feat: implement XOR encryption for tunnel signals in client and server communication

yosebyte · web-flow · commit 3de1b46e83f5 · 2025-05-29T08:34:12.000Z
diff --git a/internal/client.go b/internal/client.go
@@ -3,12 +3,12 @@ package internal
 
 import (
 	"bufio"
+	"bytes"
 	"context"
 	"net"
 	"net/url"
 	"os"
 	"os/signal"
-	"strings"
 	"syscall"
 	"time"
 
@@ -122,7 +122,7 @@ func (c *Client) tunnelHandshake() error {
 	if err != nil {
 		return err
 	}
-	tunnelSignal := strings.TrimSpace(string(rawTunnelURL))
+	tunnelSignal := string(xor(bytes.TrimSuffix(rawTunnelURL, []byte{'\n'})))
 	c.logger.Debug("Tunnel signal <- : %v <- %v", tunnelSignal, c.tunnelTCPConn.RemoteAddr())
 
 	// 解析隧道URL
diff --git a/internal/common.go b/internal/common.go
@@ -3,6 +3,7 @@ package internal
 
 import (
 	"bufio"
+	"bytes"
 	"context"
 	"net"
 	"net/url"
@@ -78,6 +79,14 @@ func getEnvAsDuration(name string, defaultValue time.Duration) time.Duration {
 	return defaultValue
 }
 
+// xor 对数据进行异或处理
+func xor(data []byte) []byte {
+	for i := range data {
+		data[i] ^= byte(128)
+	}
+	return data
+}
+
 // getAddress 解析和设置地址信息
 func (c *Common) getAddress(parsedURL *url.URL) {
 	// 解析隧道地址
@@ -274,7 +283,7 @@ func (c *Common) commonQueue() error {
 			if err != nil {
 				return err
 			}
-			signal := strings.TrimSpace(string(rawSignal))
+			signal := string(xor(bytes.TrimSuffix(rawSignal, []byte{'\n'})))
 
 			// 将信号发送到通道
 			select {
@@ -301,7 +310,7 @@ func (c *Common) healthCheck() error {
 			// 连接池健康度检查
 			if c.tunnelPool.ErrorCount() > c.tunnelPool.Active()/2 {
 				// 发送刷新信号到对端
-				_, err := c.tunnelTCPConn.Write([]byte(flushURL.String() + "\n"))
+				_, err := c.tunnelTCPConn.Write(append(xor([]byte(flushURL.String())), '\n'))
 				if err != nil {
 					c.mu.Unlock()
 					return err
@@ -390,7 +399,7 @@ func (c *Common) commonTCPLoop() {
 				}
 
 				c.mu.Lock()
-				_, err = c.tunnelTCPConn.Write([]byte(launchURL.String() + "\n"))
+				_, err = c.tunnelTCPConn.Write(append(xor([]byte(launchURL.String())), '\n'))
 				c.mu.Unlock()
 
 				if err != nil {
@@ -457,7 +466,7 @@ func (c *Common) commonUDPLoop() {
 				}
 
 				c.mu.Lock()
-				_, err = c.tunnelTCPConn.Write([]byte(launchURL.String() + "\n"))
+				_, err = c.tunnelTCPConn.Write(append(xor([]byte(launchURL.String())), '\n'))
 				c.mu.Unlock()
 
 				if err != nil {
diff --git a/internal/server.go b/internal/server.go
@@ -130,7 +130,7 @@ func (s *Server) tunnelHandshake() error {
 		Host:     s.dataFlow,
 		Fragment: s.tlsCode,
 	}
-	_, err = s.tunnelTCPConn.Write([]byte(tunnelURL.String() + "\n"))
+	_, err = s.tunnelTCPConn.Write(append(xor([]byte(tunnelURL.String())), '\n'))
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ func (s *Server) tunnelHandshake() error {`
`130`	`130`	`Host: s.dataFlow,`
`131`	`131`	`Fragment: s.tlsCode,`
`132`	`132`	`}`
`133`		`- _, err = s.tunnelTCPConn.Write([]byte(tunnelURL.String() + "\n"))`
	`133`	`+ _, err = s.tunnelTCPConn.Write(append(xor([]byte(tunnelURL.String())), '\n'))`
`134`	`134`	`if err != nil {`
`135`	`135`	`return err`
`136`	`136`	`}`