obfuscate vpn traffic using either shapeshfiter or obfsvpn

author: cyBerta <cyberta@riseup.net> 2022-05-30 23:50:50 +0200
committer: cyBerta <cyberta@riseup.net> 2022-07-19 00:03:41 +0200
commit: 61bfc6b6d3ad830a8a7569ea31399e93f48dd38d (patch)
tree: 1ad5a09f06981fe329e7ffa642d17f4d4f956d61
parent: 71d1c34319b703d909c882c24a436cd74ed42cc0 (diff)
7 files changed, 59 insertions, 12 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index d624af80..6edbbab4 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -43,10 +43,12 @@ import de.blinkt.openvpn.core.VpnStatus.ByteCountListener;
 import de.blinkt.openvpn.core.VpnStatus.StateListener;
 import de.blinkt.openvpn.core.connection.Connection;
 import de.blinkt.openvpn.core.connection.Obfs4Connection;
+import se.leap.bitmaskclient.BuildConfig;
 import se.leap.bitmaskclient.R;
 import se.leap.bitmaskclient.eip.EipStatus;
 import se.leap.bitmaskclient.eip.VpnNotificationManager;
 import se.leap.bitmaskclient.firewall.FirewallManager;
+import se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient;
 import se.leap.bitmaskclient.pluggableTransports.Shapeshifter;
 
 import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTED;
@@ -89,6 +91,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
     private Runnable mOpenVPNThread;
     private VpnNotificationManager notificationManager;
     private Shapeshifter shapeshifter;
+    private ObfsVpnClient obfsVpnClient;
     private FirewallManager firewallManager;
 
     private final IBinder mBinder = new IOpenVPNServiceInternal.Stub() {
@@ -241,6 +244,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
                     if (shapeshifter != null) {
                         shapeshifter.stop();
                         shapeshifter = null;
+                    } else if (obfsVpnClient != null) {
+                        obfsVpnClient.stop();
+                        obfsVpnClient = null;
                     }
                     VpnStatus.updateStateString("NOPROCESS", "VPN STOPPED", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED);
                 }
@@ -412,7 +418,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
         if (mProfile.mUsePluggableTransports && connection instanceof Obfs4Connection) {
             Obfs4Connection obfs4Connection = (Obfs4Connection) connection;
-            if (shapeshifter == null) {
+            if (BuildConfig.use_obfsvpn) {
+                if (obfsVpnClient == null) {
+                    obfsVpnClient = new ObfsVpnClient(obfs4Connection.getDispatcherOptions());
+                    obfsVpnClient.start();
+                }
+            } else if (shapeshifter == null) {
                 shapeshifter = new Shapeshifter(obfs4Connection.getDispatcherOptions());
                 shapeshifter.start();
             }
@@ -474,6 +485,10 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
                     Log.d(TAG, "-> stop shapeshifter");
                     shapeshifter.stop();
                     shapeshifter = null;
+                } else if (obfsVpnClient != null) {
+                    Log.d(TAG, "-> stop obfsvpnClient");
+                    obfsVpnClient.stop();
+                    obfsVpnClient = null;
                 }
                 try {
                     Thread.sleep(1000);
diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
index 82a7a6aa..393afd94 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
@@ -1,6 +1,8 @@
 package de.blinkt.openvpn.core.connection;
 
+import se.leap.bitmaskclient.BuildConfig;
 import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
+import se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient;
 
 import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP;
 import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT;
@@ -16,14 +18,23 @@ public class Obfs4Connection extends Connection {
     private Obfs4Options options;
 
     public Obfs4Connection(Obfs4Options options) {
-        setUseUdp(false);
-        setServerName(DISPATCHER_IP);
-        setServerPort(DISPATCHER_PORT);
-        setProxyName("");
-        setProxyPort("");
+        if (BuildConfig.use_obfsvpn) {
+            setUseUdp(options.udp);
+            setServerName(options.remoteIP);
+            setServerPort(options.remotePort);
+            setProxyName(ObfsVpnClient.SOCKS_IP);
+            setProxyPort(ObfsVpnClient.SOCKS_PORT);
+            setProxyType(ProxyType.SOCKS5);
+        } else {
+            setUseUdp(false);
+            setServerName(DISPATCHER_IP);
+            setServerPort(DISPATCHER_PORT);
+            setProxyName("");
+            setProxyPort("");
+            setProxyType(ProxyType.NONE);
+        }
         setProxyAuthUser(null);
         setProxyAuthPassword(null);
-        setProxyType(ProxyType.NONE);
         setUseProxyAuth(false);
         this.options = options;
     }
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
index bde909ba..d7a54fcc 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
@@ -163,6 +163,7 @@ public interface Constants {
     String IP_ADDRESS = "ip_address";
     String IP_ADDRESS6 = "ip_address6";
     String REMOTE = "remote";
+    String SOCKS_PROXY = "socks-proxy";
     String PORTS = "ports";
     String PROTOCOLS = "protocols";
     String UDP = "udp";
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 5ddb74ab..061c1aa3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -31,6 +31,7 @@ import de.blinkt.openvpn.VpnProfile;
 import de.blinkt.openvpn.core.ConfigParser;
 import de.blinkt.openvpn.core.VpnStatus;
 import de.blinkt.openvpn.core.connection.Connection;
+import se.leap.bitmaskclient.BuildConfig;
 import se.leap.bitmaskclient.base.models.Provider;
 import se.leap.bitmaskclient.base.utils.ConfigHelper;
 import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
@@ -46,9 +47,12 @@ import static se.leap.bitmaskclient.base.models.Constants.PROTOCOLS;
 import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
 import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.base.models.Constants.REMOTE;
+import static se.leap.bitmaskclient.base.models.Constants.SOCKS_PROXY;
 import static se.leap.bitmaskclient.base.models.Constants.TRANSPORT;
 import static se.leap.bitmaskclient.base.models.Constants.TYPE;
 import static se.leap.bitmaskclient.base.models.Constants.UDP;
+import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_IP;
+import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_PORT;
 import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP;
 import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT;
 
@@ -140,7 +144,7 @@ public class VpnConfigGenerator {
         String cert = transportOptions.getString("cert");
         String port = obfs4Transport.getJSONArray(PORTS).getString(0);
         String ip = gateway.getString(IP_ADDRESS);
-        return new Obfs4Options(ip, port, cert, iatMode);
+        return new Obfs4Options(ip, port, cert, iatMode, false);
     }
 
     private String generalConfiguration() {
@@ -321,10 +325,24 @@ public class VpnConfigGenerator {
             return;
         }
 
+        JSONArray ports = obfs4Transport.getJSONArray(PORTS);
+        if (ports.isNull(0)){
+            VpnStatus.logError("Misconfigured provider: no ports defined in obfs4 transport JSON.");
+            return;
+        }
+
         String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine;
         stringBuilder.append(route);
-        String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
-        stringBuilder.append(remote);
+        if (BuildConfig.use_obfsvpn) {
+            String proxy = SOCKS_PROXY + " " + SOCKS_IP + " " + SOCKS_PORT + newLine;
+            stringBuilder.append(proxy);
+
+            String remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine;
+            stringBuilder.append(remote);
+        } else {
+            String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
+            stringBuilder.append(remote);
+        }
     }
 
     private String secretsConfiguration() {
diff --git a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
index 2f9cb732..ab6ea445 100644
--- a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
+++ b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
@@ -7,12 +7,14 @@ public class Obfs4Options implements Serializable {
     public String iatMode;
     public String remoteIP;
     public String remotePort;
+    public boolean udp;
 
-    public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode) {
+    public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode, boolean udp) {
         this.cert = cert;
         this.iatMode = iatMode;
         this.remoteIP = remoteIP;
         this.remotePort = remotePort;
+        this.udp = udp;
     }
 
 }
diff --git a/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java b/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java
index e8a93b75..34eea5e9 100644
--- a/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java
+++ b/app/src/test/java/de/blinkt/openvpn/VpnProfileTest.java
@@ -59,7 +59,7 @@ public class VpnProfileTest {
     @Test
     public void toJson_obfs4() throws JSONException {
         VpnProfile mockVpnProfile = new VpnProfile("mockProfile", OBFS4);
-        mockVpnProfile.mConnections[0] = new Obfs4Connection(new Obfs4Options("192.168.0.1", "1234", "CERT", "1"));
+        mockVpnProfile.mConnections[0] = new Obfs4Connection(new Obfs4Options("192.168.0.1", "1234", "CERT", "1", false));
         mockVpnProfile.mConnections[0].setUseUdp(false);
         mockVpnProfile.mLastUsed = 0;
         String s = mockVpnProfile.toJson();
diff --git a/bitmaskcore b/bitmaskcore
-Subproject a82335aef6cdd2bd0499d8828d6d479f2ded087
+Subproject 7185b55d5aebb10e2d6b18f990da58aea26c15a
author	cyBerta <cyberta@riseup.net>	2022-05-30 23:50:50 +0200
committer	cyBerta <cyberta@riseup.net>	2022-07-19 00:03:41 +0200
commit	61bfc6b6d3ad830a8a7569ea31399e93f48dd38d (patch)
tree	1ad5a09f06981fe329e7ffa642d17f4d4f956d61
parent	71d1c34319b703d909c882c24a436cd74ed42cc0 (diff)