What it detects
The fingerprint used to censor packet.
Inputs
- A sample packet that is known to be blocked
- A backend to which the packet is sent
Experiment
- A TCP Connection is opened with the backend and the packet is mutated byte by byte
- When the packet is no longer being blocked it means that censorship is no longer happening with the particular packet and the last shifted byte contains the fingerprint of the censor.
- An oracle is needed to tell you if the packet is blocked or not. The oracle in the Ethiopia case was whether you got an RST back from sending the payload to a closed port of an Ethiopian machine. If the packet was to be blocked, the firewall would devour the packet and it would never reach the Ethiopian machine -- hence no RST. See https://trac.torproject.org/projects/tor/wiki/doc/OONI/censorshipwiki/CensorshipByCountry/Ethiopia.
Output
- On which bytes the censor didn't block the packet -- which packet bytes are included in the DPI fingerprint.
This needs to be ported to OONI. There is a sample implementation in go here: http://gitorious.org/d0wser/d0wser/blobs/master/d0wser.go