Working code.

README.md

@@ -1,4 +1,13 @@
-udp_obfs
-========
+#udp_obfs
 
-UDP Traffic Obfuscator
+A simple program to obfuscate and tunnel UDP traffic across a DPI firewall which blocks your application’s traffic, e.g. OpenVPN. The obfuscation method used is symmetric key XOR “encryption”. Based on udp_redirect (http://www.brokestream.com/udp_redirect.html).
+
+##How To Use
+
+This program must be run on a device both inside and outside the firewall. One (probably the external device) needs to be accessible over the public internet.
+
+Usage: ./udp_obfs our-ip our-port send-to-ip send-to-port
+
+Example: ./udp_obfs 0.0.0.0 1234 194.243.12.4 4321
+
+Note: This program should not be used for securely encrypting traffic. I doubt it would be very hard to find the key from looking at a known application’s traffic stream.

udp_obfs.c

@@ -0,0 +1,86 @@
+// gcc -o udp_obfs udp_obfs.c
+
+/* http://www.brokestream.com/udp_redirect.html
+
+  Build: gcc -o udp_redirect udp_redirect.c
+
+  udp_redirect.c
+  Version 2008-11-09
+
+  Copyright (C) 2007 Ivan Tikhonov
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Ivan Tikhonov, kefeer@brokestream.com
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int main(int argc, char *argv[]) {
+	if (argc!=3 && argc!=5) {
+		printf("Usage: %s our-ip our-port send-to-ip send-to-port\n",argv[0]);
+		printf("Usage: %s our-ip our-port             # echo mode\n",argv[0]);
+		exit(1);
+	}
+
+    int key_length = 64;
+    //char key[key_length];
+    char* key = "1234567890123456789012345678901234567890123456789012345678901234";
+
+	int os=socket(PF_INET,SOCK_DGRAM,IPPROTO_IP);
+
+	struct sockaddr_in a;
+	a.sin_family=AF_INET;
+	a.sin_addr.s_addr=inet_addr(argv[1]); a.sin_port=htons(atoi(argv[2]));
+	if(bind(os,(struct sockaddr *)&a,sizeof(a)) == -1) {
+		printf("Can't bind our address (%s:%s)\n", argv[1], argv[2]);
+		exit(1); }
+
+	if(argc==5) { a.sin_addr.s_addr=inet_addr(argv[3]); a.sin_port=htons(atoi(argv[4])); }
+
+	struct sockaddr_in sa;
+	struct sockaddr_in da; da.sin_addr.s_addr=0;
+	while(1) {
+		char buf[65536]; // Better than 65535 for 64bit xor key
+		int sn=sizeof(sa);
+		int n=recvfrom(os,buf,sizeof(buf),0,(struct sockaddr *)&sa,&sn);
+		if(n<=0) continue;
+
+        int i;
+        for(i = 0; i < n; i++)
+        {
+            // Encrypt/decrypt in place
+            buf[i] = buf[i] ^ key[i%key_length];
+        }
+
+		if(argc==3) {
+            // Echo mode
+            sendto(os,buf,n,0,(struct sockaddr *)&sa,sn);
+		} else if(sa.sin_addr.s_addr==a.sin_addr.s_addr && sa.sin_port==a.sin_port) {
+            // Send to destination
+			if(da.sin_addr.s_addr) sendto(os,buf,n,0,(struct sockaddr *)&da,sizeof(da));
+		} else {
+            // Send to source
+			sendto(os,buf,n,0,(struct sockaddr *)&a,sizeof(a));
+			da=sa;
+		}
+	}
+}