remove the hackish logic against replay attacks because it stopped to…

… work with new android clients

see #183

mtprotoproxy.py

@@ -89,7 +89,6 @@
 fake_cert_len = random.randrange(1024, 4096)
 mask_host_cached_ip = None
 last_clients_with_time_skew = {}
-last_clients_with_first_pkt_error = collections.Counter()
 last_clients_with_same_handshake = collections.Counter()
 proxy_start_time = 0
 proxy_links = []
@@ -217,10 +216,6 @@ def init_config():
     # length of last client ip addresses for logging
     conf_dict.setdefault("CLIENT_IPS_LEN", 131072)
 
-    # block bad first packets to even more protect against replay-based fingerprinting
-    block_on_first_pkt = conf_dict["MODES"]["classic"] or conf_dict["MODES"]["secure"]
-    conf_dict.setdefault("BLOCK_IF_FIRST_PKT_BAD", block_on_first_pkt)
-
     # delay in seconds between stats printing
     conf_dict.setdefault("STATS_PRINT_PERIOD", 600)
 
@@ -1607,9 +1602,7 @@ def decrypt(self, data):
         else:
             return
 
-    async def connect_reader_to_writer(rd, wr, user, rd_buf_size, block_if_first_pkt_bad=False):
-        global last_clients_with_first_pkt_error
-        is_first_pkt = True
+    async def connect_reader_to_writer(rd, wr, user, rd_buf_size):
         try:
             while True:
                 data = await rd.read(rd_buf_size)
@@ -1618,18 +1611,6 @@ async def connect_reader_to_writer(rd, wr, user, rd_buf_size, block_if_first_pkt
                 else:
                     extra = {}
 
-                # protection against replay-based fingerprinting
-                if is_first_pkt:
-                    is_first_pkt = False
-
-                    ERR_PKT_DATA = b'l\xfe\xff\xff'
-                    if block_if_first_pkt_bad and data == ERR_PKT_DATA:
-                        last_clients_with_first_pkt_error[cl_ip] += 1
-
-                        wr.write_eof()
-                        await wr.drain()
-                        return
-
                 if not data:
                     wr.write_eof()
                     await wr.drain()
@@ -1642,8 +1623,7 @@ async def connect_reader_to_writer(rd, wr, user, rd_buf_size, block_if_first_pkt
             # print_err(e)
             pass
 
-    tg_to_clt = connect_reader_to_writer(reader_tg, writer_clt, user, get_to_clt_bufsize(),
-                                         block_if_first_pkt_bad=config.BLOCK_IF_FIRST_PKT_BAD)
+    tg_to_clt = connect_reader_to_writer(reader_tg, writer_clt, user, get_to_clt_bufsize())
     clt_to_tg = connect_reader_to_writer(reader_clt, writer_tg, user, get_to_tg_bufsize())
     task_tg_to_clt = asyncio.ensure_future(tg_to_clt)
     task_clt_to_tg = asyncio.ensure_future(clt_to_tg)
@@ -1733,7 +1713,6 @@ async def handle_metrics(reader, writer):
     global proxy_start_time
     global proxy_links
     global last_clients_with_time_skew
-    global last_clients_with_first_pkt_error
     global last_clients_with_same_handshake
 
     client_ip = writer.get_extra_info("peername")[0]
@@ -1793,7 +1772,6 @@ async def stats_printer():
     global user_stats
     global last_client_ips
     global last_clients_with_time_skew
-    global last_clients_with_first_pkt_error
     global last_clients_with_same_handshake
 
     while True:
@@ -1819,12 +1797,6 @@ async def stats_printer():
                 print("%s, clocks were %d minutes behind" % (ip, skew_minutes))
             print(flush=True)
             last_clients_with_time_skew.clear()
-        if last_clients_with_first_pkt_error:
-            print("Clients with error on the first packet (possible replay-attackers):")
-            for ip, times in last_clients_with_first_pkt_error.items():
-                print("%s, %d times" % (ip, times))
-            print(flush=True)
-            last_clients_with_first_pkt_error.clear()
         if last_clients_with_same_handshake:
             print("Clients with duplicate handshake (likely replay-attackers):")
             for ip, times in last_clients_with_same_handshake.items():