v0.3.0
🛡️ Hedioum Pool Tunnel v0.3.0 - Advanced Obfuscation & Active Probe Defense
This critical security release overhauls the cryptographic architecture of Hedioum, shifting obfuscation from the logical stream layer directly to the physical TCP socket. This ensures Zero-Leakage of multiplexer signatures, making the tunnel completely invisible to modern Deep Packet Inspection (DPI) heuristics.
✨ Core Security Upgrades
- Physical Socket Encryption (XOR Stream Cipher): All data, including Yamux control headers (Ping, Window Updates), is now encrypted at the lowest level using a highly optimized, stateful XOR stream cipher. GFW will only see high-entropy, unpredictable bytes on Port 22.
- Dynamic Packet Padding (Length Obfuscation): Implemented a lightweight, zero-allocation custom framing protocol (
PadConn). It injects randomized garbage data (between 0 to 255 bytes) into every TCP frame. This defeats DPI machine-learning models that rely on fixed packet-size analysis. - Decoy Routing (Active Scanner Defense): Hedioum no longer drops or bans connections that fail the AuthToken handshake. Instead, it acts as a transparent proxy, silently forwarding unauthorized GFW probes and bots directly to your real OpenSSH daemon (Port 2022). To any external scanner, your server now looks and behaves exactly like a standard, uninteresting Linux machine.
- Zero GC Overhead: Both XOR and Padding layers utilize
sync.Pooland pre-allocated memory buffers to guarantee absolute zero garbage collection overhead under heavy, 300+ Mbps loads.
📥 Upgrade Instructions
For existing v0.2.0 Nodes:
Run hedioum-tunnel in your terminal and select Option 5 (Update Hedioum Daemon). The system will safely pull this release and restart.
(Note: You must update both your Iran Hub and Foreign Egress nodes simultaneously, as the physical handshake protocol has fundamentally changed).
For Fresh Installs:
Run the master installation script:
bash <(curl -s https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)