[discuss] how can integrity be tampered, a case study

[qeatzy]

Below is excerpt from log.

$ grep dedup persist.log
2022/05/30 10:15:04 min.go:1335: dedup3 modified b[0] 48 236 [255 4 207 89 187 163 0 59 0 59 0 59 0 136 0 136 0 136]
2022/05/30 10:15:22 min.go:1335: dedup3 modified b[0] 48 232 [255 4 207 146 183 163 1 6 1 6 1 6 0 191 0 191 0 191]
2022/05/30 10:59:50 min.go:1335: dedup3 modified b[0] 48 234 [255 4 207 233 185 163 17 149 17 149 17 149 0 28 0 28 0 28]
2022/05/30 11:01:24 min.go:1335: dedup3 modified b[0] 48 234 [255 4 207 29 185 163 1 127 1 127 1 127 0 75 0 75 0 75]
2022/05/30 11:12:55 min.go:1335: dedup3 modified b[0] 239 186 [122 51 139 82 69 144 215 87 139 42 101 66 181 132 15 234 86 218]
2022/05/30 11:16:10 min.go:1335: dedup3 modified b[0] 113 126 [12 84 155 115 25 166 40 184 96 153 240 42 198 65 53 82 66 207]
…proxy/new 11:26 $

2022/05/30 11:16:10 min.go:1446: tunHandle read tid 12 len 42 fromid 144
2022/05/30 11:16:10 min.go:1446: tunHandle read tid 12 len 25727 fromid 41231
2022/05/30 11:16:10 min.go:1335: dedup3 modified b[0] 113 126 [12 84 155 115 25 166 40 184 96 153 240 42 198 65 53 82 66 207]
2022/05/30 11:16:10 min.go:1442: dedup3 error 1 [12 84 155 115 25 166 40 184 96 153 240 42 198 65 53 82 66 207]
2022/05/30 11:16:11 ctun.go:60: 14 1653880571 1653879578
2022/05/30 11:16:13 min.go:1446: tunHandle read tid 10 len 65 fromid 146
2022/05/30 11:16:13 min.go:1446: tunHandle read tid 10 len 3356 fromid 146

Previousely, 6 byte header is used, after encounter invalid value and reduce the possibility of bug, I thought error correction/detection code could be used, below is a naive implemenation by redundancy. below is sender code.

func dup3(b []byte) {
    b[6]  = b[2]
    b[7]  = b[3]
    b[8]  = b[2] + 71
    b[9]  = b[3] + 71
    b[10] = b[2] + 193
    b[11] = b[3] + 193
    b[12] = b[4]
    b[13] = b[5]
    b[14] = b[4] + 71
    b[15] = b[5] + 71
    b[16] = b[4] + 193
    b[17] = b[5] + 193
    b[2] = b[0] + 71
    b[3] = b[1] + 71
    b[4] = b[0] + 193
    b[5] = b[1] + 193
}

func send() {
            // ...
            SetCommonHeader3(header, a,b,c)
            dup3(data)
            dlen := shadow(data[18:])
            // ...
}

Different from common practices, a tunnel approach with ecdh handshake is used, instead of 1-1 mapping, N local <=> M tunnel <=> N remote is used.
Also, the header above has no pattern, the value is neither fixed nor among small set.
Context: there are 80 tabs open, and global mode is used, aka, the browser, aka chrome is actively working, and the tampering does not happen frequently, at least as of current time.

It currently works pretty well, the delay is quite low, and I can search google, even though all ports in my vps is technically banned, even 22/80/443/64000+, with iptable whitelist deployed. But as long the probability of successful tcp handshake is not zero, it still works.

Still, the chance of bug is not completely removed. The intention this issue is just to share ideas, in case those who want to DIY can distill usefaul infos.

Update the tampering can happen a lot at some time if the traffic goes high (on 50+ browser tabs or watching video) (only in recent days) , and the rate of success tcp dial approach zero for a short period after all tunnel being force closed due to error/RST/timeout, but switch to another port works, and later switch back works too. Also, mutiple one connection though multiple tunnel is not done, which might help here, so is use multiple port and/or ip server. Though currently It already works quite well for month.

Also posted at e1732a364fed/v2ray_simple