mirror of
https://github.com/MetaCubeX/mihomo.git
synced 2025-12-19 16:30:07 +08:00
415 lines
11 KiB
Go
415 lines
11 KiB
Go
package outbound
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
"encoding/binary"
|
|
"fmt"
|
|
"io"
|
|
"math/rand"
|
|
"net"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/metacubex/mihomo/log"
|
|
|
|
"github.com/saba-futai/sudoku/apis"
|
|
"github.com/saba-futai/sudoku/pkg/crypto"
|
|
"github.com/saba-futai/sudoku/pkg/obfs/httpmask"
|
|
"github.com/saba-futai/sudoku/pkg/obfs/sudoku"
|
|
|
|
N "github.com/metacubex/mihomo/common/net"
|
|
"github.com/metacubex/mihomo/component/dialer"
|
|
"github.com/metacubex/mihomo/component/proxydialer"
|
|
C "github.com/metacubex/mihomo/constant"
|
|
)
|
|
|
|
type Sudoku struct {
|
|
*Base
|
|
option *SudokuOption
|
|
table *sudoku.Table
|
|
baseConf apis.ProtocolConfig
|
|
}
|
|
|
|
type SudokuOption struct {
|
|
BasicOption
|
|
Name string `proxy:"name"`
|
|
Server string `proxy:"server"`
|
|
Port int `proxy:"port"`
|
|
Key string `proxy:"key"`
|
|
AEADMethod string `proxy:"aead-method,omitempty"`
|
|
PaddingMin *int `proxy:"padding-min,omitempty"`
|
|
PaddingMax *int `proxy:"padding-max,omitempty"`
|
|
TableType string `proxy:"table-type,omitempty"` // "prefer_ascii" or "prefer_entropy"
|
|
HTTPMask bool `proxy:"http-mask,omitempty"`
|
|
}
|
|
|
|
// DialContext implements C.ProxyAdapter
|
|
func (s *Sudoku) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
|
|
return s.DialContextWithDialer(ctx, dialer.NewDialer(s.DialOptions()...), metadata)
|
|
}
|
|
|
|
// DialContextWithDialer implements C.ProxyAdapter
|
|
func (s *Sudoku) DialContextWithDialer(ctx context.Context, d C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
|
|
if len(s.option.DialerProxy) > 0 {
|
|
d, err = proxydialer.NewByName(s.option.DialerProxy, d)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
cfg, err := s.buildConfig(metadata)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
c, err := d.DialContext(ctx, "tcp", s.addr)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
|
|
}
|
|
|
|
defer func() {
|
|
safeConnClose(c, err)
|
|
}()
|
|
|
|
if ctx.Done() != nil {
|
|
done := N.SetupContextForConn(ctx, c)
|
|
defer done(&err)
|
|
}
|
|
|
|
c, err = s.streamConn(c, cfg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return NewConn(c, s), nil
|
|
}
|
|
|
|
// ListenPacketContext implements C.ProxyAdapter
|
|
func (s *Sudoku) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (C.PacketConn, error) {
|
|
return nil, C.ErrNotSupport
|
|
}
|
|
|
|
// SupportUOT implements C.ProxyAdapter
|
|
func (s *Sudoku) SupportUOT() bool {
|
|
return false // Sudoku protocol only supports TCP
|
|
}
|
|
|
|
// SupportWithDialer implements C.ProxyAdapter
|
|
func (s *Sudoku) SupportWithDialer() C.NetWork {
|
|
return C.TCP
|
|
}
|
|
|
|
// ProxyInfo implements C.ProxyAdapter
|
|
func (s *Sudoku) ProxyInfo() C.ProxyInfo {
|
|
info := s.Base.ProxyInfo()
|
|
info.DialerProxy = s.option.DialerProxy
|
|
return info
|
|
}
|
|
|
|
func (s *Sudoku) buildConfig(metadata *C.Metadata) (*apis.ProtocolConfig, error) {
|
|
if metadata == nil || metadata.DstPort == 0 || !metadata.Valid() {
|
|
return nil, fmt.Errorf("invalid metadata for sudoku outbound")
|
|
}
|
|
|
|
cfg := s.baseConf
|
|
cfg.TargetAddress = metadata.RemoteAddress()
|
|
|
|
if err := cfg.ValidateClient(); err != nil {
|
|
return nil, err
|
|
}
|
|
return &cfg, nil
|
|
}
|
|
|
|
func (s *Sudoku) streamConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.Conn, err error) {
|
|
if !cfg.DisableHTTPMask {
|
|
if err = httpmask.WriteRandomRequestHeader(rawConn, cfg.ServerAddress); err != nil {
|
|
return nil, fmt.Errorf("write http mask failed: %w", err)
|
|
}
|
|
}
|
|
|
|
obfsConn := sudoku.NewConn(rawConn, cfg.Table, cfg.PaddingMin, cfg.PaddingMax, false)
|
|
cConn, err := crypto.NewAEADConn(obfsConn, cfg.Key, cfg.AEADMethod)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("setup crypto failed: %w", err)
|
|
}
|
|
|
|
handshake := buildSudokuHandshakePayload(cfg.Key)
|
|
if _, err = cConn.Write(handshake[:]); err != nil {
|
|
cConn.Close()
|
|
return nil, fmt.Errorf("send handshake failed: %w", err)
|
|
}
|
|
|
|
if err = writeTargetAddress(cConn, cfg.TargetAddress); err != nil {
|
|
cConn.Close()
|
|
return nil, fmt.Errorf("send target address failed: %w", err)
|
|
}
|
|
|
|
return cConn, nil
|
|
}
|
|
|
|
func NewSudoku(option SudokuOption) (*Sudoku, error) {
|
|
if option.Server == "" {
|
|
return nil, fmt.Errorf("server is required")
|
|
}
|
|
if option.Port <= 0 || option.Port > 65535 {
|
|
return nil, fmt.Errorf("invalid port: %d", option.Port)
|
|
}
|
|
if option.Key == "" {
|
|
return nil, fmt.Errorf("key is required")
|
|
}
|
|
|
|
tableType := strings.ToLower(option.TableType)
|
|
if tableType == "" {
|
|
tableType = "prefer_ascii"
|
|
}
|
|
if tableType != "prefer_ascii" && tableType != "prefer_entropy" {
|
|
return nil, fmt.Errorf("table-type must be prefer_ascii or prefer_entropy")
|
|
}
|
|
|
|
seed := option.Key
|
|
if recoveredFromKey, err := crypto.RecoverPublicKey(option.Key); err == nil {
|
|
seed = crypto.EncodePoint(recoveredFromKey)
|
|
}
|
|
|
|
// Use local initTable instead of sudoku.NewTable to control logging
|
|
table := initTable(seed, tableType)
|
|
|
|
defaultConf := apis.DefaultConfig()
|
|
paddingMin := defaultConf.PaddingMin
|
|
paddingMax := defaultConf.PaddingMax
|
|
if option.PaddingMin != nil {
|
|
paddingMin = *option.PaddingMin
|
|
}
|
|
if option.PaddingMax != nil {
|
|
paddingMax = *option.PaddingMax
|
|
}
|
|
if option.PaddingMin == nil && option.PaddingMax != nil && paddingMax < paddingMin {
|
|
paddingMin = paddingMax
|
|
}
|
|
if option.PaddingMax == nil && option.PaddingMin != nil && paddingMax < paddingMin {
|
|
paddingMax = paddingMin
|
|
}
|
|
|
|
baseConf := apis.ProtocolConfig{
|
|
ServerAddress: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
|
|
Key: option.Key,
|
|
AEADMethod: defaultConf.AEADMethod,
|
|
Table: table,
|
|
PaddingMin: paddingMin,
|
|
PaddingMax: paddingMax,
|
|
HandshakeTimeoutSeconds: defaultConf.HandshakeTimeoutSeconds,
|
|
DisableHTTPMask: !option.HTTPMask,
|
|
}
|
|
if option.AEADMethod != "" {
|
|
baseConf.AEADMethod = option.AEADMethod
|
|
}
|
|
|
|
return &Sudoku{
|
|
Base: &Base{
|
|
name: option.Name,
|
|
addr: baseConf.ServerAddress,
|
|
tp: C.Sudoku,
|
|
udp: false,
|
|
tfo: option.TFO,
|
|
mpTcp: option.MPTCP,
|
|
iface: option.Interface,
|
|
rmark: option.RoutingMark,
|
|
prefer: C.NewDNSPrefer(option.IPVersion),
|
|
},
|
|
option: &option,
|
|
table: table,
|
|
baseConf: baseConf,
|
|
}, nil
|
|
}
|
|
|
|
func buildSudokuHandshakePayload(key string) [16]byte {
|
|
var payload [16]byte
|
|
binary.BigEndian.PutUint64(payload[:8], uint64(time.Now().Unix()))
|
|
hash := sha256.Sum256([]byte(key))
|
|
copy(payload[8:], hash[:8])
|
|
return payload
|
|
}
|
|
|
|
func writeTargetAddress(w io.Writer, rawAddr string) error {
|
|
host, portStr, err := net.SplitHostPort(rawAddr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
portInt, err := net.LookupPort("tcp", portStr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var buf []byte
|
|
if ip := net.ParseIP(host); ip != nil {
|
|
if ip4 := ip.To4(); ip4 != nil {
|
|
buf = append(buf, 0x01) // IPv4
|
|
buf = append(buf, ip4...)
|
|
} else {
|
|
buf = append(buf, 0x04) // IPv6
|
|
buf = append(buf, ip...)
|
|
}
|
|
} else {
|
|
if len(host) > 255 {
|
|
return fmt.Errorf("domain too long")
|
|
}
|
|
buf = append(buf, 0x03) // domain
|
|
buf = append(buf, byte(len(host)))
|
|
buf = append(buf, host...)
|
|
}
|
|
|
|
var portBytes [2]byte
|
|
binary.BigEndian.PutUint16(portBytes[:], uint16(portInt))
|
|
buf = append(buf, portBytes[:]...)
|
|
|
|
_, err = w.Write(buf)
|
|
return err
|
|
}
|
|
|
|
// initTable initializes the obfuscation tables with Mihomo logging
|
|
// mode: "prefer_ascii" or "prefer_entropy"
|
|
func initTable(key string, mode string) *sudoku.Table {
|
|
start := time.Now()
|
|
t := &sudoku.Table{
|
|
DecodeMap: make(map[uint32]byte),
|
|
IsASCII: mode == "prefer_ascii",
|
|
}
|
|
|
|
// Initialize padding pool and encoding logic
|
|
if t.IsASCII {
|
|
// === ASCII Mode (0x20 - 0x7F) ===
|
|
// Payload (Hint): 01vvpppp (Bit 6 is 1) -> 0x40 | ...
|
|
// Padding: 001xxxxx (Bit 6 is 0) -> 0x20 | rand(0-31)
|
|
// Range: Padding [32, 63], Payload [64, 127]
|
|
|
|
t.PaddingPool = make([]byte, 0, 32)
|
|
for i := 0; i < 32; i++ {
|
|
// 001xxxxx -> 0x20 + i
|
|
t.PaddingPool = append(t.PaddingPool, byte(0x20+i))
|
|
}
|
|
} else {
|
|
// === Entropy Mode (Legacy) ===
|
|
// Padding: 0x80 (10000xxx) & 0x10 (00010xxx)
|
|
// Payload: Avoids bits 7 and 4 being strictly defined like padding
|
|
t.PaddingPool = make([]byte, 0, 16)
|
|
for i := 0; i < 8; i++ {
|
|
t.PaddingPool = append(t.PaddingPool, byte(0x80+i))
|
|
t.PaddingPool = append(t.PaddingPool, byte(0x10+i))
|
|
}
|
|
}
|
|
|
|
// Generate sudoku grids
|
|
allGrids := sudoku.GenerateAllGrids()
|
|
h := sha256.New()
|
|
h.Write([]byte(key))
|
|
seed := int64(binary.BigEndian.Uint64(h.Sum(nil)[:8]))
|
|
rng := rand.New(rand.NewSource(seed))
|
|
|
|
shuffledGrids := make([]sudoku.Grid, 288)
|
|
copy(shuffledGrids, allGrids)
|
|
rng.Shuffle(len(shuffledGrids), func(i, j int) {
|
|
shuffledGrids[i], shuffledGrids[j] = shuffledGrids[j], shuffledGrids[i]
|
|
})
|
|
|
|
// Pre-calculate combinations
|
|
var combinations [][]int
|
|
var combine func(int, int, []int)
|
|
combine = func(s, k int, c []int) {
|
|
if k == 0 {
|
|
tmp := make([]int, len(c))
|
|
copy(tmp, c)
|
|
combinations = append(combinations, tmp)
|
|
return
|
|
}
|
|
for i := s; i <= 16-k; i++ {
|
|
c = append(c, i)
|
|
combine(i+1, k-1, c)
|
|
c = c[:len(c)-1]
|
|
}
|
|
}
|
|
combine(0, 4, []int{})
|
|
|
|
// Build mapping table
|
|
for byteVal := 0; byteVal < 256; byteVal++ {
|
|
targetGrid := shuffledGrids[byteVal]
|
|
for _, positions := range combinations {
|
|
var currentHints [4]byte
|
|
|
|
// 1. Calculate Abstract Hints
|
|
var rawParts [4]struct{ val, pos byte }
|
|
|
|
for i, pos := range positions {
|
|
val := targetGrid[pos] // 1..4
|
|
rawParts[i] = struct{ val, pos byte }{val, uint8(pos)}
|
|
}
|
|
|
|
// Check uniqueness (Sudoku logic)
|
|
matchCount := 0
|
|
for _, g := range allGrids {
|
|
match := true
|
|
for _, p := range rawParts {
|
|
if g[p.pos] != p.val {
|
|
match = false
|
|
break
|
|
}
|
|
}
|
|
if match {
|
|
matchCount++
|
|
if matchCount > 1 {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if matchCount == 1 {
|
|
// Unique, generate final encoding bytes
|
|
for i, p := range rawParts {
|
|
if t.IsASCII {
|
|
// ASCII Encoding: 01vvpppp
|
|
// vv = val-1 (0..3), pppp = pos (0..15)
|
|
// 0x40 | (vv << 4) | pppp
|
|
currentHints[i] = 0x40 | ((p.val - 1) << 4) | (p.pos & 0x0F)
|
|
} else {
|
|
// Entropy Encoding (Legacy)
|
|
// 0vv0pppp
|
|
// Format: ((val-1) << 5) | pos
|
|
currentHints[i] = ((p.val - 1) << 5) | (p.pos & 0x0F)
|
|
}
|
|
}
|
|
|
|
t.EncodeTable[byteVal] = append(t.EncodeTable[byteVal], currentHints)
|
|
// Generate decode key
|
|
key := packHintsToKey(currentHints)
|
|
t.DecodeMap[key] = byte(byteVal)
|
|
}
|
|
}
|
|
}
|
|
log.Infoln("[Sudoku] Tables initialized (%s) in %v", mode, time.Since(start))
|
|
return t
|
|
}
|
|
|
|
func packHintsToKey(hints [4]byte) uint32 {
|
|
// Sorting network for 4 elements (Bubble sort unrolled)
|
|
// Swap if a > b
|
|
if hints[0] > hints[1] {
|
|
hints[0], hints[1] = hints[1], hints[0]
|
|
}
|
|
if hints[2] > hints[3] {
|
|
hints[2], hints[3] = hints[3], hints[2]
|
|
}
|
|
if hints[0] > hints[2] {
|
|
hints[0], hints[2] = hints[2], hints[0]
|
|
}
|
|
if hints[1] > hints[3] {
|
|
hints[1], hints[3] = hints[3], hints[1]
|
|
}
|
|
if hints[1] > hints[2] {
|
|
hints[1], hints[2] = hints[2], hints[1]
|
|
}
|
|
|
|
return uint32(hints[0])<<24 | uint32(hints[1])<<16 | uint32(hints[2])<<8 | uint32(hints[3])
|
|
}
|