obfs

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 27, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrPSKTooShort = fmt.Errorf("PSK must be at least %d bytes", smPSKMinLen)

Functions

func WrapPacketConn 

func WrapPacketConn(conn net.PacketConn, obfs Obfuscator) net.PacketConn

WrapPacketConn enables obfuscation on a net.PacketConn. The obfuscation is transparent to the caller - the n bytes returned by ReadFrom and WriteTo are the number of original bytes, not after obfuscation/deobfuscation.

Types

type AstroObfuscator added in v0.0.2 

type AstroObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation
	// contains filtered or unexported fields
}

AstroObfuscator performs adaptive header mimicry for traffic camouflage. It uses AES-GCM and embeds the encrypted payload into a dynamically generated HTTP/2 DATA frame structure.

func NewAstroObfuscator added in v0.0.2 

func NewAstroObfuscator(psk []byte) (*AstroObfuscator, error)

NewAstroObfuscator creates a new AstroObfuscator instance. psk: The pre-shared key. Must be at least astroMinPSKLen bytes long.

func (*AstroObfuscator) Deobfuscate added in v0.0.2 

func (o *AstroObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate parses the HTTP/2 DATA frame, extracts the embedded payload, and decrypts it. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*AstroObfuscator) Obfuscate added in v0.0.2 

func (o *AstroObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and embeds it into a dynamically crafted HTTP/2 DATA frame. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type ChameleonObfuscator added in v0.0.1 

type ChameleonObfuscator struct {
	PSK []byte // Pre-shared key. Used to derive the actual ChaCha20 key.
}

ChameleonObfuscator implements authenticated encryption using ChaCha20-Poly1305. It derives a unique key for each packet from a pre-shared key (PSK) and a per-packet random nonce. The nonce is prepended to the ciphertext. This provides strong confidentiality and integrity.

func NewChameleonObfuscator added in v0.0.1 

func NewChameleonObfuscator(psk []byte) (*ChameleonObfuscator, error)

NewChameleonObfuscator creates a new ChameleonObfuscator instance. psk: The pre-shared key used to derive the ChaCha20 key. It must not be empty.

func (*ChameleonObfuscator) Deobfuscate added in v0.0.1 

func (o *ChameleonObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate decrypts the input byte slice 'in' and writes the result to 'out'. It extracts the nonce, derives the key, and attempts to decrypt the payload. If decryption fails (e.g., due to data corruption or tampering, indicated by authentication failure), it returns 0 to signal an invalid packet. Returns the number of bytes written to 'out'. If 'in' is invalid or 'out' is too small, returns 0.

func (*ChameleonObfuscator) Obfuscate added in v0.0.1 

func (o *ChameleonObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input byte slice 'in' and writes the result to 'out'. It generates a random nonce, derives a ChaCha20 key from the PSK, encrypts 'in' with the nonce, and prepends the nonce to the resulting ciphertext (which includes the auth tag). Returns the number of bytes written to 'out'. If 'out' is too small, returns 0.

type NebulaObfuscator added in v0.0.2 

type NebulaObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation and header obfuscation
	// contains filtered or unexported fields
}

NebulaObfuscator fragments payload into small, individually encrypted chunks, and manages their chaotic transmission (simulated here by output order).

func NewNebulaObfuscator added in v0.0.2 

func NewNebulaObfuscator(psk []byte) (*NebulaObfuscator, error)

NewNebulaObfuscator creates a new NebulaObfuscator instance. psk: The pre-shared key. Must be at least nebulaMinPSKLen bytes long.

func (*NebulaObfuscator) Deobfuscate added in v0.0.2 

func (o *NebulaObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate reconstructs and decrypts the payload from a sequence of Nebula fragments. It requires all fragments for a given PacketID to be present for successful reconstruction. Returns the length of the decrypted data, or 0 if an error occurs (e.g., missing fragments, decryption failure).

func (*NebulaObfuscator) Obfuscate added in v0.0.2 

func (o *NebulaObfuscator) Obfuscate(in, out []byte) int

Obfuscate fragments the input 'in', encrypts each fragment, and prepares them for chaotic sending. This function returns a single large byte slice that conceptually represents a sequence of packets. In a real implementation, each fragment would be a separate packet, potentially with randomized delays. Returns the total length of the combined obfuscated fragments, or 0 if an error occurs or 'out' is too small.

type Obfuscator 

type Obfuscator interface {
	Obfuscate(in, out []byte) int
	Deobfuscate(in, out []byte) int
}

Obfuscator is the interface that wraps the Obfuscate and Deobfuscate methods. Both methods return the number of bytes written to out. If a packet is not valid, the methods should return 0.

func NewObfuscatorFromConfig added in v0.0.1 

func NewObfuscatorFromConfig(cfg ObfuscatorConfig) (Obfuscator, error)

NewObfuscatorFromConfig is a factory function that creates and returns an Obfuscator interface instance based on the provided configuration. It centralizes the instantiation logic for different obfuscation protocols.

type ObfuscatorConfig added in v0.0.1 

type ObfuscatorConfig struct {
	Type     string `mapstructure:"type"`     // Type of the obfuscator (e.g., "salamander", "scramble", "chameleon", "stealthflow", "quantumshuffle")
	Password string `mapstructure:"password"` // Pre-shared key/password used by the obfuscator

}

ObfuscatorConfig defines the common configuration structure for all obfuscators. This allows for unified configuration parsing.

type PolyMorphObfuscator added in v0.0.2 

type PolyMorphObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation and control header obfuscation
	// contains filtered or unexported fields
}

PolyMorphObfuscator applies multiple layers of obfuscation with dynamic padding. It encrypts the payload with AES-GCM and inserts random padding, with layout info encoded in an obfuscated control header.

func NewPolyMorphObfuscator added in v0.0.2 

func NewPolyMorphObfuscator(psk []byte) (*PolyMorphObfuscator, error)

NewPolyMorphObfuscator creates a new PolyMorphObfuscator instance. psk: The pre-shared key. Must be at least pmMinPSKLen bytes long.

func (*PolyMorphObfuscator) Deobfuscate added in v0.0.2 

func (o *PolyMorphObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate reconstructs and decrypts the payload from a PolyMorph packet. It first de-obfuscates the control header to determine the packet layout, then extracts the nonce and encrypted payload for decryption. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*PolyMorphObfuscator) Obfuscate added in v0.0.2 

func (o *PolyMorphObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and applies dynamic padding and a control header. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type QuantumShuffleObfuscator added in v0.0.2 

type QuantumShuffleObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation and control header obfuscation
	// contains filtered or unexported fields
}

QuantumShuffleObfuscator implements authenticated encryption with dynamic packet layout. It uses AES-GCM and random padding, with layout information encoded in an obfuscated control header.

func NewQuantumShuffleObfuscator added in v0.0.2 

func NewQuantumShuffleObfuscator(psk []byte) (*QuantumShuffleObfuscator, error)

NewQuantumShuffleObfuscator creates a new QuantumShuffleObfuscator instance. psk: The pre-shared key. Must be at least qsMinPSKLen bytes long.

func (*QuantumShuffleObfuscator) Deobfuscate added in v0.0.2 

func (o *QuantumShuffleObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate reconstructs and decrypts the payload from a QuantumShuffle packet. It first de-obfuscates the control header to determine the packet layout, then extracts the nonce and encrypted payload for decryption. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*QuantumShuffleObfuscator) Obfuscate added in v0.0.2 

func (o *QuantumShuffleObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and shuffles its internal structure. It generates random padding and a magic number, and encodes their positions in an obfuscated control header. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type QuantumTunnelObfuscator added in v0.0.2 

type QuantumTunnelObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation
}

QuantumTunnelObfuscator embeds encrypted payload within a fake TLS ClientHello. It uses AES-GCM for encryption and hides the payload in the Session ID field.

func NewQuantumTunnelObfuscator added in v0.0.2 

func NewQuantumTunnelObfuscator(psk []byte) (*QuantumTunnelObfuscator, error)

NewQuantumTunnelObfuscator creates a new QuantumTunnelObfuscator instance. psk: The pre-shared key. Must be at least qtMinPSKLen bytes long.

func (*QuantumTunnelObfuscator) Deobfuscate added in v0.0.2 

func (o *QuantumTunnelObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate parses the fake TLS ClientHello, extracts the embedded payload, and decrypts it. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*QuantumTunnelObfuscator) Obfuscate added in v0.0.2 

func (o *QuantumTunnelObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and embeds it into a fake TLS ClientHello message. The encrypted payload (nonce + ciphertext + tag) is placed in the Session ID field. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type SalamanderObfuscator 

type SalamanderObfuscator struct {
	PSK     []byte
	RandSrc *rand.Rand
	// contains filtered or unexported fields
}

SalamanderObfuscator is an obfuscator that obfuscates each packet with the BLAKE2b-256 hash of a pre-shared key combined with a random salt. Packet format: [8-byte salt][payload]

func NewSalamanderObfuscator 

func NewSalamanderObfuscator(psk []byte) (*SalamanderObfuscator, error)

func (*SalamanderObfuscator) Deobfuscate 

func (o *SalamanderObfuscator) Deobfuscate(in, out []byte) int

func (*SalamanderObfuscator) Obfuscate 

func (o *SalamanderObfuscator) Obfuscate(in, out []byte) int

type ScrambleObfuscator added in v0.0.1 

type ScrambleObfuscator struct {
	PSK []byte // Pre-shared key for key derivation
}

ScrambleObfuscator implements a simple counter-based stream cipher obfuscation. It uses a per-packet random nonce and a pre-shared key (PSK) to derive an evolving key stream for each block of the packet.

func NewScrambleObfuscator added in v0.0.1 

func NewScrambleObfuscator(psk []byte) (*ScrambleObfuscator, error)

NewScrambleObfuscator creates a new ScrambleObfuscator instance. psk: The pre-shared key used for obfuscation. It must not be empty.

func (*ScrambleObfuscator) Deobfuscate added in v0.0.1 

func (o *ScrambleObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate deobfuscates the input byte slice 'in' and writes the result to 'out'. It extracts the nonce, re-derives the same evolving key stream, and XORs the payload to restore the original data. Returns the number of bytes written to 'out'. If 'in' is invalid or 'out' is too small, returns 0.

func (*ScrambleObfuscator) Obfuscate added in v0.0.1 

func (o *ScrambleObfuscator) Obfuscate(in, out []byte) int

Obfuscate obfuscates the input byte slice 'in' and writes the result to 'out'. It prepends a random nonce, then XORs payload blocks with an evolving key derived from the PSK and the current nonce counter. Returns the number of bytes written to 'out'. If 'out' is too small, returns 0.

type StealthFlowObfuscator added in v0.0.2 

type StealthFlowObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation
}

StealthFlowObfuscator camouflages traffic as HTTP/1.1 GET requests. It encrypts the payload using AES-GCM and embeds it after a fake HTTP header.

func NewStealthFlowObfuscator added in v0.0.2 

func NewStealthFlowObfuscator(psk []byte) (*StealthFlowObfuscator, error)

NewStealthFlowObfuscator creates a new StealthFlowObfuscator instance. psk: The pre-shared key. Must be at least sfMinPSKLen bytes long.

func (*StealthFlowObfuscator) Deobfuscate added in v0.0.2 

func (o *StealthFlowObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate extracts and decrypts the payload from an HTTP-like obfuscated packet. It parses the HTTP header to find the Content-Length and then extracts the nonce and encrypted payload for decryption. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*StealthFlowObfuscator) Obfuscate added in v0.0.2 

func (o *StealthFlowObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and encapsulates it within an HTTP-like structure. The encrypted data (nonce + ciphertext + tag) forms the "body" of the fake HTTP request. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type TimeWarpObfuscator added in v0.0.2 

type TimeWarpObfuscator struct {
	PSK []byte // Pre-shared key for AES key derivation and control header obfuscation
	// contains filtered or unexported fields
}

TimeWarpObfuscator fragments a packet, encrypts chunks, and shuffles their order. A control header guides reconstruction.

func NewTimeWarpObfuscator added in v0.0.2 

func NewTimeWarpObfuscator(psk []byte) (*TimeWarpObfuscator, error)

NewTimeWarpObfuscator creates a new TimeWarpObfuscator instance. psk: The pre-shared key. Must be at least twMinPSKLen bytes long.

func (*TimeWarpObfuscator) Deobfuscate added in v0.0.2 

func (o *TimeWarpObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate reconstructs and decrypts the payload from a TimeWarp packet. It first de-obfuscates the control header to determine chunking and order, then decrypts and reorders the chunks to reconstruct the original payload. Returns the length of the decrypted data, or 0 if an error occurs (e.g., invalid format, decryption failure).

func (*TimeWarpObfuscator) Obfuscate added in v0.0.2 

func (o *TimeWarpObfuscator) Obfuscate(in, out []byte) int

Obfuscate fragments the input 'in', encrypts and shuffles chunks, and adds a control header. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.