Ник | Пост | Дата |
---|---|---|
MaleK | Hello, I’ve been using GoodbyeDPI for years now, but a few weeks ago it suddenly stopped working in Saudi, i have some friends who encountered the same problem at the same time, any ideas on how to get around it or something? tried all available .bats in gbdpi 0.1.6 and 0.2.2 | 2024-05-21T09:01:35.518Z |
MaleK | Здравствуйте, я использую GoodbyeDPI уже много лет, но несколько недель назад он внезапно перестал работать в Саудовской Аравии. У меня есть друзья, которые столкнулись с той же проблемой в то же время, есть идеи, как ее обойти или что-то в этом роде? перепробовал все доступные .bat в GoodbyeDPI 0.1.6 и 0.2.2 | 2024-05-21T09:02:11.968Z |
KatouMegumi-osu | As we say in the Russian internet space, we do not practice fortune telling or anything of the sort. Please provide network capture files showing the issue if you want to receive assistance. Without them, we can only guess. | 2024-05-21T11:01:55.094Z |
MaleK | Thank you for replying. yeah i figured, but how can i do that? i asked chatgpt he told me to use Wireshark but also told me that i should delete the sensitive information, which I’m not sure if its gonna make the results incomplete or not. is there a tutorial or something that i can follow? also i downloaded Wireshark and had no idea whats going on | 2024-05-21T11:41:37.737Z |
bolvan | there’s another tool called zapret also if you have just (auto) updated chrome to 124+ go to chrome://flags and disable kyber | 2024-05-21T12:43:27.220Z |
ValdikSS | As @bolvan said, it’s probably due to Kyber. | 2024-05-21T16:35:03.123Z |
MaleK | i already have it disabled, not sure how long ago but I’ve tried to fix it myself, no luck tho, its not working everywhere not only the browsers | 2024-05-21T19:08:17.583Z |
MaleK | tried 3 websites(all of them are blocked in my country) | 2024-05-21T19:38:58.111Z |
ValdikSS |
And also check PM. | 2024-05-21T19:44:33.712Z |
bolvan |
this looks like partial ip block to confirm some curl tests help|
if first complains to certificate and second gives rst then it’s likely ip block also can write 1.1.1.1 to hosts file and run blockcheck. dont expect available. look when certificate error appears. it indicates success . | 2024-05-22T05:28:59.967Z |
tbstbs1(tbstbs1) | I am also in Saudi Arabia and GoodbyeDPI stopped working. Actually, all other Deep Packet Inspection circumvention utilities stopped working at once. | 2024-05-29T11:22:10.246Z |
tbstbs1(tbstbs1) | This is my log when I run Blockcheck: | 2024-05-29T11:31:55.212Z |
bolvan | i plan to add ip block tests to blokcheck like described above anyway , with tests like this you can forget about gdpi too i expect you did it with all bypasses disabled and not in nated vm | 2024-05-29T13:25:46.222Z |
tbstbs1(tbstbs1) | It returns the following:
| 2024-05-29T15:23:01.005Z |
bolvan | pls redo second test with curl from cygwin prompt. windows schannel is not too informative this doesn’t look like ip block. may be dpi detect anomalies in request and treat it as fooling attempt | 2024-05-29T15:52:03.907Z |
tbstbs1(tbstbs1) |
blockcheck.log (276.6 KB) | 2024-05-30T01:41:19.564Z |
ValdikSS | Try something like Your ISP started to search for the ServerNameIndication pattern in the TCP packets, apparently due to Chrome’s usage of Kyber, which causes TLS packet to be larger than a single TCP packet. However, it looks for the pattern beginning only in the first 256 bytes of TCP packet payload (even when there’s no TCP session started by 3-way handshake), while Chrome with Kyber enabled could put it anywhere, so my assumption is that Chrome would sometimes connect to the blocked website without any circumvention methods. The workaround for GoodbyeDPI is to split the packet exactly at the ServerNameIndication (domain name) boundary. ksa_ntcparty.pcapng (33.5 KB) | 2024-05-30T09:08:24.104Z |
tbstbs1(tbstbs1) | I was muted and couldn’t reply because I apparently reached the daily reply and message limit. Anyway, the settings you provided worked only with Firefox, as you said. Well, it’s my preferred browser anyway. It made some websites’ responsiveness or loading very slow (Internet speed is still the same). Thankfully, it only happens when accessing them for the first time. Some sites also fail to load images, as seen in the picture. Thankfully, I was able to circumvent this by first loading the website using a VPN (I used Cloudflare WARP), turning off the VPN, then running GoodbyeDPI with the custom settings. Now the images always load properly. The settings might need some optimization. An updated package including custom script files for KSA would be nice for beginner users, but this solved my issues. Thank you ValdikSS and bolvan for your help! | 2024-05-30T11:23:07.033Z |
ValdikSS |
That shouldn’t happen anymore. That’s strange but not very surprising. Try to tinker with | 2024-05-30T17:28:15.928Z |
ValdikSS | Could you please try this one?
You still need to disable Kyber, as there’s no segment reassembly. | 2024-05-30T19:19:52.589Z |
tbstbs1(tbstbs1) | This work with Chrome with Kyber disabled. | 2024-05-30T20:31:49.618Z |
ValdikSS | Great! No issues in Chrome/FF with slow loading? | 2024-05-30T20:33:57.910Z |
tbstbs1(tbstbs1) | Yes, no slowing down with both Chrome and FF. | 2024-05-30T20:35:36.911Z |
bolvan | Zapret for windows (winws) should be ready for Arabia. It now implements --dpi-desync-split-tls=sni option. If someone is willing to verify it works you can download it here | 2024-06-21T09:51:05.856Z |