%s استفاده‌شده / %s باقی‌مانده</string>
     <string name="subscription_expire">انقضا: %s</string>
     <string name="subscription_import">وارد کردن اشتراک</string>
-    <string name="subscription_import_message">تأیید کنید که می خواهید اشتراک را وارد کنید %s? اگر از یک منبع نامعتبر وارد می شوید، انجام این کار ممکن است منجر به لو رفتن IP شما و این رفتار شود.</string>
-    <string name="profile_import">وارد کردن پروفایل</string>
-    <string name="profile_import_message">تأیید کنید که می‌خواهید پروفایل را وارد کنید%s؟</string>
-    <string name="clear_profiles_message">آیا مطمئن هستید که می خواهید این گروه را پاک کنید؟</string>
-    <string name="apps">برنامه ها</string>
-    <string name="select_apps">برنامه ها را انتخاب کنید</string>
-    <string name="apps_message">%d برنامه ها</string>
-    <string name="hysteria_obfs">رمز عبور مبهم</string>
+    <string name="subscription_import_message">تأیید می‌کنید که می‌خواهید اشتراک %s را وارد کنید؟ اگر از یک منبع نامعتبر وارد کنید، ممکن است منجر به لو رفتن IP شما شود.</string>
+    <string name="profile_import">اضافه کردن پراکسی</string>
+    <string name="profile_import_message">تأیید می‌کنید که می‌خواهید پراکسی %s اضافه شود؟</string>
+    <string name="clear_profiles_message">آیا می‌خواهید پراکسی‌های این گروه را پاک کنید؟</string>
+    <string name="apps">برنامه‌ها</string>
+    <string name="select_apps">انتخاب برنامه‌های مورد نظر</string>
+    <string name="apps_message">%d برنامه</string>
+    <string name="hysteria_obfs">رمز دستورالعمل مبهم‌سازی</string>
     <string name="hysteria_auth_type">نوع احراز هویت</string>
-    <string name="hysteria_auth_payload">احراز هویت ظرفیت ترابری</string>
-    <string name="hysteria_upload_mbps">حداکثر سرعت آپلود (به مگابیت بر ثانیه)</string>
-    <string name="hysteria_download_mbps">حداکثر سرعت دانلود (به مگابیت بر ثانیه)</string>
-    <string name="experimental_settings">تجربی</string>
+    <string name="hysteria_auth_payload">بسته احرازهویت</string>
+    <string name="hysteria_upload_mbps">حدأکثر سرعت ارسال (به مگابیت‌برثانیه)</string>
+    <string name="hysteria_download_mbps">حدأکثر سرعت دریافتی (به مگابیت‌برثانیه)</string>
+    <string name="experimental_settings">تنظیمات آزمایشی</string>
     <string name="hysteria_stream_receive_window">پنجره دریافت جریان QUIC</string>
     <string name="hysteria_connection_receive_window">پنجره دریافت اتصال QUIC</string>
-    <string name="hysteria_disable_mtu_discovery">Path MTU Discovery را غیرفعال کنید</string>
-    <string name="group_order">سفارش</string>
-    <string name="group_order_origin">مبدا</string>
-    <string name="group_order_by_name">بر اساس اسم</string>
-    <string name="group_order_by_delay">با تاخیر</string>
-    <string name="plugin_exists_but_on_shit_system">پروفایل %s نیاز دارد %s افزونه، اما فروشنده تجهیزات اختصاصی شما (معمولا غول های سرمایه نظارتی و سازنده بدافزار) اندروید شما را دستکاری کرده و باعث غیرقابل استفاده شدن افزونه شده است.</string>
+    <string name="hysteria_disable_mtu_discovery">غیرفعال کردن Path MTU Discovery</string>
+    <string name="group_order">ترتیب</string>
+    <string name="group_order_origin">مبدأ</string>
+    <string name="group_order_by_name">به ترتیب نام</string>
+    <string name="group_order_by_delay">به میزان تأخیر</string>
+    <string name="plugin_exists_but_on_shit_system">پراکسی %s به افزونه %s نیاز دارد، اما تأمین‌کننده تجهیزات اختصاصی شما(معمولاً سازمان‌های جاسوسی و سازنده بدافزار) اندروید شما را دستکاری کرده و افزونه را غیرقابل استفاده کرده است!</string>
+
     <string name="shadowsocks_plugin_simple_obfs">Obfs ساده (افزونه اندروید Shadowsocks)</string>
-    <string name="shadowsocks_plugin_v2ray">V2Ray (افزونه Shadowsocks Android)</string>
-    <string name="tcp_connections">%d اتصالات TCP</string>
-    <string name="udp_connections">%d اتصالات UDP</string>
-    <string name="copy_label">کپی نام</string>
-    <string name="copy_package_name">کپی نام بسته</string>
-    <string name="open_app">اپلیکیشن را باز کن</string>
-    <string name="open_settings">تنظیمات را باز کنید</string>
-    <string name="open_market">بازکردن مارکت</string>
-    <string name="create_rule">ایجاد قانون</string>
+    <string name="shadowsocks_plugin_v2ray">V2Ray (افزونه Shadowsocks اندروید)</string>
+
+    <string name="traffic_uplink" translatable="false">%s | %s/s ↑</string>
+    <string name="traffic_downlink" translatable="false">%s | %s/s ↓</string>
+
+    <string name="traffic_uplink_total" translatable="false">%s ↑</string>
+    <string name="traffic_downlink_total" translatable="false">%s ↓</string>
+
+    <string name="tcp_connections">%d اتصال TCP</string>
+    <string name="udp_connections">%d اتصال UDP</string>
+
+    <string name="copy_label">کپی کردن نام</string>
+    <string name="copy_package_name">کپی کردن نام بسته</string>
+    <string name="open_app">باز کردن برنامه</string>
+    <string name="open_settings">باز کردن تنظیمات</string>
+    <string name="open_market">باز کردن بازار</string>
+    <string name="create_rule">افزودن دستورالعمل</string>
+
     <string name="copy_success">کپی موفق!</string>
-    <string name="copy_failed">کپی ناموفق بود.</string>
-    <string name="app_no_launcher">برنامه هیچ رابطی ندارد.</string>
-    <string name="route_for">قانون برای %s</string>
-    <string name="route_need_vpn">قانون مسیریابی %s برای کارایی VPN متکی است، بنابراین نادیده گرفته می شود.</string>
-    <string name="profile_traffic_statistics">آمار ترافیک پروفایل</string>
-    <string name="profile_traffic_statistics_summary">در صورت غیرفعال شدن، ترافیک استفاده شده محاسبه نخواهد شد</string>
-    <string name="no_statistics">هنوز آماری وجود ندارد</string>
+    <string name="copy_failed">کپی ناموفق.</string>
+    <string name="app_no_launcher">این برنامه، رابط کاربری ندارد.</string>
+    <string name="route_for">دستورالعمل برای %s</string>
+
+    <string name="route_need_vpn">دستورالعمل مسیریابی %s متکی به اجرای VPN است، بنابراین نادیده گرفته می‌شود.</string>
+
+    <string name="profile_traffic_statistics">آمار ترافیک پراکسی</string>
+    <string name="profile_traffic_statistics_summary">در صورت غیرفعال شدن، ترافیک استفاده شده پراکسی محاسبه نخواهد شد</string>
+    <string name="no_statistics">هنوز بدون آمار</string>
     <string name="app_statistics_disabled">آمار ترافیک برنامه غیرفعال شد</string>
-    <string name="ssh_auth_type_none">هیچ یک</string>
+    <string name="ssh_auth_type_none">هیچ کدام</string>
     <string name="ssh_public_key">کلید عمومی</string>
     <string name="ssh_private_key">کلید خصوصی</string>
-    <string name="ssh_private_key_passphrase">کلمه عبور کلید خصوصی</string>
-    <string name="translate_platform">پلتفرم ترجمه</string>
-    <string name="menu_tools">ابزار</string>
-    <string name="menu_log">لاگ ها</string>
-    <string name="clear_logcat">Logcat را پاک کنید</string>
-    <string name="wireguard_local_address">آدرس محلی</string>
+    <string name="ssh_private_key_passphrase">عبارات عبور کلید خصوصی</string>
+    <string name="translate_platform">سکوی ترجمه</string>
+    <string name="menu_tools">ابزارها</string>
+    <string name="menu_log">آمار و اطلاعات</string>
+    <string name="clear_logcat">پاک‌کردن اطلاعات Logcat</string>
+    <string name="wireguard_local_address">نشانی محلی</string>
     <string name="wireguard_public_key">کلید عمومی همتا</string>
-    <string name="wireguard_psk">کلید از پیش مشترک همتا</string>
-    <string name="warp_license">CloudFlare Warp یک ارائه دهنده رایگان WireGuard VPN است. با استفاده از آن، با TOS موافقت می کنید.</string>
+    <string name="wireguard_psk">کلید همتا از پیش مشترک</string>
+
+    <string name="cloudflare_wrap" translatable="false">Cloudflare Warp</string>
+    <string name="warp_license">CloudFlare Warp یک ارائه دهنده رایگان WireGuard VPN است. با استفاده از آن، با شرایط استفاده، موافقت می کنید.</string>
     <string name="warp_generate">ایجاد پیکربندی</string>
-    <string name="generating">در حال تولید…</string>
-    <string name="tun_implementation">پیاده سازی TUN</string>
-    <string name="destination_override">لغو مقصد</string>
-    <string name="destination_override_summary">از دامنه sniffed برای بازنویسی آدرس مقصد استفاده کنید، نه فقط برای مسیریابی</string>
-    <string name="resolve_destination">مقصد را حل کنید</string>
+    <string name="generating">در حال ایجاد...</string>
+    <string name="tun_implementation">پیاده‌سازی TUN</string>
+    <string name="destination_override">بازنویسی مقصد</string>
+    <string name="destination_override_summary">از دامنه ردیابی‌شده برای بازنویسی آدرس مقصد استفاده کنید، نه فقط برای مسیریابی.</string>
+    <string name="resolve_destination">بررسی مقصد</string>
     <string name="resolve_destination_summary">اگر آدرس مقصد یک دامنه باشد، بر اساس استراتژی IPv6 (تعارض با FakeDNS) از بین می‌رود.</string>
-    <string name="pcap_notice">فایل های Pcap در ذخیره می شوند%s</string>
+    <string name="pcap" translatable="false">Pcap</string>
+    <string name="pcap_notice">فایل‌های Pcap در %s ذخیره می‌شوند.</string>
     <string name="naive_insecure_concurrency">همزمانی ناامن</string>
-    <string name="naive_insecure_concurrency_summary">از N اتصال تونل همزمان برای قوی تر بودن در شرایط بد شبکه استفاده کنید. اتصالات بیشتر تشخیص تونل را آسان تر و ایمن تر می کند. این پروژه برای قوی ترین امنیت در برابر تجزیه و تحلیل ترافیک تلاش می کند. استفاده از آن به روشی ناامن، هدف آن را شکست می دهد. \n\n اگر باید از این استفاده کنید، ابتدا N=2 را امتحان کنید تا ببینید آیا مشکلات شما حل می شود یا خیر. اکیداً توصیه می شود از بیش از 4 اتصال در اینجا استفاده نکنید.</string>
+    <string name="naive_insecure_concurrency_summary">از N اتصال تونل همزمان برای قوی‌تر بودن در شرایط بد شبکه استفاده کنید. اتصالات بیشتر، اتصال به تونل را آسان‌تر و ایمن‌تر می کند. این پروژه برای افزایش امنیت در برابر شنود ترافیک تلاش می‌کند. استفاده ناامن، هدف پروژه نیست. \n\nاگر می‌خواهید از این استفاده کنید، ابتدا N=2 را امتحان کنید تا ببینید آیا مشکلات شما حل می‌شود یا خیر. اکیداً توصیه می‌شود از بیش از 4 اتصال در اینجا استفاده نکنید.</string>
+
     <string name="stun_test">کشف رفتار NAT</string>
-    <string name="stun_test_summary">رفتار نگاشت NAT کلاینت و رفتار فیلتر NAT تعریف شده در RFC 3478 را با استفاده از STUN تعیین کنید.</string>
-    <string name="start">شروع</string>
-    <string name="stun_attest_loading">این ممکن است چند دقیقه طول بکشد…</string>
-    <string name="nat_stun_server_hint">سرور بیهوش</string>
-    <string name="nat_result_hint">نتیجه بررسی NAT</string>
+    <string name="stun_test_summary">تعیین رفتار NAT و رفتار فیلتر NAT تعریف‌شده در RFC 3478 با استفاده از STUN.</string>
+    <string name="start">Start</string>
+    <string name="stun_attest_loading">ممکن است چند دقیقه‌ای طول بکشد...</string>
+    <string name="nat_stun_server_hint">سرور STUN</string>
+    <string name="nat_result_hint">بررسی نتیجه NAT</string>
     <string name="tools_network">شبکه</string>
-    <string name="backup">پشتیبان گیری</string>
-    <string name="backup_groups_and_configurations">گروه ها و تنظیمات</string>
-    <string name="backup_rules">قوانین مسیریابی</string>
+    <string name="mtu" translatable="false">MTU</string>
+
+    <string name="backup">پشتیبان‌گیری</string>
+    <string name="backup_groups_and_configurations">گروه‌ها و پیکربندی‌ها</string>
+    <string name="backup_rules">دستورالعمل‌های مسیریابی</string>
     <string name="backup_settings">تنظیمات</string>
-    <string name="backup_summary">اگر از تنظیمات مسیریابی با تنظیمات پشتیبان تهیه نشود، خروجی های سفارشی از بین خواهند رفت.</string>
-    <string name="backup_not_file">نه یک فایل پشتیبان: به جز .json، اما %s</string>
-    <string name="invalid_backup_file">فایل پشتیبان نامعتبر است</string>
-    <string name="backup_import">وارد كردن</string>
-    <string name="backup_import_summary">وارد کردن داده‌های موجود را بازنویسی می‌کند.</string>
-    <string name="backup_importing">وارد کردن…</string>
-    <string name="packet_encoding">رمزگذاری بسته ها</string>
-    <string name="acquire_wake_lock">WakeLock را بدست آورید</string>
-    <string name="release_wake_lock">WakeLock را آزاد کنید</string>
-    <string name="acquire_wake_lock_summary">CPU را روشن نگه دارید</string>
-    <string name="action_switch">تعویض</string>
-    <string name="tuic_token">توکن</string>
-    <string name="tuic_udp_relay_mode">حالت واقعی UDP</string>
-    <string name="tuic_congestion_controller">کنترل کننده ازدحام</string>
-    <string name="tuic_disable_sni">SNI را غیرفعال کنید</string>
-    <string name="tuic_reduce_rtt">UDP کاهش RTT</string>
-    <string name="tuic_fast_connect">اتصال سریع TCP</string>
-    <string name="tuic_fast_connect_summary">نیاز به پشتیبانی افزونه و سرور دارد</string>
-    <string name="please_update">ماتسوری شما خیلی قدیمی است (%s). و در %s کار نخواهد کرد. لطفا به روز رسانی کن!</string>
-    <string name="please_update_force">ماتسوری شما خیلی قدیمی است (%s). و در %s کار نمی کند. لطفا به روز رسانی کن!</string>
-    <string name="connection_test_delete_unavailable">پاک کردن در دسترس نیست</string>
-    <string name="neko_plugin">افزونه پیشرفته</string>
-    <string name="neko_plugin_internal_error">%s خطای داخلی</string>
+    <string name="backup_summary">اگر از دستورالعمل‌های مسیریابی با پیکربندی‌ها، پشتیبان‌گیری نشود، خروجی‌های سفارشی از بین خواهند رفت.</string>
+    <string name="backup_not_file">یک فایل پشتیبانی نیست.: انتظار می‌رود یک فایل .json باشد اما %s است.</string>
+    <string name="invalid_backup_file">فایل پشتیبانی نادرست</string>
+    <string name="backup_import">افزودن</string>
+    <string name="backup_import_summary">افزودن فایل پشتیبانی، اطلاعات و تنظیمات کنونی را حذف و بازنویسی می‌کند.</string>
+    <string name="backup_importing">افزودن...</string>
+
+    <string name="packet_encoding">رمزگذاری بسته</string>
+    <string name="acquire_wake_lock">به دست آوردن WakeLock</string>
+    <string name="release_wake_lock">رها کردن WakeLock</string>
+    <string name="acquire_wake_lock_summary">پردازنده را روشن نگه‌می‌دارد.</string>
+    <string name="action_switch">سوییچ</string>
+
+    <string name="tuic_udp_relay_mode">حالت بازپخش UDP</string>
+    <string name="tuic_congestion_controller">کنترل‌کننده ازدحام</string>
+    <string name="tuic_disable_sni">غیرفعال کردن SNI</string>
+    <string name="tuic_reduce_rtt">فعال کردن ارتباط 0-RTT QUIC</string>
+
+    <string name="please_update">نسخه (%s) برنامه شما بسیار قدیمی شده است و در %s متوقف می‌شود. لطفاً به نسخه جدیدتر به‌روزرسانی کنید</string>
+    <string name="please_update_force">برنامه شما خیلی قدیمی شده است (%s). و در %s کار نمی‌کند. باید نسخه جدید را دانلود کنید!</string>
+    <string name="connection_test_delete_unavailable">پاک‌کردن غیرقابل‌دسترس‌ها</string>
     <string name="move">حرکت</string>
-    <string name="exe_prefer_provider">ارائه دهنده برگزیده پلاگین</string>
-    <string name="create_shortcut">ایجاد میانبر</string>
-    <string name="app_tls_version">حداقل اشتراک نسخه TLS</string>
-    <string name="hop_interval">فاصله پرش بندر (ثانیه)</string>
-    <string name="dns_network">نوع پرس و جو DNS</string>
+    <string name="exe_prefer_provider">ارائه‌دهنده برگزیده افزونه‌ها</string>
+    <string name="create_shortcut">ساخت میانبر</string>
+    <string name="app_tls_version">نسخه TLS </string>
+    <string name="hop_interval">مدت زمان Port hopping (به ثانیه)</string>
+    <string name="domain_strategy_for_remote">راهبرد دامنه برای ارتباط از راه دور</string>
+    <string name="domain_strategy_for_direct">راهبرد دامنه برای ارتباط مستقیم</string>
+    <string name="domain_strategy_for_server">راهبرد دامنه برای نشانی‌های سرور</string>
     <string name="show_bottom_bar">نمایش نوار پایین مانند SagerNet</string>
     <string name="utls_fingerprint">اثر انگشت uTLS</string>
+    <string name="custom_outbound_json">خروجی سفارشی JSON</string>
+    <string name="custom_config_json">پراکسی سفارشی JSON</string>
+    <string name="is_outbound_only">مجموعه JSON برای خروجی است</string>
+    <string name="save">ذخیره</string>
+    <string name="set_panel_url">تعیین لینک صفحه</string>
+    <string name="enable_clash_api">فعال کردن Clash API</string>
+    <string name="log_level">سطح ثبت آمار</string>
+    <string name="enable_clash_api_summary">ارائه Clash api و صفحه yacd را در 127.0.0.1: 9090</string>
+    <string name="xtls_flow">Flow (VLESS دستورالعمل فرعی)</string>
+    <string name="ads">تبلیغات</string>
+    <string name="bypass_lan_in_core">دورزدن شبکه محلی در هسته برنامه</string>
+    <string name="need_restart">برای اجرای تغییرات، برنامه را دوباره راه‌اندازی کنید</string>
+    <string name="use_selector">استفاده از انتخاب‌گر</string>
+    <string name="front_proxy">پراکسی جلویی</string>
+    <string name="landing_proxy" >پراکسی در حال فرود</string>
+    <string name="action_shadowtls" translatable="false">ShadowTLS</string>
+    <string name="protocol_version">نسخه پروتکل</string>
+    <string name="share_subscription">اشتراک‌گذاری گروه اشتراکی</string>
+    <string name="show_group_in_notification">نمایش نام گروه در نوار اعلان</string>
+    <string name="reset_connections">بازنشانی اتصالات</string>
+    <string name="remove_duplicate">حذف سرورهای تکراری</string>
+    <string name="mtu_help">برای تنظیم MTU سفارشی، تنظیمات را مدتی فشار دهید.</string>
+    <string name="log_level_help">برای تنظیم اندازه بافر، تنظیمات را مدتی فشار دهید.</string>
+    <string name="tls_camouflage_settings">تنظیمات استتار TLS</string>
+    <string name="test_concurrency">آزمایش همزمان اتصال</string>
+    <string name="mux_type">پروتکل مالتی‌پلکسر</string>
+    <string name="sniff_routing">ردیابی نتایج برای مسیریابی</string>
+    <string name="sniff_override">ردیابی نتایج برای مقصد</string>
+    <string name="resolve_server">نشانی سرور را مطابق خط مشی IPv6 بررسی کنید</string>
+    <string name="auto_select_proxy_apps">انتخاب خودکار برنامه‌های پراکسی</string>
+    <string name="auto_select_proxy_apps_message">انتخاب خودکار برنامه‌های پراکسی، با این کار انتخاب‌های فعلی شما پاک می شود.</string>
+    <string name="enable_ech">فعال کردن ECH</string>
+    <string name="enable_ech_sum">فعال کردن ECH</string>
+    <string name="ech_settings">تنظیمات ECH</string>
+    <string name="ech_config">پیکربندی ECH</string>
+    <string name="http_upgrade_host">میزبان HTTPUpgrade</string>
+    <string name="http_upgrade_path">مسیر HTTPUpgrade</string>
+    <string name="update_current_subscription">به‌روزرسانی اشتراک این گروه</string>
+    <string name="group_not_subscription">نوع این گروه اشتراکی نیست</string>
+    <string name="allow_insecure_on_request_sum">غیرفعال کردن بررسی گواهی‌ها هنگام به‌روزرسانی اشتراک‌ها</string>
+    <string name="global_allow_insecure">به اتصال محافظت‌نشده همیشه اجازه داده شود.</string>
+    <string name="network_change_reset_connections">بازنشانی اتصال خروجی، هنگام تغییر شبکه</string>
+    <string name="wake_reset_connections">بازنشانی اتصال خروجی، هنگام روشن‌شدن صفحه موبایل</string>
 </resources>
diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml
index 9c1fd8711..c45db7492 100644
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@@ -1,409 +1,492 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
-    <string name="header_type">Тип заголовка</string>
-    <string name="network">Сеть</string>
-    <string name="security">Шифрование транспортного уровня</string>
-    <string name="protocol">Протокол</string>
-    <string name="enc_method">Метод шифрования</string>
-    <string name="password">Пароль</string>
-    <string name="key_opt">Ключ (необязательно)</string>
-    <string name="password_opt">Пароль (необязательно)</string>
-    <string name="username">Имя пользователя</string>
-    <string name="traffic">%1$s↑ %2$s↓</string>
-    <string name="transproxy_mode">Транспрокси-режим</string>
-    <string name="require_transproxy">Включить входящий прокси-сервер</string>
-    <string name="port_local_dns">Локальный порт DNS</string>
-    <string name="dns_hosts">Перезапись домена</string>
-    <string name="fakedns_message">Может вызвать необходимость перезапуска других приложений для повторного подключения к сети после остановки прокси</string>
-    <string name="enable_fakedns">Включить FakeDNS</string>
-    <string name="dns_routing_message">Разрешение доменов в обходных маршрутах с помощью Direct DNS. Помните о потенциальных утечках DNS</string>
-    <string name="enable_dns_routing">Включить маршрутизацию DNS</string>
-    <string name="direct_dns">Прямой DNS</string>
-    <string name="remote_dns">Удаленный DNS</string>
-    <string name="cag_dns">Настройки DNS</string>
-    <string name="connection_test_error_status_code">Код ошибки: #%d</string>
-    <string name="connection_test_fail">Интернет недоступен</string>
-    <string name="connection_test_error">Ошибка: %s</string>
-    <string name="connection_test_available_http">Успех: рукопожатие HTTP заняло %d мс</string>
-    <string name="connection_test_available">Успех: рукопожатие HTTPS заняло %d мс</string>
-    <string name="connection_test_testing">Тестирование…</string>
-    <string name="speed_detail">Прокси ：%1$s↑ %2$s↓
+<string name="abc_search_hint">Введите запрос</string>
+<string name="abc_searchview_description_clear">Удалить запрос</string>
+<string name="abc_searchview_description_search">Поиск</string>
+<string name="abc_searchview_description_submit">Отправить запрос</string>
+<string name="abc_searchview_description_voice">Голосовой поиск</string>
+<string name="abc_shareactionprovider_share_with">Поделиться с помощью</string>
+<string name="abc_toolbar_collapse_description">Свернуть</string>
+<string name="acquire_wake_lock">Использовать WakeLock</string>
+<string name="acquire_wake_lock_summary">Сохранять CPU включенным</string>
+<string name="action_download">СКАЧАТЬ</string>
+<string name="action_export">Экспортировать</string>
+<string name="action_export_clipboard">Экспорт в буфер обмена</string>
+<string name="action_export_err">Не удалось экспортировать.</string>
+<string name="action_export_file">Экспорт в файл</string>
+<string name="action_export_msg">Успешно экспортировано!</string>
+<string name="action_import">Импорт из буфера обмена</string>
+<string name="action_import_err">Не удалось импортировать.</string>
+<string name="action_import_file">Импортировать из файла</string>
+<string name="action_import_msg">Успешно импортировано!</string>
+<string name="action_learn_more">УЗНАТЬ БОЛЬШЕ</string>
+<string name="action_switch">Переключить</string>
+<string name="add_profile">Добавить профиль</string>
+<string name="add_profile_methods_manual_settings">Ручные настройки</string>
+<string name="add_profile_methods_scan_qr_code">Отсканировать QR-код</string>
+<string name="ads">Реклама</string>
+<string name="allow_access">Разрешить подключения из локальной сети</string>
+<string name="allow_access_sum">Привязать входящие серверы к 0.0.0.0</string>
+<string name="allow_insecure">Разрешить небезопасное подключение</string>
+<string name="allow_insecure_on_request_sum">Отключить проверку сертификатов при обновлении подписок</string>
+<string name="allow_insecure_sum">Отключить проверку сертификата. При включении эта функция настолько же безопасна как передача пароля в открытом виде</string>
+<string name="alpn">Согласование протокола уровня приложений</string>
+<string name="alter_id">Изменить ID</string>
+<string name="always_show_address">Всегда показывать адрес</string>
+<string name="always_show_address_sum">Всегда отображать адрес сервера на карте конфигурации</string>
+<string name="app_desc">Универсальный набор инструментов прокси для Android, написанный на Kotlin.</string>
+<string name="app_name">NekoBox</string>
+<string name="app_name_long">NekoBox для Android</string>
+<string name="app_tls_version">Минимальная версия TLS протокола</string>
+<string name="app_version">Версия</string>
+<string name="append_http_proxy">Добавить HTTP-прокси к VPN</string>
+<string name="append_http_proxy_sum">HTTP-прокси будет использоваться напрямую из (браузера / некоторых поддерживаемых приложений), без использования виртуального сетевого интерфейса (Android 10+)</string>
+<string name="apply">Применить</string>
+<string name="apps">Приложения</string>
+<string name="apps_message">%d приложений</string>
+<string name="auto">Авто</string>
+<string name="auto_connect">Автоматическое подключение</string>
+<string name="auto_connect_summary">Включить прокси при запуске/обновлении приложения, если он был запущен до этого</string>
+<string name="auto_select_proxy_apps">Автоматический выбор прокси-приложений</string>
+<string name="auto_select_proxy_apps_message">Автоматический выбор прокси-приложений приведет к очистке текущего выбора.</string>
+<string name="auto_update">Автоматическое обновление</string>
+<string name="auto_update_delay">Задержка автоматического обновления (в минутах)</string>
+<string name="backup">Бэкап</string>
+<string name="backup_groups_and_configurations">Группы и конфигурации</string>
+<string name="backup_import">Импортировать</string>
+<string name="backup_import_summary">При импорте существующие данные будут перезаписаны.</string>
+<string name="backup_importing">Импортирование…</string>
+<string name="backup_not_file">Не файл резервной копии: ожидался .json, а не %s</string>
+<string name="backup_rules">Правила маршрутизации</string>
+<string name="backup_settings">Настройки</string>
+<string name="backup_summary">Если правила маршрутизации резервируются без конфигураций, то пользовательские исходящие соединения будут потеряны.</string>
+<string name="bottomsheet_action_collapse">Свернуть нижний экран</string>
+<string name="bottomsheet_action_expand">Развернуть нижний экран</string>
+<string name="bottomsheet_action_expand_halfway">Развернуть наполовину</string>
+<string name="bottomsheet_drag_handle_clicked">Двойное нажатие на маркер перемещения</string>
+<string name="bottomsheet_drag_handle_content_description">Маркер перемещения</string>
+<string name="bypass_apps">Обход</string>
+<string name="bypass_lan_in_core">Обход LAN в ядре</string>
+<string name="cag_dns">Настройки DNS</string>
+<string name="cag_misc">Прочие настройки</string>
+<string name="cag_route">Настройки маршрута</string>
+<string name="cag_ws">Настройки WebSocket</string>
+<string name="certificates">Сертификаты</string>
+<string name="chain_settings">Настройки цепочки</string>
+<string name="character_counter_content_description">Введено символов: %1$d из %2$d</string>
+<string name="character_counter_overflowed_content_description">Превышено ограничение на количество символов (%1$d из %2$d)</string>
+<string name="check_update_no">Обновления не найдены.</string>
+<string name="check_update_preview">Проверить наличие обновлений предварительной версии</string>
+<string name="check_update_release">Проверить наличие обновлений релизнойной версии</string>
+<string name="circular_reference">Циклическая ссылка</string>
+<string name="circular_reference_sum">Маршрут не может содержать сам себя.</string>
+<string name="clear_logcat">Очистить журнал</string>
+<string name="clear_profiles">Очистить</string>
+<string name="clear_profiles_message">Вы уверены, что хотите очистить эту группу?</string>
+<string name="clear_selections">Очистить выбранное</string>
+<string name="clear_text_end_icon_content_description">Очистить текстовое поле</string>
+<string name="clear_traffic_statistics">Очистить статистику трафика</string>
+<string name="cleartext_http_warning">Передача HTTP-трафика в виде открытого текста небезопасна</string>
+<string name="clipboard_empty">Буфер обмена пуст</string>
+<string name="config_settings">Настройки конфигурации</string>
+<string name="config_type">Тип конфигурации</string>
+<string name="confirm">Подтвердить</string>
+<string name="connect">Подключиться</string>
+<string name="connecting">Подключение…</string>
+<string name="connection_test_available">HTTPS-соединение установлено за %d мс</string>
+<string name="connection_test_available_http">HTTP-соединение установлено за %d мс</string>
+<string name="connection_test_clear_results">Очистить результаты теста</string>
+<string name="connection_test_delete_unavailable">Удалить недоступные</string>
+<string name="connection_test_domain_not_found">Домен не найден</string>
+<string name="connection_test_error">Ошибка: %s</string>
+<string name="connection_test_icmp_ping_unavailable">ICMPing недоступен</string>
+<string name="connection_test_refused">В соединении отказано</string>
+<string name="connection_test_tcp_ping">TCP Пинг</string>
+<string name="connection_test_tcp_ping_unavailable">TCPing недоступен</string>
+<string name="connection_test_testing">Тестирование…</string>
+<string name="connection_test_timeout">Тайм-аут</string>
+<string name="connection_test_unreachable">Недоступен</string>
+<string name="connection_test_url">URL-адрес проверки подключения</string>
+<string name="connection_test_url_test">URL Тест</string>
+<string name="copy">Копировать</string>
+<string name="copy_toast_msg">Ссылка скопирована в буфер обмена.</string>
+<string name="create_shortcut">Создать ярлык</string>
+<string name="custom_config">Пользовательская конфигурация</string>
+<string name="custom_config_json">Пользовательская конфигурация JSON</string>
+<string name="custom_outbound_json">Пользовательский исходящий JSON</string>
+<string name="deduplication">Дедупликация</string>
+<string name="deduplication_sum">Удалить повторяющиеся конфигурации при обновлении</string>
+<string name="delete">Удалить</string>
+<string name="delete_confirm_prompt">Вы уверены, что хотите удалить этот профиль?</string>
+<string name="delete_group_prompt">Вы уверены, что хотите удалить эту группу?</string>
+<string name="delete_route_prompt">Вы уверены, что хотите удалить этот маршрут?</string>
+<string name="direct_boot_aware">Разрешить переключение на экране блокировки</string>
+<string name="direct_boot_aware_summary">Выбранная вами информация профиля будет менее защищена</string>
+<string name="direct_dns">Прямой DNS</string>
+<string name="disable">Отключить</string>
+<string name="dns_hosts">Перезапись домена</string>
+<string name="dns_routing_message">Разрешить домены в обходных маршрутах с помощью Direct DNS. Помните о потенциальных утечках DNS</string>
+<string name="document">Документы</string>
+<string name="domain_strategy">Правило разрешения доменов</string>
+<string name="domain_strategy_for_direct">Правило домена для Прямого</string>
+<string name="domain_strategy_for_remote">Правило домена для Удаленного</string>
+<string name="domain_strategy_for_server">Правило домена для Адреса сервера</string>
+<string name="donate">Пожертвовать</string>
+<string name="donate_info">Я люблю деньги</string>
+<string name="download">Скачать</string>
+<string name="early_data_header_name">Имя заголовка ранних данных</string>
+<string name="ech_config">Конфигурация ECH</string>
+<string name="edit">Редактировать</string>
+<string name="edit_config">Изменить конфигурацию</string>
+<string name="empty_route">Пустой маршрут</string>
+<string name="empty_route_notice">Установите какие-либо правила перед сохранением</string>
+<string name="enable">Включить</string>
+<string name="enable_clash_api">Включить Clash API</string>
+<string name="enable_clash_api_summary">Предоставлять панель управления Clash API и YACD по адресу 127.0.0.1:9090</string>
+<string name="enable_dns_routing">Включить маршрутизацию DNS</string>
+<string name="enable_ech">Включить ECH</string>
+<string name="enable_ech_sum">Включить зашифрованный клиент Hello</string>
+<string name="enable_fakedns">Включить FakeDNS</string>
+<string name="enable_log">Включить журнал</string>
+<string name="enable_log_sum">В целях отладки</string>
+<string name="enable_mux">Включить мультиплексор</string>
+<string name="enc_method">Метод шифрования</string>
+<string name="encryption">Шифрование</string>
+<string name="error_a11y_label">Ошибка: недопустимое значение</string>
+<string name="error_icon_content_description">Ошибка</string>
+<string name="error_title">Ошибка</string>
+<string name="expand_button_title">Дополнительно</string>
+<string name="exposed_dropdown_menu_content_description">Показать раскрывающееся меню</string>
+<string name="extra_headers">Дополнительные заголовки</string>
+<string name="fakedns_message">Может вызвать необходимость перезапуска других приложений для повторного подключения к сети после остановки прокси</string>
+<string name="file_manager_missing">На вашем устройстве отсутствует стандартный селектор файлов Android, установите его, например Material Files.</string>
+<string name="follow_system">Использовать системную тему</string>
+<string name="force_resolve">Принудительно разрешать доменные имена</string>
+<string name="force_resolve_sum">При обновлении преобразовать все доменные имена в IP-адреса. Хост и SNI будут добавлены автоматически, если это возможно</string>
+<string name="forward_success">Прокси запустился.</string>
+<string name="front_proxy">Прямой прокси</string>
+<string name="general_settings">Настройки приложения</string>
+<string name="generating">Создание…</string>
+<string name="github">Исходный код</string>
+<string name="global_allow_insecure">Всегда разрешать небезопасные</string>
+<string name="group_added">Добавлено:
+%s</string>
+<string name="group_basic">Базовый</string>
+<string name="group_changed">Обновлено: 
+%s</string>
+<string name="group_create">Создать группу</string>
+<string name="group_create_subscription">Создать подписку</string>
+<string name="group_default">Разгруппировано</string>
+<string name="group_delete_confirm_prompt">Вы уверены, что хотите удалить эту группу?</string>
+<string name="group_deleted">Удалено: 
+%s</string>
+<string name="group_diff">различия (%s)</string>
+<string name="group_duplicate">Дубликат: 
+%s</string>
+<string name="group_edit">Редактировать группу</string>
+<string name="group_edit_subscription">Редактировать подписку</string>
+<string name="group_filter">Фильтр</string>
+<string name="group_name">Имя группы</string>
+<string name="group_name_required">Требуется название группы</string>
+<string name="group_no_difference">%s: Не отличаются</string>
+<string name="group_not_subscription">Тип группы не является подпиской</string>
+<string name="group_order">Сортировка</string>
+<string name="group_order_by_delay">По задержке</string>
+<string name="group_order_by_name">По имени</string>
+<string name="group_order_origin">По источнику</string>
+<string name="group_settings">Настройки группы</string>
+<string name="group_show_diff">Сравнить группы</string>
+<string name="group_status_empty">Пустая группа</string>
+<string name="group_status_empty_subscription">Еще не обновлено</string>
+<string name="group_status_proxies">%d прокси</string>
+<string name="group_status_proxies_subscription">%d прокси | Обновлено %s</string>
+<string name="group_subscription_link">Ссылка для подписки</string>
+<string name="group_type">Тип группы</string>
+<string name="group_update">Обновить</string>
+<string name="group_updated">%s: обновлено %d прокси</string>
+<string name="grpc_service_name">Имя службы gRPC</string>
+<string name="header_type">Тип заголовка</string>
+<string name="hop_interval">Интервал переключения портов(второй)</string>
+<string name="http_host">HTTP-хост</string>
+<string name="http_path">HTTP-путь</string>
+<string name="http_upgrade_host">HTTP-хост обновления</string>
+<string name="http_upgrade_path">HTTP-путь обновления</string>
+<string name="hysteria_auth_payload">Полезные данные аутентификации</string>
+<string name="hysteria_auth_type">Тип аутентификации</string>
+<string name="hysteria_connection_receive_window">Окно получения соединения QUIC</string>
+<string name="hysteria_disable_mtu_discovery">Отключить обнаружение MTU пути</string>
+<string name="hysteria_download_mbps">Максимальная скорость загрузки (в Мбит / с)</string>
+<string name="hysteria_obfs">Обфускация пароля</string>
+<string name="hysteria_stream_receive_window">Окно приема потока QUIC</string>
+<string name="hysteria_upload_mbps">Максимальная скорость загрузки (в Мбит / с)</string>
+<string name="icon_content_description">Значок диалогового окна</string>
+<string name="ignore_battery_optimizations">Игнорировать оптимизации батареи</string>
+<string name="ignore_battery_optimizations_sum">Снять некоторые ограничения</string>
+<string name="inbound_settings">Входящие настройки</string>
+<string name="insecure">Ненадежный</string>
+<string name="install_from_fdroid">Установить с F-Droid</string>
+<string name="install_from_play_store">Установить из Play Store</string>
+<string name="invalid_backup_file">Недействительный файл резервной копии</string>
+<string name="invalid_server">Неверное имя сервера</string>
+<string name="invert_selections">Инвертировать выбранное</string>
+<string name="ipv6">Маршрут IPv6</string>
+<string name="is_outbound_only">Сделать JSON исходящим</string>
+<string name="item_view_role_description">Вкладка</string>
+<string name="key_opt">Ключ (необязательно)</string>
+<string name="landing_proxy">Обратный прокси</string>
+<string name="license">Лицензия</string>
+<string name="lines">%d строк</string>
+<string name="log_level">Тип журнала</string>
+<string name="log_level_help">Удерживайте для настройки размера буфера.</string>
+<string name="logcat">Экспорт отладочной информации</string>
+<string name="mal_close">Закрыть</string>
+<string name="material_clock_toggle_content_description">Выберите AM (до полудня) или PM (после полудня)</string>
+<string name="material_timepicker_am">AM</string>
+<string name="material_timepicker_pm">PM</string>
+<string name="menu_about">О приложении</string>
+<string name="menu_configuration">Конфигурация</string>
+<string name="menu_dashboard">Панель sing-box</string>
+<string name="menu_group">Группы</string>
+<string name="menu_log">Журналы</string>
+<string name="menu_route">Маршруты</string>
+<string name="menu_tools">Инструменты</string>
+<string name="menu_traffic">Трафик</string>
+<string name="metered">Подсказка о соединении с лимитным тарифным планом</string>
+<string name="metered_summary">Подсказывать системе, что VPN следует рассматривать как сеть с лимитным тарифным планом</string>
+<string name="minimize">Свернуть</string>
+<string name="missing_plugin">Отсутствующий плагин</string>
+<string name="move">Переместить</string>
+<string name="mtrl_badge_numberless_content_description">Новое уведомление</string>
+<string name="mtrl_checkbox_state_description_checked">Флажок установлен.</string>
+<string name="mtrl_checkbox_state_description_indeterminate">Флажки установлены частично.</string>
+<string name="mtrl_checkbox_state_description_unchecked">Флажок не установлен.</string>
+<string name="mtrl_chip_close_icon_content_description">Удалить "%1$s"</string>
+<string name="mtrl_exceed_max_badge_number_content_description">Новых уведомлений больше %1$d</string>
+<string name="mtrl_picker_a11y_next_month">Перейти к следующему месяцу</string>
+<string name="mtrl_picker_a11y_prev_month">Перейти к предыдущему месяцу</string>
+<string name="mtrl_picker_cancel">Отмена</string>
+<string name="mtrl_picker_confirm">ОК</string>
+<string name="mtrl_picker_day_of_week_column_header">Столбец со днями недели: %1$s</string>
+<string name="mtrl_picker_navigate_to_current_year_description">Перейти к текущему году: %1$d</string>
+<string name="mtrl_picker_navigate_to_year_description">Перейти к %1$s году</string>
+<string name="mtrl_picker_save">Сохранить</string>
+<string name="mtrl_picker_toggle_to_calendar_input_mode">Перейти в режим выбора дней</string>
+<string name="mtrl_picker_toggle_to_day_selection">Нажмите, чтобы перейти к выбору дня</string>
+<string name="mtrl_picker_toggle_to_text_input_mode">Перейти в режим ввода текста</string>
+<string name="mtrl_picker_toggle_to_year_selection">Нажмите, чтобы перейти к выбору года</string>
+<string name="mtu_help">Удерживайте для настройки своего MTU.</string>
+<string name="mux_concurrency">Число одновременных подключений Mux</string>
+<string name="mux_preference">Мультиплекс</string>
+<string name="mux_sum">Протокол мультиплексирования предназначен для уменьшения задержки соединения TCP, а не для увеличения пропускной способности. Использование мультиплексирования для просмотра видео, загрузки или проверки скорости обычно неэффективно. Если сервер не поддерживает мультиплексирование, вы не сможете получить доступ к Интернету.</string>
+<string name="mux_type">Протокол мультиплексирования</string>
+<string name="naive_insecure_concurrency">Небезопасный параллелизм</string>
+<string name="naive_insecure_concurrency_summary">Использовать N параллельных соединений для повышения отказоустойчивости в условиях ненадёжной сети. Большее число соединений увеличивает риск обнаружения туннелей и снижает безопасность. Этот проект стремится к максимальной защите от анализа трафика, следовательно, использование его небезопасным образом противоречит данной цели. 
+ 
+Если придётся использовать данную функцию, попробуйте N=2, чтобы проверить, решит ли это проблему. Настоятельно не рекомендуется использовать более 4 соединений.</string>
+<string name="nat_result_hint">Провести проверку NAT</string>
+<string name="nat_stun_server_hint">STUN сервер</string>
+<string name="need_reload">Перезагрузите прокси-сервис, чтобы применить изменения</string>
+<string name="need_restart">Перезапустите приложение для применения изменений</string>
+<string name="network">Сеть</string>
+<string name="network_change_reset_connections">Сбросить исходящие соединения при изменении сети</string>
+<string name="night_mode">Ночной режим</string>
+<string name="no">Нет</string>
+<string name="no_proxies_found">В ссылке не найдено прокси-серверов</string>
+<string name="no_proxies_found_in_clipboard">В буфере обмена не найдено ни одного прокси</string>
+<string name="no_proxies_found_in_file">В файле не найдено прокси-серверов</string>
+<string name="no_proxies_found_in_subscription">В подписке не найдено прокси-серверов</string>
+<string name="no_statistics">Статистики пока нет</string>
+<string name="not_connected">Не подключен</string>
+<string name="not_set">Не указано</string>
+<string name="obfs">Obfs</string>
+<string name="obfs_param">Параметры Obfs</string>
+<string name="off">Выключенный</string>
+<string name="on">Включено</string>
+<string name="only">Исключительно</string>
+<string name="ooc_warning">Предупреждение</string>
+<string name="oss_licenses">Лицензии с открытым исходным кодом</string>
+<string name="packet_encoding">Кодирование пакетов</string>
+<string name="padding">Отступ</string>
+<string name="password">Пароль</string>
+<string name="password_opt">Пароль (необязательно)</string>
+<string name="password_toggle_content_description">Показать пароль</string>
+<string name="plugin">Плагин</string>
+<string name="plugin_auto_connect_unlock_only">Этот плагин может не работать с автоподключением</string>
+<string name="plugin_configure">Настроить…</string>
+<string name="plugin_disabled">Отключено</string>
+<string name="plugin_exists_but_on_shit_system">Профиль %s требует плагин %s, но поставщик вашего проприетарного оборудования (обычно это большие компании, занимающиеся слежкой и производители вредоносного ПО) изменил ваш Android, сделав плагин непригодным для использования.</string>
+<string name="plugin_unknown">Неизвестный плагин %s</string>
+<string name="plugin_untrusted">Предупреждение: похоже, что этот плагин не из известного надежного источника.</string>
+<string name="port_http">Порт прокси HTTP</string>
+<string name="port_local_dns">Локальный порт DNS</string>
+<string name="port_proxy">Порт прокси SOCKS5</string>
+<string name="port_transproxy">Транспрокси-порт</string>
+<string name="prefer">Предпочитать</string>
+<string name="preference_copied">Текст "%1$s" скопирован в буфер обмена</string>
+<string name="preview_version_hint">Это приложение является предварительной версией и может содержать множество проблем. Если вы не хотите тестировать его, скачайте релизную версию с GitHub!</string>
+<string name="profile_config">Конфигурация профиля</string>
+<string name="profile_empty">Пожалуйста, выберите профиль</string>
+<string name="profile_import">Импортировать профиль</string>
+<string name="profile_import_message">Подтвердите, что хотите импортировать профиль %s?</string>
+<string name="profile_name">Имя профиля</string>
+<string name="profile_requiring_plugin">Профиль %s требует установки подключаемого модуля %s, но он не найден.</string>
+<string name="profile_traffic_statistics">Статистика трафика профиля</string>
+<string name="profile_traffic_statistics_summary">Когда отключено, использованный трафик не будет отображаться</string>
+<string name="project">Проект</string>
+<string name="protocol">Протокол</string>
+<string name="protocol_param">Параметры протокола</string>
+<string name="protocol_settings">Настройки протокола</string>
+<string name="protocol_version">Версия протокола</string>
+<string name="proxied_apps">Режим VPN для приложений</string>
+<string name="proxied_apps_summary">Настроить режим VPN для выбранных приложений</string>
+<string name="proxy_cat">Настройки сервера</string>
+<string name="proxy_chain">Прокси-цепочка</string>
+<string name="quick_toggle">Переключить</string>
+<string name="reboot_required">Не удалось запустить службу VPN. Возможно, вам потребуется перезагрузить устройство.</string>
+<string name="release_wake_lock">Отключить WakeLock</string>
+<string name="remote_dns">Удаленный DNS</string>
+<string name="remove_duplicate">Удалить дубликаты серверов</string>
+<string name="reset_connections">Сбросить соединения</string>
+<string name="reset_settings">Восстановить настройки по умолчанию</string>
+<string name="reset_settings_message">Восстановить настройки по умолчанию, такие данные, как узлы и группы, будут сохранены. Для полной очистки данных, очистите данные приложения непосредственно в системных настройках.</string>
+<string name="resolve_destination">Определить адрес назначения</string>
+<string name="resolve_destination_summary">Если адрес назначения является доменом, то он передается в соответствии с правилом IPv6.</string>
+<string name="route_add">Создать маршрут</string>
+<string name="route_asset_no_update">Обновлений нет</string>
+<string name="route_asset_status">Локальная версия: %s</string>
+<string name="route_asset_updated">Обновлено</string>
+<string name="route_assets">Ресурсы</string>
+<string name="route_block">Блокировать</string>
+<string name="route_bypass">Обход</string>
+<string name="route_bypass_domain">Правило домена для %s</string>
+<string name="route_bypass_ip">Правило IP для %s</string>
+<string name="route_for">Правило для %s</string>
+<string name="route_manage_assets">Управление ресурсами маршрутов</string>
+<string name="route_name">Название маршрута</string>
+<string name="route_need_vpn">Правило маршрутизации `%s` зависит от VPN, поэтому игнорируется.</string>
+<string name="route_not_asset">Не файл ресурса: ожидался .db, а не %s</string>
+<string name="route_opt_block_ads">Блокировать рекламу</string>
+<string name="route_opt_block_analysis">Блокировать аналитику</string>
+<string name="route_opt_block_quic">Блокировать QUIC</string>
+<string name="route_opt_bypass_lan">Обход LAN</string>
+<string name="route_play_store">Правило Play Store для %s</string>
+<string name="route_profile">Выбрать профиль…</string>
+<string name="route_proxy">Прокси</string>
+<string name="route_reset">Сброс</string>
+<string name="route_rules_official">Официальный</string>
+<string name="route_rules_provider">Поставщик ресурсов правил</string>
+<string name="route_warn">Перед добавлением собственных правил убедитесь, что вы прочитали документацию, иначе подключение к Интернету может не удасться.</string>
+<string name="scanning">Сканирование…</string>
+<string name="search_apps">Поиск…</string>
+<string name="search_menu_title">Поиск</string>
+<string name="searchview_clear_text_content_description">Очистить текстовое поле</string>
+<string name="searchview_navigation_content_description">Назад</string>
+<string name="security">Шифрование транспортного уровня</string>
+<string name="security_settings">Настройки безопасности</string>
+<string name="select_apps">Выберите приложения</string>
+<string name="select_profile">Выбрать профиль</string>
+<string name="server_address">Сервер</string>
+<string name="server_port">Удаленный порт</string>
+<string name="service_failed">Не удалось:</string>
+<string name="service_mode">Сервисный режим</string>
+<string name="service_mode_proxy">Только прокси</string>
+<string name="service_proxy">Прокси-сервис</string>
+<string name="service_subscription">Служба обновления подписки</string>
+<string name="service_vpn">VPN-сервис</string>
+<string name="set_panel_url">Установить URL панель</string>
+<string name="settings">Настройки</string>
+<string name="shadowsocks_plugin_simple_obfs">Simple Obfs (плагин Shadowsocks для Android)</string>
+<string name="shadowsocks_plugin_v2ray">V2Ray (плагин Shadowsocks для Android)</string>
+<string name="share">Поделиться</string>
+<string name="share_qr_nfc">QR-код</string>
+<string name="share_subscription">Поделиться подпиской</string>
+<string name="show_bottom_bar">Показать нижнюю панель, как в SagerNet</string>
+<string name="show_direct_speed">Показать прямую скорость</string>
+<string name="show_direct_speed_sum">Также в уведомлении показывать скорость трафика без прокси</string>
+<string name="show_group_in_notification">Показывать название группы в уведомлении</string>
+<string name="show_system_apps">Показать системные приложения</string>
+<string name="side_sheet_accessibility_pane_title">Боковая панель</string>
+<string name="sni">SNI (индикация имени сервера)</string>
+<string name="sniff_override">Результат проверки для адрес назначения</string>
+<string name="sniff_routing">Перехватывать результат для Маршрутизации</string>
+<string name="speed">%s/с</string>
+<string name="speed_detail">Прокси ：%1$s↑ %2$s↓ 
 \nПрямой ：%3$s↑%4$s↓</string>
-    <string name="allow_insecure_sum">Отключить проверку сертификата. При включении эта функция настолько же безопасна как передача пароля в открытом виде</string>
-    <string name="allow_insecure">Разрешить небезопасное подключение</string>
-    <string name="security_settings">Настройки безопасности</string>
-    <string name="show_direct_speed_sum">Также в уведомлении показывать скорость трафика без прокси</string>
-    <string name="show_direct_speed">Показать прямую скорость</string>
-    <string name="show_stop_sum">Если вы не хотите использовать Quick Tile в качестве переключателя</string>
-    <string name="show_stop">Показать кнопку остановки</string>
-    <string name="cag_misc">Прочие настройки</string>
-    <string name="speed_interval">Интервал обновления уведомлений о скорости</string>
-    <string name="ws_browser_forwarding_sum">Перенаправьте соответствующие веб-сокеты через браузер.</string>
-    <string name="ws_browser_forwarding">Пересылка через браузер</string>
-    <string name="cag_ws">Настройки WebSocket</string>
-    <string name="require_http">Включить входящий HTTP-трафик</string>
-    <string name="general_settings">Настройки приложения</string>
-    <string name="inbound_settings">Входящие настройки</string>
-    <string name="allow_access_sum">Сервер будет слушать на адресе 0.0.0.0</string>
-    <string name="allow_access">Разрешить подключения из локальной сети</string>
-    <string name="cag_route">Настройки маршрута</string>
-    <string name="port_http">Порт прокси HTTP</string>
-    <string name="service_mode_proxy">Только прокси</string>
-    <string name="service_mode">Сервисный режим</string>
-    <string name="group_duplicate">Дубликат:
-\n%s</string>
-    <string name="group_deleted">Удалено:
-\n%s</string>
-    <string name="group_changed">Обновлено:
-\n%s</string>
-    <string name="group_added">Создано:
-\n%s</string>
-    <string name="group_delete_confirm_prompt">Вы уверены, что хотите удалить эту группу\?</string>
-    <string name="group_diff">различия (%s)</string>
-    <string name="group_show_diff">Сравнить группы</string>
-    <string name="group_updated">%s: Обновлено %d прокси</string>
-    <string name="group_no_difference">%s: Не отличаются</string>
-    <string name="group_status_proxies_subscription">%d Прокси | Обновлено %s</string>
-    <string name="group_status_proxies">%d прокси</string>
-    <string name="group_status_empty_subscription">Еще не обновлено</string>
-    <string name="group_status_empty">Пустая группа</string>
-    <string name="group_edit_subscription">Редактировать подписку</string>
-    <string name="group_edit">Редактировать группу</string>
-    <string name="group_create_subscription">Создать подписку</string>
-    <string name="group_create">Создать группу</string>
-    <string name="group_name_required">Требуется название группы</string>
-    <string name="group_subscription_link">Ссылка для подписки</string>
-    <string name="group_update">Обновить</string>
-    <string name="group_name">Имя группы</string>
-    <string name="tile_title">Переключатель</string>
-    <string name="quick_toggle">Переключить</string>
-    <string name="group_default">Разгруппировано</string>
-    <string name="document">Документ</string>
-    <string name="theme">Тема</string>
-    <string name="menu_about">О приложении</string>
-    <string name="menu_group">Группы</string>
-    <string name="menu_configuration">Конфигурация</string>
-    <string name="logcat">Экспорт отладочной информации</string>
-    <string name="version_x">Версия (%s)</string>
-    <string name="server_port">Удаленный порт</string>
-    <string name="server_address">Сервер</string>
-    <string name="profile_name">Имя профиля</string>
-    <string name="connection_test_url">URL-адрес проверки подключения</string>
-    <string name="port_transproxy">Транспрокси-порт</string>
-    <string name="port_proxy">Порт прокси SOCKS5</string>
-    <string name="app_version">Версия</string>
-    <string name="oss_licenses">Лицензии с открытым исходным кодом</string>
-    <string name="telegram">Канал обновлений в Telegram</string>
-    <string name="github">Исходный код</string>
-    <string name="project">Проект</string>
-    <string name="app_desc">Универсальный набор инструментов прокси для Android, написанный на Kotlin.</string>
-    <plurals name="added">
-        <item quantity="one">Добавлен</item>
-        <item quantity="few">Добавлено %d прокси</item>
-        <item quantity="many">Добавлено %d прокси</item>
-        <item quantity="other">Добавлено %d прокси</item>
-    </plurals>
-    <plurals name="removed">
-        <item quantity="one">Удалено</item>
-        <item quantity="few">%d элемента удалены</item>
-        <item quantity="many">%d элементов удалено</item>
-        <item quantity="other">%d элементов удалено</item>
-    </plurals>
-    <string name="apps_message">%d приложений</string>
-    <string name="select_apps">Выберите приложения</string>
-    <string name="apps">Приложения</string>
-    <string name="clear_profiles_message">Вы уверены, что хотите очистить эту группу\?</string>
-    <string name="profile_import_message">Подтвердите, что хотите импортировать профиль %s\?</string>
-    <string name="profile_import">Импортировать профиль</string>
-    <string name="subscription_import_message">Подтвердите, что хотите импортировать подписку %s\? Если вы импортируете из ненадежного источника, это может привести к утечке вашего IP-адреса и такого поведения.</string>
-    <string name="subscription_import">Импортировать подписку</string>
-    <string name="subscription_traffic">%s Использовано / %s Осталось</string>
-    <string name="subscription_used">%s Использовано</string>
-    <string name="group_filter">Фильтр</string>
-    <string name="subscription_update_message">Обновление %s …</string>
-    <string name="subscription_update">Обновление подписки</string>
-    <string name="service_subscription">Служба обновления подписки</string>
-    <string name="ooc_missing_protocol">Подписка требует поддержки протокола %s, но ее нельзя найти. Неподдерживаемые профили игнорируются.</string>
-    <string name="ooc_warning">Предупреждение</string>
-    <string name="update_subscription_warning">Прокси-сервер не подключен, вы уверены, что хотите продолжить обновление\?</string>
-    <string name="ooc_subscription_token_invalid">Недействительный токен OOCv1</string>
-    <string name="download">Скачать</string>
-    <string name="install_from_fdroid">Установить с F-Droid</string>
-    <string name="install_from_play_store">Установить из Play Store</string>
-    <string name="action_download">СКАЧАТЬ</string>
-    <string name="action_learn_more">УЗНАТЬ БОЛЬШЕ</string>
-    <string name="profile_requiring_plugin">Профиль %s требует установки подключаемого модуля %s, но он не найден.</string>
-    <string name="missing_plugin">Отсутствующий плагин</string>
-    <string name="confirm">Подтвердить</string>
-    <string name="subscription_user_agent">UserAgent</string>
-    <string name="update_when_connected_only_sum">Предотвратить утечку IP-адреса</string>
-    <string name="update_when_connected_only">Обновлять только при подключении</string>
-    <string name="auto_update_delay">Задержка автоматического обновления (в минутах)</string>
-    <string name="auto_update">Автоматическое обновление</string>
-    <string name="update_settings">Обновить настройки</string>
-    <string name="force_resolve_sum">При обновлении преобразовать все доменные имена в IP-адреса. Хост и SNI будут добавлены автоматически, если это возможно</string>
-    <string name="raw">Обычный</string>
-    <string name="deduplication_sum">Удалить повторяющиеся конфигурации при обновлении</string>
-    <string name="force_resolve">Принудительно разрешать доменные имена</string>
-    <string name="delete_group_prompt">Вы уверены, что хотите удалить эту группу\?</string>
-    <string name="subscription_type">Тип подписки</string>
-    <string name="group_type">Тип группы</string>
-    <string name="subscription_settings">Настройки подписки</string>
-    <string name="subscription">Подписка</string>
-    <string name="group_settings">Настройки группы</string>
-    <string name="group_basic">Базовый</string>
-    <string name="trojan_provider">Провайдер Trojan</string>
-    <string name="protocol_settings">Настройки протокола</string>
-    <string name="append_http_proxy_sum">HTTP-прокси будет использоваться напрямую из (браузера / некоторых поддерживаемых приложений), без использования виртуального сетевого интерфейса (Android 10+)</string>
-    <string name="append_http_proxy">Добавить HTTP-прокси к VPN</string>
-    <string name="connection_test_timeout">Тайм-аут</string>
-    <string name="connection_test_unreachable">Недоступен</string>
-    <string name="connection_test_refused">В соединении отказано</string>
-    <string name="connection_test_domain_not_found">Домен не найден</string>
-    <string name="connection_test_icmp_ping_unavailable">ICMPing недоступен</string>
-    <string name="connection_test_tcp_ping_unavailable">TCPing недоступен</string>
-    <string name="connection_test_clear_results">Очистить результаты теста</string>
-    <string name="connection_test">Тест подключения</string>
-    <string name="clear_traffic_statistics">Очистить статистику трафика</string>
-    <string name="always_show_address_sum">Всегда отображать адрес сервера на карте конфигурации</string>
-    <string name="always_show_address">Всегда показывать адрес</string>
-    <string name="unavailable">Недоступен</string>
-    <string name="standard">Стандарт</string>
-    <string name="probe_interval">Интервал наблюдения балансировщика</string>
-    <string name="api_port">Порт API</string>
-    <string name="random">Случайный</string>
-    <string name="list">Список</string>
-    <string name="enable_log_sum">В целях отладки</string>
-    <string name="enable_log">Включить журнал</string>
-    <string name="auto">Авто</string>
-    <string name="disable">Отключить</string>
-    <string name="enable">Включить</string>
-    <string name="follow_system">Использовать системную тему</string>
-    <string name="night_mode">Ночной режим</string>
-    <string name="lines">%d строк</string>
-    <string name="route_warn">Перед добавлением собственных правил убедитесь, что вы прочитали документацию, иначе подключение к Интернету может не удасться.</string>
-    <string name="license">Лицензия</string>
-    <string name="need_reload">Перезагрузите прокси-сервис, чтобы применить изменения</string>
-    <string name="apply">Применить</string>
-    <string name="no">Нет</string>
-    <string name="yes">Да</string>
-    <string name="unsaved_changes_prompt">Есть несохраненные изменения. Сохранить\?</string>
-    <string name="ss_cat">Настройки Shadowsocks</string>
-    <string name="proxy_cat">Настройки сервера</string>
-    <string name="plugin_auto_connect_unlock_only">Этот плагин может не работать с автоподключением</string>
-    <string name="plugin_untrusted">Предупреждение: похоже, что этот плагин не из известного надежного источника.</string>
-    <string name="plugin_unknown">Неизвестный плагин %s</string>
-    <string name="plugin_disabled">Отключено</string>
-    <string name="plugin_configure">Настроить…</string>
-    <string name="plugin">Плагин</string>
-    <string name="ignore_battery_optimizations_sum">Снять некоторые ограничения</string>
-    <string name="ignore_battery_optimizations">Игнорировать оптимизации батареи</string>
-    <string name="donate_info">Я люблю деньги</string>
-    <string name="donate">Пожертвовать</string>
-    <string name="deduplication">Дедупликация</string>
-    <string name="no_proxies_found_in_clipboard">В буфере обмена не найдено ни одного прокси</string>
-    <string name="no_proxies_found_in_file">В файле не найдено прокси-серверов</string>
-    <string name="no_proxies_found_in_subscription">В подписке не найдено прокси-серверов</string>
-    <string name="no_proxies_found">В ссылке не найдено прокси-серверов</string>
-    <string name="error_title">Ошибка</string>
-    <string name="cleartext_http_warning">Передача HTTP-трафика в виде открытого текста небезопасна</string>
-    <string name="subscriptions">Подписки</string>
-    <string name="not_connected">Не подключен</string>
-    <string name="vpn_connected">Подключено, нажмите, чтобы проверить подключение</string>
-    <string name="connecting">Подключение…</string>
-    <string name="deprecated">Устарело</string>
-    <string name="insecure">Ненадежный</string>
-    <string name="undo">Отменить</string>
-    <string name="add_profile_methods_manual_settings">Ручные настройки</string>
-    <string name="add_profile_methods_scan_qr_code">Отсканировать QR-код</string>
-    <string name="share_qr_nfc">QR-код</string>
-    <string name="delete_confirm_prompt">Вы уверены, что хотите удалить этот профиль\?</string>
-    <string name="delete">Удалить</string>
-    <string name="profile_config">Конфигурация профиля</string>
-    <string name="file_manager_missing">На вашем устройстве отсутствует стандартный селектор файлов Android, установите его, например Material Files.</string>
-    <string name="action_import_err">Не удалось импортировать.</string>
-    <string name="action_import_msg">Успешно импортировано!</string>
-    <string name="action_export_err">Не удалось экспортировать.</string>
-    <string name="action_export_msg">Успешно экспортировано!</string>
-    <string name="action_import_file">Импортировать из файла</string>
-    <string name="action_import">Импорт из буфера обмена</string>
-    <string name="action_export">Экспортировать</string>
-    <string name="action_export_clipboard">Экспорт в буфер обмена</string>
-    <string name="action_export_file">Экспорт в файл</string>
-    <string name="action_scan_china_apps">Сканировать китайские приложения</string>
-    <string name="action_from_link">По подписке</string>
-    <string name="action_create_group">Пустая группа</string>
-    <string name="clear_profiles">Очистить</string>
-    <string name="circular_reference_sum">Маршрут не может содержать сам себя.</string>
-    <string name="circular_reference">Циклическая ссылка</string>
-    <string name="config_settings">Настройки конфигурации</string>
-    <string name="chain_settings">Настройки цепочки</string>
-    <string name="balancer_strategy">Стратегия</string>
-    <string name="balancer_type">Тип</string>
-    <string name="balancer_settings">Настройки балансировщика</string>
-    <string name="balancer">Балансер</string>
-    <string name="custom_config">Пользовательская конфигурация</string>
-    <string name="proxy_chain">Прокси-цепочка</string>
-    <string name="select_profile">Выбрать профиль</string>
-    <string name="add_profile">Добавить профиль</string>
-    <string name="share">Поделиться</string>
-    <string name="edit">Редактировать</string>
-    <string name="settings">Настройки</string>
-    <string name="clipboard_empty">Буфер обмена пуст</string>
-    <string name="connect">Подключиться</string>
-    <string name="profile_empty">Пожалуйста, выберите профиль</string>
-    <string name="reboot_required">Не удалось запустить службу VPN. Возможно, вам потребуется перезагрузить устройство.</string>
-    <string name="vpn_permission_denied">Отказано в разрешении на создание службы VPN</string>
-    <string name="vpn_error">%s</string>
-    <string name="stopping">Выключение…</string>
-    <string name="stop">Остановить</string>
-    <string name="service_failed">Не удалось:</string>
-    <string name="invalid_server">Неверное имя сервера</string>
-    <string name="forward_success">Прокси запустился.</string>
-    <string name="service_proxy">Прокси-сервис</string>
-    <string name="service_vpn">VPN-сервис</string>
-    <string name="direct_boot_aware_summary">Выбранная вами информация профиля будет менее защищена</string>
-    <string name="direct_boot_aware">Разрешить переключение на экране блокировки</string>
-    <string name="auto_connect_summary">Включить прокси при запуске/обновлении приложения, если он был запущен до этого</string>
-    <string name="auto_connect">Автоматическое подключение</string>
-    <string name="show_system_apps">Показать системные приложения</string>
-    <string name="bypass_apps">Обход</string>
-    <string name="clear_selections">Очистить выбор</string>
-    <string name="invert_selections">Инвертировать выбор</string>
-    <string name="scanning">Сканирование…</string>
-    <string name="search_apps">Поиск…</string>
-    <string name="off">Выключенный</string>
-    <string name="on">Включено</string>
-    <string name="proxied_apps_summary">Настроить режим VPN для выбранных приложений</string>
-    <string name="proxied_apps">Режим VPN для приложений</string>
-    <string name="tcp_keep_alive_interval">Интервал доставки пакетов TCP keep-alive</string>
-    <string name="mux_concurrency">Число одновременных подключений Mux</string>
-    <string name="enable_mux">Включить мультиплексор</string>
-    <string name="traffic_sniffing">Включить анализ трафика</string>
-    <string name="domain_strategy">Стратегия разрешения доменов</string>
-    <string name="route_opt_block_ads">Блокировать рекламу</string>
-    <string name="route_opt_bypass_lan">Обход LAN</string>
-    <string name="route_not_asset">Не файл ресурса: ожидался .db, а не %s</string>
-    <string name="route_asset_updated">Обновлено</string>
-    <string name="route_asset_no_update">Обновлений нет</string>
-    <string name="route_asset_status">Локальная версия: %s</string>
-    <string name="route_rules_official">Официальный</string>
-    <string name="route_rules_provider">Поставщик ресурсов правил</string>
-    <string name="route_assets">Ресурсы</string>
-    <string name="route_manage_assets">Управление ресурсами маршрутов</string>
-    <string name="route_reset">Сброс</string>
-    <string name="route_bypass_ip">Правило IP для %s</string>
-    <string name="route_bypass_domain">Правило домена для %s</string>
-    <string name="empty_route_notice">Установите какие-либо правила перед сохранением</string>
-    <string name="empty_route">Пустой маршрут</string>
-    <string name="route_profile">Выбрать профиль…</string>
-    <string name="route_block">Блокировать</string>
-    <string name="route_bypass">Обход</string>
-    <string name="route_proxy">Прокси</string>
-    <string name="route_name">Название маршрута</string>
-    <string name="delete_route_prompt">Вы уверены, что хотите удалить этот маршрут\?</string>
-    <string name="route_add">Создать маршрут</string>
-    <string name="menu_route">Маршруты</string>
-    <string name="metered_summary">Подсказывать системе, что VPN следует рассматривать как сеть с лимитным тарифным планом</string>
-    <string name="metered">Подсказка о соединении с лимитным тарифным планом</string>
-    <string name="only">Исключительно</string>
-    <string name="prefer">Предпочитать</string>
-    <string name="ipv6">Маршрут IPv6</string>
-    <string name="edit_config">Изменить конфигурацию</string>
-    <string name="config_type">Тип конфигурации</string>
-    <string name="extra_headers">Дополнительные заголовки</string>
-    <string name="encryption">Шифрование</string>
-    <string name="early_data_header_name">Имя заголовка ранних данных</string>
-    <string name="certificates">Сертификаты</string>
-    <string name="alpn">Согласование протокола уровня приложений</string>
-    <string name="sni">Server Name Indication (SNI)</string>
-    <string name="tls">Использовать TLS</string>
-    <string name="grpc_service_name">Имя службы gRPC</string>
-    <string name="http_path">HTTP-путь</string>
-    <string name="http_host">HTTP-хост</string>
-    <string name="ws_path">Путь к WebSocket</string>
-    <string name="ws_host">Хост WebSocket</string>
-    <string name="alter_id">Изменить ID</string>
-    <string name="uuid">Логин пользователя</string>
-    <string name="obfs_param">Параметры Obfs</string>
-    <string name="obfs">Obfs</string>
-    <string name="protocol_param">Параметры протокола</string>
-    <string name="username_opt">Имя пользователя (необязательно)</string>
-    <string name="speed">%s/с</string>
-    <string name="hysteria_download_mbps">Максимальная скорость загрузки (в Мбит / с)</string>
-    <string name="hysteria_upload_mbps">Максимальная скорость загрузки (в Мбит / с)</string>
-    <string name="hysteria_auth_payload">Полезные данные аутентификации</string>
-    <string name="hysteria_auth_type">Тип аутентификации</string>
-    <string name="hysteria_obfs">Обфускация пароля</string>
-    <string name="experimental_settings">Экспериментальный</string>
-    <string name="route_need_vpn">Правило маршрутизации `%s` зависит от VPN, поэтому игнорируется.</string>
-    <string name="route_for">Правило для %s</string>
-    <string name="app_no_launcher">У приложения нет интерфейса.</string>
-    <string name="copy_failed">Не удалось скопировать.</string>
-    <string name="copy_success">Копировано успешно!</string>
-    <string name="create_rule">Создать правило</string>
-    <string name="open_market">Показать в маркете</string>
-    <string name="open_settings">Открыть настройки</string>
-    <string name="open_app">Открыть приложение</string>
-    <string name="copy_package_name">Копировать имя пакета</string>
-    <string name="copy_label">Копировать имя</string>
-    <string name="udp_connections">%d UDP-соединений</string>
-    <string name="tcp_connections">%d TCP-соединений</string>
-    <string name="shadowsocks_plugin_v2ray">V2Ray (плагин Shadowsocks для Android)</string>
-    <string name="shadowsocks_plugin_simple_obfs">Simple Obfs (плагин Shadowsocks для Android)</string>
-    <string name="plugin_exists_but_on_shit_system">Профиль %s требует плагин %s, но поставщик вашего проприетарного оборудования (обычно это большие компании, занимающиеся слежкой и производители вредоносного ПО) изменил ваш Android, сделав плагин непригодным для использования.</string>
-    <string name="group_order_by_delay">По задержке</string>
-    <string name="group_order_by_name">По имени</string>
-    <string name="group_order_origin">По происхождению</string>
-    <string name="group_order">Сортировка</string>
-    <string name="hysteria_disable_mtu_discovery">Отключить обнаружение MTU пути</string>
-    <string name="hysteria_connection_receive_window">Окно получения соединения QUIC</string>
-    <string name="hysteria_stream_receive_window">Окно приема потока QUIC</string>
-    <string name="menu_traffic">Трафик</string>
-    <string name="no_statistics">Статистики пока нет</string>
-    <string name="clear_logcat">Очистить Logcat</string>
-    <string name="menu_log">Логи</string>
-    <string name="menu_tools">Инструменты</string>
-    <string name="translate_platform">Платформа локализации</string>
-    <string name="ssh_private_key_passphrase">Парольная фраза закрытого ключа</string>
-    <string name="ssh_private_key">Закрытый ключ</string>
-    <string name="ssh_public_key">Открытый ключ</string>
-    <string name="ssh_auth_type_none">Без аутентификации</string>
-    <string name="profile_traffic_statistics">Статистика трафика профиля</string>
-    <string name="profile_traffic_statistics_summary">Когда отключено, использованный трафик не будет отображаться</string>
-    <string name="app_statistics_disabled">Статистика трафика приложений отключена в настройках</string>
-    <string name="warp_generate">Создать конфигурацию</string>
-    <string name="generating">Создание…</string>
-    <string name="tun_implementation">Реализация TUN</string>
-    <string name="wireguard_local_address">Частный адрес</string>
-    <string name="destination_override">Переопределять адрес назначения</string>
-    <string name="resolve_destination_summary">Если адрес назначения является доменом, то он передается в соответствии со стратегией IPv6.</string>
-    <string name="destination_override_summary">Использовать перехваченный домен для переопределения адреса назначения, а не только для маршрутизации</string>
-    <string name="pcap_notice">Pcap файлы будут сохранены в %s</string>
-    <string name="route_play_store">Правило Play Store для %s</string>
-    <string name="route_opt_block_analysis">Блокировать аналитику</string>
-    <string name="wireguard_public_key">Открытый ключ сервера</string>
-    <string name="wireguard_psk">Пароль сервера</string>
-    <string name="naive_insecure_concurrency">Небезопасный параллелизм</string>
-    <string name="naive_insecure_concurrency_summary">Использовать N параллельных соединений для повышения отказоустойчивости в условиях ненадёжной сети. Большее число соединений увеличивает риск обнаружения туннелей и снижает безопасность. Этот проект стремится к максимальной защите от анализа трафика, следовательно, использование его небезопасным образом противоречит данной цели.
-\n
-\nЕсли придётся использовать данную функцию, попробуйте N=2, чтобы проверить, решит ли это проблему. Настоятельно не рекомендуется использовать более 4 соединений.</string>
-    <string name="resolve_destination">Резолвить адрес назначения</string>
-    <string name="start">Старт</string>
-    <string name="stun_attest_loading">Пожалуйста, подождите…</string>
-    <string name="stun_test">Обнаружение поведения NAT</string>
-    <string name="stun_test_summary">Определить поведение сопоставления адресов NAT и поведение фильтрации NAT в соответствии с RFC 5780 при помощи STUN.</string>
-    <string name="warp_license">[CloudFlare Warp](https://blog.cloudflare.com/1111-warp-better-vpn/) - это бесплатный провайдер WireGuard VPN. Используя его, вы соглашаетесь с [условиями использования](https://www.cloudflare.com/application/terms/).</string>
-    <string name="tools_network">Сеть</string>
-    <string name="backup">Бэкап</string>
-    <string name="backup_rules">Правила маршрутизации</string>
-    <string name="backup_settings">Настройки</string>
-    <string name="backup_not_file">Не файл резервной копии: ожидался .json, а не %s</string>
-    <string name="invalid_backup_file">Недействительный файл резервной копии</string>
-    <string name="backup_import_summary">При импорте существующие данные будут перезаписаны.</string>
-    <string name="backup_importing">Импортирование…</string>
-    <string name="backup_import">Импортировать</string>
-    <string name="backup_groups_and_configurations">Группы и конфигурации</string>
-    <string name="backup_summary">Если правила маршрутизации резервируются без конфигураций, то пользовательские исходящие соединения будут потеряны.</string>
-    <string name="packet_encoding">Кодирование пакетов</string>
-</resources>
\ No newline at end of file
+<string name="speed_interval">Интервал обновления уведомлений о скорости</string>
+<string name="ss_cat">Настройки Shadowsocks</string>
+<string name="ssh_auth_type_none">Без аутентификации</string>
+<string name="ssh_private_key">Закрытый ключ</string>
+<string name="ssh_private_key_passphrase">Парольная фраза закрытого ключа</string>
+<string name="ssh_public_key">Открытый ключ</string>
+<string name="standard">Стандарт</string>
+<string name="start">Старт</string>
+<string name="status_bar_notification_info_overflow">&gt;999</string>
+<string name="stop">Остановить</string>
+<string name="stopping">Выключение…</string>
+<string name="stun_attest_loading">Пожалуйста, подождите…</string>
+<string name="stun_test">Обнаружение поведения NAT</string>
+<string name="stun_test_summary">Определить поведение сопоставления адресов NAT и поведение фильтрации NAT в соответствии с RFC 5780 при помощи STUN.</string>
+<string name="subscription">Подписка</string>
+<string name="subscription_expire">Истекает: %s</string>
+<string name="subscription_import">Импортировать подписку</string>
+<string name="subscription_import_message">Подтвердите, что хотите импортировать подписку %s? Если вы импортируете из ненадежного источника, это может привести к утечке вашего IP-адреса и такого поведения.</string>
+<string name="subscription_settings">Настройки подписки</string>
+<string name="subscription_traffic">%s Использовано / %s Осталось</string>
+<string name="subscription_type">Тип подписки</string>
+<string name="subscription_update">Обновление подписки</string>
+<string name="subscription_update_message">Обновление %s …</string>
+<string name="subscription_used">%s Использовано</string>
+<string name="subscription_user_agent">UserAgent</string>
+<string name="subscriptions">Подписки</string>
+<string name="tcp_connections">%d TCP-соединений</string>
+<string name="tcp_keep_alive_interval">Интервал доставки пакетов TCP keep-alive</string>
+<string name="telegram">Канал обновлений в Telegram</string>
+<string name="test_concurrency">Число параллельных подключений</string>
+<string name="theme">Тема</string>
+<string name="tile_title">Переключатель</string>
+<string name="tls">Использовать TLS</string>
+<string name="tls_camouflage_settings">Настройки защиты TLS</string>
+<string name="tools_network">Сеть</string>
+<string name="traffic_sniffing">Включить анализ трафика</string>
+<string name="trojan_provider">Провайдер Trojan</string>
+<string name="tuic_congestion_controller">Контроллер перегрузки</string>
+<string name="tuic_disable_sni">Отключить SNI</string>
+<string name="tuic_reduce_rtt">Включить 0-RTT QUIC-соединение</string>
+<string name="tuic_udp_relay_mode">Режим UDP-ретранслятора</string>
+<string name="tun_implementation">Реализация TUN</string>
+<string name="udp_connections">%d UDP-соединений</string>
+<string name="unavailable">Недоступен</string>
+<string name="undo">Отменить</string>
+<string name="unsaved_changes_prompt">Есть несохраненные изменения. Сохранить?</string>
+<string name="update_all_subscription">Обновить все подписки</string>
+<string name="update_current_subscription">Обновить подписку текущей группы</string>
+<string name="update_dialog_message">Текущая версия: %1$s\nДоступная версия: %2$s\nХотите загрузить её?</string>
+<string name="update_dialog_title">Доступна новая версия</string>
+<string name="update_settings">Обновить настройки</string>
+<string name="update_subscription_warning">Прокси-сервер не подключен, вы уверены, что хотите продолжить обновление?</string>
+<string name="update_when_connected_only">Обновлять только при подключении</string>
+<string name="update_when_connected_only_sum">Предотвратить утечку IP-адреса</string>
+<string name="use_selector">Использовать селектор</string>
+<string name="username">Имя пользователя</string>
+<string name="username_opt">Имя пользователя (необязательно)</string>
+<string name="utls_fingerprint">Отпечаток uTLS</string>
+<string name="uuid">Логин пользователя</string>
+<string name="v7_preference_off">ВЫКЛ.</string>
+<string name="v7_preference_on">ВКЛ.</string>
+<string name="version_x">Версия (%s)</string>
+<string name="vpn_connected">Подключено, нажмите для проверки подключения</string>
+<string name="vpn_permission_denied">Отказано в разрешении на создание службы VPN</string>
+<string name="wake_reset_connections">Сбросить исходящие соединения при выходе из спящего режима</string>
+<string name="warp_generate">Создать конфигурацию</string>
+<string name="warp_license">CloudFlare Warp - это бесплатный VPN-провайдер WireGuard. Используя его, вы соглашаетесь с условиями использования.</string>
+<string name="wireguard_local_address">Частный адрес</string>
+<string name="wireguard_psk">Пароль сервера</string>
+<string name="wireguard_public_key">Открытый ключ сервера</string>
+<string name="ws_browser_forwarding">Пересылка через браузер</string>
+<string name="ws_browser_forwarding_sum">Перенаправьте соответствующие веб-сокеты через браузер.</string>
+<string name="ws_host">Хост WebSocket</string>
+<string name="ws_max_early_data">Максимальный объём данных</string>
+<string name="ws_path">Путь к WebSocket</string>
+<string name="xtls_flow">Flow (подпротокол VLESS)</string>
+<string name="yes">Да</string>
+</resources>
diff --git a/app/src/main/res/values-uk/strings.xml b/app/src/main/res/values-uk/strings.xml
index 2134a358b..023942460 100644
--- a/app/src/main/res/values-uk/strings.xml
+++ b/app/src/main/res/values-uk/strings.xml
@@ -1,130 +1,523 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
-    <string name="port_local_dns">Локальний порт DNS</string>
-    <string name="dns_hosts">Переписування домену</string>
-    <string name="fakedns_message">Може призвести до перезапуску інших програм для повторного підключення до мережі після зупинки проксі</string>
-    <string name="enable_fakedns">Увімкніть FakeDNS</string>
-    <string name="dns_routing_message">Вирішуйте домени в обхідних маршрутах за допомогою Direct DNS. Будьте в курсі можливих витоків DNS</string>
-    <string name="enable_dns_routing">Увімкнути маршрутизацію DNS</string>
-    <string name="direct_dns">Прямий DNS</string>
-    <string name="remote_dns">Віддалений DNS</string>
-    <string name="cag_dns">Налаштування DNS</string>
-    <string name="connection_test_error_status_code">Код помилки: #%d</string>
-    <string name="connection_test_fail">Інтернет недоступний</string>
-    <string name="connection_test_error">Не вдалося: %s</string>
-    <string name="connection_test_available_http">Успішно: рукостискання HTTP зайняло %dms</string>
-    <string name="connection_test_available">Успіх: рукостискання HTTPS зайняло %dms</string>
-    <string name="connection_test_testing">Тестування…</string>
-    <string name="speed_detail">Проксі: %1$s↑ %2$s↓
-\nПрямий: %3$s↑ %4$s↓</string>
-    <string name="allow_insecure_sum">Вимкнути перевірку сертифікатів. Якщо ввімкнено, ця конфігурація є такою ж безпечною, як і відкритий текст</string>
-    <string name="allow_insecure">Дозволити незахищене</string>
-    <string name="security_settings">Налаштування безпеки</string>
-    <string name="show_direct_speed_sum">У сповіщенні також покажіть швидкість трафіку без проксі -сервера</string>
-    <string name="show_direct_speed">Показати пряму швидкість</string>
-    <string name="show_stop_sum">Якщо ви не хочете використовувати Quick Tile як перемикач</string>
-    <string name="show_stop">Показати кнопку зупинки</string>
-    <string name="cag_misc">Різні налаштування</string>
-    <string name="speed_interval">Інтервал оновлення сповіщення про швидкість</string>
-    <string name="ws_browser_forwarding_sum">Пересилайте відповідні WebSockets через браузер.</string>
-    <string name="ws_browser_forwarding">Переадресація браузера</string>
-    <string name="cag_ws">Налаштування WebSocket</string>
-    <string name="require_http">Увімкнути вхідний протокол HTTP</string>
-    <string name="general_settings">Налаштування програми</string>
-    <string name="inbound_settings">Вхідні налаштування</string>
-    <string name="allow_access_sum">Прив’язати вхідні сервери до 0.0.0.0</string>
-    <string name="allow_access">Дозволити підключення з локальної мережі</string>
-    <string name="cag_route">Налаштування маршруту</string>
-    <string name="port_transproxy">Транспроксі -порт</string>
-    <string name="port_http">Проксі -порт HTTP</string>
-    <string name="port_proxy">Порт проксі -сервера SOCKS5</string>
-    <string name="service_mode_proxy">Тільки проксі</string>
-    <string name="service_mode">Режим обслуговування</string>
-    <string name="group_duplicate">Дублікат:
-\n%s</string>
-    <string name="group_deleted">Видалено:
-\n%s</string>
-    <string name="group_changed">Оновлено:
-\n%s</string>
-    <string name="group_added">Додано:
-\n%s</string>
-    <string name="group_delete_confirm_prompt">Ви впевнені, що хочете видалити цю групу\?</string>
-    <string name="group_diff">Різниця (%s)</string>
-    <string name="group_show_diff">Різниця</string>
-    <string name="group_updated">%s: Оновлено %d проксі</string>
-    <string name="group_no_difference">%s: Різниці немає</string>
-    <string name="group_status_proxies_subscription">%d проксі | Оновлено на %s</string>
-    <string name="group_status_proxies">%d проксі</string>
-    <string name="group_status_empty_subscription">Ще не оновлено</string>
-    <string name="group_status_empty">Порожня група</string>
-    <string name="group_edit_subscription">Редагувати підписку</string>
-    <string name="group_edit">Редагувати групу</string>
-    <string name="group_create_subscription">Створити підписку</string>
-    <string name="group_create">Створити групу</string>
-    <string name="group_name_required">Потрібна назва групи</string>
-    <string name="group_subscription_link">Посилання на підписку</string>
-    <string name="group_update">Оновлення</string>
-    <string name="group_name">Назва групи</string>
-    <string name="tile_title">Перемикач</string>
-    <string name="quick_toggle">Переключити</string>
-    <string name="group_default">Розгрупований</string>
-    <string name="document">Документ</string>
-    <string name="theme">Тема</string>
-    <string name="menu_about">Про</string>
-    <string name="menu_group">Група</string>
-    <string name="menu_configuration">Конфігурація</string>
-    <string name="logcat">Експорт інформації про налагодження</string>
-    <string name="version_x">Версія (%s)</string>
-    <string name="app_version">Версія</string>
-    <string name="oss_licenses">Ліцензії з відкритим кодом</string>
-    <string name="telegram">Канал оновлення Telegram</string>
-    <string name="github">Вихідний код</string>
-    <string name="project">Проєкт</string>
+    <string name="app_name" translatable="false">NekoBox</string>
+    <string name="app_name_long" translatable="false">NekoBox for Android</string>
     <string name="app_desc">Універсальний набір інструментів проксі для Android, написаний на Kotlin.</string>
-    <string name="route_name">Назва маршруту</string>
-    <string name="delete_route_prompt">Ви впевнені, що хочете видалити цей маршрут\?</string>
-    <string name="route_add">Створити маршрут</string>
-    <string name="menu_route">Маршрут</string>
-    <string name="metered_summary">Система підказок щодо розгляду VPN як лічильника</string>
-    <string name="metered">Підказка з дозуванням</string>
-    <string name="only">Тільки</string>
-    <string name="prefer">Краще</string>
-    <string name="ipv6">Маршрут IPv6</string>
-    <string name="edit_config">Редагувати конфігурацію</string>
-    <string name="config_type">Тип конфігурації</string>
-    <string name="extra_headers">Додаткові заголовки</string>
-    <string name="encryption">Шифрування</string>
-    <string name="early_data_header_name">Назва раннього заголовка даних</string>
-    <string name="certificates">Сертифікати</string>
-    <string name="alpn">Переговори про протокол шару додатків</string>
-    <string name="sni">Індикація імені сервера</string>
-    <string name="tls">Використовуйте TLS</string>
-    <string name="grpc_service_name">ім\'я служби gRPC</string>
-    <string name="http_path">Шлях HTTP</string>
-    <string name="http_host">Хост HTTP</string>
-    <string name="ws_path">Шлях WebSocket</string>
-    <string name="ws_host">Хост WebSocket</string>
-    <string name="header_type">Тип заголовка</string>
-    <string name="network">Мережа</string>
-    <string name="security">Шифрування транспортного рівня</string>
-    <string name="alter_id">Змінити ідентифікатор</string>
-    <string name="uuid">ідентифікатор користувача</string>
-    <string name="protocol_param">Протокол Param</string>
-    <string name="protocol">Протокол</string>
-    <string name="enc_method">Метод шифрування</string>
-    <string name="password">Пароль</string>
-    <string name="key_opt">Ключ (необов’язково)</string>
-    <string name="password_opt">Пароль (необов’язково)</string>
-    <string name="username_opt">Ім\'я користувача (необов’язково)</string>
-    <string name="username">Ім\'я користувача</string>
-    <string name="server_port">Віддалений порт</string>
-    <string name="server_address">Сервер</string>
-    <string name="profile_name">Імя профілю</string>
-    <string name="connection_test_url">URL -адреса перевірки з\'єднання</string>
-    <string name="transproxy_mode">Режим Transproxy</string>
+    <string name="project">Проєкт</string>
+    <string name="github">Вихідний код</string>
+    <string name="telegram">Канал оновлень в Telegram</string>
+    <string name="oss_licenses">Ліцензії з відкритим кодом</string>
+    <string name="app_version">Версія</string>
+    <string name="version_x">Версія (%s)</string>
+    <string name="logcat">Експорт інформації про налагодження</string>
+    <string name="menu_configuration">Конфігурація</string>
+    <string name="menu_group">Група</string>
+    <string name="menu_about">Про додаток</string>
+    <string name="theme">Тема</string>
+    <string name="document">Документація</string>
+    <string name="group_default">Без групи</string>
+    <string name="quick_toggle">Перемикач</string>
+    <string name="tile_title">Перемикач</string>
+    <string name="menu_traffic">Трафік</string>
+    <string name="menu_dashboard">Панель керування sing-box</string>
+    <!-- externel -->
+    <string name="action_copy">Копіювати</string>
+    <string name="action_open">Відкрити</string>
+    <!-- group -->
+    <string name="group_name">Назва групи</string>
+    <string name="group_update">Оновити</string>
+    <string name="group_subscription_link">Посилання на підписку</string>
+    <string name="group_name_required">Потрібна назва групи</string>
+    <string name="group_create">Створити групу</string>
+    <string name="group_create_subscription">Створити підписку</string>
+    <string name="update_all_subscription">Оновити всі підписки</string>
+    <string name="group_edit">Редагувати групу</string>
+    <string name="group_edit_subscription">Редагувати підписку</string>
+    <string name="group_status_empty">Порожня група</string>
+    <string name="group_status_empty_subscription">Ще не оновлено</string>
+    <string name="group_status_proxies">%d проксі</string>
+    <string name="group_status_proxies_subscription">%d проксі | Оновлено %s</string>
+    <string name="group_no_difference">%s: Немає різниці</string>
+    <string name="group_updated">%s: Оновлено %d проксі</string>
+    <string name="group_show_diff">Різниця</string>
+    <string name="group_diff">Різниця (%s)</string>
+    <string name="group_delete_confirm_prompt">Ви впевнені, що хочете видалити цю групу?</string>
+    <string name="group_added">Додано: \n%s</string>
+    <string name="group_changed">Оновлено: \n%s</string>
+    <string name="group_deleted">Видалено: \n%s</string>
+    <string name="group_duplicate">Дублікат: \n%s</string>
+    <!-- misc -->
+    <string name="service_mode">Режим роботи</string>
+    <string name="service_mode_proxy">Тільки проксі</string>
+    <string name="service_mode_vpn" translatable="false">VPN</string>
+    <string name="port_proxy">Порт проксі-сервера SOCKS5</string>
+    <string name="port_http">Проксі-порт HTTP</string>
+    <string name="port_transproxy">Транспроксі-порт</string>
+    <string name="cag_route">Налаштування маршруту</string>
+    <string name="allow_access">Дозволити підключення з локальної мережі</string>
+    <string name="allow_access_sum">Прив’язати вхідні сервери до 0.0.0.0</string>
+    <string name="inbound_settings">Вхідні налаштування</string>
+    <string name="general_settings">Налаштування програми</string>
+    <string name="require_http">Увімкнути вхідний протокол HTTP</string>
+    <string name="cag_ws">Налаштування WebSocket</string>
+    <string name="ws_max_early_data" translatable="false">Max early data</string>
+    <string name="ws_browser_forwarding">Переадресація браузера</string>
+    <string name="ws_browser_forwarding_sum">Пересилайте відповідні WebSockets через браузер.</string>
+    <string name="speed_interval">Інтервал оновлення сповіщення про швидкість</string>
+    <string name="cag_misc">Різні налаштування</string>
+    <string name="show_stop">Показати кнопку зупинки</string>
+    <string name="show_stop_sum">Якщо ви не хочете використовувати Quick Tile як перемикач</string>
+    <string name="show_direct_speed">Показати пряму швидкість</string>
+    <string name="show_direct_speed_sum">У сповіщенні також покажіть швидкість трафіку без проксі-сервера</string>
+    <string name="security_settings">Налаштування безпеки TLS</string>
+    <string name="allow_insecure">Дозволити незахищене</string>
+    <string name="allow_insecure_sum">Вимкнути перевірку сертифікатів. Якщо ввімкнено, ця конфігурація є такою ж безпечною, як і відкритий текст</string>
+    <string name="traffic" translatable="false">%1$s↑ %2$s↓</string>
+    <string name="speed_detail">Проксі: %1$s↑ %2$s↓\nПрямий: %3$s↑ %4$s↓</string>
+    <string name="speed">%s/с</string>
+    <string name="connection_test_testing">Тестування…</string>
+    <string name="connection_test_available">Успіх: рукостискання HTTPS зайняло %dмс</string>
+    <string name="connection_test_available_http">Успіх: рукостискання HTTP зайняло %dмс</string>
+    <string name="connection_test_error">Не вдалося: %s</string>
+    <string name="connection_test_fail">Інтернет недоступний</string>
+    <string name="connection_test_error_status_code">Код помилки: #%d</string>
+    <string name="cag_dns">Налаштування DNS</string>
+    <string name="remote_dns">Віддалений DNS</string>
+    <string name="direct_dns">Прямий DNS</string>
+    <string name="enable_dns_routing">Увімкнути маршрутизацію DNS</string>
+    <string name="dns_routing_message">Вирішуйте домени в обхідних маршрутах за допомогою Direct DNS. Будьте в курсі можливих витоків DNS</string>
+    <string name="enable_fakedns">Увімкнути FakeDNS</string>
+    <string name="fakedns_message">Може призвести до перезапуску інших програм для повторного підключення до мережі після зупинки проксі</string>
+    <string name="dns_hosts">Переписування домену</string>
+    <string name="port_local_dns">Локальний порт DNS</string>
     <string name="require_transproxy">Увімкнути вхідний сигнал Transproxy</string>
-    <string name="obfs_param">Obfs Парам</string>
+    <string name="transproxy_mode">Режим Transproxy</string>
+    <string name="connection_test_url">URL-адреса перевірки з\'єднання</string>
+    <!-- proxy category -->
+    <string name="profile_name">Ім\'я профілю</string>
+    <string name="server_address">Сервер</string>
+    <string name="server_port">Віддалений порт</string>
+    <string name="username">Ім\'я користувача</string>
+    <string name="username_opt">Ім\'я користувача (необов’язково)</string>
+    <string name="password_opt">Пароль (необов’язково)</string>
+    <string name="key_opt">Ключ (необов’язково)</string>
+    <string name="password">Пароль</string>
+    <string name="enc_method">Метод шифрування</string>
+    <string name="protocol">Протокол</string>
+    <string name="protocol_param">Параметр протоколу</string>
     <string name="obfs">Obfs</string>
-    <string name="speed">%s/s</string>
-    <string name="menu_traffic">трафіку</string>
-</resources>
\ No newline at end of file
+    <string name="obfs_param">Параметр Obfs</string>
+    <string name="uuid">ідентифікатор користувача</string>
+    <string name="alter_id">Змінити ідентифікатор</string>
+    <string name="security">Шифрування транспортного рівня</string>
+    <string name="network">Мережа</string>
+    <string name="header_type">Тип заголовка</string>
+    <string name="ws_host">Хост WebSocket</string>
+    <string name="ws_path">Шлях WebSocket</string>
+    <string name="http_host">Хост HTTP</string>
+    <string name="http_path">Шлях HTTP</string>
+    <string name="grpc_service_name">ім\'я служби gRPC</string>
+    <string name="tls">Використовувати TLS</string>
+    <string name="sni">Індикація імені сервера</string>
+    <string name="alpn">Переговори про протокол шару додатків</string>
+    <string name="certificates">Сертифікати</string>
+    <string name="early_data_header_name">Назва раннього заголовка даних</string>
+    <string name="encryption">Шифрування</string>
+    <string name="extra_headers">Додаткові заголовки</string>
+    <string name="config_type">Тип конфігурації</string>
+    <string name="edit_config">Редагувати конфігурацію</string>
+    <!-- feature category -->
+    <string name="ipv6">Маршрут IPv6</string>
+    <string name="prefer">Віддавати перевагу</string>
+    <string name="only">Тільки</string>
+    <string name="metered">Лімітне підключення</string>
+    <string name="metered_summary">Повідомляти системі, що VPN-з\'єднання є лімітним</string>
+    <string name="menu_route">Маршрут</string>
+    <string name="route_add">Створити маршрут</string>
+    <string name="delete_route_prompt">Ви впевнені, що хочете видалити цей маршрут?</string>
+    <string name="route_name">Назва маршруту</string>
+    <string name="route_proxy">Проксі</string>
+    <string name="route_bypass">В обхід</string>
+    <string name="route_block">Блокувати</string>
+    <string name="route_profile">Вибрати профіль…</string>
+    <string name="empty_route">Порожній маршрут</string>
+    <string name="empty_route_notice">Встановіть правила перед збереженням</string>
+    <string name="route_bypass_domain">Правило домену для %s</string>
+    <string name="route_play_store">Правило Play Store для %s</string>
+    <string name="route_bypass_ip">Правило IP для %s</string>
+    <string name="route_reset">Скинути</string>
+    <string name="route_manage_assets">Керування ресурсами маршрутів</string>
+    <string name="route_assets">Ресурси</string>
+    <string name="route_rules_provider">Постачальник ресурсів правил</string>
+    <string name="route_rules_official">Офіційний</string>
+    <string name="route_asset_status">Локальна версія: %s</string>
+    <string name="route_asset_no_update">Немає оновлень</string>
+    <string name="route_asset_updated">Оновлено</string>
+    <string name="route_not_asset">Це не файл ресурсів: очікувався .db, але отримано %s</string>
+    <string name="route_opt_bypass_lan">Обходити локальну мережу</string>
+    <string name="route_opt_block_ads">Блокувати рекламу</string>
+    <string name="route_opt_block_analysis">Блокувати аналітику</string>
+    <string name="route_opt_block_quic">Блокувати QUIC</string>
+    <string name="domain_strategy">Стратегія визначення доменів</string>
+    <string name="traffic_sniffing">Увімкнути аналіз трафіку</string>
+    <string name="enable_mux">Увімкнути мультиплексор</string>
+    <string name="mux_sum">Mux призначений для зменшення затримки рукостискання TCP, а не для збільшення пропускної здатності з\'єднання. Використання Mux для перегляду відео, завантаження або тестування швидкості зазвичай є контрпродуктивним. Якщо сервер його не підтримує, ви не зможете отримати доступ до Інтернету.</string>
+    <string name="mux_concurrency">Паралельні з\'єднання Mux</string>
+    <string name="tcp_keep_alive_interval">Інтервал доставки пакетів TCP keep-alive</string>
+    <string name="proxied_apps">Програми в режимі VPN</string>
+    <string name="proxied_apps_summary">Налаштувати режим VPN для вибраних програм</string>
+    <string name="on">Увімк</string>
+    <string name="off">Вимк</string>
+    <string name="search_apps">Пошук…</string>
+    <string name="scanning">Сканування…</string>
+    <string name="invert_selections">Інвертувати вибір</string>
+    <string name="clear_selections">Очистити вибір</string>
+    <string name="bypass_apps">В обхід</string>
+    <string name="show_system_apps">Показувати системні програми</string>
+    <string name="auto_connect">Автоматичне підключення</string>
+    <string name="auto_connect_summary">Вмикати проксі під час запуску/оновлення програми, якщо він працював раніше</string>
+    <string name="direct_boot_aware">Дозволити перемикання на екрані блокування</string>
+    <string name="direct_boot_aware_summary">Інформація про ваш вибраний профіль буде менш захищеною</string>
+    <!-- notification category -->
+    <string name="service_vpn">Служба VPN</string>
+    <string name="service_proxy">Служба проксі</string>
+    <string name="forward_success">Проксі запущено.</string>
+    <string name="invalid_server">Неправильне ім\'я сервера</string>
+    <string name="service_failed">Не вдалося: </string>
+    <string name="stop">Зупинити</string>
+    <string name="stopping">Зупинка…</string>
+    <string name="vpn_error">%s</string>
+    <string name="vpn_permission_denied">Дозвіл на створення служби VPN відхилено</string>
+    <string name="reboot_required">Не вдалося запустити службу VPN. Можливо, вам доведеться перезавантажити пристрій.</string>
+    <!-- alert category -->
+    <string name="profile_empty">Будь ласка, виберіть профіль</string>
+    <string name="connect">Підключити</string>
+    <string name="clipboard_empty">Буфер обміну порожній</string>
+    <!-- menu category -->
+    <string name="settings">Налаштування</string>
+    <string name="edit">Редагувати</string>
+    <string name="share">Поділитися</string>
+    <string name="add_profile">Додати профіль</string>
+    <string name="select_profile">Вибрати профіль</string>
+    <string name="action_socks" translatable="false">SOCKS</string>
+    <string name="action_http" translatable="false">HTTP</string>
+    <string name="action_shadowsocks" translatable="false">Shadowsocks</string>
+    <string name="action_shadowsocksr" translatable="false">ShadowsocksR</string>
+    <string name="action_vmess" translatable="false">VMess</string>
+    <string name="action_trojan" translatable="false">Trojan</string>
+    <string name="action_trojan_go" translatable="false">Trojan Go</string>
+    <string name="action_mieru" translatable="false">Mieru</string>
+    <string name="action_naive" translatable="false">Naïve</string>
+    <string name="action_anytls" translatable="false">AnyTLS</string>
+    <string name="action_hysteria" translatable="false">Hysteria</string>
+    <string name="action_ssh" translatable="false">SSH</string>
+    <string name="action_wireguard" translatable="false">WireGuard</string>
+    <string name="action_tuic" translatable="false">TUIC</string>
+    <string name="proxy_chain">Ланцюжок проксі</string>
+    <string name="custom_config">Власна конфігурація</string>
+    <string name="balancer">Балансувальник</string>
+    <string name="balancer_settings">Налаштування балансувальника</string>
+    <string name="balancer_type">Тип</string>
+    <string name="balancer_strategy">Стратегія</string>
+    <string name="chain_settings">Налаштування ланцюжка</string>
+    <string name="config_settings">Налаштування конфігурації</string>
+    <string name="circular_reference">Циклічне посилання</string>
+    <string name="circular_reference_sum">Маршрут не може містити самого себе.</string>
+    <string name="clear_profiles">Очистити</string>
+    <string name="action_create_group">Порожня група</string>
+    <string name="action_from_link">З підписки</string>
+    <string name="action_scan_china_apps">Сканувати китайські програми</string>
+    <string name="action_export_file">Експортувати у файл</string>
+    <string name="action_export_clipboard">Експортувати в буфер обміну</string>
+    <string name="action_export">Експорт</string>
+    <string name="action_import">Імпортувати з буфера обміну</string>
+    <string name="action_import_file">Імпортувати з файлу</string>
+    <string name="action_export_msg">Експортовано успішно!</string>
+    <string name="action_export_err">Не вдалося експортувати.</string>
+    <string name="action_import_msg">Імпортовано успішно!</string>
+    <string name="action_import_err">Не вдалося імпортувати.</string>
+    <string name="file_manager_missing">На вашому пристрої відсутній стандартний файловий менеджер Android, будь ласка, встановіть його, наприклад, Material Files.</string>
+    <!-- share -->
+    <!-- profile -->
+    <string name="profile_config">Конфігурація профілю</string>
+    <string name="delete">Видалити</string>
+    <string name="delete_confirm_prompt">Ви впевнені, що хочете видалити цей профіль?</string>
+    <string name="share_qr_nfc">QR-код</string>
+    <string name="add_profile_methods_scan_qr_code">Сканувати QR-код</string>
+    <string name="add_profile_methods_manual_settings">Ручні налаштування</string>
+    <plurals name="removed">
+        <item quantity="one">Видалено</item>
+        <item quantity="few">Видалено %d елементи</item>
+        <item quantity="many">Видалено %d елементів</item>
+        <item quantity="other">Видалено %d елемента</item>
+    </plurals>
+    <plurals name="added">
+        <item quantity="one">Додано</item>
+        <item quantity="few">Додано %d проксі</item>
+        <item quantity="many">Додано %d проксі</item>
+        <item quantity="other">Додано %d проксі</item>
+    </plurals>
+    <string name="undo">Скасувати</string>
+    <string name="insecure">Незахищений</string>
+    <string name="deprecated">Застарілий</string>
+    <!-- tasker -->
+    <!-- status -->
+    <string name="connecting">Підключення…</string>
+    <string name="vpn_connected">Підключено, торкніться, щоб перевірити з\'єднання</string>
+    <string name="not_connected">Не підключено</string>
+    <!-- subscriptions -->
+    <string name="subscriptions">Підписки</string>
+    <string name="cleartext_http_warning">HTTP-трафік у відкритому вигляді є незахищеним</string>
+    <string name="error_title">Помилка</string>
+    <string name="no_proxies_found">Проксі за посиланням не знайдено</string>
+    <string name="no_proxies_found_in_subscription">У підписці не знайдено проксі</string>
+    <string name="no_proxies_found_in_file">У файлі не знайдено проксі</string>
+    <string name="no_proxies_found_in_clipboard">У буфері обміну не знайдено проксі</string>
+    <string name="deduplication">Дедуплікація</string>
+    <string name="donate">Пожертвувати</string>
+    <string name="donate_info">Я люблю гроші</string>
+    <string name="ignore_battery_optimizations">Ігнорувати оптимізацію батареї</string>
+    <string name="ignore_battery_optimizations_sum">Зняти деякі обмеження</string>
+    <!-- plugin -->
+    <string name="plugin">Плагін</string>
+    <string name="plugin_configure">Налаштувати…</string>
+    <string name="plugin_disabled">Вимкнено</string>
+    <string name="plugin_unknown">Невідомий плагін %s</string>
+    <string name="plugin_untrusted">Попередження: цей плагін, здається, не з надійного джерела.</string>
+    <string name="plugin_auto_connect_unlock_only">Цей плагін може не працювати з автоматичним підключенням</string>
+    <string name="proxy_cat">Налаштування сервера</string>
+    <string name="ss_cat">Налаштування Shadowsocks</string>
+    <string name="unsaved_changes_prompt">Зміни не збережено. Ви хочете зберегти?</string>
+    <string name="yes">Так</string>
+    <string name="no">Ні</string>
+    <string name="apply">Застосувати</string>
+    <string name="need_reload">Перезавантажте службу проксі, щоб застосувати зміни</string>
+    <string name="license">Ліцензія</string>
+    <string name="route_warn">Переконайтеся, що ви прочитали документацію перед додаванням власних правил, інакше ви можете не підключитися до Інтернету.</string>
+    <string name="lines">%d рядків</string>
+    <string name="night_mode">Нічний режим</string>
+    <string name="follow_system">Як у системі</string>
+    <string name="enable">Увімкнути</string>
+    <string name="disable">Вимкнути</string>
+    <string name="auto">Авто</string>
+    <string name="enable_log">Увімкнути журнал</string>
+    <string name="enable_log_sum">Для налагодження</string>
+    <string name="list">Список</string>
+    <string name="random">Випадковий</string>
+    <string name="leastPing" translatable="false">Ping</string>
+    <string name="api_port">Порт API</string>
+    <string name="probe_interval">Інтервал спостереження балансувальника</string>
+    <string name="standard">Стандартний</string>
+    <string name="v2rayn" translatable="false">V2RayN</string>
+    <string name="available" translatable="false">%dмс</string>
+    <string name="unavailable">Недоступний</string>
+    <string name="always_show_address">Завжди показувати адресу</string>
+    <string name="always_show_address_sum">Завжди відображати адресу сервера на картці конфігурації</string>
+    <string name="clear_traffic_statistics">Очистити статистику трафіку</string>
+    <string name="connection_test">Тест з\'єднання</string>
+    <string name="connection_test_clear_results">Очистити результати тесту</string>
+    <string name="connection_test_tcp_ping" translatable="false">TCPing</string>
+    <string name="connection_test_tcp_ping_unavailable">TCPing недоступний</string>
+    <string name="connection_test_icmp_ping" translatable="false">ICMPing</string>
+    <string name="connection_test_icmp_ping_unavailable">ICMPing недоступний</string>
+    <string name="connection_test_url_test" translatable="false">URL Test</string>
+    <string name="connection_test_domain_not_found">Домен не знайдено</string>
+    <string name="connection_test_refused">З\'єднання відхилено</string>
+    <string name="connection_test_unreachable">Недоступний</string>
+    <string name="connection_test_timeout">Час очікування минув</string>
+    <string name="append_http_proxy">Додати HTTP-проксі до VPN</string>
+    <string name="append_http_proxy_sum">HTTP-проксі буде використовуватися безпосередньо (браузером / деякими підтримуваними програмами), не проходячи через віртуальний мережевий пристрій (Android 10+)</string>
+    <string name="protocol_settings">Налаштування протоколу</string>
+    <string name="trojan_provider">Постачальник Trojan</string>
+    <string name="group_basic">Основні</string>
+    <string name="group_settings">Налаштування групи</string>
+    <string name="subscription">Підписка</string>
+    <string name="subscription_settings">Налаштування підписки</string>
+    <string name="group_type">Тип групи</string>
+    <string name="subscription_type">Тип підписки</string>
+    <string name="delete_group_prompt">Ви впевнені, що хочете видалити цю групу?</string>
+    <string name="force_resolve">Примусове визначення</string>
+    <string name="force_resolve_sum">Визначати всі доменні імена в IP-адреси під час оновлення. Хост і SNI будуть автоматично додані, якщо це можливо</string>
+    <string name="deduplication_sum">Видаляти дублікати конфігурацій під час оновлення</string>
+    <string name="raw">Raw</string>
+    <string name="update_settings">Налаштування оновлення</string>
+    <string name="auto_update">Автоматичне оновлення</string>
+    <string name="auto_update_delay">Затримка автооновлення (у хвилинах)</string>
+    <string name="update_when_connected_only">Оновлювати лише при підключенні</string>
+    <string name="update_when_connected_only_sum">Запобігати витоку IP-адреси</string>
+    <string name="subscription_user_agent">UserAgent</string>
+    <string name="confirm">Підтвердити</string>
+    <string name="missing_plugin">Відсутній плагін</string>
+    <string name="profile_requiring_plugin">Профіль %s вимагає встановлення плагіна %s, але його не знайдено.</string>
+    <string name="action_learn_more">ДІЗНАТИСЯ БІЛЬШЕ</string>
+    <string name="action_download">ЗАВАНТАЖИТИ</string>
+    <string name="install_from_play_store">Встановити з Play Store</string>
+    <string name="install_from_fdroid">Встановити з F-Droid</string>
+    <string name="download">Завантажити</string>
+    <string name="ooc_subscription_token" translatable="false">OOCv1 API Token</string>
+    <string name="ooc_subscription_token_invalid">Неправильний токен OOCv1</string>
+    <string name="update_subscription_warning">Проксі не підключено, ви впевнені, що хочете продовжити оновлення?</string>
+    <string name="ooc_warning">Попередження</string>
+    <string name="ooc_missing_protocol">Підписка вимагає підтримки протоколу %s, але його не знайдено. Непідтримувані профілі будуть проігноровані.</string>
+    <string name="service_subscription">Служба оновлення підписок</string>
+    <string name="subscription_update">Оновлення підписки</string>
+    <string name="subscription_update_message">Оновлення %s …</string>
+    <string name="group_filter">Фільтр</string>
+    <string name="subscription_used">Використано %s</string>
+    <string name="subscription_traffic">Використано %s / Залишилося %s</string>
+    <string name="subscription_expire">Закінчується: %s</string>
+    <string name="subscription_import">Імпортувати підписку</string>
+    <string name="subscription_import_message">Підтвердьте, що ви хочете імпортувати підписку %s? Якщо ви робите це з ненадійного джерела, це може призвести до витоку вашої IP-адреси та даних про цю дію.</string>
+    <string name="profile_import">Імпортувати профіль</string>
+    <string name="profile_import_message">Підтвердьте, що ви хочете імпортувати профіль %s?</string>
+    <string name="clear_profiles_message">Ви впевнені, що хочете очистити цю групу?</string>
+    <string name="apps">Програми</string>
+    <string name="select_apps">Вибрати програми</string>
+    <string name="apps_message">%d програм</string>
+    <string name="hysteria_obfs">Пароль обфускації</string>
+    <string name="hysteria_auth_type">Тип автентифікації</string>
+    <string name="hysteria_auth_payload">Дані автентифікації</string>
+    <string name="hysteria_upload_mbps">Макс. швидкість вивантаження (у Мбіт/с)</string>
+    <string name="hysteria_download_mbps">Макс. швидкість завантаження (у Мбіт/с)</string>
+    <string name="experimental_settings">Експериментальні</string>
+    <string name="hysteria_stream_receive_window">Вікно прийому потоку QUIC</string>
+    <string name="hysteria_connection_receive_window">Вікно прийому з\'єднання QUIC</string>
+    <string name="hysteria_disable_mtu_discovery">Вимкнути виявлення Path MTU</string>
+    <string name="group_order">Порядок</string>
+    <string name="group_order_origin">За замовчуванням</string>
+    <string name="group_order_by_name">За назвою</string>
+    <string name="group_order_by_delay">За затримкою</string>
+    <string name="plugin_exists_but_on_shit_system">Профіль %s вимагає плагін %s, але ваш виробник обладнання (зазвичай гіганти-капіталісти зі спостереження та виробники шкідливого ПЗ) змінив вашу систему Android, зробивши плагін непридатним для використання.</string>
+    <string name="shadowsocks_plugin_simple_obfs">Simple Obfs (плагін для Shadowsocks)</string>
+    <string name="shadowsocks_plugin_v2ray">V2Ray (плагін для Shadowsocks)</string>
+    <string name="traffic_uplink" translatable="false">%s | %s/с ↑</string>
+    <string name="traffic_downlink" translatable="false">%s | %s/с ↓</string>
+    <string name="traffic_uplink_total" translatable="false">Всього %s ↑</string>
+    <string name="traffic_downlink_total" translatable="false">Всього %s ↓</string>
+    <string name="tcp_connections">%d TCP-з\'єднань</string>
+    <string name="udp_connections">%d UDP-з\'єднань</string>
+    <string name="copy_label">Копіювати назву</string>
+    <string name="copy_package_name">Копіювати назву пакета</string>
+    <string name="open_app">Відкрити програму</string>
+    <string name="open_settings">Відкрити налаштування</string>
+    <string name="open_market">Відкрити в маркеті</string>
+    <string name="create_rule">Створити правило</string>
+    <string name="copy_success">Скопійовано успішно!</string>
+    <string name="copy_failed">Не вдалося скопіювати.</string>
+    <string name="app_no_launcher">Програма не має інтерфейсу.</string>
+    <string name="route_for">Правило для %s</string>
+    <string name="route_need_vpn">Правило маршрутизації %s залежить від VPN, щоб набути чинності, тому воно ігнорується.</string>
+    <string name="profile_traffic_statistics">Статистика трафіку профілю</string>
+    <string name="profile_traffic_statistics_summary">Якщо вимкнено, використаний трафік не буде враховуватися</string>
+    <string name="no_statistics">Статистики ще немає</string>
+    <string name="app_statistics_disabled">Статистика трафіку програм вимкнена</string>
+    <string name="ssh_auth_type_none">Немає</string>
+    <string name="ssh_public_key">Публічний ключ</string>
+    <string name="ssh_private_key">Приватний ключ</string>
+    <string name="ssh_private_key_passphrase">Парольна фраза приватного ключа</string>
+    <string name="translate_platform">Платформа для перекладу</string>
+    <string name="menu_tools">Інструменти</string>
+    <string name="menu_log">Журнали</string>
+    <string name="clear_logcat">Очистити Logcat</string>
+    <string name="wireguard_local_address">Локальна адреса</string>
+    <string name="wireguard_public_key">Публічний ключ піра</string>
+    <string name="wireguard_psk">Pre-Shared Key піра</string>
+    <string name="cloudflare_wrap" translatable="false">Cloudflare Warp</string>
+    <string name="warp_license">CloudFlare Warp – це безкоштовний VPN-провайдер, що використовує WireGuard. Використовуючи його, ви погоджуєтеся з Умовами надання послуг.</string>
+    <string name="warp_generate">Згенерувати конфігурацію</string>
+    <string name="generating">Генерація…</string>
+    <string name="tun_implementation">Реалізація TUN</string>
+    <string name="destination_override">Перевизначити призначення</string>
+    <string name="destination_override_summary">Використовувати перехоплений домен для перезапису адреси призначення, а не лише для маршрутизації</string>
+    <string name="resolve_destination">Визначати призначення</string>
+    <string name="resolve_destination_summary">Якщо адреса призначення є доменом, вона передається далі на основі стратегії IPv6 (конфліктує з FakeDNS)</string>
+    <string name="pcap" translatable="false">Pcap</string>
+    <string name="pcap_notice">Файли Pcap будуть збережені в %s</string>
+    <string name="naive_insecure_concurrency">Небезпечна паралельність</string>
+    <string name="naive_insecure_concurrency_summary">Використовуйте N паралельних тунельних з\'єднань для більшої стійкості в поганих мережевих умовах. Більша кількість з\'єднань полегшує виявлення тунелювання та робить його менш безпечним. Цей проєкт прагне до найсильнішого захисту від аналізу трафіку. Використання його небезпечним способом суперечить його меті. \n\nЯкщо ви все ж таки повинні це використовувати, спробуйте спочатку N=2, щоб побачити, чи це вирішить ваші проблеми. Наполегливо не рекомендується використовувати більше 4 з\'єднань.</string>
+    <string name="stun_test">Виявлення поведінки NAT</string>
+    <string name="stun_test_summary">Визначити поведінку відображення NAT клієнта та поведінку фільтрації NAT, визначену в RFC 3478, за допомогою STUN.</string>
+    <string name="start">Почати</string>
+    <string name="stun_attest_loading">Це може зайняти кілька хвилин…</string>
+    <string name="nat_stun_server_hint">STUN-сервер</string>
+    <string name="nat_result_hint">Результат перевірки NAT</string>
+    <string name="tools_network">Мережа</string>
+    <string name="mtu" translatable="false">MTU</string>
+    <string name="backup">Резервне копіювання</string>
+    <string name="backup_groups_and_configurations">Групи та конфігурації</string>
+    <string name="backup_rules">Правила маршрутизації</string>
+    <string name="backup_settings">Налаштування</string>
+    <string name="backup_summary">Якщо налаштування маршрутизації не будуть збережені разом з конфігураціями, власні вихідні з\'єднання будуть втрачені.</string>
+    <string name="backup_not_file">Не є файлом резервної копії: очікувався .json, але отримано %s</string>
+    <string name="invalid_backup_file">Неправильний файл резервної копії</string>
+    <string name="backup_import">Імпорт</string>
+    <string name="backup_import_summary">Імпортування перезапише наявні дані.</string>
+    <string name="backup_importing">Імпортування…</string>
+    <string name="packet_encoding">Кодування пакетів</string>
+    <string name="acquire_wake_lock">Захоплювати WakeLock</string>
+    <string name="release_wake_lock">Відпускати WakeLock</string>
+    <string name="acquire_wake_lock_summary">Не давати процесору заснути</string>
+    <string name="action_switch">Перемкнути</string>
+    <string name="tuic_udp_relay_mode">Режим ретрансляції UDP</string>
+    <string name="tuic_congestion_controller">Контролер перевантаження</string>
+    <string name="tuic_disable_sni">Вимкнути SNI</string>
+    <string name="tuic_reduce_rtt">Увімкнути 0-RTT QUIC рукостискання</string>
+    <string name="please_update">Ваша програма занадто стара (%s) і перестане працювати %s. Будь ласка, оновіть її!</string>
+    <string name="please_update_force">Ваша програма занадто стара (%s) і перестала працювати %s. Будь ласка, оновіть її!</string>
+    <string name="connection_test_delete_unavailable">Очистити недоступні</string>
+    <string name="move">Перемістити</string>
+    <string name="exe_prefer_provider">Пріоритетний постачальник плагіна</string>
+    <string name="create_shortcut">Створити ярлик</string>
+    <string name="app_tls_version">Мінімальна версія TLS для підписки</string>
+    <string name="hop_interval">Інтервал зміни портів (секунди)</string>
+    <string name="domain_strategy_for_remote">Стратегія доменів для віддаленого</string>
+    <string name="domain_strategy_for_direct">Стратегія доменів для прямого</string>
+    <string name="domain_strategy_for_server">Стратегія доменів для адреси сервера</string>
+    <string name="show_bottom_bar">Показувати нижню панель, як у SagerNet</string>
+    <string name="utls_fingerprint">Відбиток uTLS</string>
+    <string name="custom_outbound_json">Власний JSON вихідного з\'єднання</string>
+    <string name="custom_config_json">Власний JSON конфігурації</string>
+    <string name="is_outbound_only">Встановлений JSON є лише вихідним з\'єднанням</string>
+    <string name="save">Зберегти</string>
+    <string name="set_panel_url">Встановити URL панелі</string>
+    <string name="enable_clash_api">Увімкнути Clash API</string>
+    <string name="log_level">Рівень журналу</string>
+    <string name="enable_clash_api_summary">Надати Clash API та панель yacd за адресою 127.0.0.1:9090</string>
+    <string name="xtls_flow">Flow (підпротокол VLESS)</string>
+    <string name="ads">Реклама</string>
+    <string name="bypass_lan_in_core">Обходити ЛВС в ядрі</string>
+    <string name="need_restart">Перезапустіть програму, щоб застосувати зміни</string>
+    <string name="use_selector">Використовувати селектор</string>
+    <string name="front_proxy">Передній проксі</string>
+    <string name="landing_proxy">Проксі-призначення</string>
+    <string name="action_shadowtls" translatable="false">ShadowTLS</string>
+    <string name="protocol_version">Версія протоколу</string>
+    <string name="share_subscription">Поділитися підпискою</string>
+    <string name="show_group_in_notification">Показувати назву групи у сповіщенні</string>
+    <string name="reset_connections">Скинути з\'єднання</string>
+    <string name="remove_duplicate">Видалити дублікати серверів</string>
+    <string name="mtu_help">Довге натискання на налаштування, щоб встановити власний MTU.</string>
+    <string name="log_level_help">Довге натискання на налаштування, щоб встановити розмір буфера.</string>
+    <string name="tls_camouflage_settings">Налаштування маскування TLS</string>
+    <string name="test_concurrency">Паралелізм тесту</string>
+    <string name="mux_type">Протокол Mux</string>
+    <string name="sniff_routing">Результат аналізу для маршрутизації</string>
+    <string name="sniff_override">Результат аналізу для призначення</string>
+    <string name="resolve_server">Визначати адресу сервера відповідно до політики IPv6</string>
+    <string name="auto_select_proxy_apps">Автоматичний вибір програм для проксі</string>
+    <string name="auto_select_proxy_apps_message">Автоматично вибрати програми для проксі, це очистить ваш поточний вибір.</string>
+    <string name="enable_ech">Увімкнути ECH</string>
+    <string name="enable_ech_sum">Увімкнути Encrypted Client Hello</string>
+    <string name="ech_settings">Налаштування ECH</string>
+    <string name="ech_config">Конфігурація ECH</string>
+    <string name="http_upgrade_host">Хост HTTPUpgrade</string>
+    <string name="http_upgrade_path">Шлях HTTPUpgrade</string>
+    <string name="update_current_subscription">Оновити підписку поточної групи</string>
+    <string name="group_not_subscription">Тип групи не є підпискою</string>
+    <string name="allow_insecure_on_request_sum">Вимкнути перевірку сертифіката під час оновлення підписок</string>
+    <string name="global_allow_insecure">Завжди дозволяти незахищене</string>
+    <string name="mux_preference">Мультиплексування</string>
+    <string name="padding">Заповнення (Padding)</string>
+    <string name="network_change_reset_connections">Скидати вихідні з\'єднання при зміні мережі</string>
+    <string name="wake_reset_connections">Скидати вихідні з\'єднання при виході пристрою зі сну</string>
+</resources>
diff --git a/app/src/main/res/values-zh-rCN/strings.xml b/app/src/main/res/values-zh-rCN/strings.xml
index 5ba3efe9c..29ee46388 100644
--- a/app/src/main/res/values-zh-rCN/strings.xml
+++ b/app/src/main/res/values-zh-rCN/strings.xml
@@ -30,11 +30,11 @@
     <string name="group_show_diff">变化</string>
     <string name="group_delete_confirm_prompt">您确定要删除这个分组吗\?</string>
     <string name="group_added">新增:
-\n%s</string>
+        \n%s</string>
     <string name="group_changed">更新:
-\n%s</string>
+        \n%s</string>
     <string name="group_deleted">删除:
-\n%s</string>
+        \n%s</string>
     <!-- misc -->
     <string name="service_mode">运行模式</string>
     <string name="service_mode_proxy">仅代理</string>
@@ -54,7 +54,7 @@
     <string name="speed_interval">速度通知更新间隔</string>
     <string name="traffic">%1$s↑ %2$s↓</string>
     <string name="speed_detail">代理： %1$s↑ %2$s↓
-\n直连： %3$s↑ %4$s↓</string>
+        \n直连： %3$s↑ %4$s↓</string>
     <string name="speed">%s/s</string>
     <string name="connection_test_testing">测试中…</string>
     <string name="connection_test_available">连接成功: HTTPS 握手耗时 %dms</string>
@@ -190,7 +190,7 @@
     <string name="grpc_service_name">gRPC 服务名称</string>
     <string name="alpn">应用层协议协商</string>
     <string name="group_duplicate">重复:
-\n%s</string>
+        \n%s</string>
     <string name="deduplication">去重</string>
     <string name="version_x">版本 (%s)</string>
     <string name="show_stop">显示停止按钮</string>
@@ -334,7 +334,6 @@
     <string name="clear_profiles_message">您确定要清空该分组吗\?</string>
     <string name="remote_dns">远程 DNS</string>
     <string name="direct_dns">直连 DNS</string>
-    <string name="direct_dns_use_system">使用系统 DNS 作为直连 DNS</string>
     <string name="enable_dns_routing">启用 DNS 路由</string>
     <string name="dns_routing_message">使用直连 DNS 解析绕过路由中的 domains. 注意潜在的 DNS 泄漏</string>
     <string name="enable_fakedns">启用 FakeDNS</string>
@@ -345,7 +344,7 @@
     <string name="apps_message">%d 个应用</string>
     <string name="hysteria_obfs">混淆密码</string>
     <string name="hysteria_auth_type">认证类型</string>
-    <string name="hysteria_auth_payload">认证载荷</string>
+    <string name="hysteria_auth_payload">认证密码</string>
     <string name="hysteria_upload_mbps">最大上行 (Mbps)</string>
     <string name="hysteria_download_mbps">最大下行 (Mbps)</string>
     <string name="experimental_settings">实验性</string>
@@ -356,7 +355,8 @@
     <string name="group_order_origin">原始</string>
     <string name="group_order_by_name">以名称</string>
     <string name="group_order_by_delay">以延时</string>
-    <string name="plugin_exists_but_on_shit_system">配置 %s 需要插件 %s，但你的专有设备供应商（通常也是监视资本主义巨头和恶意软件制造商）篡改了你的安卓系统，使该插件无法使用。</string>
+    <string name="plugin_exists_but_on_shit_system">配置 %s 需要插件
+        %s，但你的专有设备供应商（通常也是监视资本主义巨头和恶意软件制造商）篡改了你的安卓系统，使该插件无法使用。</string>
     <string name="shadowsocks_plugin_v2ray">V2Ray （Shadowsocks Android 插件）</string>
     <string name="shadowsocks_plugin_simple_obfs">Simple Obfs （Shadowsocks Android 插件）</string>
     <string name="menu_traffic">流量</string>
@@ -405,8 +405,8 @@
     <string name="route_opt_block_analysis">屏蔽跟踪器</string>
     <string name="naive_insecure_concurrency">不安全并发</string>
     <string name="naive_insecure_concurrency_summary">使用N个并发的隧道连接，在恶劣的网络条件下更加强大。更多的连接使隧道更容易被发现，安全性更低。这个项目力求对流量分析有最强的安全性。以不安全的方式使用它就违背了它的目的。
-\n
-\n如果你必须使用它，先试试N=2，看看是否能解决你的问题。强烈建议不要在这里使用超过4个连接。</string>
+        \n
+        \n如果你必须使用它，先试试N=2，看看是否能解决你的问题。强烈建议不要在这里使用超过4个连接。</string>
     <string name="tools_network">网络</string>
     <string name="backup">备份</string>
     <string name="backup_groups_and_configurations">分组和配置</string>
@@ -425,16 +425,11 @@
     <string name="please_update">您的 APP (%s) 太旧了喵，%s 再不更新就没的用了喵～</string>
     <string name="please_update_force">您的 APP (%s) 版本过旧，已于 %s 停止工作，请立即升级。</string>
     <string name="connection_test_delete_unavailable">清理不可用配置</string>
-    <string name="neko_plugin">高级插件</string>
-    <string name="neko_plugin_summary">高级插件可以提供原本不支持的协议。\n\n
-任何人都可以编写高级插件，开启相当于给予其控制 NekoBox 的权限，请从信任的来源下载安装。\n\n
-普通插件在关于页面显示，无需手动开启。</string>
     <string name="packet_encoding">包编码</string>
     <string name="action_switch">切换</string>
     <string name="acquire_wake_lock">获取唤醒锁</string>
     <string name="release_wake_lock">释放唤醒锁</string>
     <string name="acquire_wake_lock_summary">保持 CPU 开启</string>
-    <string name="neko_plugin_internal_error">%s 内部错误</string>
     <string name="move">移动</string>
     <string name="subscription_expire">过期: %s</string>
     <string name="update_all_subscription">更新所有订阅</string>
@@ -442,14 +437,13 @@
     <string name="create_shortcut">创建快捷方式</string>
     <string name="app_tls_version">订阅最低 TLS 版本</string>
     <string name="hop_interval">端口跳跃间隔(秒)</string>
-    <string name="dns_network">DNS 查询类型</string>
+    <string name="domain_strategy_for_remote">域名策略（远程）</string>
+    <string name="domain_strategy_for_direct">域名策略（直连）</string>
+    <string name="domain_strategy_for_server">域名策略（服务器地址）</string>
     <string name="tuic_disable_sni">禁用 SNI</string>
     <string name="tuic_reduce_rtt">启用 0-RTT QUIC 握手</string>
-    <string name="tuic_fast_connect">TCP 快速打开</string>
-    <string name="tuic_fast_connect_summary">要求插件和服务器支持</string>
     <string name="tuic_congestion_controller">拥塞控制</string>
     <string name="tuic_udp_relay_mode">UDP 转发模式</string>
-    <string name="tuic_token">令牌</string>
     <string name="menu_dashboard">sing-box 仪表板</string>
     <string name="custom_outbound_json">自定义出站 JSON</string>
     <string name="custom_config_json">自定义配置 JSON</string>
@@ -465,7 +459,7 @@
     <string name="use_selector">启用 selector （免重载切换节点）</string>
     <string name="front_proxy">前置代理</string>
     <string name="landing_proxy">落地代理</string>
-    <string name="shadowtls_version">ShadowTLS 版本</string>
+    <string name="protocol_version">协议版本</string>
     <string name="share_subscription">分享订阅</string>
     <string name="show_group_in_notification">在通知中显示组名</string>
     <string name="reset_connections">重置连接</string>
@@ -474,4 +468,33 @@
     <string name="mtu_help">长按设置项以设置自定义 MTU。</string>
     <string name="log_level_help">长按设置项以设置缓冲区大小。</string>
     <string name="test_concurrency">测试并发</string>
+    <string name="mux_type">Mux 协议</string>
+    <string name="sniff_routing">探测结果用于路由判断</string>
+    <string name="sniff_override">探测结果用于目标地址</string>
+    <string name="resolve_server">根据 IPv6 策略解析服务器地址</string>
+    <string name="auto_select_proxy_apps">自动选择需要代理的应用</string>
+    <string name="auto_select_proxy_apps_message">自动选择需要代理的应用，这将清除您当前的选择。</string>
+    <string name="enable_ech">启用 ECH 技术支持</string>
+    <string name="enable_ech_sum">启用 ECH</string>
+    <string name="ech_settings">ECH 设置</string>
+    <string name="ech_config">ECH 配置</string>
+    <string name="http_upgrade_host">HTTPUpgrade 主机</string>
+    <string name="http_upgrade_path">HTTPUpgrade 路径</string>
+    <string name="update_current_subscription">更新当前组订阅</string>
+    <string name="group_not_subscription">组类型不是订阅</string>
+    <string name="allow_insecure_on_request_sum">更新订阅的时候允许不安全的连接</string>
+    <string name="global_allow_insecure">总是跳过 TLS 证书验证</string>
+    <string name="network_change_reset_connections">当网络发生变化时重置出站连接</string>
+    <string name="wake_reset_connections">当设备从睡眠状态唤醒时重置出站连接</string>
+    <string name="preview_version_hint">本应用为预览版，可能存在诸多问题。若您不愿参与测试，请前往GitHub下载正式发布版本！</string>
+    <string name="check_update_preview">检查预览版更新</string>
+    <string name="check_update_release">检查正式版更新</string>
+    <string name="update_dialog_title">发现新版本</string>
+    <string name="update_dialog_message">当前版本：%1$s\n可升级版本：%2$s\n是否前往下载？</string>
+    <string name="check_update_no">检查成功，但没有更新。</string>
+    <string name="reset_settings">恢复默认设置</string>
+    <string name="reset_settings_message">恢复默认设置，但节点、分组等数据将保留。如需完全清除数据，请在系统设置中直接清除应用数据。</string>
+    <string name="minimize">最小化</string>
+    <string name="app_list_permission_denied">无法读取已安装的应用。\n这通常是由于系统限制了应用的读取权限（例如某些中国厂商系统）。\n请在系统设置中授予权限。</string>
+    <string name="open_app_settings">打开系统设置</string>
 </resources>
\ No newline at end of file
diff --git a/app/src/main/res/values-zh-rHK/strings.xml b/app/src/main/res/values-zh-rHK/strings.xml
index eeb4d1ead..840ee0f1c 100644
--- a/app/src/main/res/values-zh-rHK/strings.xml
+++ b/app/src/main/res/values-zh-rHK/strings.xml
@@ -45,7 +45,7 @@
     <string name="auto_connect_summary">在開機或本程式更新後將自動重新啓用代理</string>
     <string name="delete">移除</string>
     <string name="enable">啟用</string>
-    <string name="donate_info">世界好得意 請比世界錢</string>
+    <string name="donate_info">貓貓好得意 請比貓貓錢</string>
     <string name="route_bypass">繞過</string>
     <string name="route_block">封鎖</string>
     <string name="add_profile_methods_scan_qr_code">掃描二維碼</string>
diff --git a/app/src/main/res/values-zh-rTW/strings.xml b/app/src/main/res/values-zh-rTW/strings.xml
index eeb6f1b3b..695e6cf58 100644
--- a/app/src/main/res/values-zh-rTW/strings.xml
+++ b/app/src/main/res/values-zh-rTW/strings.xml
@@ -1,26 +1,26 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
     <string name="app_desc">適用於 Android 的通用代理工具鏈，由 Kotlin 編寫。</string>
-    <string name="project">專案</string>
+    <string name="project">計畫</string>
     <string name="github">原始碼</string>
     <string name="telegram">Telegram 更新頻道</string>
-    <string name="oss_licenses">開放原始碼授權協定</string>
+    <string name="oss_licenses">開放原始碼授權條款</string>
     <string name="app_version">版本</string>
     <string name="logcat">匯出 debug 所需資訊</string>
     <string name="menu_configuration">設定檔</string>
-    <string name="menu_group">組</string>
+    <string name="menu_group">群組</string>
     <string name="menu_about">關於</string>
     <string name="quick_toggle">切換</string>
     <!-- group -->
     <string name="group_name">群組名稱</string>
     <string name="group_update">更新</string>
-    <string name="group_subscription_link">訂閱連接</string>
+    <string name="group_subscription_link">訂閱連結</string>
     <string name="group_name_required">需要群組名稱</string>
     <string name="group_create">建立新組</string>
     <string name="group_create_subscription">建立新訂閱</string>
     <string name="group_edit">編輯</string>
     <string name="group_edit_subscription">編輯訂閱</string>
-    <string name="group_status_empty">空組</string>
+    <string name="group_status_empty">空白群組</string>
     <string name="group_status_empty_subscription">尚未更新</string>
     <string name="group_status_proxies">%d 個代理</string>
     <string name="group_status_proxies_subscription">%d 個代理 | 更新於 %s</string>
@@ -55,7 +55,7 @@
     <string name="speed_detail">代理： %1$s↑ %2$s↓
 \n直連： %3$s↑ %4$s↓</string>
     <string name="speed">%s/s</string>
-    <string name="connection_test_testing">測試中……</string>
+    <string name="connection_test_testing">正在測試…</string>
     <string name="connection_test_available">成功：HTTPS 握手花費 %dms</string>
     <string name="connection_test_error">失敗：%s</string>
     <string name="connection_test_fail">網路不可用</string>
@@ -69,7 +69,7 @@
     <string name="password">密碼</string>
     <string name="enc_method">加密方式</string>
     <string name="protocol">設定</string>
-    <string name="protocol_param">協定參數</string>
+    <string name="protocol_param">通訊協定參數</string>
     <string name="obfs">混淆</string>
     <string name="obfs_param">混淆參數</string>
     <string name="uuid">使用者 ID</string>
@@ -88,29 +88,29 @@
     <string name="on">啟用</string>
     <string name="off">停用</string>
     <string name="search_apps">搜尋…</string>
-    <string name="scanning">掃描中……</string>
+    <string name="scanning">正在掃描…</string>
     <string name="invert_selections">反向選取</string>
     <string name="clear_selections">清除選取</string>
     <string name="bypass_apps">略過</string>
-    <string name="show_system_apps">顯示系統應用</string>
+    <string name="show_system_apps">顯示系統應用程式</string>
     <string name="auto_connect">自動連線</string>
-    <string name="auto_connect_summary">如果代理在開機或應用更新前正在運行則自動啓動</string>
-    <string name="direct_boot_aware">允許與解鎖前啓動</string>
-    <string name="direct_boot_aware_summary">您選取的設定檔將受到較少的保護</string>
+    <string name="auto_connect_summary">如果代理在開機或應用更新前正在執行則自動啟動</string>
+    <string name="direct_boot_aware">允許螢幕鎖定時切換</string>
+    <string name="direct_boot_aware_summary">您選取的設定檔資訊將受到較少保護</string>
     <!-- notification category -->
     <string name="service_vpn">VPN 服務</string>
     <string name="service_proxy">代理服務</string>
     <string name="forward_success">SagerNet 已啟動。</string>
     <string name="invalid_server">伺服器名稱無效</string>
     <string name="stop">停止</string>
-    <string name="stopping">關閉中……</string>
+    <string name="stopping">正在關閉…</string>
     <string name="vpn_error">%s</string>
     <string name="vpn_permission_denied">建立 VPN 服務的權限被拒</string>
     <string name="reboot_required">無法啟動 VPN 服務，您可能需要重新啟動您的裝置。</string>
     <!-- alert category -->
-    <string name="profile_empty">請選擇一個設定檔</string>
+    <string name="profile_empty">請選取一個設定檔</string>
     <string name="connect">連線</string>
-    <string name="clipboard_empty">剪貼簿為空</string>
+    <string name="clipboard_empty">剪貼簿為空白</string>
     <!-- menu category -->
     <string name="settings">設定</string>
     <string name="edit">編輯</string>
@@ -136,25 +136,25 @@
     <string name="add_profile_methods_scan_qr_code">掃描 QR 碼</string>
     <string name="add_profile_methods_manual_settings">手動設定</string>
     <plurals name="removed">
-        <item quantity="other">已刪除 %d 項</item>
+        <item quantity="other">已移除 %d 個項目</item>
     </plurals>
     <plurals name="added">
-        <item quantity="other">已新增 %d 個配置</item>
+        <item quantity="other">已新增 %d 個代理</item>
     </plurals>
     <string name="undo">復原</string>
     <!-- tasker -->
     <!-- status -->
-    <string name="connecting">連線中……</string>
+    <string name="connecting">正在連線…</string>
     <string name="vpn_connected">已連線，輕觸以檢查連線能力</string>
     <string name="not_connected">未連線</string>
     <!-- subscriptions -->
     <string name="subscriptions">訂閱</string>
     <string name="cleartext_http_warning">純文字 HTTP 流量並不安全</string>
     <string name="error_title">錯誤</string>
-    <string name="no_proxies_found">此連接不包含任何代理</string>
+    <string name="no_proxies_found">此連結不包含任何代理</string>
     <!-- plugin -->
     <string name="plugin">外掛程式</string>
-    <string name="plugin_configure">設定……</string>
+    <string name="plugin_configure">設定…</string>
     <string name="plugin_disabled">已停用</string>
     <string name="plugin_unknown">未知外掛程式 %s</string>
     <string name="plugin_untrusted">警告：此外掛程式並非來自可靠的可信來源。</string>
@@ -164,11 +164,11 @@
     <string name="yes">是</string>
     <string name="no">否</string>
     <string name="apply">套用</string>
-    <string name="license">授權協定</string>
-    <string name="document">文檔</string>
+    <string name="license">授權條款</string>
+    <string name="document">文件</string>
     <string name="early_data_header_name">前置資料標頭</string>
-    <string name="certificates">憑證（鏈結）</string>
-    <string name="alpn">應用層協定協商</string>
+    <string name="certificates">憑證</string>
+    <string name="alpn">應用層通訊協定協商</string>
     <string name="grpc_service_name">gRPC 服務名稱</string>
     <string name="http_path">HTTP 路徑</string>
     <string name="http_host">HTTP 主機</string>
@@ -214,7 +214,7 @@
     <string name="route_proxy">代理</string>
     <string name="route_bypass">繞過</string>
     <string name="route_block">封鎖</string>
-    <string name="route_profile">選擇設定檔…</string>
+    <string name="route_profile">選取設定檔…</string>
     <string name="empty_route">空白路由規則</string>
     <string name="empty_route_notice">在儲存前設定一些規則</string>
     <string name="route_bypass_domain">%s 網域規則</string>
@@ -236,7 +236,7 @@
     <string name="mux_concurrency">多工器同時連線數目</string>
     <string name="tcp_keep_alive_interval">TCP 保持連線傳送間隔</string>
     <string name="service_failed">失敗：</string>
-    <string name="select_profile">選擇設定檔</string>
+    <string name="select_profile">選取設定檔</string>
     <string name="proxy_chain">代理鏈結</string>
     <string name="custom_config">客製化設定檔</string>
     <string name="balancer">負載平衡器</string>
@@ -269,7 +269,7 @@
     <string name="auto">自動</string>
     <string name="enable_log">啟用記錄檔</string>
     <string name="enable_log_sum">用於除錯用途</string>
-    <string name="list">列表</string>
+    <string name="list">清單</string>
     <string name="random">隨機</string>
     <string name="api_port">API 連接埠</string>
     <string name="probe_interval">負載平衡器觀測間隔</string>
@@ -284,7 +284,7 @@
     <string name="connection_test_icmp_ping_unavailable">ICMPing 無法使用</string>
     <string name="connection_test_domain_not_found">網域不存在</string>
     <string name="connection_test_refused">連線被拒</string>
-    <string name="donate_info">世界很可愛 請給世界錢</string>
+    <string name="donate_info">貓貓很可愛 請給貓貓錢</string>
     <string name="connection_test_unreachable">無法連線</string>
     <string name="connection_test_timeout">逾時</string>
     <string name="append_http_proxy">為 VPN 附加 HTTP 代理</string>
@@ -319,10 +319,10 @@
     <string name="ooc_subscription_token_invalid">無效的 OOCv1 權杖</string>
     <string name="update_subscription_warning">代理尚未連線，您真的希望繼續更新嗎？</string>
     <string name="ooc_warning">警告</string>
-    <string name="ooc_missing_protocol">此訂閱需要 %s 協定支援，但其未被安裝，不支援的設定檔將被忽略。</string>
+    <string name="ooc_missing_protocol">此訂閱需支援 %s 通訊協定，但其未被安裝，不支援的設定檔將被忽略。</string>
     <string name="service_subscription">訂閱更新服務</string>
     <string name="subscription_update">訂閱更新</string>
-    <string name="subscription_update_message">更新 %s 中…</string>
+    <string name="subscription_update_message">正在更新 %s …</string>
     <string name="group_filter">篩選</string>
     <string name="subscription_used">已用 %s</string>
     <string name="subscription_traffic">已用 %s / 剩餘 %s</string>
@@ -350,10 +350,10 @@
     <string name="copy_failed">複製失敗。</string>
     <string name="copy_success">成功複製！</string>
     <string name="create_rule">建立規則</string>
-    <string name="open_market">打開應用商店</string>
-    <string name="open_settings">打開設定</string>
-    <string name="open_app">打開應用程式</string>
-    <string name="copy_package_name">複製軟體包名稱</string>
+    <string name="open_market">開啟應用商店</string>
+    <string name="open_settings">開啟設定</string>
+    <string name="open_app">開啟應用程式</string>
+    <string name="copy_package_name">複製應用程式套件名稱</string>
     <string name="copy_label">複製名稱</string>
     <string name="udp_connections">%d 個 UDP 連線</string>
     <string name="tcp_connections">%d 個 TCP 連線</string>
@@ -367,7 +367,7 @@
     <string name="experimental_settings">實驗性</string>
     <string name="hysteria_download_mbps">最大下載速度（Mbps）</string>
     <string name="hysteria_upload_mbps">最大上傳速度（Mbps）</string>
-    <string name="hysteria_auth_payload">認證承載</string>
+    <string name="hysteria_auth_payload">認證密碼</string>
     <string name="hysteria_auth_type">認證類型</string>
     <string name="hysteria_obfs">混淆密碼</string>
     <string name="menu_tools">工具</string>
@@ -384,31 +384,31 @@
     <string name="wireguard_psk">節點預先共用金鑰</string>
     <string name="warp_license">CloudFlare Warp 是一個免費的 WireGuard VPN 提供者。使用此服務表示您同意其服務條款。</string>
     <string name="warp_generate">產生設定檔</string>
-    <string name="generating">正在產生……</string>
+    <string name="generating">正在產生…</string>
     <string name="pcap_notice">Pcap 檔案將被儲存至 %s</string>
     <string name="profile_traffic_statistics">設定檔流量統計資料</string>
     <string name="resolve_destination_summary">如果目的地位址是一個網域，則基於 IPv6 策略傳出。</string>
     <string name="destination_override_summary">使用被偵測到的網域複寫目的地位址，而不是僅用於路由</string>
     <string name="route_opt_block_analysis">封鎖分析</string>
-    <string name="route_play_store">%s 谷歌Play商店規則</string>
+    <string name="route_play_store">%s Google Play商店規則</string>
     <string name="naive_insecure_concurrency">不安全並發</string>
     <string name="stun_test">NAT 行為尋找</string>
     <string name="naive_insecure_concurrency_summary">使用N個並發的隧道能使網路條件較差时更加可用。但數量越多，越易被偵測，安全性越低。由於本項目致力於面對流量分析的安全性，以不安全的方式使用違背了其初忠。
 \n
 \n如一定要使用，請先嘗試 N=2，觀察其是否解決了您的問題。強烈反對於此使用多於4個隧道。</string>
     <string name="stun_attest_loading">這可能需要數分鐘…</string>
-    <string name="stun_test_summary">使用 STUN 確定客戶端的 NAT 映射行為和 RFC 5780 中定義的 NAT 過濾行為。</string>
+    <string name="stun_test_summary">使用 STUN 確定用戶端的 NAT 映射行為和 RFC 5780 中定義的 NAT 篩選行為。</string>
     <string name="start">開始</string>
     <string name="backup">備份</string>
     <string name="backup_rules">路由規則</string>
-    <string name="invalid_backup_file">無效的備份文件</string>
+    <string name="invalid_backup_file">無效的備份檔</string>
     <string name="tools_network">網路</string>
-    <string name="backup_settings">設置</string>
-    <string name="backup_import">導入</string>
-    <string name="backup_import_summary">導入將覆蓋現有數據。</string>
-    <string name="backup_importing">正在導入…</string>
-    <string name="backup_groups_and_configurations">分組和配置</string>
-    <string name="backup_summary">如果路由規則不與配置一起備份，則自定義出站將丟失。</string>
-    <string name="backup_not_file">不是一個備份文件，預計 .json，但 %s</string>
-    <string name="packet_encoding">包編碼</string>
-</resources>
\ No newline at end of file
+    <string name="backup_settings">設定</string>
+    <string name="backup_import">匯入</string>
+    <string name="backup_import_summary">匯入將覆蓋現有資料。</string>
+    <string name="backup_importing">正在匯入…</string>
+    <string name="backup_groups_and_configurations">分組和設定檔</string>
+    <string name="backup_summary">如果路由規則不與設定檔一起備份，則自訂出站將丟失。</string>
+    <string name="backup_not_file">不是一個備份檔案，預計 .json，但 %s</string>
+    <string name="packet_encoding">封包編碼</string>
+</resources>
diff --git a/app/src/main/res/values/arrays.xml b/app/src/main/res/values/arrays.xml
index 1b9111d95..a5da08b33 100644
--- a/app/src/main/res/values/arrays.xml
+++ b/app/src/main/res/values/arrays.xml
@@ -263,6 +263,7 @@
         <item>http</item>
         <item>quic</item>
         <item>grpc</item>
+        <item>httpupgrade</item>
     </string-array>
 
     <string-array name="trojan_go_networks_entry">
@@ -331,6 +332,10 @@
         <item>TPROXY</item>
     </string-array>
 
+    <string-array name="mieru_protocol">
+        <item>TCP</item>
+        <item>UDP</item>
+    </string-array>
 
     <string-array name="naive_proto_entry">
         <item>HTTPS</item>
@@ -358,6 +363,8 @@
     <string-array name="rules_dat_provider">
         <item>@string/route_rules_official</item>
         <item>Loyalsoldier (soffchen/sing-geosite)</item>
+        <item>Chocolate4U/Iran-sing-box-rules</item>
+        <item>L11R/Antizapret-sing-box-geo</item>
     </string-array>
 
     <string-array name="balancer_type">
@@ -386,6 +393,16 @@
         <item>BASE64</item>
     </string-array>
 
+    <string-array name="hysteria_version">
+        <item>1</item>
+        <item>2</item>
+    </string-array>
+
+    <string-array name="tuic_version">
+        <item>5</item>
+        <item>4</item>
+    </string-array>
+
     <string-array name="socks_versions">
         <item>SOCKS4</item>
         <item>SOCKS4A</item>
@@ -412,6 +429,7 @@
     <string-array name="tun_implementation">
         <item>gVisor</item>
         <item>System</item>
+        <item>Mixed</item>
     </string-array>
 
     <string-array name="hysteria_protocol">
@@ -433,11 +451,18 @@
 
     <string-array name="mux_select_init" />
 
+    <string-array name="mux_type">
+        <item>h2mux</item>
+        <item>smux</item>
+        <item>yamux</item>
+    </string-array>
+
     <string-array name="dns_network_select">
-        <item>NoRemoteIPv4</item>
-        <item>NoRemoteIPv6</item>
-        <item>NoDirectIPv4</item>
-        <item>NoDirectIPv6</item>
+        <item>auto</item>
+        <item>prefer_ipv6</item>
+        <item>prefer_ipv4</item>
+        <item>ipv4_only</item>
+        <item>ipv6_only</item>
     </string-array>
 
     <string-array name="exe_prefer_provider">
@@ -464,23 +489,11 @@
         <item>randomized</item>
     </string-array>
 
-    <string-array name="tuic_udp_relay_mode_entry">
-        <item>NATIVE</item>
-        <item>QUIC</item>
-    </string-array>
-
     <string-array name="tuic_udp_relay_mode_value">
         <item>native</item>
         <item>quic</item>
     </string-array>
 
-    <string-array name="tuic_congestion_controller_entry">
-        <item>CUBIC</item>
-        <item>NEW RENO</item>
-        <item>BBR</item>
-    </string-array>
-
-
     <string-array name="tuic_congestion_controller_value">
         <item>cubic</item>
         <item>new_reno</item>
@@ -511,4 +524,10 @@
         <item>3</item>
     </string-array>
 
+    <string-array name="traffic_sniffing_values">
+        <item>@string/off</item>
+        <item>@string/sniff_routing</item>
+        <item>@string/sniff_override</item>
+    </string-array>
+
 </resources>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 3cf2cc146..cd2701bca 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -68,10 +68,12 @@
     <string name="show_stop">Show Stop Button</string>
     <string name="show_stop_sum">If you don’t want to use Quick Tile as the switch</string>
     <string name="show_direct_speed">Show Direct Speed</string>
-    <string name="show_direct_speed_sum">Show the traffic speed without proxy in the notification as well</string>
+    <string name="show_direct_speed_sum">Show the traffic speed without proxy in the notification as
+        well</string>
     <string name="security_settings">TLS Security Settings</string>
     <string name="allow_insecure">Allow Insecure</string>
-    <string name="allow_insecure_sum">Disable certificate checking. When enabled, this configuration is as secure as plaintext</string>
+    <string name="allow_insecure_sum">Disable certificate checking. When enabled, this configuration
+        is as secure as plaintext</string>
     <string name="traffic" translatable="false">%1$s↑ %2$s↓</string>
     <string name="speed_detail">Proxy： %1$s↑ %2$s↓\nDirect： %3$s↑ %4$s↓</string>
     <string name="speed">%s/s</string>
@@ -84,11 +86,12 @@
     <string name="cag_dns">DNS Settings</string>
     <string name="remote_dns">Remote DNS</string>
     <string name="direct_dns">Direct DNS</string>
-    <string name="direct_dns_use_system">Use system DNS as Direct DNS</string>
     <string name="enable_dns_routing">Enable DNS Routing</string>
-    <string name="dns_routing_message">Resolve domains in bypass routes with Direct DNS. Be aware of potential DNS leaks</string>
+    <string name="dns_routing_message">Resolve domains in bypass routes with Direct DNS. Be aware of
+        potential DNS leaks</string>
     <string name="enable_fakedns">Enable FakeDNS</string>
-    <string name="fakedns_message">May cause other applications need to be restarted to reconnect to the network after proxy stopped</string>
+    <string name="fakedns_message">May cause other applications need to be restarted to reconnect to
+        the network after proxy stopped</string>
     <string name="dns_hosts">Domain rewrite</string>
     <string name="port_local_dns">Local DNS Port</string>
     <string name="require_transproxy">Enable Transproxy Inbound</string>
@@ -162,7 +165,9 @@
     <string name="domain_strategy">Domain Resolution Strategy</string>
     <string name="traffic_sniffing">Enable Traffic Sniffing</string>
     <string name="enable_mux">Enable Multiplexer</string>
-    <string name="mux_sum">Mux is designed to reduce TCP handshake latency, not to increase connection throughput. Using Mux to watch videos, download or speed test is usually counter productive. If the server does not support it, you will not be able to access the Internet.</string>
+    <string name="mux_sum">Mux is designed to reduce TCP handshake latency, not to increase
+        connection throughput. Using Mux to watch videos, download or speed test is usually counter
+        productive. If the server does not support it, you will not be able to access the Internet.</string>
     <string name="mux_concurrency">Mux Concurrent Connections</string>
     <string name="tcp_keep_alive_interval">TCP keep active packet delivery interval</string>
     <string name="proxied_apps">Apps VPN mode</string>
@@ -178,7 +183,8 @@
     <string name="auto_connect">Auto Connect</string>
     <string name="auto_connect_summary">Enable proxy on startup/app update if it was running before</string>
     <string name="direct_boot_aware">Allow Toggling in Lock Screen</string>
-    <string name="direct_boot_aware_summary">Your selected profile information will be less protected</string>
+    <string name="direct_boot_aware_summary">Your selected profile information will be less
+        protected</string>
     <!-- notification category -->
     <string name="service_vpn">VPN Service</string>
     <string name="service_proxy">Proxy Service</string>
@@ -189,7 +195,8 @@
     <string name="stopping">Shutting down…</string>
     <string name="vpn_error">%s</string>
     <string name="vpn_permission_denied">Permission denied to create a VPN service</string>
-    <string name="reboot_required">Failed to start VPN service. You might need to reboot your device.</string>
+    <string name="reboot_required">Failed to start VPN service. You might need to reboot your
+        device.</string>
     <!-- alert category -->
     <string name="profile_empty">Please select a profile</string>
     <string name="connect">Connect</string>
@@ -207,8 +214,9 @@
     <string name="action_vmess" translatable="false">VMess</string>
     <string name="action_trojan" translatable="false">Trojan</string>
     <string name="action_trojan_go" translatable="false">Trojan Go</string>
+    <string name="action_mieru" translatable="false">Mieru</string>
     <string name="action_naive" translatable="false">Naïve</string>
-    <string name="action_ping_tunnel" translatable="false">Ping Tunnel</string>
+    <string name="action_anytls" translatable="false">AnyTLS</string>
     <string name="action_hysteria" translatable="false">Hysteria</string>
     <string name="action_ssh" translatable="false">SSH</string>
     <string name="action_wireguard" translatable="false">WireGuard</string>
@@ -236,7 +244,8 @@
     <string name="action_export_err">Failed to export.</string>
     <string name="action_import_msg">Successfully import!</string>
     <string name="action_import_err">Failed to import.</string>
-    <string name="file_manager_missing">Your device lacks an Android standard file selector, please install one, such as Material Files.</string>
+    <string name="file_manager_missing">Your device lacks an Android standard file selector, please
+        install one, such as Material Files.</string>
     <!-- share -->
     <!-- profile -->
     <string name="profile_config">Profile config</string>
@@ -279,7 +288,8 @@
     <string name="plugin_configure">Configure…</string>
     <string name="plugin_disabled">Disabled</string>
     <string name="plugin_unknown">Unknown plugin %s</string>
-    <string name="plugin_untrusted">Warning: This plugin does not seem to come from a known trusted source.</string>
+    <string name="plugin_untrusted">Warning: This plugin does not seem to come from a known trusted
+        source.</string>
     <string name="plugin_auto_connect_unlock_only">This plugin might not work with Auto Connect</string>
     <string name="proxy_cat">Server Settings</string>
     <string name="ss_cat">Shadowsocks Settings</string>
@@ -289,7 +299,8 @@
     <string name="apply">Apply</string>
     <string name="need_reload">Reload proxy service to apply changes</string>
     <string name="license">License</string>
-    <string name="route_warn">Make sure you have read the documentation before adding custom rules, otherwise you may not be able to connect to the Internet.</string>
+    <string name="route_warn">Make sure you have read the documentation before adding custom rules,
+        otherwise you may not be able to connect to the Internet.</string>
     <string name="lines">%d Lines</string>
     <string name="night_mode">Night Mode</string>
     <string name="follow_system">Follow System</string>
@@ -308,7 +319,8 @@
     <string name="available" translatable="false">%dms</string>
     <string name="unavailable">Unavailable</string>
     <string name="always_show_address">Always Show Address</string>
-    <string name="always_show_address_sum">Always display the server address on the configuration card</string>
+    <string name="always_show_address_sum">Always display the server address on the configuration
+        card</string>
     <string name="clear_traffic_statistics">Clear traffic statistics</string>
     <string name="connection_test">Connection test</string>
     <string name="connection_test_clear_results">Clear test results</string>
@@ -322,7 +334,8 @@
     <string name="connection_test_unreachable">Unreachable</string>
     <string name="connection_test_timeout">Timeout</string>
     <string name="append_http_proxy">Append HTTP Proxy to VPN</string>
-    <string name="append_http_proxy_sum">HTTP proxy will be used directly from (browser/ some supported apps), without going through the virtual NIC device (Android 10+)</string>
+    <string name="append_http_proxy_sum">HTTP proxy will be used directly from (browser/ some
+        supported apps), without going through the virtual NIC device (Android 10+)</string>
     <string name="protocol_settings">Protocol Settings</string>
     <string name="trojan_provider">Trojan Provider</string>
     <string name="group_basic">Basic</string>
@@ -333,7 +346,8 @@
     <string name="subscription_type">Subscription Type</string>
     <string name="delete_group_prompt">Are you sure you want to remove this group?</string>
     <string name="force_resolve">Force Resolve</string>
-    <string name="force_resolve_sum">Resolve all domain names to IP addresses when updating. Host and SNI will be automatically appended if possible</string>
+    <string name="force_resolve_sum">Resolve all domain names to IP addresses when updating. Host
+        and SNI will be automatically appended if possible</string>
     <string name="deduplication_sum">Remove duplicate configurations when updating</string>
     <string name="raw">Raw</string>
     <string name="update_settings">Update Settings</string>
@@ -344,7 +358,8 @@
     <string name="subscription_user_agent">UserAgent</string>
     <string name="confirm">Confirm</string>
     <string name="missing_plugin">Missing Plugin</string>
-    <string name="profile_requiring_plugin">Profile %s requires the %s plugin to be installed, but it was not found.</string>
+    <string name="profile_requiring_plugin">Profile %s requires the %s plugin to be installed, but
+        it was not found.</string>
     <string name="action_learn_more">LEARN MORE</string>
     <string name="action_download">DOWNLOAD</string>
     <string name="install_from_play_store">Install from Play Store</string>
@@ -352,9 +367,11 @@
     <string name="download">Download</string>
     <string name="ooc_subscription_token" translatable="false">OOCv1 API Token</string>
     <string name="ooc_subscription_token_invalid">Invalid OOCv1 Token</string>
-    <string name="update_subscription_warning">Proxy is not connected, are you sure you want to continue updating?</string>
+    <string name="update_subscription_warning">Proxy is not connected, are you sure you want to
+        continue updating?</string>
     <string name="ooc_warning">Warning</string>
-    <string name="ooc_missing_protocol">The subscription requires support for protocol %s, but it cannot be found. Unsupported profiles will be ignored.</string>
+    <string name="ooc_missing_protocol">The subscription requires support for protocol %s, but it
+        cannot be found. Unsupported profiles will be ignored.</string>
     <string name="service_subscription">Subscription Update Service</string>
     <string name="subscription_update">Subscription Update</string>
     <string name="subscription_update_message">Updating %s …</string>
@@ -363,7 +380,9 @@
     <string name="subscription_traffic">%s Used / %s Remaining</string>
     <string name="subscription_expire">Expire: %s</string>
     <string name="subscription_import">Import subscription</string>
-    <string name="subscription_import_message">Confirm you want to import subscription %s? If you are coming from an untrusted source, doing this may result in your IP and this behavior being leaked.</string>
+    <string name="subscription_import_message">Confirm you want to import subscription %s? If you
+        are coming from an untrusted source, doing this may result in your IP and this behavior
+        being leaked.</string>
     <string name="profile_import">Import profile</string>
     <string name="profile_import_message">Confirm you want to import profile %s?</string>
     <string name="clear_profiles_message">Are you sure you want to clear this group?</string>
@@ -383,7 +402,9 @@
     <string name="group_order_origin">Origin</string>
     <string name="group_order_by_name">By Name</string>
     <string name="group_order_by_delay">By Delay</string>
-    <string name="plugin_exists_but_on_shit_system">Profile %s requires the %s plugin, but your proprietary equipment vendor (usually surveillance capital giants and malware maker) tampered with your Android, making the plugin unusable.</string>
+    <string name="plugin_exists_but_on_shit_system">Profile %s requires the %s plugin, but your
+        proprietary equipment vendor (usually surveillance capital giants and malware maker)
+        tampered with your Android, making the plugin unusable.</string>
 
     <string name="shadowsocks_plugin_simple_obfs">Simple Obfs (Shadowsocks Android Plugin)</string>
     <string name="shadowsocks_plugin_v2ray">V2Ray (Shadowsocks Android Plugin)</string>
@@ -409,10 +430,12 @@
     <string name="app_no_launcher">The app has no interface.</string>
     <string name="route_for">Rule for %s</string>
 
-    <string name="route_need_vpn">Routing rule %s relies on the VPN to be in effect, so it is ignored.</string>
+    <string name="route_need_vpn">Routing rule %s relies on the VPN to be in effect, so it is
+        ignored.</string>
 
     <string name="profile_traffic_statistics">Profile Traffic Statistics</string>
-    <string name="profile_traffic_statistics_summary">When disabled, the used traffic will not be counted</string>
+    <string name="profile_traffic_statistics_summary">When disabled, the used traffic will not be
+        counted</string>
     <string name="no_statistics">No statistics yet</string>
     <string name="app_statistics_disabled">App Traffic statistics disabled</string>
     <string name="ssh_auth_type_none">None</string>
@@ -428,21 +451,29 @@
     <string name="wireguard_psk">Peer Pre-Shared Key</string>
 
     <string name="cloudflare_wrap" translatable="false">Cloudflare Warp</string>
-    <string name="warp_license">CloudFlare Warp is a free WireGuard VPN provider. By using it, you agree to the TOS.</string>
+    <string name="warp_license">CloudFlare Warp is a free WireGuard VPN provider. By using it, you
+        agree to the TOS.</string>
     <string name="warp_generate">Generate Configuration</string>
     <string name="generating">Generating…</string>
     <string name="tun_implementation">TUN Implementation</string>
     <string name="destination_override">Override Destination</string>
-    <string name="destination_override_summary">Use the sniffed domain to overwrite the destination address, not just for routing</string>
+    <string name="destination_override_summary">Use the sniffed domain to overwrite the destination
+        address, not just for routing</string>
     <string name="resolve_destination">Resolve Destination</string>
-    <string name="resolve_destination_summary">If the destination address is a domain, it is then passed out based on the IPv6 strategy (conflicts with FakeDNS)</string>
+    <string name="resolve_destination_summary">If the destination address is a domain, it is then
+        passed out based on the IPv6 strategy (conflicts with FakeDNS)</string>
     <string name="pcap" translatable="false">Pcap</string>
     <string name="pcap_notice">Pcap files will be saved to %s</string>
     <string name="naive_insecure_concurrency">Insecure Concurrency</string>
-    <string name="naive_insecure_concurrency_summary">Use N concurrent tunnel connections to be more robust under bad network conditions. More connections make the tunneling easier to detect and less secure. This project strives for the strongest security against traffic analysis. Using it in an insecure way defeats its purpose. \n\nIf you must use this, try N=2 first to see if it solves your issues. Strongly recommend against using more than 4 connections here.</string>
+    <string name="naive_insecure_concurrency_summary">Use N concurrent tunnel connections to be more
+        robust under bad network conditions. More connections make the tunneling easier to detect
+        and less secure. This project strives for the strongest security against traffic analysis.
+        Using it in an insecure way defeats its purpose. \n\nIf you must use this, try N=2 first to
+        see if it solves your issues. Strongly recommend against using more than 4 connections here.</string>
 
     <string name="stun_test">NAT behaviour discovery</string>
-    <string name="stun_test_summary">Determine the client\'s NAT mapping behaviour and the NAT filtering behaviour defined in RFC 3478 using STUN.</string>
+    <string name="stun_test_summary">Determine the client\'s NAT mapping behaviour and the NAT
+        filtering behaviour defined in RFC 3478 using STUN.</string>
     <string name="start">Start</string>
     <string name="stun_attest_loading">This may take a few minutes…</string>
     <string name="nat_stun_server_hint">Stun server</string>
@@ -454,7 +485,8 @@
     <string name="backup_groups_and_configurations">Groups and configurations</string>
     <string name="backup_rules">Routing rules</string>
     <string name="backup_settings">Settings</string>
-    <string name="backup_summary">If the routing settings are not backed up with configurations, then custom outbounds will be lost.</string>
+    <string name="backup_summary">If the routing settings are not backed up with configurations,
+        then custom outbounds will be lost.</string>
     <string name="backup_not_file">Not an backup file: excepted .json, but %s</string>
     <string name="invalid_backup_file">Invalid backup file</string>
     <string name="backup_import">Import</string>
@@ -467,27 +499,24 @@
     <string name="acquire_wake_lock_summary">Keep the CPU on</string>
     <string name="action_switch">Switch</string>
 
-    <string name="tuic_token">Token</string>
     <string name="tuic_udp_relay_mode">UDP Relay Mode</string>
     <string name="tuic_congestion_controller">Congestion Controller</string>
     <string name="tuic_disable_sni">Disable SNI</string>
     <string name="tuic_reduce_rtt">Enable 0-RTT QUIC handshake</string>
-    <string name="tuic_fast_connect">TCP Fast Connect</string>
-    <string name="tuic_fast_connect_summary">Requires plugin and server support</string>
 
-    <string name="please_update">Your APP is too old (%s). And will stop working at %s. Please update!</string>
-    <string name="please_update_force">Your APP is too old (%s). And has been stopped working at %s. Please update!</string>
+    <string name="please_update">Your APP is too old (%s). And will stop working at %s. Please
+        update!</string>
+    <string name="please_update_force">Your APP is too old (%s). And has been stopped working at %s.
+        Please update!</string>
     <string name="connection_test_delete_unavailable">Clear unavailable</string>
-    <string name="neko_plugin">Advanced plugin</string>
-    <string name="neko_plugin_summary">Advanced plugins can provide protocols that are not originally supported.\n\n
-Anyone can write advanced plugins, which can control NekoBox. please download and install from trusted sources.</string>
-    <string name="neko_plugin_internal_error">%s internal error</string>
     <string name="move">Move</string>
     <string name="exe_prefer_provider">Plugin Preferred Provider</string>
     <string name="create_shortcut">Create Shortcut</string>
     <string name="app_tls_version">Subscription Min TLS Version</string>
     <string name="hop_interval">Port Hopping Interval(second)</string>
-    <string name="dns_network">DNS query type</string>
+    <string name="domain_strategy_for_remote">Domain strategy for Remote</string>
+    <string name="domain_strategy_for_direct">Domain strategy for Direct</string>
+    <string name="domain_strategy_for_server">Domain strategy for Server address</string>
     <string name="show_bottom_bar">Show bottom bar like SagerNet</string>
     <string name="utls_fingerprint">uTLS fingerprint</string>
     <string name="custom_outbound_json">Custom outbound JSON</string>
@@ -506,14 +535,46 @@ Anyone can write advanced plugins, which can control NekoBox. please download an
     <string name="front_proxy">Front proxy</string>
     <string name="landing_proxy">Landing Proxy</string>
     <string name="action_shadowtls" translatable="false">ShadowTLS</string>
-    <string name="shadowtls_version">ShadowTLS Version</string>
+    <string name="protocol_version">Protocol Version</string>
     <string name="share_subscription">Share Subscription</string>
-    <string name="show_group_in_notification">Show group name in in notification</string>
+    <string name="show_group_in_notification">Show group name in notification</string>
     <string name="reset_connections">Reset Connections</string>
     <string name="remove_duplicate">Remove duplicate servers</string>
     <string name="mtu_help">Long press the preference to set custom MTU.</string>
     <string name="log_level_help">Long press the preference to set the buffer size.</string>
     <string name="tls_camouflage_settings">TLS Camouflage Settings</string>
     <string name="test_concurrency">Test concurrency</string>
-
+    <string name="mux_type">Mux protocol</string>
+    <string name="sniff_routing">Sniff result for routing</string>
+    <string name="sniff_override">Sniff result for destination</string>
+    <string name="resolve_server">Resolve the server address according to the IPv6 policy</string>
+    <string name="auto_select_proxy_apps">Auto select proxy apps</string>
+    <string name="auto_select_proxy_apps_message">Auto select proxy apps, this will clear your
+        current selection.</string>
+    <string name="enable_ech">Enable ECH</string>
+    <string name="enable_ech_sum">Enable Encrypted Client Hello</string>
+    <string name="ech_settings">ECH Settings</string>
+    <string name="ech_config">ECH Config</string>
+    <string name="http_upgrade_host">HTTPUpgrade Host</string>
+    <string name="http_upgrade_path">HTTPUpgrade Path</string>
+    <string name="update_current_subscription">Update current Group\'s subscription</string>
+    <string name="group_not_subscription">Group type is not subscription</string>
+    <string name="allow_insecure_on_request_sum">Disable certificate checking when updating
+        subscriptions</string>
+    <string name="global_allow_insecure">Always allow insecure</string>
+    <string name="mux_preference">Mulitplex</string>
+    <string name="padding">Padding</string>
+    <string name="network_change_reset_connections">Reset outbound connections when network changes</string>
+    <string name="wake_reset_connections">Reset outbound connections when device wake from sleep</string>
+    <string name="preview_version_hint">This application is a preview version and may contain many problems. If you do not want to test it, please go to GitHub to download the Release version!</string>
+    <string name="check_update_preview">Check for preview version updates</string>
+    <string name="check_update_release">Check for release version updates</string>
+    <string name="update_dialog_title">New version available</string>
+    <string name="update_dialog_message">Current version: %1$s\nAvailable version: %2$s\nDo you want to download it?</string>
+    <string name="check_update_no">Check successful, but no updates.</string>
+    <string name="reset_settings">Restore default settings</string>
+    <string name="reset_settings_message">Restore default settings, but data such as nodes and groups will be retained. To completely clear data, clear application data directly in the system settings.</string>
+    <string name="minimize">Minimize</string>
+    <string name="app_list_permission_denied">Unable to read installed apps.\nThis is usually because the system has restricted app read permissions.\nPlease grant permissions in the system settings.</string>
+    <string name="open_app_settings">Open System Settings</string>
 </resources>
\ No newline at end of file
diff --git a/app/src/main/res/xml/anytls_preferences.xml b/app/src/main/res/xml/anytls_preferences.xml
new file mode 100644
index 000000000..8d4835414
--- /dev/null
+++ b/app/src/main/res/xml/anytls_preferences.xml
@@ -0,0 +1,56 @@
+<PreferenceScreen xmlns:app="http://schemas.android.com/apk/res-auto">
+
+    <EditTextPreference
+        app:icon="@drawable/ic_social_emoji_symbols"
+        app:key="name"
+        app:title="@string/profile_name"
+        app:useSimpleSummaryProvider="true" />
+
+    <PreferenceCategory app:title="@string/proxy_cat">
+        <EditTextPreference
+            app:icon="@drawable/ic_hardware_router"
+            app:key="serverAddress"
+            app:title="@string/server_address"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_maps_directions_boat"
+            app:key="serverPort"
+            app:title="@string/server_port"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_settings_password"
+            app:key="password"
+            app:title="@string/password" />
+    </PreferenceCategory>
+
+    <PreferenceCategory app:title="@string/security_settings">
+        <EditTextPreference
+            app:icon="@drawable/ic_action_copyright"
+            app:key="sni"
+            app:title="@string/sni"
+            app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:icon="@drawable/ic_notification_enhanced_encryption"
+            app:key="allowInsecure"
+            app:title="@string/allow_insecure" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_legend_toggle_24"
+            app:key="alpn"
+            app:title="@string/alpn"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_vpn_key_24"
+            app:key="certificates"
+            app:title="@string/certificates"
+            app:useSimpleSummaryProvider="true" />
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue=""
+            app:entries="@array/utls_fingerprint_entry"
+            app:entryValues="@array/utls_fingerprint_entry"
+            app:icon="@drawable/ic_baseline_fingerprint_24"
+            app:key="utlsFingerprint"
+            app:title="@string/utls_fingerprint"
+            app:useSimpleSummaryProvider="true" />
+    </PreferenceCategory>
+
+</PreferenceScreen>
\ No newline at end of file
diff --git a/app/src/main/res/xml/global_preferences.xml b/app/src/main/res/xml/global_preferences.xml
index d5f61bd80..64f4f7901 100644
--- a/app/src/main/res/xml/global_preferences.xml
+++ b/app/src/main/res/xml/global_preferences.xml
@@ -2,10 +2,12 @@
 <PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto">
     <PreferenceCategory app:title="@string/general_settings">
-        <io.nekohasekai.sagernet.widget.AppListPreference
-            app:icon="@drawable/ic_baseline_android_24"
-            app:key="nekoPlugins"
-            app:title="@string/neko_plugin" />
+        <SwitchPreference
+            app:defaultValue="false"
+            app:icon="@drawable/ic_communication_phonelink_ring"
+            app:key="isAutoConnect"
+            app:summary="@string/auto_connect_summary"
+            app:title="@string/auto_connect" />
         <moe.matsuri.nb4a.ui.ColorPickerPreference
             android:title="@string/theme"
             app:icon="@drawable/ic_baseline_color_lens_24"
@@ -27,9 +29,9 @@
             app:title="@string/service_mode"
             app:useSimpleSummaryProvider="true" />
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
-            app:defaultValue="1"
+            app:defaultValue="0"
             app:entries="@array/tun_implementation"
-            app:entryValues="@array/int_array_2"
+            app:entryValues="@array/int_array_3"
             app:icon="@drawable/ic_baseline_flip_camera_android_24"
             app:key="tunImplementation"
             app:title="@string/tun_implementation"
@@ -54,6 +56,13 @@
             app:key="profileTrafficStatistics"
             app:summary="@string/profile_traffic_statistics_summary"
             app:title="@string/profile_traffic_statistics" />
+        <SwitchPreference
+            app:defaultValue="true"
+            app:icon="@drawable/ic_baseline_speed_24"
+            app:key="showDirectSpeed"
+            app:summary="@string/show_direct_speed_sum"
+            app:title="@string/show_direct_speed"
+            app:useSimpleSummaryProvider="true" />
         <SwitchPreference
             app:key="showGroupInNotification"
             app:title="@string/show_group_in_notification" />
@@ -68,12 +77,10 @@
             app:summary="@string/metered_summary"
             app:title="@string/metered" />
         <SwitchPreference
-            app:defaultValue="true"
-            app:icon="@drawable/ic_baseline_speed_24"
-            app:key="showDirectSpeed"
-            app:summary="@string/show_direct_speed_sum"
-            app:title="@string/show_direct_speed"
-            app:useSimpleSummaryProvider="true" />
+            app:icon="@drawable/baseline_developer_board_24"
+            app:key="acquireWakeLock"
+            app:summary="@string/acquire_wake_lock_summary"
+            app:title="@string/acquire_wake_lock" />
         <moe.matsuri.nb4a.ui.LongClickListPreference
             app:defaultValue="0"
             app:entries="@array/log_level"
@@ -82,6 +89,11 @@
             app:key="logLevel"
             app:title="@string/log_level"
             app:useSimpleSummaryProvider="true" />
+        <moe.matsuri.nb4a.ui.EditConfigPreference
+            app:icon="@drawable/ic_baseline_layers_24"
+            app:key="globalCustomConfig"
+            app:title="@string/custom_config"
+            app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
     <PreferenceCategory app:title="@string/cag_route">
@@ -97,11 +109,14 @@
         <SwitchPreference
             app:key="bypassLanInCore"
             app:title="@string/bypass_lan_in_core" />
-        <SwitchPreference
-            app:defaultValue="true"
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="1"
+            app:entries="@array/traffic_sniffing_values"
+            app:entryValues="@array/int_array_3"
             app:icon="@drawable/ic_baseline_manage_search_24"
             app:key="trafficSniffing"
-            app:title="@string/traffic_sniffing" />
+            app:title="@string/traffic_sniffing"
+            app:useSimpleSummaryProvider="true" />
         <SwitchPreference
             app:icon="@drawable/baseline_wrap_text_24"
             app:key="resolveDestination"
@@ -118,51 +133,46 @@
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
             app:defaultValue="0"
             app:entries="@array/rules_dat_provider"
-            app:entryValues="@array/int_array_2"
+            app:entryValues="@array/int_array_4"
             app:icon="@drawable/ic_baseline_rule_folder_24"
             app:key="rulesProvider"
             app:title="@string/route_rules_provider"
             app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
-    <PreferenceCategory app:title="@string/protocol_settings">
-        <MultiSelectListPreference
-            app:defaultValue="@array/mux_select_init"
-            app:entries="@array/mux_select_init"
-            app:entryValues="@array/mux_select_init"
-            app:icon="@drawable/ic_baseline_compare_arrows_24"
-            app:key="mux"
-            app:summary="@string/mux_sum"
-            app:title="@string/enable_mux" />
-        <EditTextPreference
-            app:defaultValue="8"
-            app:icon="@drawable/ic_baseline_low_priority_24"
-            app:key="muxConcurrency"
-            app:title="@string/mux_concurrency"
-            app:useSimpleSummaryProvider="true" />
-    </PreferenceCategory>
-
     <PreferenceCategory app:title="@string/cag_dns">
         <EditTextPreference
-            app:defaultValue="https://8.8.8.8/dns-query"
+            app:defaultValue="https://dns.google/dns-query"
             app:icon="@drawable/ic_action_dns"
             app:key="remoteDns"
             app:title="@string/remote_dns"
             app:useSimpleSummaryProvider="true" />
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="auto"
+            app:entries="@array/dns_network_select"
+            app:entryValues="@array/dns_network_select"
+            app:key="domain_strategy_for_remote"
+            app:title="@string/domain_strategy_for_remote"
+            app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:defaultValue="https://223.5.5.5/dns-query"
+            app:icon="@drawable/ic_action_dns"
             app:key="directDns"
             app:title="@string/direct_dns"
             app:useSimpleSummaryProvider="true" />
-        <SwitchPreference
-            app:key="directDnsUseSystem"
-            app:title="@string/direct_dns_use_system" />
-        <MultiSelectListPreference
-            app:defaultValue="@array/mux_select_init"
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="auto"
+            app:entries="@array/dns_network_select"
+            app:entryValues="@array/dns_network_select"
+            app:key="domain_strategy_for_direct"
+            app:title="@string/domain_strategy_for_direct"
+            app:useSimpleSummaryProvider="true" />
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="auto"
             app:entries="@array/dns_network_select"
             app:entryValues="@array/dns_network_select"
-            app:key="dnsNetwork"
-            app:title="@string/dns_network"
+            app:key="domain_strategy_for_server"
+            app:title="@string/domain_strategy_for_server"
             app:useSimpleSummaryProvider="true" />
         <SwitchPreference
             app:defaultValue="true"
@@ -171,6 +181,7 @@
             app:summary="@string/dns_routing_message"
             app:title="@string/enable_dns_routing" />
         <SwitchPreference
+            app:defaultValue="true"
             app:icon="@drawable/ic_action_lock"
             app:key="enableFakeDns"
             app:summary="@string/fakedns_message"
@@ -183,30 +194,11 @@
             app:key="mixedPort"
             app:title="@string/port_proxy"
             app:useSimpleSummaryProvider="true" />
-        <EditTextPreference
-            app:key="portLocalDns"
-            app:title="@string/port_local_dns"
-            app:useSimpleSummaryProvider="true" />
         <SwitchPreference
             app:defaultValue="false"
             app:key="appendHttpProxy"
             app:summary="@string/append_http_proxy_sum"
             app:title="@string/append_http_proxy" />
-        <SwitchPreference
-            app:icon="@drawable/ic_baseline_transgender_24"
-            app:key="requireTransproxy"
-            app:title="@string/require_transproxy" />
-        <EditTextPreference
-            app:key="transproxyPort"
-            app:title="@string/port_transproxy"
-            app:useSimpleSummaryProvider="true" />
-        <moe.matsuri.nb4a.ui.SimpleMenuPreference
-            app:defaultValue="0"
-            app:entries="@array/transproxy_mode"
-            app:entryValues="@array/int_array_2"
-            app:key="transproxyMode"
-            app:title="@string/transproxy_mode"
-            app:useSimpleSummaryProvider="true" />
         <SwitchPreference
             app:icon="@drawable/ic_baseline_nat_24"
             app:key="allowAccess"
@@ -221,22 +213,28 @@
             app:key="connectionTestURL"
             app:title="@string/connection_test_url"
             app:useSimpleSummaryProvider="true" />
-        <SwitchPreference
-            app:icon="@drawable/baseline_developer_board_24"
-            app:key="acquireWakeLock"
-            app:summary="@string/acquire_wake_lock_summary"
-            app:title="@string/acquire_wake_lock" />
         <SwitchPreference
             app:icon="@drawable/baseline_construction_24"
             app:key="enableClashAPI"
             app:summary="@string/enable_clash_api_summary"
             app:title="@string/enable_clash_api" />
-        <EditTextPreference
-            app:defaultValue="15"
+        <SwitchPreference
+            app:defaultValue="true"
             app:icon="@drawable/ic_baseline_flip_camera_android_24"
-            app:key="tcpKeepAliveInterval"
-            app:title="@string/tcp_keep_alive_interval"
+            app:key="networkChangeResetConnections"
+            app:title="@string/network_change_reset_connections"
             app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:key="wakeResetConnections"
+            app:title="@string/wake_reset_connections"
+            app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:icon="@drawable/ic_action_lock_open"
+            app:key="globalAllowInsecure"
+            app:title="@string/global_allow_insecure" />
+        <SwitchPreference
+            app:key="allowInsecureOnRequest"
+            app:title="@string/allow_insecure_on_request_sum" />
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
             app:defaultValue="1.2"
             app:entries="@array/app_tls_version"
diff --git a/app/src/main/res/xml/hysteria_preferences.xml b/app/src/main/res/xml/hysteria_preferences.xml
index a968a9c96..1ff4042c3 100644
--- a/app/src/main/res/xml/hysteria_preferences.xml
+++ b/app/src/main/res/xml/hysteria_preferences.xml
@@ -6,6 +6,15 @@
         app:title="@string/profile_name"
         app:useSimpleSummaryProvider="true" />
 
+    <moe.matsuri.nb4a.ui.SimpleMenuPreference
+        app:defaultValue="2"
+        app:entries="@array/hysteria_version"
+        app:entryValues="@array/hysteria_version"
+        app:icon="@drawable/ic_baseline_update_24"
+        app:key="protocolVersion"
+        app:title="@string/protocol_version"
+        app:useSimpleSummaryProvider="true" />
+
     <PreferenceCategory app:title="@string/proxy_cat">
 
         <EditTextPreference
@@ -15,7 +24,7 @@
             app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:icon="@drawable/ic_maps_directions_boat"
-            app:key="serverPort"
+            app:key="serverPorts"
             app:title="@string/server_port"
             app:useSimpleSummaryProvider="true" />
         <EditTextPreference
diff --git a/app/src/main/res/xml/mieru_preferences.xml b/app/src/main/res/xml/mieru_preferences.xml
new file mode 100644
index 000000000..aecc8f01e
--- /dev/null
+++ b/app/src/main/res/xml/mieru_preferences.xml
@@ -0,0 +1,46 @@
+<PreferenceScreen xmlns:app="http://schemas.android.com/apk/res-auto">
+
+    <EditTextPreference
+        app:icon="@drawable/ic_social_emoji_symbols"
+        app:key="profileName"
+        app:title="@string/profile_name"
+        app:useSimpleSummaryProvider="true" />
+
+    <PreferenceCategory app:title="@string/proxy_cat">
+
+        <EditTextPreference
+            app:icon="@drawable/ic_hardware_router"
+            app:key="serverAddress"
+            app:title="@string/server_address"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_maps_directions_boat"
+            app:key="serverPort"
+            app:title="@string/server_port"
+            app:useSimpleSummaryProvider="true" />
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="TCP"
+            app:entries="@array/mieru_protocol"
+            app:entryValues="@array/mieru_protocol"
+            app:icon="@drawable/ic_baseline_compare_arrows_24"
+            app:key="serverProtocol"
+            app:title="@string/protocol"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_person_24"
+            app:key="serverUsername"
+            app:title="@string/username"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:dialogLayout="@layout/layout_password_dialog"
+            app:icon="@drawable/ic_settings_password"
+            app:key="serverPassword"
+            app:title="@string/password" />
+        <EditTextPreference
+            app:icon="@drawable/baseline_public_24"
+            app:key="serverMTU"
+            app:title="@string/mtu"
+            app:useSimpleSummaryProvider="true" />
+    </PreferenceCategory>
+
+</PreferenceScreen>
\ No newline at end of file
diff --git a/app/src/main/res/xml/naive_preferences.xml b/app/src/main/res/xml/naive_preferences.xml
index 0a7f80236..2b91a48dd 100644
--- a/app/src/main/res/xml/naive_preferences.xml
+++ b/app/src/main/res/xml/naive_preferences.xml
@@ -61,5 +61,9 @@
             app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
-
+    <PreferenceCategory app:title="sing-box server">
+        <SwitchPreference
+            app:key="sUoT"
+            app:title="UDP over TCP" />
+    </PreferenceCategory>
 </PreferenceScreen>
\ No newline at end of file
diff --git a/app/src/main/res/xml/route_preferences.xml b/app/src/main/res/xml/route_preferences.xml
index ab8a18f23..42c60ba0b 100644
--- a/app/src/main/res/xml/route_preferences.xml
+++ b/app/src/main/res/xml/route_preferences.xml
@@ -6,11 +6,16 @@
         app:key="routeName"
         app:title="@string/route_name"
         app:useSimpleSummaryProvider="true" />
-    <io.nekohasekai.sagernet.widget.AppListPreference
-        app:icon="@drawable/ic_baseline_legend_toggle_24"
-        app:key="routePackages"
-        app:title="@string/apps" />
+    <moe.matsuri.nb4a.ui.EditConfigPreference
+        app:icon="@drawable/ic_baseline_layers_24"
+        app:key="serverConfig"
+        app:title="@string/custom_config"
+        app:useSimpleSummaryProvider="true" />
     <PreferenceCategory app:title="@string/cag_route">
+        <io.nekohasekai.sagernet.widget.AppListPreference
+            app:icon="@drawable/ic_baseline_legend_toggle_24"
+            app:key="routePackages"
+            app:title="@string/apps" />
         <EditTextPreference
             app:icon="@drawable/ic_baseline_domain_24"
             app:key="routeDomain"
@@ -19,19 +24,24 @@
         <EditTextPreference
             app:icon="@drawable/ic_baseline_add_road_24"
             app:key="routeIP"
-            app:title="ip"
+            app:title="dst ip"
             app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             android:layout_width="match_parent"
             android:layout_height="match_parent"
             app:icon="@drawable/ic_maps_directions_boat"
             app:key="routePort"
-            app:title="port"
+            app:title="dst port"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_local_bar_24"
+            app:key="routeSource"
+            app:title="src ip"
             app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:icon="@drawable/ic_baseline_home_24"
             app:key="routeSourcePort"
-            app:title="sourcePort"
+            app:title="src port"
             app:useSimpleSummaryProvider="true" />
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
             app:entries="@array/route_protocol_entry"
@@ -40,11 +50,6 @@
             app:key="routeNetwork"
             app:title="network"
             app:useSimpleSummaryProvider="true" />
-        <EditTextPreference
-            app:icon="@drawable/ic_baseline_local_bar_24"
-            app:key="routeSource"
-            app:title="source"
-            app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:icon="@drawable/ic_baseline_layers_24"
             app:key="routeProtocol"
diff --git a/app/src/main/res/xml/shadowtls_preferences.xml b/app/src/main/res/xml/shadowtls_preferences.xml
index 215c608ba..870b2c672 100644
--- a/app/src/main/res/xml/shadowtls_preferences.xml
+++ b/app/src/main/res/xml/shadowtls_preferences.xml
@@ -21,7 +21,7 @@
             app:entryValues="@array/shadowtls_version_value"
             app:icon="@drawable/ic_baseline_update_24"
             app:key="version"
-            app:title="@string/shadowtls_version"
+            app:title="@string/protocol_version"
             app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:dialogLayout="@layout/layout_password_dialog"
diff --git a/app/src/main/res/xml/socks_preferences.xml b/app/src/main/res/xml/socks_preferences.xml
index 516cbc02c..83c6a7e52 100644
--- a/app/src/main/res/xml/socks_preferences.xml
+++ b/app/src/main/res/xml/socks_preferences.xml
@@ -38,4 +38,9 @@
             app:title="@string/password_opt" />
     </PreferenceCategory>
 
+    <PreferenceCategory app:title="sing-box server">
+        <SwitchPreference
+            app:key="sUoT"
+            app:title="UDP over TCP" />
+    </PreferenceCategory>
 </PreferenceScreen>
\ No newline at end of file
diff --git a/app/src/main/res/xml/standard_v2ray_preferences.xml b/app/src/main/res/xml/standard_v2ray_preferences.xml
index 35caa8d11..fd679e4b2 100644
--- a/app/src/main/res/xml/standard_v2ray_preferences.xml
+++ b/app/src/main/res/xml/standard_v2ray_preferences.xml
@@ -143,4 +143,45 @@
             app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
+    <PreferenceCategory
+        app:key="serverMuxCategory"
+        app:title="@string/mux_preference">
+        <SwitchPreference
+            app:icon="@drawable/ic_baseline_compare_arrows_24"
+            app:key="enableMux"
+            app:summary="@string/mux_sum"
+            app:title="@string/enable_mux" />
+        <moe.matsuri.nb4a.ui.SimpleMenuPreference
+            app:defaultValue="0"
+            app:entries="@array/mux_type"
+            app:entryValues="@array/int_array_3"
+            app:key="muxType"
+            app:title="@string/mux_type"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:defaultValue="1"
+            app:icon="@drawable/ic_baseline_low_priority_24"
+            app:key="muxConcurrency"
+            app:title="@string/mux_concurrency"
+            app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:icon="@drawable/baseline_developer_board_24"
+            app:key="muxPadding"
+            app:title="@string/padding" />
+    </PreferenceCategory>
+
+    <PreferenceCategory
+        app:key="serverECHCategory"
+        app:title="ECH">
+        <SwitchPreference
+            app:icon="@drawable/ic_baseline_security_24"
+            app:key="enableECH"
+            app:title="@string/enable" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_nfc_24"
+            app:key="echConfig"
+            app:title="@string/ech_config"
+            app:useSimpleSummaryProvider="true" />
+    </PreferenceCategory>
+
 </PreferenceScreen>
\ No newline at end of file
diff --git a/app/src/main/res/xml/tuic_preferences.xml b/app/src/main/res/xml/tuic_preferences.xml
index c29b67b9f..8dd6b3a4a 100644
--- a/app/src/main/res/xml/tuic_preferences.xml
+++ b/app/src/main/res/xml/tuic_preferences.xml
@@ -18,11 +18,16 @@
             app:key="serverPort"
             app:title="@string/server_port"
             app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_person_24"
+            app:key="serverUsername"
+            app:title="@string/uuid"
+            app:useSimpleSummaryProvider="true" />
         <EditTextPreference
             app:dialogLayout="@layout/layout_password_dialog"
             app:icon="@drawable/ic_settings_password"
             app:key="serverPassword"
-            app:title="@string/tuic_token" />
+            app:title="@string/password" />
         <EditTextPreference
             app:icon="@drawable/ic_baseline_legend_toggle_24"
             app:key="serverALPN"
@@ -35,7 +40,7 @@
             app:useSimpleSummaryProvider="true" />
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
             app:defaultValue="https"
-            app:entries="@array/tuic_udp_relay_mode_entry"
+            app:entries="@array/tuic_udp_relay_mode_value"
             app:entryValues="@array/tuic_udp_relay_mode_value"
             app:icon="@drawable/ic_baseline_add_road_24"
             app:key="serverUDPRelayMode"
@@ -43,7 +48,7 @@
             app:useSimpleSummaryProvider="true" />
         <moe.matsuri.nb4a.ui.SimpleMenuPreference
             app:defaultValue="https"
-            app:entries="@array/tuic_congestion_controller_entry"
+            app:entries="@array/tuic_congestion_controller_value"
             app:entryValues="@array/tuic_congestion_controller_value"
             app:icon="@drawable/ic_baseline_compare_arrows_24"
             app:key="serverCongestionController"
@@ -62,21 +67,10 @@
             app:icon="@drawable/baseline_flight_takeoff_24"
             app:key="serverReduceRTT"
             app:title="@string/tuic_reduce_rtt" />
-        <SwitchPreference
-            app:icon="@drawable/baseline_flight_takeoff_24"
-            app:key="serverFastConnect"
-            app:summary="@string/tuic_fast_connect_summary"
-            app:title="@string/tuic_fast_connect" />
         <SwitchPreference
             app:icon="@drawable/ic_notification_enhanced_encryption"
             app:key="serverAllowInsecure"
-            app:summary="@string/tuic_fast_connect_summary"
             app:title="@string/allow_insecure" />
-        <EditTextPreference
-            app:icon="@drawable/baseline_public_24"
-            app:key="serverMTU"
-            app:title="@string/mtu"
-            app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
 </PreferenceScreen>
\ No newline at end of file
diff --git a/build.gradle.kts b/build.gradle.kts
index fde45d610..be2380f12 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -6,3 +6,7 @@ allprojects {
 tasks.register<Delete>("clean") {
     delete(rootProject.buildDir)
 }
+
+plugins {
+    id("com.google.devtools.ksp") version "2.0.21-1.0.27" apply false
+}
diff --git a/buildScript/fdroid/prebuild.sh b/buildScript/fdroid/prebuild.sh
index 2642d5a10..3e852c57d 100755
--- a/buildScript/fdroid/prebuild.sh
+++ b/buildScript/fdroid/prebuild.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-# Setup go & external library
-buildScript/init/action/go.sh
 buildScript/init/action/gradle.sh
 
 # Build libcore
diff --git a/buildScript/init/action/go.sh b/buildScript/init/action/go.sh
deleted file mode 100755
index 338f29fba..000000000
--- a/buildScript/init/action/go.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-set -e
-
-source buildScript/init/env.sh
-mkdir -p $GOPATH
-cd $golang
-
-if [ ! -f "go/bin/go" ]; then
-    curl -Lso go.tar.gz https://go.dev/dl/go1.20.3.linux-amd64.tar.gz
-    echo "979694c2c25c735755bf26f4f45e19e64e4811d661dd07b8c010f7a8e18adfca go.tar.gz" | sha256sum -c -
-    tar xzf go.tar.gz
-fi
-
-go version
-go env
diff --git a/buildScript/init/env.sh b/buildScript/init/env.sh
index a803a3305..20639f2e2 100755
--- a/buildScript/init/env.sh
+++ b/buildScript/init/env.sh
@@ -1,17 +1,11 @@
 #!/bin/bash
 
-# For CI build, use downloaded golang
-export golang=$PWD/build/golang
-export GOPATH=$golang/gopath
-export GOROOT=$golang/go
-export PATH=$golang/go/bin:$GOPATH/bin:$PATH
-
 source buildScript/init/env_ndk.sh
 
 if [[ "$OSTYPE" =~ ^darwin ]]; then
-  export PROJECT=$PWD
+  export SRC_ROOT=$PWD
 else
-  export PROJECT=$(realpath .)
+  export SRC_ROOT=$(realpath .)
 fi
 
 DEPS=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin
diff --git a/buildScript/lib/core/get_source.sh b/buildScript/lib/core/get_source.sh
new file mode 100755
index 000000000..1c1a18d75
--- /dev/null
+++ b/buildScript/lib/core/get_source.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+source "buildScript/init/env.sh"
+ENV_NB4A=1
+source "buildScript/lib/core/get_source_env.sh"
+pushd ..
+
+####
+
+if [ ! -d "sing-box" ]; then
+  git clone --no-checkout https://github.com/MatsuriDayo/sing-box.git
+fi
+pushd sing-box
+git checkout "$COMMIT_SING_BOX"
+popd
+
+####
+
+if [ ! -d "libneko" ]; then
+  git clone --no-checkout https://github.com/MatsuriDayo/libneko.git
+fi
+pushd libneko
+git checkout "$COMMIT_LIBNEKO"
+popd
+
+####
+
+popd
diff --git a/buildScript/lib/core/get_source_env.sh b/buildScript/lib/core/get_source_env.sh
new file mode 100644
index 000000000..d3851c00c
--- /dev/null
+++ b/buildScript/lib/core/get_source_env.sh
@@ -0,0 +1,2 @@
+export COMMIT_SING_BOX="9beb42f553ebdf575f497c01c33ffa7b6df17efb"
+export COMMIT_LIBNEKO="1c47a3af71990a7b2192e03292b4d246c308ef0b"
diff --git a/buildScript/lib/core/init.sh b/buildScript/lib/core/init.sh
index 21abc759c..d8e9c47d6 100755
--- a/buildScript/lib/core/init.sh
+++ b/buildScript/lib/core/init.sh
@@ -2,6 +2,9 @@
 
 source "buildScript/init/env.sh"
 
+# fetch soucre
+bash buildScript/lib/core/get_source.sh
+
 [ -f libcore/go.mod ] || exit 1
 cd libcore
 
diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts
index a6aa10ade..b969dc74c 100644
--- a/buildSrc/build.gradle.kts
+++ b/buildSrc/build.gradle.kts
@@ -7,6 +7,6 @@ apply(from = "../repositories.gradle.kts")
 
 dependencies {
     // Gradle Plugins
-    implementation("com.android.tools.build:gradle:7.4.2")
-    implementation("org.jetbrains.kotlin:kotlin-gradle-plugin:1.8.10")
+    implementation("com.android.tools.build:gradle:8.8.1")
+    implementation("org.jetbrains.kotlin:kotlin-gradle-plugin:2.0.21")
 }
diff --git a/buildSrc/src/main/kotlin/Helpers.kt b/buildSrc/src/main/kotlin/Helpers.kt
index 9d1801fdb..3561cdd1e 100644
--- a/buildSrc/src/main/kotlin/Helpers.kt
+++ b/buildSrc/src/main/kotlin/Helpers.kt
@@ -1,50 +1,19 @@
+import com.android.build.api.dsl.ApplicationExtension
 import com.android.build.gradle.AbstractAppExtension
-import com.android.build.gradle.BaseExtension
 import com.android.build.gradle.internal.api.BaseVariantOutputImpl
 import org.gradle.api.JavaVersion
 import org.gradle.api.Project
 import org.gradle.api.plugins.ExtensionAware
 import org.gradle.kotlin.dsl.getByName
 import org.jetbrains.kotlin.gradle.dsl.KotlinJvmOptions
-import java.security.MessageDigest
-import java.util.*
+import java.util.Base64
+import java.util.Properties
 import kotlin.system.exitProcess
 
-fun sha256Hex(bytes: ByteArray): String {
-    val md = MessageDigest.getInstance("SHA-256")
-    val digest = md.digest(bytes)
-    return digest.fold("") { str, it -> str + "%02x".format(it) }
-}
-
-private val Project.android get() = extensions.getByName<BaseExtension>("android")
+private val Project.android get() = extensions.getByName<ApplicationExtension>("android")
 
 private lateinit var metadata: Properties
 private lateinit var localProperties: Properties
-private lateinit var flavor: String
-
-fun Project.requireFlavor(): String {
-    if (::flavor.isInitialized) return flavor
-    if (gradle.startParameter.taskNames.isNotEmpty()) {
-        val taskName = gradle.startParameter.taskNames[0]
-        when {
-            taskName.contains("assemble") -> {
-                flavor = taskName.substringAfter("assemble")
-                return flavor
-            }
-            taskName.contains("install") -> {
-                flavor = taskName.substringAfter("install")
-                return flavor
-            }
-            taskName.contains("bundle") -> {
-                flavor = taskName.substringAfter("bundle")
-                return flavor
-            }
-        }
-    }
-
-    flavor = ""
-    return flavor
-}
 
 fun Project.requireMetadata(): Properties {
     if (!::metadata.isInitialized) {
@@ -70,29 +39,13 @@ fun Project.requireLocalProperties(): Properties {
     return localProperties
 }
 
-fun Project.requireTargetAbi(): String {
-    var targetAbi = ""
-    if (gradle.startParameter.taskNames.isNotEmpty()) {
-        if (gradle.startParameter.taskNames.size == 1) {
-            val targetTask = gradle.startParameter.taskNames[0].toLowerCase(Locale.ROOT).trim()
-            when {
-                targetTask.contains("arm64") -> targetAbi = "arm64-v8a"
-                targetTask.contains("arm") -> targetAbi = "armeabi-v7a"
-                targetTask.contains("x64") -> targetAbi = "x86_64"
-                targetTask.contains("x86") -> targetAbi = "x86"
-            }
-        }
-    }
-    return targetAbi
-}
-
 fun Project.setupCommon() {
     android.apply {
-        buildToolsVersion("30.0.3")
-        compileSdkVersion(33)
+        buildToolsVersion = "35.0.1"
+        compileSdk = 35
         defaultConfig {
             minSdk = 21
-            targetSdk = 33
+            targetSdk = 35
         }
         buildTypes {
             getByName("release") {
@@ -106,16 +59,16 @@ fun Project.setupCommon() {
         (android as ExtensionAware).extensions.getByName<KotlinJvmOptions>("kotlinOptions").apply {
             jvmTarget = JavaVersion.VERSION_1_8.toString()
         }
-        lintOptions {
-            isShowAll = true
-            isCheckAllWarnings = true
-            isCheckReleaseBuilds = false
-            isWarningsAsErrors = true
+        lint {
+            showAll = true
+            checkAllWarnings = true
+            checkReleaseBuilds = true
+            warningsAsErrors = true
             textOutput = project.file("build/lint.txt")
             htmlOutput = project.file("build/lint.html")
         }
-        packagingOptions {
-            excludes.addAll(
+        packaging {
+            resources.excludes.addAll(
                 listOf(
                     "**/*.kotlin_*",
                     "/META-INF/*.version",
@@ -131,9 +84,6 @@ fun Project.setupCommon() {
                 )
             )
         }
-        packagingOptions {
-            jniLibs.useLegacyPackaging = true
-        }
         (this as? AbstractAppExtension)?.apply {
             buildTypes {
                 getByName("release") {
@@ -173,21 +123,17 @@ fun Project.setupAppCommon() {
         if (keystorePwd != null) {
             signingConfigs {
                 create("release") {
-                    storeFile(rootProject.file("release.keystore"))
-                    storePassword(keystorePwd)
-                    keyAlias(alias)
-                    keyPassword(pwd)
+                    storeFile = rootProject.file("release.keystore")
+                    storePassword = keystorePwd
+                    keyAlias = alias
+                    keyPassword = pwd
                 }
             }
-        } else if (requireFlavor().contains("(Oss|Expert|Play)Release".toRegex())) {
-            exitProcess(0)
         }
         buildTypes {
             val key = signingConfigs.findByName("release")
             if (key != null) {
-                if (requireTargetAbi().isBlank()) {
-                    getByName("release").signingConfig = key
-                }
+                getByName("release").signingConfig = key
                 getByName("debug").signingConfig = key
             }
         }
@@ -203,12 +149,11 @@ fun Project.setupApp() {
             applicationId = pkgName
             versionCode = verCode
             versionName = verName
+            buildConfigField("String", "PRE_VERSION_NAME", "\"\"")
         }
     }
     setupAppCommon()
 
-    val targetAbi = requireTargetAbi()
-
     android.apply {
         this as AbstractAppExtension
 
@@ -222,27 +167,43 @@ fun Project.setupApp() {
         }
 
         splits.abi {
+            reset()
             isEnable = true
             isUniversalApk = false
-            if (targetAbi.isNotBlank()) {
-                reset()
-                include(targetAbi)
-            }
+            include("armeabi-v7a")
+            include("arm64-v8a")
+            include("x86")
+            include("x86_64")
         }
 
-        flavorDimensions("vendor")
+        flavorDimensions += "vendor"
         productFlavors {
             create("oss")
             create("fdroid")
             create("play")
+            create("preview") {
+                buildConfigField(
+                    "String",
+                    "PRE_VERSION_NAME",
+                    "\"${requireMetadata().getProperty("PRE_VERSION_NAME")}\""
+                )
+            }
         }
 
         applicationVariants.all {
             outputs.all {
                 this as BaseVariantOutputImpl
-                outputFileName = outputFileName.replace(project.name, "NB4A-$versionName")
-                    .replace("-release", "")
-                    .replace("-oss", "")
+                val isPreview = outputFileName.contains("-preview")
+                outputFileName = if (isPreview) {
+                    outputFileName.replace(
+                        project.name,
+                        "NekoBox-" + requireMetadata().getProperty("PRE_VERSION_NAME")
+                    ).replace("-preview", "")
+                } else {
+                    outputFileName.replace(project.name, "NekoBox-$versionName")
+                        .replace("-release", "")
+                        .replace("-oss", "")
+                }
             }
         }
 
@@ -252,5 +213,8 @@ fun Project.setupApp() {
             }
         }
 
+        sourceSets.getByName("main").apply {
+            jniLibs.srcDir("executableSo")
+        }
     }
 }
\ No newline at end of file
diff --git a/gradle.properties b/gradle.properties
index fcc04f0fc..7d843abfd 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -21,3 +21,5 @@ android.enableJetifier=true
 kotlin.code.style=official
 # Gradle parallel build
 org.gradle.parallel=true
+android.nonTransitiveRClass=false
+android.nonFinalResIds=false
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 7e62b17ac..709dee457 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/libcore/.gitignore b/libcore/.gitignore
index c93587dff..490da9982 100644
--- a/libcore/.gitignore
+++ b/libcore/.gitignore
@@ -5,3 +5,4 @@ binary*.go
 /debug.go
 build
 .build
+env_*.sh
diff --git a/libcore/assets_android.go b/libcore/assets_android.go
index f0625ee10..c3c98310d 100644
--- a/libcore/assets_android.go
+++ b/libcore/assets_android.go
@@ -5,7 +5,6 @@ package libcore
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -66,7 +65,7 @@ func extractAssetName(name string, useOfficialAssets bool) error {
 		if err != nil {
 			return fmt.Errorf("open version in assets: %v", err)
 		}
-		b, err := ioutil.ReadAll(av)
+		b, err := io.ReadAll(av)
 		av.Close()
 		if err != nil {
 			return fmt.Errorf("read internal version: %v", err)
@@ -85,7 +84,7 @@ func extractAssetName(name string, useOfficialAssets bool) error {
 		doExtract = true
 	} else if useOfficialAssets || !replaceable {
 		// 官方源升级
-		b, err := ioutil.ReadFile(dir + version)
+		b, err := os.ReadFile(dir + version)
 		if err != nil {
 			// versionFileMissing
 			doExtract = true
diff --git a/libcore/box.go b/libcore/box.go
index b32a5a9bc..5df6d4ba0 100644
--- a/libcore/box.go
+++ b/libcore/box.go
@@ -7,42 +7,36 @@ import (
 	"io"
 	"libcore/device"
 	"log"
-	"net/http"
-	"reflect"
 	"runtime"
 	"runtime/debug"
 	"strings"
-	"time"
-	"unsafe"
+	"sync"
 
-	"github.com/matsuridayo/sing-box-extra/boxbox"
-	_ "github.com/matsuridayo/sing-box-extra/distro/all"
-
-	"github.com/matsuridayo/libneko/neko_common"
 	"github.com/matsuridayo/libneko/protect_server"
 	"github.com/matsuridayo/libneko/speedtest"
-	"github.com/matsuridayo/sing-box-extra/boxapi"
-
-	"github.com/sagernet/sing-box/common/dialer/conntrack"
-	sblog "github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/boxapi"
+	"github.com/sagernet/sing-box/experimental/libbox/platform"
+	"github.com/sagernet/sing-box/protocol/group"
+
+	box "github.com/sagernet/sing-box"
+	"github.com/sagernet/sing-box/common/conntrack"
+	"github.com/sagernet/sing-box/common/dialer"
+	"github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-box/outbound"
+	"github.com/sagernet/sing/service"
+	"github.com/sagernet/sing/service/pause"
 )
 
-var mainInstance *BoxInstance
-
 func init() {
-	neko_common.GetProxyHttpClient = func() *http.Client {
-		if mainInstance == nil {
-			return nil
-		}
-		return boxapi.GetProxyHttpClient(mainInstance.Box)
-	}
+	dialer.DoNotSelectInterface = true
 }
 
+var mainInstance *BoxInstance
+
 func VersionBox() string {
 	version := []string{
-		"sing-box-extra: " + boxbox.Version(),
+		"sing-box: " + constant.Version,
 		runtime.Version() + "@" + runtime.GOOS + "/" + runtime.GOARCH,
 	}
 
@@ -68,36 +62,47 @@ func ResetAllConnections(system bool) {
 	if system {
 		conntrack.Close()
 		log.Println("Reset system connections done")
+	} else {
+		log.Println("TODO: Reset user connections")
 	}
 }
 
 type BoxInstance struct {
-	*boxbox.Box
+	access sync.Mutex
+
+	*box.Box
 	cancel context.CancelFunc
 	state  int
 
-	v2api    *boxapi.SbV2rayServer
-	selector *outbound.Selector
-
-	ForTest bool
+	v2api        *boxapi.SbV2rayServer
+	selector     *group.Selector
+	pauseManager pause.Manager
 }
 
-func NewSingBoxInstance(config string) (b *BoxInstance, err error) {
+func NewSingBoxInstance(config string, localTransport LocalDNSTransport) (b *BoxInstance, err error) {
 	defer device.DeferPanicToError("NewSingBoxInstance", func(err_ error) { err = err_ })
 
+	// create box context
+	ctx, cancel := context.WithCancel(context.Background())
+	ctx = box.Context(ctx,
+		nekoboxAndroidInboundRegistry(), nekoboxAndroidOutboundRegistry(), nekoboxAndroidEndpointRegistry(),
+		nekoboxAndroidDNSTransportRegistry(localTransport), nekoboxAndroidServiceRegistry(),
+	)
+	ctx = service.ContextWithDefaultRegistry(ctx)
+	service.MustRegister[platform.Interface](ctx, boxPlatformInterfaceInstance)
+
 	// parse options
 	var options option.Options
-	err = options.UnmarshalJSON([]byte(config))
+	err = options.UnmarshalJSONContext(ctx, []byte(config))
 	if err != nil {
 		return nil, fmt.Errorf("decode config: %v", err)
 	}
 
 	// create box
-	ctx, cancel := context.WithCancel(context.Background())
-	instance, err := boxbox.New(boxbox.Options{
+	instance, err := box.New(box.Options{
 		Options:           options,
 		Context:           ctx,
-		PlatformInterface: boxPlatformInterfaceInstance,
+		PlatformLogWriter: boxPlatformLogWriter,
 	})
 	if err != nil {
 		cancel()
@@ -105,22 +110,14 @@ func NewSingBoxInstance(config string) (b *BoxInstance, err error) {
 	}
 
 	b = &BoxInstance{
-		Box:    instance,
-		cancel: cancel,
+		Box:          instance,
+		cancel:       cancel,
+		pauseManager: service.FromContext[pause.Manager](ctx),
 	}
 
-	// fuck your sing-box platformFormatter
-	logFactory_ := reflect.Indirect(reflect.ValueOf(instance)).FieldByName("logFactory")
-	logFactory_ = reflect.NewAt(logFactory_.Type(), unsafe.Pointer(logFactory_.UnsafeAddr())).Elem() // get unexported logFactory
-	logFactory_ = logFactory_.Elem().Elem()                                                          // get struct
-	platformFormatter_ := logFactory_.FieldByName("platformFormatter")
-	platformFormatter_ = reflect.NewAt(platformFormatter_.Type(), unsafe.Pointer(platformFormatter_.UnsafeAddr())) // get unexported Formatter
-	platformFormatter := platformFormatter_.Interface().(*sblog.Formatter)
-	platformFormatter.DisableColors = true
-
 	// selector
-	if proxy, ok := b.Router().Outbound("proxy"); ok {
-		if selector, ok := proxy.(*outbound.Selector); ok {
+	if proxy, ok := b.Outbound().Outbound("proxy"); ok {
+		if selector, ok := proxy.(*group.Selector); ok {
 			b.selector = selector
 		}
 	}
@@ -129,11 +126,10 @@ func NewSingBoxInstance(config string) (b *BoxInstance, err error) {
 }
 
 func (b *BoxInstance) Start() (err error) {
-	defer device.DeferPanicToError("box.Start", func(err_ error) { err = err_ })
+	b.access.Lock()
+	defer b.access.Unlock()
 
-	if outdated != "" {
-		return errors.New(outdated)
-	}
+	defer device.DeferPanicToError("box.Start", func(err_ error) { err = err_ })
 
 	if b.state == 0 {
 		b.state = 1
@@ -143,6 +139,9 @@ func (b *BoxInstance) Start() (err error) {
 }
 
 func (b *BoxInstance) Close() (err error) {
+	b.access.Lock()
+	defer b.access.Unlock()
+
 	defer device.DeferPanicToError("box.Close", func(err_ error) { err = err_ })
 
 	// no double close
@@ -158,26 +157,27 @@ func (b *BoxInstance) Close() (err error) {
 	}
 
 	// close box
-	t := time.NewTimer(time.Second * 2)
-	c := make(chan struct{}, 1)
-	disableSingBoxLog = true
+	if b.cancel != nil {
+		b.cancel()
+	}
+	if b.Box != nil {
+		b.Box.Close()
+	}
 
-	go func(cancel context.CancelFunc, closer io.Closer) {
-		cancel()
-		closer.Close()
-		c <- struct{}{}
-		close(c)
-	}(b.cancel, b.Box)
+	return nil
+}
 
-	select {
-	case <-t.C:
-		log.Println("[Warning] sing-box close takes longer than expected.")
-	case <-c:
+func (b *BoxInstance) Sleep() {
+	if b.pauseManager != nil {
+		b.pauseManager.DevicePause()
 	}
+	// _ = b.Box.Router().ResetNetwork()
+}
 
-	disableSingBoxLog = false
-	t.Stop()
-	return nil
+func (b *BoxInstance) Wake() {
+	if b.pauseManager != nil {
+		b.pauseManager.DeviceWake()
+	}
 }
 
 func (b *BoxInstance) SetAsMain() {
@@ -185,16 +185,18 @@ func (b *BoxInstance) SetAsMain() {
 	goServeProtect(true)
 }
 
-func (b *BoxInstance) SetConnectionPoolEnabled(enable bool) {
-	// TODO api
-}
-
 func (b *BoxInstance) SetV2rayStats(outbounds string) {
+	b.access.Lock()
+	defer b.access.Unlock()
+	if b.v2api != nil {
+		log.Println("duplicate call of SetV2rayStats")
+		return
+	}
 	b.v2api = boxapi.NewSbV2rayServer(option.V2RayStatsServiceOptions{
 		Enabled:   true,
 		Outbounds: strings.Split(outbounds, "\n"),
 	})
-	b.Box.Router().SetV2RayServer(b.v2api)
+	b.Box.Router().AppendTracker(b.v2api.StatsService())
 }
 
 func (b *BoxInstance) QueryStats(tag, direct string) int64 {
@@ -206,22 +208,30 @@ func (b *BoxInstance) QueryStats(tag, direct string) int64 {
 
 func (b *BoxInstance) SelectOutbound(tag string) bool {
 	if b.selector != nil {
-		var result = b.selector.SelectOutbound(tag)
-		if result {
-			ResetAllConnections(true)
-		}
-		return result
+		return b.selector.SelectOutbound(tag)
 	}
 	return false
 }
 
 func UrlTest(i *BoxInstance, link string, timeout int32) (latency int32, err error) {
 	defer device.DeferPanicToError("box.UrlTest", func(err_ error) { err = err_ })
-	if i == nil {
-		// test current
-		return speedtest.UrlTest(neko_common.GetProxyHttpClient(), link, timeout)
+	var connectionTracker adapter.ConnectionTracker
+	// test i
+	if i != nil {
+		if i.v2api != nil {
+			connectionTracker = i.v2api.StatsService()
+		}
+		return speedtest.UrlTest(boxapi.CreateProxyHttpClient(i.Box, connectionTracker), link, timeout, speedtest.UrlTestStandard_RTT)
+	}
+	// test direct
+	if mainInstance == nil {
+		return speedtest.UrlTest(boxapi.CreateProxyHttpClient(nil, nil), link, timeout, speedtest.UrlTestStandard_RTT)
+	}
+	// test mainInstance
+	if mainInstance.v2api != nil {
+		connectionTracker = mainInstance.v2api.StatsService()
 	}
-	return speedtest.UrlTest(boxapi.GetProxyHttpClient(i.Box), link, timeout)
+	return speedtest.UrlTest(boxapi.CreateProxyHttpClient(mainInstance.Box, connectionTracker), link, timeout, speedtest.UrlTestStandard_RTT)
 }
 
 var protectCloser io.Closer
diff --git a/libcore/box_include.go b/libcore/box_include.go
new file mode 100644
index 000000000..5a95cd867
--- /dev/null
+++ b/libcore/box_include.go
@@ -0,0 +1,128 @@
+package libcore
+
+import (
+	"context"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/adapter/endpoint"
+	"github.com/sagernet/sing-box/adapter/inbound"
+	"github.com/sagernet/sing-box/adapter/outbound"
+	"github.com/sagernet/sing-box/adapter/service"
+	"github.com/sagernet/sing-box/dns"
+	"github.com/sagernet/sing-box/dns/transport"
+	"github.com/sagernet/sing-box/dns/transport/fakeip"
+	"github.com/sagernet/sing-box/dns/transport/hosts"
+	"github.com/sagernet/sing-box/dns/transport/local"
+	"github.com/sagernet/sing-box/dns/transport/quic"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing-box/protocol/anytls"
+	"github.com/sagernet/sing-box/protocol/block"
+	"github.com/sagernet/sing-box/protocol/direct"
+	protocolDns "github.com/sagernet/sing-box/protocol/dns"
+	"github.com/sagernet/sing-box/protocol/group"
+	"github.com/sagernet/sing-box/protocol/http"
+	"github.com/sagernet/sing-box/protocol/hysteria"
+	"github.com/sagernet/sing-box/protocol/hysteria2"
+	"github.com/sagernet/sing-box/protocol/mixed"
+	"github.com/sagernet/sing-box/protocol/redirect"
+	"github.com/sagernet/sing-box/protocol/shadowsocks"
+	"github.com/sagernet/sing-box/protocol/shadowtls"
+	"github.com/sagernet/sing-box/protocol/socks"
+	"github.com/sagernet/sing-box/protocol/ssh"
+	"github.com/sagernet/sing-box/protocol/tor"
+	"github.com/sagernet/sing-box/protocol/trojan"
+	"github.com/sagernet/sing-box/protocol/tuic"
+	"github.com/sagernet/sing-box/protocol/tun"
+	"github.com/sagernet/sing-box/protocol/vless"
+	"github.com/sagernet/sing-box/protocol/vmess"
+	"github.com/sagernet/sing-box/protocol/wireguard"
+
+	_ "github.com/sagernet/sing-box/experimental/clashapi"
+	_ "github.com/sagernet/sing-box/transport/v2rayquic"
+)
+
+func nekoboxAndroidInboundRegistry() *inbound.Registry {
+	registry := inbound.NewRegistry()
+
+	tun.RegisterInbound(registry)
+	redirect.RegisterRedirect(registry)
+	redirect.RegisterTProxy(registry)
+	direct.RegisterInbound(registry)
+
+	socks.RegisterInbound(registry)
+	http.RegisterInbound(registry)
+	mixed.RegisterInbound(registry)
+
+	return registry
+}
+
+func nekoboxAndroidOutboundRegistry() *outbound.Registry {
+	registry := outbound.NewRegistry()
+
+	direct.RegisterOutbound(registry)
+
+	block.RegisterOutbound(registry)
+	protocolDns.RegisterOutbound(registry)
+
+	group.RegisterSelector(registry)
+	group.RegisterURLTest(registry)
+
+	socks.RegisterOutbound(registry)
+	http.RegisterOutbound(registry)
+	shadowsocks.RegisterOutbound(registry)
+	vmess.RegisterOutbound(registry)
+	trojan.RegisterOutbound(registry)
+	tor.RegisterOutbound(registry)
+	ssh.RegisterOutbound(registry)
+	shadowtls.RegisterOutbound(registry)
+	vless.RegisterOutbound(registry)
+	anytls.RegisterOutbound(registry)
+
+	hysteria.RegisterOutbound(registry)
+	tuic.RegisterOutbound(registry)
+	hysteria2.RegisterOutbound(registry)
+
+	wireguard.RegisterOutbound(registry)
+
+	return registry
+}
+
+func nekoboxAndroidEndpointRegistry() *endpoint.Registry {
+	registry := endpoint.NewRegistry()
+
+	wireguard.RegisterEndpoint(registry)
+
+	return registry
+}
+
+func nekoboxAndroidDNSTransportRegistry(localTransport LocalDNSTransport) *dns.TransportRegistry {
+	registry := dns.NewTransportRegistry()
+
+	transport.RegisterTCP(registry)
+	transport.RegisterUDP(registry)
+	transport.RegisterTLS(registry)
+	transport.RegisterHTTPS(registry)
+	hosts.RegisterTransport(registry)
+	// local.RegisterTransport(registry)
+	fakeip.RegisterTransport(registry)
+
+	quic.RegisterTransport(registry)
+	quic.RegisterHTTP3Transport(registry)
+
+	if localTransport == nil {
+		local.RegisterTransport(registry)
+	} else {
+		dns.RegisterTransport(registry, "local", func(ctx context.Context, logger log.ContextLogger, tag string, options option.LocalDNSServerOptions) (adapter.DNSTransport, error) {
+			return newPlatformTransport(localTransport, tag, options), nil
+		})
+	}
+
+	return registry
+}
+
+func nekoboxAndroidServiceRegistry() *service.Registry {
+	registry := service.NewRegistry()
+
+	return registry
+}
diff --git a/libcore/build.sh b/libcore/build.sh
index 30acdd468..233e89d4d 100755
--- a/libcore/build.sh
+++ b/libcore/build.sh
@@ -1,9 +1,8 @@
 #!/bin/bash
 
+source ./env_java.sh || true
 source ../buildScript/init/env_ndk.sh
 
-[ $rel ] || sed -i "s/buildDate .*/buildDate := `date +'%Y%m%d'`/g" date.go
-
 BUILD=".build"
 
 rm -rf $BUILD/android \
@@ -11,7 +10,12 @@ rm -rf $BUILD/android \
   $BUILD/javac-output \
   $BUILD/src
 
-gomobile bind -v -androidapi 21 -cache $(realpath $BUILD) -trimpath -ldflags='-s -w' -tags='with_conntrack,with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api' . || exit 1
+if [ -z "$GOPATH" ]; then
+  GOPATH=$(go env GOPATH)
+fi
+
+export GOBIND=gobind-matsuri
+"$GOPATH"/bin/gomobile-matsuri bind -v -androidapi 21 -cache "$(realpath $BUILD)" -trimpath -ldflags='-s -w' -tags='with_conntrack,with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api' . || exit 1
 rm -r libcore-sources.jar
 
 proj=../app/libs
diff --git a/libcore/certs.go b/libcore/certs.go
new file mode 100644
index 000000000..00a98db4d
--- /dev/null
+++ b/libcore/certs.go
@@ -0,0 +1,24 @@
+package libcore
+
+import (
+	"crypto/x509"
+	"log"
+	_ "unsafe" // for go:linkname
+)
+
+//go:linkname systemRoots crypto/x509.systemRoots
+var systemRoots *x509.CertPool
+
+func updateRootCACerts(pem []byte) {
+	x509.SystemCertPool()
+	roots := x509.NewCertPool()
+	if !roots.AppendCertsFromPEM(pem) {
+		log.Println("failed to append certificates from pem")
+		return
+	}
+	systemRoots = roots
+	log.Println("external ca.pem was loaded")
+}
+
+//go:linkname initSystemRoots crypto/x509.initSystemRoots
+func initSystemRoots()
diff --git a/libcore/date.go b/libcore/date.go
deleted file mode 100644
index b1a4601f4..000000000
--- a/libcore/date.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package libcore
-
-import (
-	"strconv"
-	"time"
-)
-
-var outdated string
-
-func GetBuildTime() int64 {
-	buildDate := 20230414
-	buildTime, _ := time.Parse("20060102", strconv.Itoa(buildDate))
-	return buildTime.Unix()
-}
-
-func GetExpireTime() int64 {
-	buildTime := time.Unix(GetBuildTime(), 0)
-	expireTime := buildTime.AddDate(0, 6, 0) // current force update: 6 months
-	return expireTime.Unix()
-}
diff --git a/libcore/device/debug.go b/libcore/device/debug.go
index 016c17fe9..624bdfaae 100644
--- a/libcore/device/debug.go
+++ b/libcore/device/debug.go
@@ -13,9 +13,11 @@ func GoDebug(any interface{}) {
 	}
 }
 
-func DeferPanicToError(name string, err func(error)) {
+func DeferPanicToError(name string, onError func(error)) {
 	if r := recover(); r != nil {
-		s := fmt.Errorf("%s panic: %s\n%s", name, r, string(debug.Stack()))
-		err(s)
+		if onError != nil {
+			s := fmt.Errorf("%s panic: %s\n%s", name, r, string(debug.Stack()))
+			onError(s)
+		}
 	}
 }
diff --git a/libcore/dns.go b/libcore/dns.go
deleted file mode 100644
index 5c8b7c04d..000000000
--- a/libcore/dns.go
+++ /dev/null
@@ -1,119 +0,0 @@
-//go:build android
-
-package libcore
-
-import (
-	"context"
-	"log"
-	"net"
-	"net/netip"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/miekg/dns"
-	D "github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common/logger"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func init() {
-	D.RegisterTransport([]string{"underlying"}, createUnderlyingTransport)
-}
-
-// CreateUnderlyingTransport for Android
-func createUnderlyingTransport(name string, ctx context.Context, logger logger.ContextLogger, dialer N.Dialer, link string) (D.Transport, error) {
-	return &androidUnderlyingTransportSing{name, underlyingResolver}, nil
-}
-
-//
-
-type androidUnderlyingTransportSing struct {
-	name string
-	*androidUnderlyingTransport
-}
-
-func (t *androidUnderlyingTransportSing) Name() string { return t.name }
-
-//
-
-var systemResolver = &net.Resolver{PreferGo: false}                                  // Using System API, lookup from current network.
-var underlyingResolver = &androidUnderlyingTransport{systemResolver: systemResolver} // Using System API, lookup from non-VPN network.
-
-type androidUnderlyingTransport struct {
-	systemResolver *net.Resolver
-}
-
-func (t *androidUnderlyingTransport) Start() error { return nil }
-func (t *androidUnderlyingTransport) Close() error { return nil }
-func (t *androidUnderlyingTransport) Raw() bool    { return false }
-func (t *androidUnderlyingTransport) Exchange(ctx context.Context, message *dns.Msg) (*dns.Msg, error) {
-	return nil, D.ErrNoRawSupport
-}
-
-func (t *androidUnderlyingTransport) Lookup(ctx context.Context, domain string, strategy D.DomainStrategy) (ips []netip.Addr, err error) {
-	isSekai := localResolver != nil
-
-	var cancel context.CancelFunc
-	ctx, cancel = context.WithTimeout(ctx, time.Second*5)
-	ok := make(chan interface{})
-	defer cancel()
-
-	go func() {
-		defer func() {
-			select {
-			case <-ctx.Done():
-			default:
-				ok <- nil
-			}
-			close(ok)
-		}()
-
-		var network, str string
-		if strategy == D.DomainStrategyUseIPv4 {
-			network = "ip4"
-		} else if strategy == D.DomainStrategyUseIPv6 {
-			network = "ip6"
-		} else {
-			network = "ip"
-		}
-
-		if isSekai {
-			str, err = localResolver.LookupIP(network, domain)
-			// java -> go
-			if err != nil {
-				rcode, err2 := strconv.Atoi(err.Error())
-				if err2 == nil {
-					err = D.RCodeError(rcode)
-				}
-				return
-			} else if str == "" {
-				err = D.RCodeNameError
-				return
-			}
-			ips = make([]netip.Addr, 0)
-			for _, ip := range strings.Split(str, ",") {
-				ips = append(ips, netip.MustParseAddr(ip))
-			}
-		} else {
-			ips2, err2 := t.systemResolver.LookupIP(context.Background(), network, domain)
-			if err2 != nil {
-				err = err2
-				return
-			}
-			for _, ip2 := range ips2 {
-				if ip, ok := netip.AddrFromSlice(ip2); ok {
-					ips = append(ips, ip)
-				}
-			}
-		}
-	}()
-
-	select {
-	case <-ctx.Done():
-		log.Printf("underlyingResolver: context cancelled! (sekai=%t)\n", isSekai)
-		return nil, D.RCodeServerFailure
-	case <-ok:
-		return
-	}
-}
diff --git a/libcore/dns_android.go b/libcore/dns_android.go
new file mode 100644
index 000000000..184c4ab6f
--- /dev/null
+++ b/libcore/dns_android.go
@@ -0,0 +1,114 @@
+//go:build android && cgo
+
+package libcore
+
+/*
+#include <stdint.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+
+typedef int (*android_res_nsend_t)(uint64_t network, const uint8_t* msg, size_t msglen, int flags);
+typedef int (*android_res_nresult_t)(int fd, int* rcode, uint8_t* resp, size_t resp_len);
+
+static int call_android_res_nsend(void* sym, uint64_t network, const uint8_t* msg, size_t msglen, int flags) {
+    android_res_nsend_t f = (android_res_nsend_t)sym;
+    if (!f) return -1;
+    return f(network, msg, msglen, flags);
+}
+
+static int call_android_res_nresult(void* sym, int fd, int* rcode, uint8_t* resp, size_t resp_len) {
+    android_res_nresult_t f = (android_res_nresult_t)sym;
+    if (!f) return -1;
+    return f(fd, rcode, resp, resp_len);
+}
+*/
+import "C"
+
+import (
+	"context"
+	"errors"
+	"os"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+func init() {
+	libname := C.CString("libandroid.so")
+	defer C.free(unsafe.Pointer(libname))
+
+	libHandle := C.dlopen(libname, C.int(C.RTLD_NOW))
+	if libHandle == nil {
+		return
+	}
+
+	symNameSend := C.CString("android_res_nsend")
+	defer C.free(unsafe.Pointer(symNameSend))
+	androidResNSendSym := C.dlsym(libHandle, symNameSend)
+	if androidResNSendSym == nil {
+		return
+	}
+
+	symNameResult := C.CString("android_res_nresult")
+	defer C.free(unsafe.Pointer(symNameResult))
+	androidResNResultSym := C.dlsym(libHandle, symNameResult)
+	if androidResNResultSym == nil {
+		return
+	}
+
+	callAndroidResNSend := func(network uint64, msg []byte) (int, error) {
+		if len(msg) == 0 {
+			return 0, errors.New("empty payload")
+		}
+		msgPtr := (*C.uint8_t)(unsafe.Pointer(&msg[0]))
+		msgLen := C.size_t(len(msg))
+		ret := C.call_android_res_nsend(androidResNSendSym, C.uint64_t(network), msgPtr, msgLen, C.int(0))
+		return int(ret), nil
+	}
+
+	callAndroidResNResult := func(fd int, resp []byte) (int, int) {
+		if len(resp) == 0 {
+			return 0, 0
+		}
+		respPtr := (*C.uint8_t)(unsafe.Pointer(&resp[0]))
+		respLen := C.size_t(len(resp))
+		var rcode C.int
+		n := C.call_android_res_nresult(androidResNResultSym, C.int(fd), &rcode, respPtr, respLen)
+		return int(rcode), int(n)
+	}
+
+	// set rawQueryFunc
+	rawQueryFunc = func(networkHandle int64, request []byte) ([]byte, error) {
+		fd, err := callAndroidResNSend(uint64(networkHandle), request)
+		if err != nil {
+			return nil, err
+		}
+		if fd < 0 {
+			return nil, unix.Errno(-fd)
+		}
+
+		// wait for response (timeout 5000 ms)
+		pfds := []unix.PollFd{{Fd: int32(fd), Events: unix.POLLIN | unix.POLLERR}}
+		nReady, err := unix.Poll(pfds, 5000)
+		if err != nil {
+			unix.Close(fd)
+			return nil, err
+		}
+		if nReady == 0 {
+			unix.Close(fd)
+			return nil, context.DeadlineExceeded
+		}
+
+		// read response into buffer
+		response := make([]byte, 8192)
+		_, n := callAndroidResNResult(fd, response)
+		if n < 0 {
+			return nil, unix.Errno(-n)
+		}
+		if n == 0 {
+			return nil, os.ErrInvalid
+		}
+		return response[:n], nil
+	}
+}
diff --git a/libcore/dns_box.go b/libcore/dns_box.go
new file mode 100644
index 000000000..3f1cd5fbb
--- /dev/null
+++ b/libcore/dns_box.go
@@ -0,0 +1,166 @@
+// libbox/dns.go
+
+package libcore
+
+import (
+	"context"
+	"net/netip"
+	"strings"
+	"sync"
+	"syscall"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/dns"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing/common/task"
+
+	mDNS "github.com/miekg/dns"
+)
+
+var rawQueryFunc func(networkHandle int64, request []byte) ([]byte, error)
+
+type LocalDNSTransport interface {
+	Raw() bool
+	NetworkHandle() int64
+	Lookup(ctx *ExchangeContext, network string, domain string) error
+	Exchange(ctx *ExchangeContext, message []byte) error
+}
+
+var gLocalDNSTransport *platformLocalDNSTransport = nil
+
+type platformLocalDNSTransport struct {
+	dns.TransportAdapter
+	iif LocalDNSTransport
+	raw bool
+}
+
+func newPlatformTransport(iif LocalDNSTransport, tag string, options option.LocalDNSServerOptions) *platformLocalDNSTransport {
+	return &platformLocalDNSTransport{
+		TransportAdapter: dns.NewTransportAdapterWithLocalOptions(constant.DNSTypeLocal, tag, options),
+		iif:              iif,
+		raw:              iif.Raw(),
+	}
+}
+
+func (p *platformLocalDNSTransport) Start(stage adapter.StartStage) error {
+	return nil
+}
+
+func (p *platformLocalDNSTransport) Close() error {
+	return nil
+}
+
+func (p *platformLocalDNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
+	if p.raw && rawQueryFunc != nil {
+		// Raw - Android 10 及以上才有
+
+		messageBytes, err := message.Pack()
+		if err != nil {
+			return nil, err
+		}
+		msg, err := rawQueryFunc(p.iif.NetworkHandle(), messageBytes)
+		if err != nil {
+			return nil, err
+		}
+		responseMessage := new(mDNS.Msg)
+		err = responseMessage.Unpack(msg)
+		if err != nil {
+			return nil, err
+		}
+		return responseMessage, nil
+	} else {
+		// Lookup - Android 10 以下
+
+		question := message.Question[0]
+		var network string
+		switch question.Qtype {
+		case mDNS.TypeA:
+			network = "ip4"
+		case mDNS.TypeAAAA:
+			network = "ip6"
+		default:
+			return nil, E.New("only IP queries are supported by current version of Android")
+		}
+
+		done := make(chan struct{})
+		response := &ExchangeContext{
+			context: ctx,
+			done: sync.OnceFunc(func() {
+				close(done)
+			}),
+		}
+
+		var responseAddrs []netip.Addr
+		var group task.Group
+		group.Append0(func(ctx context.Context) error {
+			err := p.iif.Lookup(response, network, question.Name)
+			if err != nil {
+				return err
+			}
+			select {
+			case <-done:
+			case <-ctx.Done():
+				return context.Canceled
+			}
+			if response.error != nil {
+				return response.error
+			}
+			responseAddrs = response.addresses
+			return nil
+		})
+		err := group.Run(ctx)
+		if err != nil {
+			return nil, err
+		}
+		return dns.FixedResponse(message.Id, question, responseAddrs, constant.DefaultDNSTTL), nil
+	}
+}
+
+type Func interface {
+	Invoke() error
+}
+
+type ExchangeContext struct {
+	context   context.Context
+	message   mDNS.Msg
+	addresses []netip.Addr
+	error     error
+	done      func()
+}
+
+func (c *ExchangeContext) OnCancel(callback Func) {
+	go func() {
+		<-c.context.Done()
+		callback.Invoke()
+	}()
+}
+
+func (c *ExchangeContext) Success(result string) {
+	c.addresses = common.Map(common.Filter(strings.Split(result, "\n"), func(it string) bool {
+		return !common.IsEmpty(it)
+	}), func(it string) netip.Addr {
+		return M.ParseSocksaddrHostPort(it, 0).Unwrap().Addr
+	})
+}
+
+func (c *ExchangeContext) RawSuccess(result []byte) {
+	err := c.message.Unpack(result)
+	if err != nil {
+		c.error = E.Cause(err, "parse response")
+	}
+	c.done()
+}
+
+func (c *ExchangeContext) ErrorCode(code int32) {
+	c.error = dns.RcodeError(code)
+	c.done()
+}
+
+func (c *ExchangeContext) ErrnoCode(code int32) {
+	c.error = syscall.Errno(code)
+	c.done()
+}
diff --git a/libcore/ech/ech.go b/libcore/ech/ech.go
new file mode 100644
index 000000000..1dbf50adb
--- /dev/null
+++ b/libcore/ech/ech.go
@@ -0,0 +1,83 @@
+package ech
+
+import (
+	"context"
+	"crypto/tls"
+	"encoding/base64"
+	"net"
+	"os"
+
+	mDNS "github.com/miekg/dns"
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/dns"
+	"github.com/sagernet/sing/common/exceptions"
+)
+
+type ECHClientConfig struct {
+	*tls.Config
+	domain            string
+	localDnsTransport adapter.DNSTransport
+}
+
+func NewECHClientConfig(domain string, tlsConfig *tls.Config, localDnsTransport adapter.DNSTransport) *ECHClientConfig {
+	config := tlsConfig.Clone()
+	config.ServerName = domain
+	return &ECHClientConfig{
+		Config:            config,
+		domain:            domain,
+		localDnsTransport: localDnsTransport,
+	}
+}
+
+// ClientHandshake 封装 TLS 握手
+func (s *ECHClientConfig) ClientHandshake(ctx context.Context, conn net.Conn) (*tls.Conn, error) {
+	tlsConn, err := s.fetchAndHandshake(ctx, conn)
+	if err != nil {
+		return nil, err
+	}
+	err = tlsConn.HandshakeContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tlsConn, nil
+}
+
+// fetchAndHandshake 查询 ECHConfigList 并完成 TLS 连接
+func (s *ECHClientConfig) fetchAndHandshake(ctx context.Context, conn net.Conn) (*tls.Conn, error) {
+	message := &mDNS.Msg{
+		MsgHdr: mDNS.MsgHdr{
+			RecursionDesired: true,
+		},
+		Question: []mDNS.Question{
+			{
+				Name:   mDNS.Fqdn(s.domain),
+				Qtype:  mDNS.TypeHTTPS,
+				Qclass: mDNS.ClassINET,
+			},
+		},
+	}
+	if s.localDnsTransport == nil {
+		return nil, os.ErrInvalid
+	}
+	response, err := s.localDnsTransport.Exchange(ctx, message)
+	if err != nil {
+		return nil, exceptions.Cause(err, "fetch ECH config list")
+	}
+	if response.Rcode != mDNS.RcodeSuccess {
+		return nil, exceptions.Cause(dns.RcodeError(response.Rcode), "fetch ECH config list")
+	}
+	for _, rr := range response.Answer {
+		switch resource := rr.(type) {
+		case *mDNS.HTTPS:
+			for _, value := range resource.Value {
+				if value.Key().String() == "ech" {
+					echConfigList, err := base64.StdEncoding.DecodeString(value.String())
+					if err == nil {
+						s.Config.EncryptedClientHelloConfigList = echConfigList
+					}
+				}
+			}
+		}
+	}
+	return tls.Client(conn, s.Config), nil
+}
diff --git a/libcore/fix.go b/libcore/fix.go
new file mode 100644
index 000000000..ccc41c487
--- /dev/null
+++ b/libcore/fix.go
@@ -0,0 +1,12 @@
+package libcore
+
+// https://github.com/golang/go/issues/46893
+// TODO: remove after `bulkBarrierPreWrite: unaligned arguments` fixed
+
+type StringBox struct {
+	Value string
+}
+
+func wrapString(value string) *StringBox {
+	return &StringBox{Value: value}
+}
diff --git a/libcore/geoip.go b/libcore/geoip.go
new file mode 100644
index 000000000..6ea92d564
--- /dev/null
+++ b/libcore/geoip.go
@@ -0,0 +1,70 @@
+package libcore
+
+import (
+	"fmt"
+	"net"
+	"path/filepath"
+	"strings"
+
+	"github.com/oschwald/maxminddb-golang"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/nekoutils"
+	"github.com/sagernet/sing-box/option"
+)
+
+type geoip struct {
+	geoipReader *maxminddb.Reader
+}
+
+func (g *geoip) Open(path string) error {
+	geoipReader, err := maxminddb.Open(path)
+	g.geoipReader = geoipReader
+	return err
+}
+
+func (g *geoip) Rules(countryCode string) ([]option.HeadlessRule, error) {
+	networks := g.geoipReader.Networks(maxminddb.SkipAliasedNetworks)
+	countryMap := make(map[string][]*net.IPNet)
+	var (
+		ipNet           *net.IPNet
+		nextCountryCode string
+		err             error
+	)
+	for networks.Next() {
+		ipNet, err = networks.Network(&nextCountryCode)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get network: %w", err)
+		}
+		countryMap[nextCountryCode] = append(countryMap[nextCountryCode], ipNet)
+	}
+
+	ipNets := countryMap[strings.ToLower(countryCode)]
+
+	if len(ipNets) == 0 {
+		return nil, fmt.Errorf("no networks found for country code: %s", countryCode)
+	}
+
+	var headlessRule option.DefaultHeadlessRule
+	headlessRule.IPCIDR = make([]string, 0, len(ipNets))
+	for _, cidr := range ipNets {
+		headlessRule.IPCIDR = append(headlessRule.IPCIDR, cidr.String())
+	}
+
+	return []option.HeadlessRule{
+		{
+			Type:           C.RuleTypeDefault,
+			DefaultOptions: headlessRule,
+		},
+	}, nil
+}
+
+func init() {
+	nekoutils.GetGeoIPHeadlessRules = func(name string) ([]option.HeadlessRule, error) {
+		g := new(geoip)
+		if err := g.Open(filepath.Join(externalAssetsPath, "geoip.db")); err != nil {
+			return nil, err
+		}
+		defer g.geoipReader.Close()
+		return g.Rules(name)
+	}
+}
diff --git a/libcore/geosite.go b/libcore/geosite.go
new file mode 100644
index 000000000..616edf13d
--- /dev/null
+++ b/libcore/geosite.go
@@ -0,0 +1,54 @@
+package libcore
+
+import (
+	"fmt"
+	"path/filepath"
+
+	geosites "github.com/sagernet/sing-box/common/geosite"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/nekoutils"
+	"github.com/sagernet/sing-box/option"
+)
+
+type geosite struct {
+	geositeReader *geosites.Reader
+}
+
+func (g *geosite) Open(path string) error {
+	geositeReader, _, err := geosites.Open(path)
+	g.geositeReader = geositeReader
+	return err
+}
+
+func (g *geosite) Rules(code string) ([]option.HeadlessRule, error) {
+	sourceSet, err := g.geositeReader.Read(code)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read geosite code %s :%w", code, err)
+	}
+
+	var headlessRule option.DefaultHeadlessRule
+
+	defaultRule := geosites.Compile(sourceSet)
+
+	headlessRule.Domain = defaultRule.Domain
+	headlessRule.DomainSuffix = defaultRule.DomainSuffix
+	headlessRule.DomainKeyword = defaultRule.DomainKeyword
+	headlessRule.DomainRegex = defaultRule.DomainRegex
+
+	return []option.HeadlessRule{
+		{
+			Type:           C.RuleTypeDefault,
+			DefaultOptions: headlessRule,
+		},
+	}, nil
+}
+
+func init() {
+	nekoutils.GetGeoSiteHeadlessRules = func(name string) ([]option.HeadlessRule, error) {
+		g := new(geosite)
+		if err := g.Open(filepath.Join(externalAssetsPath, "geosite.db")); err != nil {
+			return nil, err
+		}
+		return g.Rules(name)
+	}
+}
diff --git a/libcore/go.mod b/libcore/go.mod
index a9ab01858..12b9d8298 100644
--- a/libcore/go.mod
+++ b/libcore/go.mod
@@ -1,100 +1,87 @@
 module libcore
 
-go 1.18
+go 1.23.1
+
+toolchain go1.23.6
 
 require (
-	github.com/codeclysm/extract v2.2.0+incompatible
-	github.com/matsuridayo/libneko v0.0.0-20230315005352-9d7e3f3a79d1
-	github.com/matsuridayo/sing-box-extra v0.0.0-20230417014110-39b3adb5f93f
-	github.com/miekg/dns v1.1.53
-	github.com/sagernet/sing v0.2.3
-	github.com/sagernet/sing-box v1.2.4
-	github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc
-	github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab
-	github.com/ulikunitz/xz v0.5.10
-	golang.org/x/mobile v0.0.0-20220722155234-aaac322e2105
+	github.com/matsuridayo/libneko v1.0.0 // replaced
+	github.com/miekg/dns v1.1.67
+	github.com/oschwald/maxminddb-golang v1.13.1
+	github.com/sagernet/quic-go v0.52.0-sing-box-mod.3
+	github.com/sagernet/sing v0.7.13
+	github.com/sagernet/sing-box v1.0.0 // replaced
+	github.com/sagernet/sing-tun v0.7.3
+	github.com/ulikunitz/xz v0.5.15
+	golang.org/x/mobile v0.0.0-20231108233038-35478a0c49da
+	golang.org/x/sys v0.35.0
 )
 
 require (
-	berty.tech/go-libtor v1.0.385 // indirect
-	github.com/Dreamacro/clash v1.15.0 // indirect
 	github.com/ajg/form v1.5.1 // indirect
-	github.com/andybalholm/brotli v1.0.5 // indirect
-	github.com/caddyserver/certmagic v0.17.2 // indirect
-	github.com/cloudflare/circl v1.2.1-0.20221019164342-6ab4dfed8f3c // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/anytls/sing-anytls v0.0.11 // indirect
+	github.com/caddyserver/certmagic v0.23.0 // indirect
+	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cretz/bine v0.2.0 // indirect
-	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-chi/chi/v5 v5.0.8 // indirect
-	github.com/go-chi/cors v1.2.1 // indirect
-	github.com/go-chi/render v1.0.2 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
-	github.com/gofrs/uuid v4.4.0+incompatible // indirect
-	github.com/gofrs/uuid/v5 v5.0.0 // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/btree v1.0.1 // indirect
-	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
-	github.com/h2non/filetype v1.1.3 // indirect
-	github.com/hashicorp/yamux v0.1.1 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16 // indirect
-	github.com/josharian/native v1.1.0 // indirect
-	github.com/juju/errors v1.0.0 // indirect
-	github.com/klauspost/compress v1.15.15 // indirect
-	github.com/klauspost/cpuid/v2 v2.1.1 // indirect
-	github.com/libdns/libdns v0.2.1 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-chi/chi/v5 v5.2.2 // indirect
+	github.com/go-chi/render v1.0.3 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/gobwas/httphead v0.1.0 // indirect
+	github.com/gobwas/pool v0.2.1 // indirect
+	github.com/gofrs/uuid/v5 v5.3.2 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
+	github.com/libdns/alidns v1.0.5-libdns.v1.beta1 // indirect
+	github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 // indirect
+	github.com/libdns/libdns v1.1.0 // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
-	github.com/mholt/acmez v1.1.0 // indirect
-	github.com/onsi/ginkgo/v2 v2.2.0 // indirect
-	github.com/ooni/go-libtor v1.1.7 // indirect
-	github.com/oschwald/maxminddb-golang v1.10.0 // indirect
-	github.com/pierrec/lz4/v4 v4.1.14 // indirect
-	github.com/pires/go-proxyproto v0.7.0 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-18 v0.2.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.2.0 // indirect
-	github.com/quic-go/qtls-go1-20 v0.1.0 // indirect
-	github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0 // indirect
-	github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect
-	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
-	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 // indirect
-	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 // indirect
-	github.com/sagernet/sing-shadowsocks v0.2.0 // indirect
-	github.com/sagernet/sing-shadowtls v0.1.0 // indirect
-	github.com/sagernet/sing-vmess v0.1.3 // indirect
-	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 // indirect
-	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 // indirect
-	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 // indirect
-	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e // indirect
-	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
-	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
-	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde // indirect
-	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
-	google.golang.org/grpc v1.54.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
-	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c // indirect
-	lukechampine.com/blake3 v1.1.7 // indirect
+	github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
+	github.com/mdlayher/socket v0.5.1 // indirect
+	github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0 // indirect
+	github.com/metacubex/utls v1.8.3 // indirect
+	github.com/mholt/acmez/v3 v3.1.2 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a // indirect
+	github.com/sagernet/cors v1.2.1 // indirect
+	github.com/sagernet/fswatch v0.1.1 // indirect
+	github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb // indirect
+	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a // indirect
+	github.com/sagernet/nftables v0.3.0-beta.4 // indirect
+	github.com/sagernet/sing-mux v0.3.3 // indirect
+	github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb // indirect
+	github.com/sagernet/sing-shadowsocks v0.2.8 // indirect
+	github.com/sagernet/sing-shadowsocks2 v0.2.1 // indirect
+	github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 // indirect
+	github.com/sagernet/sing-vmess v0.2.7 // indirect
+	github.com/sagernet/smux v1.5.34-mod.2 // indirect
+	github.com/sagernet/wireguard-go v0.0.1-beta.7 // indirect
+	github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 // indirect
+	github.com/vishvananda/netns v0.0.5 // indirect
+	github.com/zeebo/blake3 v0.2.4 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap/exp v0.3.0 // indirect
+	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
+	google.golang.org/grpc v1.73.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	lukechampine.com/blake3 v1.3.0 // indirect
 )
 
-// replace github.com/matsuridayo/libneko => ../../libneko
-
-// replace github.com/matsuridayo/sing-box-extra => ../../sing-box-extra
+replace github.com/matsuridayo/libneko => ../../libneko
 
-replace github.com/sagernet/sing-dns => github.com/matsuridayo/sing-dns v0.0.0-20230410025504-c609bffff165
+replace github.com/sagernet/sing-box => ../../sing-box
diff --git a/libcore/go.sum b/libcore/go.sum
index ff64866bb..55e9d7d7c 100644
--- a/libcore/go.sum
+++ b/libcore/go.sum
@@ -1,262 +1,204 @@
-berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw=
-berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Dreamacro/clash v1.15.0 h1:mlpD950VEggXZBNahV66hyKDRxcczkj3vymoAt78KyE=
-github.com/Dreamacro/clash v1.15.0/go.mod h1:WNH69bN11LiAdgdSr4hpkEuXVMfBbWyhEKMCTx9BtNE=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
-github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
-github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/caddyserver/certmagic v0.17.2 h1:o30seC1T/dBqBCNNGNHWwj2i5/I/FMjBbTAhjADP3nE=
-github.com/caddyserver/certmagic v0.17.2/go.mod h1:ouWUuC490GOLJzkyN35eXfV8bSbwMwSf4bdhkIxtdQE=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cloudflare/circl v1.2.1-0.20221019164342-6ab4dfed8f3c h1:K1VdSnBZiGapczwcUKnE1qcsMBclA84DUOD2NG/78VY=
-github.com/cloudflare/circl v1.2.1-0.20221019164342-6ab4dfed8f3c/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
-github.com/codeclysm/extract v2.2.0+incompatible h1:q3wyckoA30bhUSiwdQezMqVhwd8+WGE64/GL//LtUhI=
-github.com/codeclysm/extract v2.2.0+incompatible/go.mod h1:2nhFMPHiU9At61hz+12bfrlpXSUrOnK+wR+KlGO4Uks=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cretz/bine v0.1.0/go.mod h1:6PF6fWAvYtwjRGkAuDEJeWNOv3a2hUouSP/yRYXmvHw=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
+github.com/anytls/sing-anytls v0.0.11 h1:w8e9Uj1oP3m4zxkyZDewPk0EcQbvVxb7Nn+rapEx4fc=
+github.com/anytls/sing-anytls v0.0.11/go.mod h1:7rjN6IukwysmdusYsrV51Fgu1uW6vsrdd6ctjnEAln8=
+github.com/caddyserver/certmagic v0.23.0 h1:CfpZ/50jMfG4+1J/u2LV6piJq4HOfO6ppOnOf7DkFEU=
+github.com/caddyserver/certmagic v0.23.0/go.mod h1:9mEZIWqqWoI+Gf+4Trh04MOVPD0tGSxtqsxg87hAIH4=
+github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
+github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
 github.com/cretz/bine v0.2.0 h1:8GiDRGlTgz+o8H9DSnsl+5MeBK4HsExxgl6WgzOCuZo=
 github.com/cretz/bine v0.2.0/go.mod h1:WU4o9QR9wWp8AVKtTM1XD5vUHkEqnf2vVSo6dBqbetI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
-github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0=
-github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
-github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
-github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
-github.com/go-chi/render v1.0.2 h1:4ER/udB0+fMWB2Jlf15RV3F4A2FDuYi/9f+lFttR/Lg=
-github.com/go-chi/render v1.0.2/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
-github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M=
-github.com/gofrs/uuid/v5 v5.0.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/h2non/filetype v1.1.3 h1:FKkx9QbD7HR/zjK1Ia5XiBsq9zdLi5Kf3zGyFTAFkGg=
-github.com/h2non/filetype v1.1.3/go.mod h1:319b3zT68BvV+WRj7cwy856M2ehB3HqNOt6sy1HndBY=
-github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
-github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
-github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16 h1:+aAGyK41KRn8jbF2Q7PLL0Sxwg6dShGcQSeCC7nZQ8E=
-github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16/go.mod h1:IKrnDWs3/Mqq5n0lI+RxA2sB7MvN/vbMBP3ehXg65UI=
-github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
-github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/juju/errors v1.0.0 h1:yiq7kjCLll1BiaRuNY53MGI0+EQ3rF6GB+wvboZDefM=
-github.com/juju/errors v1.0.0/go.mod h1:B5x9thDqx0wIMH3+aLIMP9HjItInYWObRovoCFM5Qe8=
-github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
-github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.1.1 h1:t0wUqjowdm8ezddV5k0tLWVklVuvLJpoHeb4WBdydm0=
-github.com/klauspost/cpuid/v2 v2.1.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis=
-github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
+github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
+github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gofrs/uuid/v5 v5.3.2 h1:2jfO8j3XgSwlz/wHqemAEugfnTlikAYHhnqQ8Xh4fE0=
+github.com/gofrs/uuid/v5 v5.3.2/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8=
+github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/libdns/alidns v1.0.5-libdns.v1.beta1 h1:txHK7UxDed3WFBDjrTZPuMn8X+WmhjBTTAMW5xdy5pQ=
+github.com/libdns/alidns v1.0.5-libdns.v1.beta1/go.mod h1:ystHmPwcGoWjPrGpensQSMY9VoCx4cpR2hXNlwk9H/g=
+github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 h1:3MGrVWs2COjMkQR17oUw1zMIPbm2YAzxDC3oGVZvQs8=
+github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6/go.mod h1:w9uTmRCDlAoafAsTPnn2nJ0XHK/eaUMh86DUk8BWi60=
+github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
+github.com/libdns/libdns v1.1.0 h1:9ze/tWvt7Df6sbhOJRB8jT33GHEHpEQXdtkE3hPthbU=
+github.com/libdns/libdns v1.1.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
 github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/matsuridayo/libneko v0.0.0-20230315005352-9d7e3f3a79d1 h1:+FflyEuq2hn++MENFuT1/qFHz0KITKK/F6ZHxs23mrg=
-github.com/matsuridayo/libneko v0.0.0-20230315005352-9d7e3f3a79d1/go.mod h1:IRO07Queptz/rGFvEW+3Hmwpx7MCup6WiDs4p5jMt4g=
-github.com/matsuridayo/sing-box-extra v0.0.0-20230417014110-39b3adb5f93f h1:x0UjjMoYh5WSDGhIuRkmZUhGoxXnK++wyvuPnURhz6Q=
-github.com/matsuridayo/sing-box-extra v0.0.0-20230417014110-39b3adb5f93f/go.mod h1:NfCwDELPcVFo8rp0d/P7M2OPmegGCGcwF4GSpgZu8Rs=
-github.com/matsuridayo/sing-dns v0.0.0-20230410025504-c609bffff165 h1:19PQEuBatWsTdQaoB60wdxQFHr3DOBhdTCpHzbkPDNw=
-github.com/matsuridayo/sing-dns v0.0.0-20230410025504-c609bffff165/go.mod h1:69PNSHyEmXdjf6C+bXBOdr2GQnPeEyWjIzo/MV8gmz8=
-github.com/mholt/acmez v1.1.0 h1:IQ9CGHKOHokorxnffsqDvmmE30mDenO1lptYZ1AYkHY=
-github.com/mholt/acmez v1.1.0/go.mod h1:zwo5+fbLLTowAX8o8ETfQzbDtwGEXnPhkmGdKIP+bgs=
-github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
-github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
-github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
-github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
-github.com/ooni/go-libtor v1.1.7 h1:ooVcdEPBqDox5OfeXAfXIeQFCbqMLJVfIpO+Irr7N9A=
-github.com/ooni/go-libtor v1.1.7/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI=
-github.com/oschwald/maxminddb-golang v1.10.0 h1:Xp1u0ZhqkSuopaKmk1WwHtjF0H9Hd9181uj2MQ5Vndg=
-github.com/oschwald/maxminddb-golang v1.10.0/go.mod h1:Y2ELenReaLAZ0b400URyGwvYxHV1dLIxBuyOsyYjHK0=
-github.com/pierrec/lz4/v4 v4.1.14 h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE=
-github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
-github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 h1:A1Cq6Ysb0GM0tpKMbdCXCIfBclan4oHk1Jb+Hrejirg=
+github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42/go.mod h1:BB4YCPDOzfy7FniQ/lxuYQ3dgmM2cZumHbK8RpTjN2o=
+github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
+github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
+github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0 h1:Ui+/2s5Qz0lSnDUBmEL12M5Oi/PzvFxGTNohm8ZcsmE=
+github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
+github.com/metacubex/utls v1.8.3 h1:0m/yCxm3SK6kWve2lKiFb1pue1wHitJ8sQQD4Ikqde4=
+github.com/metacubex/utls v1.8.3/go.mod h1:kncGGVhFaoGn5M3pFe3SXhZCzsbCJayNOH4UEqTKTko=
+github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
+github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
+github.com/miekg/dns v1.1.67 h1:kg0EHj0G4bfT5/oOys6HhZw4vmMlnoZ+gDu8tJ/AlI0=
+github.com/miekg/dns v1.1.67/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/oschwald/maxminddb-golang v1.13.1 h1:G3wwjdN9JmIK2o/ermkHM+98oX5fS+k5MbwsmL4MRQE=
+github.com/oschwald/maxminddb-golang v1.13.1/go.mod h1:K4pgV9N/GcK694KSTmVSDTODk4IsCNThNdTmnaBZ/F8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U=
-github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc=
-github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk=
-github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI=
-github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0 h1:KyhtFFt1Jtp5vW2ohNvstvQffTOQ/s5vENuGXzdA+TM=
-github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0/go.mod h1:D4SFEOkJK+4W1v86ZhX0jPM0rAL498fyQAChqMtes/I=
-github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA=
-github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms=
-github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
-github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
-github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 h1:tztuJB+giOWNRKQEBVY2oI3PsheTooMdh+/yxemYQYY=
-github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32/go.mod h1:QMCkxXAC3CvBgDZVIJp43NWTuwGBScCzMLVLynjERL8=
-github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
-github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
-github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
-github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.3 h1:V50MvZ4c3Iij2lYFWPlzL1PyipwSzjGeN9x+Ox89vpk=
-github.com/sagernet/sing v0.2.3/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
-github.com/sagernet/sing-box v1.2.4 h1:41tDGjU4zCym459HYbpKRJpGmi8zi1FcKAvv6DfqWOQ=
-github.com/sagernet/sing-box v1.2.4/go.mod h1:LDW5ZOuWURxSWz+auElryalxCBlGbA0zvsC8XSy8Sp0=
-github.com/sagernet/sing-shadowsocks v0.2.0 h1:ILDWL7pwWfkPLEbviE/MyCgfjaBmJY/JVVY+5jhSb58=
-github.com/sagernet/sing-shadowsocks v0.2.0/go.mod h1:ysYzszRLpNzJSorvlWRMuzU6Vchsp7sd52q+JNY4axw=
-github.com/sagernet/sing-shadowtls v0.1.0 h1:05MYce8aR5xfKIn+y7xRFsdKhKt44QZTSEQW+lG5IWQ=
-github.com/sagernet/sing-shadowtls v0.1.0/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab h1:a9oeWuPBuIZ70qMhIIH6RrYhp886xN9jJIwsuu4ZFUo=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab/go.mod h1:4YxIDEkkCjGXDOTMPw1SXpLmCQUFAWuaQN250oo+928=
-github.com/sagernet/sing-vmess v0.1.3 h1:q/+tsF46dvvapL6CpQBgPHJ6nQrDUZqEtLHCbsjO7iM=
-github.com/sagernet/sing-vmess v0.1.3/go.mod h1:GVXqAHwe9U21uS+Voh4YBIrADQyE4F9v0ayGSixSQAE=
-github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
-github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37/go.mod h1:3skNSftZDJWTGVtVaM2jfbce8qHnmH/AGDRe62iNOg0=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9/go.mod h1:FUyTEc5ye5NjKnDTDMuiLF2M6T4BE6y6KZuax//UCEg=
-github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
-github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
-github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+VpWamge6o56j2RWk4omF6uLKKxMmcWvs=
-github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkkD2QgdTuzQG263YZ+2emfpeyGqW0=
+github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM=
+github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ=
+github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI=
+github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
+github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
+github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb h1:pprQtDqNgqXkRsXn+0E8ikKOemzmum8bODjSfDene38=
+github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb/go.mod h1:QkkPEJLw59/tfxgapHta14UL5qMUah5NXhO0Kw2Kan4=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
+github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
+github.com/sagernet/quic-go v0.52.0-sing-box-mod.3 h1:ySqffGm82rPqI1TUPqmtHIYd12pfEGScygnOxjTL56w=
+github.com/sagernet/quic-go v0.52.0-sing-box-mod.3/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4=
+github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.7.13 h1:XNYgd8e3cxMULs/LLJspdn/deHrnPWyrrglNHeCUAYM=
+github.com/sagernet/sing v0.7.13/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing-mux v0.3.3 h1:YFgt9plMWzH994BMZLmyKL37PdIVaIilwP0Jg+EcLfw=
+github.com/sagernet/sing-mux v0.3.3/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
+github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb h1:5Wx3XeTiKrrrcrAky7Hc1bO3CGxrvho2Vu5b/adlEIM=
+github.com/sagernet/sing-quic v0.5.2-0.20250909083218-00a55617c0fb/go.mod h1:evP1e++ZG8TJHVV5HudXV4vWeYzGfCdF4HwSJZcdqkI=
+github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE=
+github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI=
+github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo=
+github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
+github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w=
+github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA=
+github.com/sagernet/sing-tun v0.7.3 h1:MFnAir+l24ElEyxdfwtY8mqvUUL9nPnL9TDYLkOmVes=
+github.com/sagernet/sing-tun v0.7.3/go.mod h1:pUEjh9YHQ2gJT6Lk0TYDklh3WJy7lz+848vleGM3JPM=
+github.com/sagernet/sing-vmess v0.2.7 h1:2ee+9kO0xW5P4mfe6TYVWf9VtY8k1JhNysBqsiYj0sk=
+github.com/sagernet/sing-vmess v0.2.7/go.mod h1:5aYoOtYksAyS0NXDm0qKeTYW1yoE1bJVcv+XLcVoyJs=
+github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4=
+github.com/sagernet/smux v1.5.34-mod.2/go.mod h1:0KW0+R+ycvA2INW4gbsd7BNyg+HEfLIAxa5N02/28Zc=
+github.com/sagernet/wireguard-go v0.0.1-beta.7 h1:ltgBwYHfr+9Wz1eG59NiWnHrYEkDKHG7otNZvu85DXI=
+github.com/sagernet/wireguard-go v0.0.1-beta.7/go.mod h1:jGXij2Gn2wbrWuYNUmmNhf1dwcZtvyAvQoe8Xd8MbUo=
+github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=
+github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854/go.mod h1:LtfoSK3+NG57tvnVEHgcuBW9ujgE8enPSgzgwStwCAA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 h1:tHNk7XK9GkmKUR6Gh8gVBKXc2MVSZ4G/NnWLtzw4gNA=
-github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
-github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
-github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
-go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35 h1:nJAwRlGWZZDOD+6wni9KVUNHMpHko/OnRwsrCYeAzPo=
-go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35/go.mod h1:TQvodOM+hJTioNQJilmLXu08JNb8i+ccq418+KWu1/Y=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
+github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
+github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
+github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
+github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
+go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20220722155234-aaac322e2105 h1:3vUV5x5+3LfQbgk7paCM6INOaJG9xXQbn79xoNkwfIk=
-golang.org/x/mobile v0.0.0-20220722155234-aaac322e2105/go.mod h1:pe2sM7Uk+2Su1y7u/6Z8KJ24D7lepUjFZbhFOrmDfuQ=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
+golang.org/x/mobile v0.0.0-20231108233038-35478a0c49da h1:gS9sVMAeHM+gVBmM9bTM6vUi/NHv58O3QzJ3vjjN84M=
+golang.org/x/mobile v0.0.0-20231108233038-35478a0c49da/go.mod h1:IEceR0jfVklLJXrbUe90rfdAFAYDW0SQwKl4qvO1GBQ=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde h1:ybF7AMzIUikL9x4LgwEmzhXtzRpKNqngme1VGDWz+Nk=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
-google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
-google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok=
+google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h1:m5lcgWnL3OElQNVyp3qcncItJ2c0sQlSGjYK2+nJTA4=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c/go.mod h1:TIvkJD0sxe8pIob3p6T8IzxXunlp6yfgktvTNp+DGNM=
-lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0=
-lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA=
+lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE=
+lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
diff --git a/libcore/http.go b/libcore/http.go
index 39d4d27a4..ce6fba6e9 100644
--- a/libcore/http.go
+++ b/libcore/http.go
@@ -10,25 +10,34 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
+	"libcore/device"
+	"libcore/ech"
+	"log"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"strconv"
 	"sync"
+	"sync/atomic"
+	"time"
 
+	"github.com/sagernet/quic-go"
+	"github.com/sagernet/quic-go/http3"
 	"github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/protocol/socks"
 	"github.com/sagernet/sing/protocol/socks/socks5"
 )
 
+var errFailConnectSocks5 = errors.New("fail connect socks5")
+
 type HTTPClient interface {
 	RestrictedTLS()
 	ModernTLS()
 	PinnedTLS12()
 	PinnedSHA256(sumHex string)
 	TrySocks5(port int32)
+	TryH3Direct()
 	KeepAlive()
 	NewRequest() HTTPRequest
 	Close()
@@ -41,13 +50,14 @@ type HTTPRequest interface {
 	SetContent(content []byte)
 	SetContentString(content string)
 	SetUserAgent(userAgent string)
+	AllowInsecure()
 	Execute() (HTTPResponse, error)
 }
 
 type HTTPResponse interface {
-	GetHeader(string) string
+	GetHeader(string) *StringBox
 	GetContent() ([]byte, error)
-	GetContentString() (string, error)
+	GetContentString() (*StringBox, error)
 	WriteTo(path string) error
 }
 
@@ -58,16 +68,18 @@ var (
 )
 
 type httpClient struct {
-	tls       tls.Config
-	client    http.Client
-	transport http.Transport
+	tls           tls.Config
+	h1h2Transport http.Transport
+	h1h2Client    http.Client
+	trySocks5     bool
+	tryH3Direct   bool
 }
 
 func NewHttpClient() HTTPClient {
 	client := new(httpClient)
-	client.client.Transport = &client.transport
-	client.transport.TLSClientConfig = &client.tls
-	client.transport.DisableKeepAlives = true
+	client.h1h2Client.Transport = &client.h1h2Transport
+	client.h1h2Transport.TLSClientConfig = &client.tls
+	client.h1h2Transport.DisableKeepAlives = true
 	return client
 }
 
@@ -104,25 +116,36 @@ func (c *httpClient) PinnedSHA256(sumHex string) {
 
 func (c *httpClient) TrySocks5(port int32) {
 	dialer := new(net.Dialer)
-	c.transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
+	c.h1h2Transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
 		for {
 			socksConn, err := dialer.DialContext(ctx, "tcp", "127.0.0.1:"+strconv.Itoa(int(port)))
 			if err != nil {
+				if c.tryH3Direct {
+					return nil, errFailConnectSocks5
+				}
 				break
 			}
 			_, err = socks.ClientHandshake5(socksConn, socks5.CommandConnect, metadata.ParseSocksaddr(addr), "", "")
 			if err != nil {
+				if c.tryH3Direct {
+					return nil, errFailConnectSocks5
+				}
 				break
 			}
 			return socksConn, err
 		}
 		return dialer.DialContext(ctx, network, addr)
 	}
+	c.trySocks5 = true
+}
+
+func (c *httpClient) TryH3Direct() {
+	c.tryH3Direct = true
 }
 
 func (c *httpClient) KeepAlive() {
-	c.transport.ForceAttemptHTTP2 = true
-	c.transport.DisableKeepAlives = false
+	c.h1h2Transport.ForceAttemptHTTP2 = true
+	c.h1h2Transport.DisableKeepAlives = false
 }
 
 func (c *httpClient) NewRequest() HTTPRequest {
@@ -135,7 +158,7 @@ func (c *httpClient) NewRequest() HTTPRequest {
 }
 
 func (c *httpClient) Close() {
-	c.transport.CloseIdleConnections()
+	c.h1h2Transport.CloseIdleConnections()
 }
 
 type httpRequest struct {
@@ -143,6 +166,10 @@ type httpRequest struct {
 	request http.Request
 }
 
+func (r *httpRequest) AllowInsecure() {
+	r.tls.InsecureSkipVerify = true
+}
+
 func (r *httpRequest) SetURL(link string) (err error) {
 	r.request.URL, err = url.Parse(link)
 	if err != nil {
@@ -180,8 +207,17 @@ func (r *httpRequest) SetContentString(content string) {
 }
 
 func (r *httpRequest) Execute() (HTTPResponse, error) {
-	response, err := r.client.Do(&r.request)
+	defer device.DeferPanicToError("http execute", func(err error) { log.Println(err) })
+	// full direct
+	if r.tryH3Direct && !r.trySocks5 {
+		return r.doH3Direct()
+	}
+	response, err := r.h1h2Client.Do(&r.request)
 	if err != nil {
+		// trySocks5 && tryH3Direct
+		if r.tryH3Direct && errors.Is(err, errFailConnectSocks5) {
+			return r.doH3Direct()
+		}
 		return nil, err
 	}
 	httpResp := &httpResponse{Response: response}
@@ -191,6 +227,133 @@ func (r *httpRequest) Execute() (HTTPResponse, error) {
 	return httpResp, nil
 }
 
+type requestFunc func() (response *http.Response, err error)
+
+func (r *httpRequest) doH3Direct() (HTTPResponse, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	successCh := make(chan *http.Response, 1)
+	var finalErr error
+	var failedCount atomic.Uint32
+	var successCount atomic.Uint32
+	var mu sync.Mutex
+
+	funcs := []requestFunc{
+		// 普通，不再重试 socks5
+		func() (response *http.Response, err error) {
+			request := r.request.Clone(context.Background())
+			h1h2Client := &http.Client{
+				Transport: &http.Transport{
+					DisableKeepAlives: true,
+				},
+			}
+			return h1h2Client.Do(request)
+		},
+		// ECH HTTPS
+		func() (response *http.Response, err error) {
+			request := r.request.Clone(context.Background())
+			echClient := &http.Client{
+				Transport: &http.Transport{
+					DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+						var d net.Dialer
+						c, err := d.DialContext(ctx, network, addr)
+						if err != nil {
+							return c, err
+						}
+						domain := addr
+						if host, _, _ := net.SplitHostPort(addr); host != "" {
+							domain = host
+						}
+						echTls := ech.NewECHClientConfig(domain, &r.tls, gLocalDNSTransport)
+						return echTls.ClientHandshake(ctx, c)
+					},
+					DisableKeepAlives: true,
+				},
+			}
+			return echClient.Do(request)
+		},
+		// H3 HTTPS
+		func() (response *http.Response, err error) {
+			request := r.request.Clone(context.Background())
+			h3Client := &http.Client{
+				Transport: &http3.Transport{
+					TLSClientConfig: r.tls.Clone(),
+					QUICConfig: &quic.Config{
+						MaxIdleTimeout: time.Second,
+					},
+				},
+			}
+			return h3Client.Do(request)
+		},
+	}
+
+	if r.request.URL.Scheme == "http" {
+		funcs = funcs[:1]
+	}
+
+	for i, f := range funcs {
+		go func(f requestFunc) {
+			defer device.DeferPanicToError("http", func(err error) { log.Println(err) })
+			defer func() {
+				if successCount.Load() == 0 {
+					if failedCount.Add(1) >= uint32(len(funcs)) {
+						// 全部失败了
+						cancel()
+					}
+				}
+			}()
+
+			var t string
+			switch i {
+			case 0:
+				t = "h1h2"
+			case 1:
+				t = "ech"
+			case 2:
+				t = "h3"
+			}
+
+			// 执行HTTP请求
+			rsp, err := f()
+			if rsp == nil || err != nil {
+				mu.Lock()
+				finalErr = errors.Join(finalErr, fmt.Errorf("%s: %w", t, err))
+				mu.Unlock()
+				if rsp != nil && rsp.Body != nil {
+					rsp.Body.Close()
+				}
+				return
+			}
+
+			// 处理 HTTP 状态码
+			if rsp.StatusCode != http.StatusOK {
+				hr := &httpResponse{Response: rsp}
+				err = fmt.Errorf("%s: %s", t, hr.errorString())
+				mu.Lock()
+				finalErr = errors.Join(finalErr, err)
+				mu.Unlock()
+				return
+			}
+
+			select {
+			case successCh <- rsp:
+				// 第一个成功的请求，不要关闭 body
+				successCount.Add(1)
+			default:
+				rsp.Body.Close()
+			}
+		}(f)
+	}
+
+	select {
+	case result := <-successCh:
+		return &httpResponse{Response: result}, nil
+	case <-ctx.Done():
+		return nil, finalErr
+	}
+}
+
 type httpResponse struct {
 	*http.Response
 
@@ -200,26 +363,37 @@ type httpResponse struct {
 }
 
 func (h *httpResponse) errorString() string {
-	content, err := h.GetContentString()
+	content, err := h.getContentString()
 	if err != nil {
 		return fmt.Sprint("HTTP ", h.Status)
 	}
+	if len(content) > 100 {
+		content = content[:100] + " ..."
+	}
 	return fmt.Sprint("HTTP ", h.Status, ": ", content)
 }
 
-func (h *httpResponse) GetHeader(key string) string {
-	return h.Header.Get(key)
+func (h *httpResponse) GetHeader(key string) *StringBox {
+	return wrapString(h.Header.Get(key))
 }
 
 func (h *httpResponse) GetContent() ([]byte, error) {
 	h.getContentOnce.Do(func() {
 		defer h.Body.Close()
-		h.content, h.contentError = ioutil.ReadAll(h.Body)
+		h.content, h.contentError = io.ReadAll(h.Body)
 	})
 	return h.content, h.contentError
 }
 
-func (h *httpResponse) GetContentString() (string, error) {
+func (h *httpResponse) GetContentString() (*StringBox, error) {
+	content, err := h.getContentString()
+	if err != nil {
+		return nil, err
+	}
+	return wrapString(content), nil
+}
+
+func (h *httpResponse) getContentString() (string, error) {
 	content, err := h.GetContent()
 	if err != nil {
 		return "", err
diff --git a/libcore/init.sh b/libcore/init.sh
index 8792fec2a..50bf4cfbd 100755
--- a/libcore/init.sh
+++ b/libcore/init.sh
@@ -3,10 +3,16 @@
 chmod -R 777 .build 2>/dev/null
 rm -rf .build 2>/dev/null
 
+if [ -z "$GOPATH" ]; then
+    GOPATH=$(go env GOPATH)
+fi
+
 # Install gomobile
-if [ ! -f "$GOPATH/bin/gomobile" ]; then
+if [ ! -f "$GOPATH/bin/gomobile-matsuri" ]; then
     git clone https://github.com/MatsuriDayo/gomobile.git
-    pushd gomobile/cmd
+    pushd gomobile
+	git checkout origin/master2
+    pushd cmd
     pushd gomobile
     go install -v
     popd
@@ -15,6 +21,8 @@ if [ ! -f "$GOPATH/bin/gomobile" ]; then
     popd
     popd
     rm -rf gomobile
+    mv "$GOPATH/bin/gomobile" "$GOPATH/bin/gomobile-matsuri"
+    mv "$GOPATH/bin/gobind" "$GOPATH/bin/gobind-matsuri"
 fi
 
-gomobile init
+GOBIND=gobind-matsuri gomobile-matsuri init
diff --git a/libcore/interface_monitor.go b/libcore/interface_monitor.go
new file mode 100644
index 000000000..0167666e7
--- /dev/null
+++ b/libcore/interface_monitor.go
@@ -0,0 +1,45 @@
+package libcore
+
+import (
+	tun "github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common/control"
+	"github.com/sagernet/sing/common/x/list"
+)
+
+// wtf
+
+type interfaceMonitorStub struct{}
+
+func (s *interfaceMonitorStub) Start() error {
+	return nil
+}
+
+func (s *interfaceMonitorStub) Close() error {
+	return nil
+}
+
+func (s *interfaceMonitorStub) DefaultInterface() *control.Interface {
+	return nil
+}
+
+func (s *interfaceMonitorStub) OverrideAndroidVPN() bool {
+	return false
+}
+
+func (s *interfaceMonitorStub) AndroidVPNEnabled() bool {
+	return false
+}
+
+func (s *interfaceMonitorStub) RegisterCallback(callback tun.DefaultInterfaceUpdateCallback) *list.Element[tun.DefaultInterfaceUpdateCallback] {
+	return nil
+}
+
+func (s *interfaceMonitorStub) UnregisterCallback(element *list.Element[tun.DefaultInterfaceUpdateCallback]) {
+}
+
+func (s *interfaceMonitorStub) RegisterMyInterface(interfaceName string) {
+}
+
+func (s *interfaceMonitorStub) MyInterface() string {
+	return ""
+}
diff --git a/libcore/io.go b/libcore/io.go
index 33754e85b..e4c1d3983 100644
--- a/libcore/io.go
+++ b/libcore/io.go
@@ -1,12 +1,14 @@
 package libcore
 
 import (
-	"context"
+	"archive/zip"
 	"io"
 	"os"
+        "path/filepath"
 
-	"github.com/codeclysm/extract"
 	"github.com/ulikunitz/xz"
+	"github.com/sagernet/sing/common"
+        E "github.com/sagernet/sing/common/exceptions"
 )
 
 func Unxz(archive string, path string) error {
@@ -30,11 +32,47 @@ func Unxz(archive string, path string) error {
 }
 
 func Unzip(archive string, path string) error {
-	i, err := os.Open(archive)
+	r, err := zip.OpenReader(archive)
 	if err != nil {
 		return err
 	}
-	defer i.Close()
-	err = extract.Zip(context.Background(), i, path, nil)
-	return err
+	defer r.Close()
+
+	err = os.MkdirAll(path, os.ModePerm)
+	if err != nil {
+		return err
+	}
+
+	for _, file := range r.File {
+		filePath := filepath.Join(path, file.Name)
+
+		if file.FileInfo().IsDir() {
+			err = os.MkdirAll(filePath, os.ModePerm)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+
+		newFile, err := os.Create(filePath)
+		if err != nil {
+			return err
+		}
+
+		zipFile, err := file.Open()
+		if err != nil {
+			newFile.Close()
+			return err
+		}
+
+		var errs error
+		_, err = io.Copy(newFile, zipFile)
+		errs = E.Errors(errs, err)
+		errs = E.Errors(errs, common.Close(zipFile, newFile))
+		if errs != nil {
+			return errs
+		}
+	}
+
+	return nil
 }
diff --git a/libcore/nb4a.go b/libcore/nb4a.go
index ace064eb1..cfa1e7824 100644
--- a/libcore/nb4a.go
+++ b/libcore/nb4a.go
@@ -1,19 +1,21 @@
 package libcore
 
 import (
+	"fmt"
 	"libcore/device"
 	"os"
 	"path/filepath"
-	"runtime"
+	"runtime/debug"
 	"strings"
-	"time"
 	_ "unsafe"
 
 	"log"
 
 	"github.com/matsuridayo/libneko/neko_common"
 	"github.com/matsuridayo/libneko/neko_log"
-	"github.com/matsuridayo/sing-box-extra/boxmain"
+	"github.com/sagernet/sing-box/nekoutils"
+	"github.com/sagernet/sing-box/option"
+	"golang.org/x/sys/unix"
 )
 
 //go:linkname resourcePaths github.com/sagernet/sing-box/constant.resourcePaths
@@ -28,22 +30,21 @@ func NekoLogClear() {
 }
 
 func ForceGc() {
-	go runtime.GC()
-}
-
-func SetLocalResolver(lr LocalResolver) {
-	localResolver = lr
+	go debug.FreeOSMemory()
 }
 
 func InitCore(process, cachePath, internalAssets, externalAssets string,
 	maxLogSizeKb int32, logEnable bool,
-	iif NB4AInterface,
+	if1 NB4AInterface, if2 BoxPlatformInterface, if3 LocalDNSTransport,
 ) {
 	defer device.DeferPanicToError("InitCore", func(err error) { log.Println(err) })
-	isBgProcess := strings.HasSuffix(process, ":bg")
+	isBgProcess = strings.HasSuffix(process, ":bg")
 
 	neko_common.RunMode = neko_common.RunMode_NekoBoxForAndroid
-	intfNB4A = iif
+	intfNB4A = if1
+	intfBox = if2
+	useProcfs = intfBox.UseProcFS()
+	gLocalDNSTransport = newPlatformTransport(if3, "", option.LocalDNSServerOptions{})
 
 	// Working dir
 	tmp := filepath.Join(cachePath, "../no_backup")
@@ -52,26 +53,29 @@ func InitCore(process, cachePath, internalAssets, externalAssets string,
 
 	// sing-box fs
 	resourcePaths = append(resourcePaths, externalAssets)
+	externalAssetsPath = externalAssets
+	internalAssetsPath = internalAssets
 
 	// Set up log
 	if maxLogSizeKb < 50 {
 		maxLogSizeKb = 50
 	}
 	neko_log.LogWriterDisable = !logEnable
-	// neko_log.NB4AGuiLogWriter = iif.(io.Writer)
+	neko_log.TruncateOnStart = isBgProcess
 	neko_log.SetupLog(int(maxLogSizeKb)*1024, filepath.Join(cachePath, "neko.log"))
-	boxmain.DisableColor()
+
+	// nekoutils
+	nekoutils.Selector_OnProxySelected = intfNB4A.Selector_OnProxySelected
 
 	// Set up some component
 	go func() {
 		defer device.DeferPanicToError("InitCore-go", func(err error) { log.Println(err) })
 		device.GoDebug(process)
 
-		externalAssetsPath = externalAssets
-		internalAssetsPath = internalAssets
-
-		if time.Now().Unix() >= GetExpireTime() {
-			outdated = "Your version is too old! Please update!! 版本太旧，请升级！"
+		// certs
+		pem, err := os.ReadFile(externalAssetsPath + "ca.pem")
+		if err == nil {
+			updateRootCACerts(pem)
 		}
 
 		// bg
@@ -80,3 +84,37 @@ func InitCore(process, cachePath, internalAssets, externalAssets string,
 		}
 	}()
 }
+
+func sendFdToProtect(fd int, path string) error {
+	socketFd, err := unix.Socket(unix.AF_UNIX, unix.SOCK_STREAM, 0)
+	if err != nil {
+		return fmt.Errorf("failed to create unix socket: %w", err)
+	}
+	defer unix.Close(socketFd)
+
+	var timeout unix.Timeval
+	timeout.Usec = 100 * 1000
+
+	_ = unix.SetsockoptTimeval(socketFd, unix.SOL_SOCKET, unix.SO_RCVTIMEO, &timeout)
+	_ = unix.SetsockoptTimeval(socketFd, unix.SOL_SOCKET, unix.SO_SNDTIMEO, &timeout)
+
+	err = unix.Connect(socketFd, &unix.SockaddrUnix{Name: path})
+	if err != nil {
+		return fmt.Errorf("failed to connect: %w", err)
+	}
+
+	err = unix.Sendmsg(socketFd, nil, unix.UnixRights(fd), nil, 0)
+	if err != nil {
+		return fmt.Errorf("failed to send: %w", err)
+	}
+
+	dummy := []byte{1}
+	n, err := unix.Read(socketFd, dummy)
+	if err != nil {
+		return fmt.Errorf("failed to receive: %w", err)
+	}
+	if n != 1 {
+		return fmt.Errorf("socket closed unexpectedly")
+	}
+	return nil
+}
diff --git a/libcore/platform_box.go b/libcore/platform_box.go
index 2f6ce4bf7..316cbef58 100644
--- a/libcore/platform_box.go
+++ b/libcore/platform_box.go
@@ -3,18 +3,23 @@ package libcore
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"libcore/procfs"
 	"log"
 	"net/netip"
+	"strings"
 	"syscall"
 
+	"github.com/matsuridayo/libneko/neko_log"
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
+	sblog "github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	tun "github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
 )
 
@@ -22,16 +27,33 @@ var boxPlatformInterfaceInstance platform.Interface = &boxPlatformInterfaceWrapp
 
 type boxPlatformInterfaceWrapper struct{}
 
-func (w *boxPlatformInterfaceWrapper) AutoDetectInterfaceControl() control.Func {
-	// "protect"
-	return func(network, address string, conn syscall.RawConn) error {
-		return control.Raw(conn, func(fd uintptr) error {
-			return intfBox.AutoDetectInterfaceControl(int32(fd))
-		})
+func (w *boxPlatformInterfaceWrapper) ReadWIFIState() adapter.WIFIState {
+	state := strings.Split(intfBox.WIFIState(), ",")
+	return adapter.WIFIState{
+		SSID:  state[0],
+		BSSID: state[1],
 	}
 }
 
-func (w *boxPlatformInterfaceWrapper) OpenTun(options tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
+func (w *boxPlatformInterfaceWrapper) Initialize(n adapter.NetworkManager) error {
+	return nil
+}
+
+func (w *boxPlatformInterfaceWrapper) UsePlatformAutoDetectInterfaceControl() bool {
+	return true
+}
+
+func (w *boxPlatformInterfaceWrapper) AutoDetectInterfaceControl(fd int) error {
+	// call protect_path
+	if !isBgProcess {
+		_ = sendFdToProtect(fd, "protect_path")
+		return nil
+	}
+	// bg process call VPNService
+	return intfBox.AutoDetectInterfaceControl(int32(fd))
+}
+
+func (w *boxPlatformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
 	if len(options.IncludeUID) > 0 || len(options.ExcludeUID) > 0 {
 		return nil, E.New("android: unsupported uid options")
 	}
@@ -51,19 +73,52 @@ func (w *boxPlatformInterfaceWrapper) OpenTun(options tun.Options, platformOptio
 	}
 	//
 	options.FileDescriptor = int(tunFd)
-	return tun.New(options)
+	return tun.New(*options)
 }
 
-var disableSingBoxLog = false
+func (w *boxPlatformInterfaceWrapper) CloseTun() error {
+	return nil
+}
 
-func (w *boxPlatformInterfaceWrapper) Write(p []byte) (n int, err error) {
-	// use neko_log
-	if !disableSingBoxLog {
-		log.Print(string(p))
-	}
-	return len(p), nil
+func (w *boxPlatformInterfaceWrapper) UsePlatformDefaultInterfaceMonitor() bool {
+	return true
+}
+
+func (w *boxPlatformInterfaceWrapper) CreateDefaultInterfaceMonitor(l logger.Logger) tun.DefaultInterfaceMonitor {
+	return &interfaceMonitorStub{}
+}
+
+func (w *boxPlatformInterfaceWrapper) UsePlatformInterfaceGetter() bool {
+	return false
+}
+
+func (w *boxPlatformInterfaceWrapper) Interfaces() ([]adapter.NetworkInterface, error) {
+	return nil, errors.New("wtf")
+}
+
+func (w *boxPlatformInterfaceWrapper) IncludeAllNetworks() bool {
+	return false
+}
+
+func (w *boxPlatformInterfaceWrapper) SendNotification(notification *platform.Notification) error {
+	return nil
+}
+
+func (s *boxPlatformInterfaceWrapper) SystemCertificates() []string {
+	return nil
+}
+
+// Android not using
+
+func (w *boxPlatformInterfaceWrapper) UnderNetworkExtension() bool {
+	return false
 }
 
+func (w *boxPlatformInterfaceWrapper) ClearDNSCache() {
+}
+
+// process.Searcher
+
 func (w *boxPlatformInterfaceWrapper) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*process.Info, error) {
 	var uid int32
 	if useProcfs {
@@ -90,3 +145,31 @@ func (w *boxPlatformInterfaceWrapper) FindProcessInfo(ctx context.Context, netwo
 	packageName, _ := intfBox.PackageNameByUid(uid)
 	return &process.Info{UserId: uid, PackageName: packageName}, nil
 }
+
+// io.Writer
+
+var disableSingBoxLog = false
+
+func (w *boxPlatformInterfaceWrapper) Write(p []byte) (n int, err error) {
+	// use neko_log
+	if !disableSingBoxLog {
+		log.Print(string(p))
+	}
+	return len(p), nil
+}
+
+// 日志
+
+type boxPlatformLogWriterWrapper struct {
+}
+
+var boxPlatformLogWriter sblog.PlatformWriter = &boxPlatformLogWriterWrapper{}
+
+func (w *boxPlatformLogWriterWrapper) DisableColors() bool { return true }
+
+func (w *boxPlatformLogWriterWrapper) WriteMessage(level uint8, message string) {
+	if !strings.HasSuffix(message, "\n") {
+		message += "\n"
+	}
+	neko_log.LogWriter.Write([]byte(message))
+}
diff --git a/libcore/platform_java.go b/libcore/platform_java.go
index e55c2caff..a826318ac 100644
--- a/libcore/platform_java.go
+++ b/libcore/platform_java.go
@@ -4,17 +4,13 @@ var intfBox BoxPlatformInterface
 var intfNB4A NB4AInterface
 
 var useProcfs bool
+var isBgProcess bool
 
 type NB4AInterface interface {
 	UseOfficialAssets() bool
+	Selector_OnProxySelected(selectorTag string, tag string)
 }
 
-type LocalResolver interface {
-	LookupIP(network string, domain string) (string, error)
-}
-
-var localResolver LocalResolver // Android: passed from java (only when VPNService)
-
 type BoxPlatformInterface interface {
 	AutoDetectInterfaceControl(fd int32) error
 	OpenTun(singTunOptionsJson, tunPlatformOptionsJson string) (int, error)
@@ -22,9 +18,5 @@ type BoxPlatformInterface interface {
 	FindConnectionOwner(ipProtocol int32, sourceAddress string, sourcePort int32, destinationAddress string, destinationPort int32) (int32, error)
 	PackageNameByUid(uid int32) (string, error)
 	UIDByPackageName(packageName string) (int32, error)
-}
-
-func SetBoxPlatformInterface(iif BoxPlatformInterface) {
-	intfBox = iif
-	useProcfs = intfBox.UseProcFS()
+	WIFIState() string
 }
diff --git a/libcore/update-box.sh b/libcore/update-box.sh
deleted file mode 100644
index b3fda1a6f..000000000
--- a/libcore/update-box.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-go get github.com/sagernet/sing-box@"$1"
-go mod tidy
diff --git a/libcore/update-extra.sh b/libcore/update-extra.sh
deleted file mode 100644
index 52b93f887..000000000
--- a/libcore/update-extra.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-go get github.com/matsuridayo/sing-box-extra@"$1"
-go mod tidy
diff --git a/libcore/update-libneko.sh b/libcore/update-libneko.sh
deleted file mode 100644
index 58ba7807e..000000000
--- a/libcore/update-libneko.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-go get github.com/matsuridayo/libneko@"$1"
-go mod tidy
diff --git a/nb4a.properties b/nb4a.properties
index 7fda871df..aab000694 100644
--- a/nb4a.properties
+++ b/nb4a.properties
@@ -1,3 +1,4 @@
 PACKAGE_NAME=moe.nb4a
-VERSION_NAME=1.0.2
-VERSION_CODE=12
+VERSION_NAME=1.4.1
+PRE_VERSION_NAME=pre-1.4.1-20251026-2
+VERSION_CODE=45