Лёгкий способ найти новую стратегию для ютуба

Community software Zapret
, ,
1

Во времена когда методы блокировки ютуба часто меняли мне было лень каждый раз запускать блокчек, ждать пока он отработает, запускать установочный скрипт и копипастить новую стратегию в конфиг - поэтому я сделал небольшой баш-скрипт который делает это за меня.

ссылка на скачивание

Для работы скрипта надо всё-таки разок установить и настроить запрет чтобы в конфиге была строка вида --filter-tcp=443 РАБОЧАЯ_СТРАТЕГИЯ --hostlist=/opt/zapret/lists/yt.txt --new где /opt/zapret/lists/yt.txt это файл в котором перечислены домены ютуба по одному на строчку, вот так

yt.be
youtu.be
googlevideo.com
youtube.com
i.ytimg.com
ytimg.com

Как работает скрипт:

  1. проверяет на какой системе его запустили - опенврт, линукс с системд или что-то экзотическое, если экзотика то скрипт выходит на всякий случай
  2. загружает страничку ютуба и парсит её на предмет адреса Google Global Cache - странички обычно не блочат а замедляют поэтому это не должно вызывать проблем
  3. выключает запрет через системд или опенвртшное управление службами
  4. запускает блокчек с тем адресом GGC который он взял во втором пункте и пишет его вывод в файл
  5. ищет в файле строку с рабочей новой стратегией
  6. ищет в конфиге запрета строчку со старой стратегией обхода и меняет её на новую
  7. включает запрет обратно

Делал я этот скрипт для себя, но может он и вам пригодится. Если там какие-то баги - сообщите, может я чего-то не учёл.

2

если говорить про openwrt этот скрипт работает только на офф версию или на все включая luci(GitHub - remittor/zapret-openwrt: OpenWrt packages of https://github.com/bol-van/zapret)?

3

я тестировал только с этой версией GitHub - bol-van/zapret: DPI bypass multi platform никаких других у меня нет и про их совместимость я ничего гарантировать не могу.

4

в файл yt.txt же можно скинуть все домены ну к примеру того же клауд флеер или для правильной работы скрипта нужно только домены ютуб и гугл видео?

5

Стопэ я что то не понял. Как запускать на десятке этот скрипт? Не работает

1 Like
6

он для роутера

7

запихнуть туда можно чё угодно, но скрипт прогоняет поиск страт для ggc, если так получится что страта будет работать и для других сайтов то тебе это поможет

8

У меня данный скрипт застревает на моменте вывода в консоль доменов которые он записывает в /opt/lists/yt.txt (это если изначально zapret выключен). Если zapret включен, то он прогоняет blockcheck и в curl выводит !!! AVAILABLE !!! (так как у меня после остановки zapret какое-то время ещё работает youtube без проблем, обычно помогает перезапуск роутера чтоб окончательно отвалился).

9

Сейчас запустил с выключенным zapret и оставил на подольше, в итоге как я понял не нашел адрес GGC и начал проводить blockcheck по стандартному rutracker.org, вот полный лог:

Спойлер 
root@S1lenix:/opt/zapret# ./auto_zapret.sh
yt.be
youtu.be
googlevideo.com
youtube.com
i.ytimg.com
ytimg.comGGC ->
Clearing nftables
net.netfilter.nf_conntrack_tcp_be_liberal = 0
Command failed: Not found
Clearing nftables
net.netfilter.nf_conntrack_tcp_be_liberal = 0
Command failed: Not found
rm: can't remove '/tmp/blockcheck_output.txt': No such file or directory
rm: can't remove '/tmp/blockcheck_output.txt': No such file or directory
* checking system
tpws supports --fix-seg on this system
Linux detected
firewall type is nftables
* checking already running DPI bypass processes
* checking privileges
* checking prerequisites
* checking DNS
system DNS is working
comparing system resolver to public DNS : 8.8.8.8
pornhub.com : OK
ntc.party : OK
rutracker.org : OK
www.torproject.org : OK
bbc.com : OK
checking resolved IP uniqueness for : pornhub.com ntc.party rutracker.org www.torproject.org bbc.com
censor's DNS can return equal result for multiple blocked domains.
all resolved IPs are unique
-- DNS looks good
-- NOTE this check is Russia targeted. In your country other domains may be blocked.
* checking virtualization
cannot detect

NOTE ! this test should be run with zapret or any other bypass software disabled, without VPN



* port block tests ipv4 rutracker.org:443
suitable netcat not found. busybox nc is not supported. pls install nmap ncat or openbsd netcat.

* curl_test_https_tls12 ipv4 rutracker.org
- checking without DPI bypass
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2001 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28

- IP block tests (requires manual interpretation)
> testing iana.org on it's original ip
[attempt 1] AVAILABLE
[attempt 2] AVAILABLE
[attempt 3] AVAILABLE
[attempt 4] AVAILABLE
[attempt 5] AVAILABLE
[attempt 6] AVAILABLE
[attempt 7] AVAILABLE
[attempt 8] AVAILABLE
[attempt 9] AVAILABLE
[attempt 10] AVAILABLE
!!!!! AVAILABLE !!!!!
> testing rutracker.org on 192.0.43.8 (iana.org)
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2001 milliseconds
[attempt 3] curl: (28) Connection timed out after 2001 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2003 milliseconds
> testing iana.org on 172.67.182.196 (rutracker.org)
[attempt 1] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 2] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 3] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 4] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 5] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 6] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 7] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 8] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 9] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 10] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
> testing iana.org on 104.21.32.39 (rutracker.org)
[attempt 1] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 2] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 3] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 4] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 5] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 6] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 7] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 8] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 9] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer
[attempt 10] curl: (35) ssl_handshake returned: (-0x7780) SSL - A fatal alert message was received from our peer

preparing nfqws redirection
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=2
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2001 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=1
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2003 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=sniext+1
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2001 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=sniext+4
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=host+1
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2001 milliseconds
[attempt 5] curl: (28) Connection timed out after 2001 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2001 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=midsld
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2001 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=1,midsld
[attempt 1] curl: (28) Connection timed out after 2002 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multisplit --dpi-desync-split-pos=1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1
[attempt 1] curl: (28) Connection timed out after 2001 milliseconds
[attempt 2] curl: (28) Connection timed out after 2002 milliseconds
[attempt 3] curl: (28) Connection timed out after 2002 milliseconds
[attempt 4] curl: (28) Connection timed out after 2002 milliseconds
[attempt 5] curl: (28) Connection timed out after 2002 milliseconds
[attempt 6] curl: (28) Connection timed out after 2002 milliseconds
[attempt 7] curl: (28) Connection timed out after 2002 milliseconds
[attempt 8] curl: (28) Connection timed out after 2002 milliseconds
[attempt 9] curl: (28) Connection timed out after 2002 milliseconds
[attempt 10] curl: (28) Connection timed out after 2002 milliseconds
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=2
[attempt 1] AVAILABLE
[attempt 2] AVAILABLE
[attempt 3] curl: (28) Operation timed out after 2001 milliseconds with 0 bytes received
[attempt 4] AVAILABLE
[attempt 5] AVAILABLE
[attempt 6] AVAILABLE
[attempt 7] AVAILABLE
[attempt 8] AVAILABLE
[attempt 9] AVAILABLE
[attempt 10] AVAILABLE
UNAVAILABLE code=28
- curl_test_https_tls12 ipv4 rutracker.org : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=1
[attempt 1] AVAILABLE
[attempt 2] AVAILABLE
[attempt 3] AVAILABLE
[attempt 4] AVAILABLE
[attempt 5] AVAILABLE
[attempt 6] AVAILABLE
[attempt 7] AVAILABLE
[attempt 8] AVAILABLE
[attempt 9] AVAILABLE
[attempt 10] AVAILABLE
!!!!! AVAILABLE !!!!!

!!!!! curl_test_https_tls12: working strategy found for ipv4 rutracker.org : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=1 !!!!!

clearing nfqws redirection

* SUMMARY
ipv4 rutracker.org curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=1

Please note this SUMMARY does not guarantee a magic pill for you to copy/paste and be happy.
Understanding how strategies work is very desirable.
This knowledge allows to understand better which strategies to prefer and which to avoid if possible, how to combine strategies.
Blockcheck does it's best to prioritize good strategies but it's not bullet-proof.
It was designed not as magic pill maker but as a DPI bypass test tool.
awk: /tmp/test/blockcheck_output.txt: No such file or directory

Clearing nftables
net.netfilter.nf_conntrack_tcp_be_liberal = 0
Command failed: Not found
Starting daemon 3: /opt/zapret/nfq/nfqws --user=daemon --dpi-desync-fwmark=0x40000000 --qnum=200
--filter-tcp=80 --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-fooling=md5sig --dpi-desync-split-pos=method+2 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt --hostlist-auto=/opt/zapret/ipset/zapret-hosts-auto.txt --hostlist-auto-fail-threshold=3 --hostlist-auto-fail-time=60 --hostlist-auto-retrans-threshold=3 --new
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=2 --dpi-desync-ttl=1 --dpi-desync-fooling=md5sig --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt --hostlist-auto=/opt/zapret/ipset/zapret-hosts-auto.txt --hostlist-auto-fail-threshold=3 --hostlist-auto-fail-time=60 --hostlist-auto-retrans-threshold=3 --new
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt --hostlist=/opt/zapret/ipset/zapret-hosts-auto.txt --new
--filter-tcp=443  --dpi-desync-fooling=md5sig --hostlist=/opt/zapret/lists/yt.txt
Starting daemon 1000: /opt/zapret/nfq/nfqws --user=daemon --dpi-desync-fwmark=0x40000000 --qnum=65400 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol
Applying nftables
Creating ip list table (firewall type nftables)
setting high oom kill priority
reloading nftables set backend (no-update)
Adding to nfset zapret : /opt/zapret/ipset/zapret-ip.txt /opt/zapret/ipset/zapret-ip-user.txt
Adding to nfset ipban : /opt/zapret/ipset/zapret-ip-ipban.txt /opt/zapret/ipset/zapret-ip-user-ipban.txt
Adding to nfset nozapret : /opt/zapret/ipset/zapret-ip-exclude.txt
Inserting nftables ipv4 rule for nfqws postrouting (qnum 200) : tcp dport {80,443} ct original packets 1-9
Inserting nftables ipv4 rule for nfqws prerouting (qnum 200) : tcp sport {80,443} ct reply packets 1-3
Inserting nftables ipv4 rule for nfqws postrouting (qnum 200) : udp dport {443} ct original packets 1-9
Inserting nftables ipv4 rule for nfqws postrouting (qnum 65400) : udp dport {50000-50099} ct original packets 1-3 ip daddr @discord
net.netfilter.nf_conntrack_tcp_be_liberal = 1
10

что это?

11

Ну скрипт который предоставил автор темы, который автоматически прописывает в конфиг вывод с блокчека. Сейчас попробовал вручную прогнать блокчек по адресам rr1--РазныеСимволы.googlevideo.com, они у меня все Available даже без zapret, но видео не стартуют без дурения DPI. (У меня есть готовая стратегия которая работает, но работает она достаточно плохо, например при проматывании видео встаёт намертво, так же проблемы на ТВ в приложении)