-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brook 服务端实现缺陷可能导致主动探测 #708
Comments
This comment has been minimized.
This comment has been minimized.
@dlccontributor Please understand the POC. The POC ONLY know it [MAY] be AES(please know again, even AES, it sill MAY), so you CAN NOT say Brook is detectable. |
This is a IoT service, the POC prints it is Brook, but it is not.
|
And in out old system. (Please don't laugh at us, we no longer use it now) So this is NO AES, yet another IoT service, the POC still print it is Brook, but it is really not.
|
@studentmain |
✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅ The new commit bypassed the POC. Recheck steps: On server
On client(POC)
✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅✅ |
为了避免不了解技术细节的讨论者不必要的恐慌, 我将下面的几个comment连接到这里
不要恐慌, 请看这里
还有这里
Brook 服务端实现缺陷可能导致主动探测
注意:并非协议设计缺陷,此缺陷可以通过软件更新修复,请勿恐慌
方法
在到 Brook 服务端的 TCP 连接上逐字节发送随机数,连接会在服务端接收到第 30 字节时断开。
附 PoC 源代码
命令行参数:
main.exe [服务器地址 [测量次数]]
,服务器地址默认127.0.0.1:8388
,测量次数默认 16 次如果怀疑是 Brook 服务端,则会输出
brook true
,反之输出brook false
分析
Brook 加密协议结构如下
其中
chunk
有以下结构Brook 加密协议的布局与 Shadowsocks AEAD 一致,可参见 shadowsocks/shadowsocks-rust#292 (实际上 ss-rust 的缺陷是在验证 Brook 的缺陷的过程中发现)
Brook 对数据完整性的验证完全依靠 AEAD 解密过程保证——只有在第一次 AEAD 解密后,我们才能知道数据流是否伪造。如果一个服务端在发现解密失败后直接关闭连接,则可以使用 v2ray/v2ray-core#2523 中提到的逐字节发送数据包并观测连接何时关闭的手段测量验证过程至少需要多少字节。
对于 Brook,完成验证需要接收
iv
,第一个chunk
的encrypted_length
和encrypted_length_tag
。其中iv
长 12 字节,encrypted_length_tag
因使用 AES-256-GCM ,长 16 字节,encrypted_length
长度为 2。显然随机数不可能通过 AEAD 解密过程的验证,服务端会在接收到完成验证所需长度的数据后关闭连接。因此当向某个开放的 TCP 端口逐字节输入随机数,连接始终在输入 12 + 16 + 2 字节后断开,则可怀疑此端口是 Brook 端口。防御
按照 https://censorbib.nymity.ch/#Frolov2020a 的结论,最稳妥的防御是从不主动关闭异常的连接。我们不可能改变完成验证所需长度,但从不主动关闭连接应足以阻止此类依赖服务端响应的主动探测。
The text was updated successfully, but these errors were encountered: