From d44922fa5c1d8f2ca32424c5866cd48d584d5a0f Mon Sep 17 00:00:00 2001
From: egor-white <channela082@gmail.com>
Date: Sat, 14 Jun 2025 13:42:11 +0300
Subject: [PATCH] refactoring

---
 src/system/zaprett/bin/zaprett                | 103 ++++++++++++++++++
 .../etc/bin/quic_initial_www_google_com.bin   | Bin 0 -> 1200 bytes
 .../bin/tls_clienthello_www_google_com.bin    | Bin 0 -> 652 bytes
 src/system/zaprett/etc/hosts                  |  35 ++++++
 4 files changed, 138 insertions(+)
 create mode 100644 src/system/zaprett/bin/zaprett
 create mode 100644 src/system/zaprett/etc/bin/quic_initial_www_google_com.bin
 create mode 100644 src/system/zaprett/etc/bin/tls_clienthello_www_google_com.bin
 create mode 100644 src/system/zaprett/etc/hosts

diff --git a/src/system/zaprett/bin/zaprett b/src/system/zaprett/bin/zaprett
new file mode 100644
index 0000000..adb36f2
--- /dev/null
+++ b/src/system/zaprett/bin/zaprett
@@ -0,0 +1,103 @@
+#!/system/bin/sh
+source /sdcard/zaprett/config
+
+clear_iptables_rules() {
+    iptables -t mangle -D POSTROUTING -j NFQUEUE --queue-num 200 --queue-bypass 2>/dev/null
+    iptables -t mangle -D PREROUTING -j NFQUEUE --queue-num 200 --queue-bypass 2>/dev/null
+    iptables -t filter -D FORWARD -j NFQUEUE --queue-num 200 --queue-bypass 2>/dev/null
+}
+
+
+if [ "$1" == "start" ]; then
+    rm -f /data/adb/modules/zaprett/tmp/*
+    echo "Starting zaprett..."; 
+hostlist=""
+for itm in $(echo "$activelists" | tr ',' ' ' | sort -u); do
+    if [ -f "$itm" ]; then
+        dst="/data/adb/modules/zaprett/tmp/$(basename "$itm")"
+        cp "$itm" "$dst"
+        case "$hostlist" in
+            *"--hostlist=$dst"*) ;;
+            *) hostlist="$hostlist --hostlist=$dst" ;;
+        esac
+    fi
+done
+
+config=""
+if [[ -n "$strategy" && -f "$strategy" ]]; then
+    config="$(eval "echo \"$(<"$strategy")\"")"
+fi
+
+if [[ -z "$config" ]]; then
+    config="--filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig,badsum $hostlist --new"
+    config="$config --filter-tcp=443 $hostlist --dpi-desync=fake,split2 --dpi-desync-repeats=6 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-tls=${zaprettdir}/bin/tls_clienthello_www_google_com.bin --new"
+    config="$config --filter-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-repeats=6 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig,badsum $hostlist --new"
+    config="$config --filter-udp=50000-50100 --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-fake-quic=0xC30000000108 --new"
+    config="$config --filter-udp=443 $hostlist --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic=${zaprettdir}/bin/quic_initial_www_google_com.bin --new"
+    config="$config --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 $hostlist"
+    
+fi
+	sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 > /dev/null
+	
+    iptables -t mangle -I POSTROUTING -j NFQUEUE --queue-num 200 --queue-bypass
+    iptables -t mangle -I PREROUTING -j NFQUEUE --queue-num 200 --queue-bypass
+    iptables -t filter -A FORWARD -j NFQUEUE --queue-num 200 --queue-bypass
+
+    nfqws --uid=0:0 --qnum=200 $config > /dev/null & 
+    echo "zaprett service started!"; return 0;
+    fi
+
+if [ "$1" == "stop" ]; then
+clear_iptables_rules
+kill $(pidof nfqws);
+rm -f /data/adb/modules/zaprett/tmp/*
+echo "zaprett service stopped!"; return 0; fi;
+
+if [ "$1" == "status" ]; then
+	pidof "nfqws" > /dev/null && echo "zaprett is working" || echo "zaprett is stopped"
+fi
+
+if [ "$1" == "restart" ]; then
+    echo "Stopping zaprett..."
+    clear_iptables_rules
+    kill "$(pidof nfqws)" 2>/dev/null
+    rm -f /data/adb/modules/zaprett/tmp/*
+    echo "Starting zaprett..."
+hostlist=""
+for itm in $(echo "$activelists" | tr ',' ' ' | sort -u); do
+    if [ -f "$itm" ]; then
+        dst="/data/adb/modules/zaprett/tmp/$(basename "$itm")"
+        cp "$itm" "$dst"
+        case "$hostlist" in
+            *"--hostlist=$dst"*) ;;
+            *) hostlist="$hostlist --hostlist=$dst" ;;
+        esac
+    fi
+done
+
+config=""
+if [[ -n "$strategy" && -f "$strategy" ]]; then
+    config="$(eval "echo \"$(<"$strategy")\"")"
+fi
+
+if [[ -z "$config" ]]; then
+    config="--filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig,badsum $hostlist --new"
+    config="$config --filter-tcp=443 $hostlist --dpi-desync=fake,split2 --dpi-desync-repeats=6 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-tls=${zaprettdir}/bin/tls_clienthello_www_google_com.bin --new"
+    config="$config --filter-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-repeats=6 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig,badsum $hostlist --new"
+    config="$config --filter-udp=50000-50100 --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-fake-quic=0xC30000000108 --new"
+    config="$config --filter-udp=443 $hostlist --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic=${zaprettdir}/bin/quic_initial_www_google_com.bin --new"
+    config="$config --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 $hostlist"
+
+fi
+    sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 > /dev/null
+
+    iptables -t mangle -I POSTROUTING -j NFQUEUE --queue-num 200 --queue-bypass
+    iptables -t mangle -I PREROUTING -j NFQUEUE --queue-num 200 --queue-bypass
+    iptables -t filter -A FORWARD -j NFQUEUE --queue-num 200 --queue-bypass
+
+    nfqws --uid=0:0 --qnum=200 $config > /dev/null &
+    echo "zaprett service restarted!"
+fi
+if [[ -z $1 ]]; then
+	echo "zaprett installed. Telegram: t.me/zaprett_module"
+fi
\ No newline at end of file
diff --git a/src/system/zaprett/etc/bin/quic_initial_www_google_com.bin b/src/system/zaprett/etc/bin/quic_initial_www_google_com.bin
new file mode 100644
index 0000000000000000000000000000000000000000..80a07cc8870c88be6d8ac7f9bf9dc9bb1979468b
GIT binary patch
literal 1200
zcmV;h1W)_J000012zck1M!WNQga80Up0eT_O^eJg$v*FaNtH@lrZ!8F85?~L=|4FC
zk&^uu@3*1@<wM7EG2{I9j{v(b!%GHQqD9{s>yE;Nr+phxdvmjKlDvv)J(yS~3><6w
zEp#coJfYUm9C<e>GLZ~DKk^PzBnc1%f|fM8tBsxh*3hc<o`!HR9NwxvP%I}VK>ADV
z^CU8<{XVqh;7whf0$D!%XlMGTw798<*&-QJ!J_F4aM6Bx6zTZRd8tC1&6A?yHRR@V
z*(Y6i13lm}>32F&=^G*!oie_jmxN)fv~C)yRenn~>%$c!gCi?1$YU~52E7>9OR|Sm
z*0or11T~hM0jX)6M$%)CyQ}2u+gTPF+39I^(olCjZ|S`FNZIz}o)#b)O`EEWD&X)8
zD*dxPl59gAxb#Z3@fjs3yr%)0G$8EX4eO0kwYPK?fVME93!RHm-IjwaEHlyOY$UAS
z{-}PnuMtXZ1oyFzaHYi8wq0%YZT;bX@31QPpE;duWeOLIey~ZX({>Ct)#s~<tN&FY
zVbR;v*JJzELq!M7`S~i5y;SXt;|R>nnhkyg*!711_$gJmQ;g6N?g|dE*sv|JA3izy
z`WHxH{1S6cV)gmesLpz!3FW>#E;01f9ec}Cg*NAeT5z}|OVuqL`24o6^a-?V+mF*w
z3qPYBq?4tc`GvPoX}H_!HLWNemb3d@-DH`AHC0J+!`aiI!Emr{8hgF5EJH9)0B<vL
z4K<pb^H+Aj_U#Spqh8X9`D1+)Bfnf;z+uAbqP}Jp+ZsnTKdA7s`(_!Un<R)67qToh
zk~t)wKJE9l_va#B4~||ur$M&`7i--q>V{>t4FO7*Rn83&5KIgU<<>6KLttmv1oYA4
z=|Qj2Xr}J3MOQM@D{!=(O6=H0PX(AxaHfuc;q&mm6Vt28(`Z@~;(wo0Y%3HWd~aSl
z#&4OA#_}K!cZ%ml1$@I>#6AZw$cQNc^h7W*BMq7~M7ltAZU;k10h-}sc%+cuBv6GG
zu)B$*t&^YX_t`}*mbbnz$4fW~M3li?vQy=t9K+{XI^~X8D9^1+9dPY=(HU+J<quoq
z1A1-S`q-I_X3xKm^X(|ji?~<`QN(Y7z{QzAO0S;-P&U>S5O)2G_una37W{$E@A=Y6
zz6l_Y^XKXZ?u$rOQPL8qadZWlusq6)AxNH-W5i<jYXU(YdcIJ+L<fJTL9+U>0Hb>l
zMxnwI0H0_{axGEA-0IMAcn{0>x(qs#vJ}YC{N&g*WJ!#t0}~F^x&%%+5<WOEEIODA
zweA7SVk{dYDeOpWi;h_}h!gnfUIGN2kgWtExfX!|H_*@(AVg?x$odp(h$y_}rBMiP
zZ+a9HyFIzdUwkbxIrq$6a8DUZTOvtw^elv;1$OUZIIQN!PgD64ZZryTw#`UPYf%l)
z(TH{WX6T{E4W(pwicxa1xZL#<Go$jzU7SAxkVdeS|F_dzN(0fMYwD@(Cxdh^il|Y_
z3|wTAbE-HU*$kB;jK95~v|A4C_DpHSX`(`qPnAGQ{o@J^1H`e40dHHkO16;(N~7(G
O%#{TTA|pnv3~*MBN=eB8

literal 0
HcmV?d00001

diff --git a/src/system/zaprett/etc/bin/tls_clienthello_www_google_com.bin b/src/system/zaprett/etc/bin/tls_clienthello_www_google_com.bin
new file mode 100644
index 0000000000000000000000000000000000000000..c740462fc090942b1afd571681339ec26af65fd1
GIT binary patch
literal 652
zcmV;70(1Qq0|5eu0RRGn0|Q?bW6K8W9Nj>6^^8PNZUOV7gRH{hGiiqGsb?WDy(b{K
z&N2J~><Hy0n~)q}upS>0wK(Lah`S`JmOrM)_q5vpA`<}<0}}$kE5I+zsm!RrEWj|p
z3cv}#6TlPzoB*8wF90<G00I~Q000vJ5dZ)VcXxL#XK!z3Y-KKEZ*2e<0093100961
z3IGlO3;-Pf7XTOl836zR0RRgC0s#O35C9GU3<78}2xxS4a4#_~F#rVs1pxp60000Y
z015yI1Oo*F1_J^E05bq<0BHan03dq7MvZv8T$$zL)qn^d2MpMWYvwuaJ5HosUNVD8
zjD7$Y06_%sLqUh;Y&;}b&z4|m2c5)To*Reoafw2`%mN0Qs}KnTYrK)gsE)q2fv4)U
zrR^rnv{Vp>_;aCRtcpHtubr&`D*y!q0|WyD01W^b02TxT1p@{H2m}ZP2nGZJ1px*D
z0s{g802}}UKmq;@0T}=Q0RRDi03eHZZztxRuIju?4>)}17B{htF$ibYqheaY#Qj1U
zT1f!!CNfXelbZ62w|apnnq4pmn0BubVPo1+DB<GzP7!|haB#5C_0h&!k$vTAhXiFJ
zrqQIEaCsAs*AgEaj9^JyB64@I6>Pj~PrZ^PfUGj&3^MKk2g(VBxSPw~(8lO#%$$^b
zza@}hE8(I6_}NsOlGm<DQZ~W%3RPQ3tXG|}<F~bz`kS;l!M1|q<c-z?_5>$)x+EZH
zH8^$WGMUf(xX!H-(qW-}cajp|m_^3w2pT5+knS7m{a(CM9&laCU_?^X!w!Gv5wzwI
m^PjJHE7{XZU8nG0K_nbN^BS-KSy&t6d(KT=p9Zv`p3SHaW%m^T

literal 0
HcmV?d00001

diff --git a/src/system/zaprett/etc/hosts b/src/system/zaprett/etc/hosts
new file mode 100644
index 0000000..5f6b7ce
--- /dev/null
+++ b/src/system/zaprett/etc/hosts
@@ -0,0 +1,35 @@
+127.0.0.1       localhost
+::1             ip6-localhost
+89.108.98.20 chatgpt.com
+134.0.118.88 ab.chatgpt.com
+89.108.98.20 auth.openai.com
+89.108.98.20 auth0.openai.com
+89.108.98.20 platform.openai.com
+89.108.98.20 cdn.oaistatic.com
+89.108.98.20 files.oaiusercontent.com
+89.108.98.20 cdn.auth0.com
+89.108.98.20 tcr9i.chat.openai.com
+89.108.98.20 webrtc.chatgpt.com
+89.108.98.20 android.chat.openai.com
+89.108.98.20 gemini.google.com
+89.108.98.20 aistudio.google.com
+89.108.98.20 ai.google
+89.108.98.20 assistant-s3-pa.googleapis.com
+89.108.98.20 generativelanguage.googleapis.com
+89.108.98.20 alkalimakersuite-pa.clients6.google.com
+64.233.162.188 mtalk.google.com
+89.108.98.20 copilot.microsoft.com
+89.108.98.20 sydney.bing.com
+89.108.98.20 edgeservices.bing.com
+89.108.98.20 claude.ai
+89.108.98.20 aitestkitchen.withgoogle.com
+89.108.98.20 aisandbox-pa.googleapis.com
+89.108.98.20 o.pki.goog
+89.108.98.20 labs.google
+89.108.98.20 notebooklm.google
+89.108.98.20 notebooklm.google.com
+89.108.98.20 www.notion.so
+89.108.98.20 www.googleapis.com
+89.108.98.20 proactivebackend-pa.googleapis.com
+89.108.98.20 grok.com
+89.108.98.20 assets.grok.com
\ No newline at end of file