Thoughts on attempting to port and ship Obfsproxy client functionality to Android?
We have a good number of Iranian users it seems, and I think we can pull it off in a few days, if it isn't insanely complex.
Where should we begin? Any details on exactly what was done for the new TBB?
+n
On Fri, Feb 10, 2012 at 07:56:04AM -0500, Nathan Freitas wrote:
Thoughts on attempting to port and ship Obfsproxy client functionality to Android?
We have a good number of Iranian users it seems, and I think we can pull it off in a few days, if it isn't insanely complex.
Where should we begin? Any details on exactly what was done for the new TBB?
Step one, build obfsproxy for Android. I expect your biggest problem will be libevent2 since you won't have any packages for it. See https://trac.torproject.org/projects/tor/ticket/5009#comment:17 for some ugly hacks.
Step two, figure out what obfs2 addresses you want your people to use. In the current testing bundle we're simply hard-coding two (one on moria, one that marlowe runs). Tomorrow I hope to put out a bundle with more like 8 or 10, to load balance in case it becomes popular.
Step three, add those obfsproxy bridges and this line to the torrc:
Bridge obfs2 128.31.0.34:1051 ClientTransportPlugin obfs2 exec /path/to/obfsproxy --managed
Now your clients will be good to go. Except every client will launch obfsproxy by default whether they need it or no, and they'll all go through that obfsproxy bridge. So you'll want this to be a separate alternate bundle that people only install when they want it.
Step four, you could change your gui to let people configure new obfs2 bridges that they run across. There's a bug in Vidalia where it tries to validate your bridge lines, which backfired now that the bridge lines have become more complex; perhaps Orbot was more future-thinking and never bothered validating them. :)
Maybe you want to make your interface only add the ClientTransportPlugin line to the torrc file if they add an obfs2 bridge? Eventually Tor will be smarter about that.
Oh, and lastly, there's a crash bug in obfsproxy that we're working on now. Maybe more behind it. This is not what you would call a methodical planned rollout. :)
--Roger
On 02/10/2012 08:11 AM, Roger Dingledine wrote:
On Fri, Feb 10, 2012 at 07:56:04AM -0500, Nathan Freitas wrote:
Thoughts on attempting to port and ship Obfsproxy client functionality to Android? Where should we begin? Any details on exactly what was done for the new TBB?
Step one, build obfsproxy for Android. I expect your biggest problem will be libevent2 since you won't have any packages for it. See
Happy to say that libevent2 and obfsproxy have been successfully cross-compiled for Android w/o major patching, and all seems to be working well with a manually hacked version of Orbot. I have to get some sleep now, but should have a new Orbot proper build in 24 hours (with the help of Gsathya and Kensen from GP).
I've posted some test binaries with an Android shell-based how to here: https://github.com/downloads/guardianproject/Orbot/obfsproxy-20120212a.tar.g... (.asc)
*** This currently requires root, and Orbot should be deactivated.
1) adb push the files about to /data/local
2) adb shell; su
3) mv the files above from /data/local to /data/data/org.torproject.android/app_bin
4) chown the new files to the uid of the orbot app (e.g. "chmod app_2.app_2 tor"). find the uid by 'ls'-ing in the /data/data/org.torproject.android/app_bin folder
5) chmod 700 obfsproxy; chmod 700 tor;
6) export HOME=/data/data/org.torproject.android/app_bin
7) /data/data/org.torproject.android/app_bin/tor DataDirectory /data/data/org.torproject.android/cache -f /data/data/org.torproject.android/app_bin/torrc
8) Open Firefox Mobile with ProxyMob add-on, and you should be ready to roll.
***
Feb 11 03:29:23.275 [notice] Tor v0.2.3.11-alpha (git-9ce9836f853d8a31) running on Linux armv7l. Feb 11 03:29:23.276 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning ... Feb 11 03:29:31.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Feb 11 03:29:31.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Feb 11 03:29:32.000 [notice] new bridge descriptor 'maximatorbridge' (fresh): $55329E0FB775496D4479AC1E0D2CDE3B98D774C3~maximatorbridge at 212.112.242.160 Feb 11 03:29:32.000 [notice] new bridge descriptor 'ghobfsbridge1' (fresh): $10D5B1C21544B64EBC2A4275FE32A8D4A40405B5~ghobfsbridge1 at 213.108.105.129 Feb 11 03:29:32.000 [notice] new bridge descriptor 'torbridge42' (fresh): $9459581B2DA5458D19790C28918CB544B3854C8A~torbridge42 at 85.214.131.213 Feb 11 03:29:32.000 [notice] new bridge descriptor 'Unnamed' (fresh): $7C7DC083FFCFE383268B873D2CB046684B615648~Unnamed at 85.17.20.242 Feb 11 03:29:32.000 [notice] new bridge descriptor 'Unnamed' (fresh): $478208B87337CAC2E9391AD7B91D125193D5A641~Unnamed at 91.208.34.7 Feb 11 03:29:32.000 [notice] new bridge descriptor 'Unnamed' (fresh): $5F88FDA345422B32E1A20F2761182C23CD49EA79~Unnamed at 131.215.158.1 Feb 11 03:29:32.000 [notice] new bridge descriptor 'ndnop0' (fresh): $9D7259A696F7DAB073043B28114112A46D36CFFD~ndnop0 at 109.105.109.163 Feb 11 03:29:32.000 [notice] new bridge descriptor 'Unnamed' (fresh): $00BC5E7111BD00E9AF463BE9BFE6255FE51CFCD9~Unnamed at 109.163.233.195 Feb 11 03:29:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Feb 11 03:29:33.000 [notice] Bootstrapped 100%: Done.
***
+n8fr8
On 02/11/2012 03:55 AM, Nathan Freitas wrote:
sleep now, but should have a new Orbot proper build in 24 hours (with the help of Gsathya and Kensen from GP).
Quick update - good progress on Orbot. obfsproxy binary is fully integrated into the Orbot Android app, and all the updates to torrc configuration, etc are in and working. We have a build with bridges enabled and 10 obfs bridges configured by default. The user can modify this list through the existing Orbot settings screen.
I am going to sleep on this now a bit, do some more testing tomorrow, post a public build, then ideally about 18 hours from now, put a build up for release for Iranian users.
I've pushed what we have so far here: https://gitweb.torproject.org/n8fr8/orbot.git/shortlog/refs/heads/obfs
G'night, n8fr8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/12/2012 01:57 AM, Nathan Freitas wrote:
I am going to sleep on this now a bit, do some more testing tomorrow, post a public build, then ideally about 18 hours from now, put a build up for release for Iranian users.
I've posted a signed test build of Orbot-1.0.7.2+OBFS-BY-DEFAULT here: http://ge.tt/89SjZWD
** This is for EXTERNAL testing only and NOT for inside Iran users yet. We have one more round of review tonight, and then should be ready for targeted public release **
Please test on as many devices as you can, and report issues on trac or via email. I will be offline for about eight hours, but active again after that.
+n
-
Nathan Freitas -
Roger Dingledine