explore other possible sources of distinguishability against reference implementation #11
Comments
ainghazal
changed the title
|
These days I was thinking in another possible way to tell minivpn apart: I am not completely sure, but I remember seeing something about the reference openvpn implementing some kind of retries for the TLS handshake in UDP mode (which is kind of natural). It's been some months already so this is not fresh in my head, but I am pretty sure my implementation is quite sensible to packet loss during the handshake phase. I mention this in case the current red team engagement find ways to break things apart following this lead 😈 🙈 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I know that supposedly the parrot is dead, but if the effort is low maybe it makes sense to address a couple of obvious divergences:
The trailing 4 bytes in the random field for our (parroted)
ClientHellolook totally random - but at least by Wireshark's dissector they get recognized as a timestamp (I haven't checked the ranges extensively, at least they look to be placed between 2000-2100?). Probably openvpn source code is the quickest way to clarify this.The fact that I'm using
DATA_V1packets (intertwined withHARD_RESET_V2) while a recentopenvpnusesV2.The text was updated successfully, but these errors were encountered: