一半君的总结纸

听话只听一半君

shadowsocks反向用法 如何翻回国内 这也算是奇(chi)葩(bao)要(le)求(cheng)了(de) 以及自行编译tomato shibby 并把shadowsocks服务端直接放在路由器上(不买vps)

lz是斯德哥尔摩重症晚期,就不多说了,gfw应该给我发奖状吧,使用上文折腾编译出来的netcore q3可用的ss-libev,现在我们来用他翻回国内… orz

这个世界是残酷的 …

xiami_before

本文是在乱搞,国内vps没免费的,万网免费2年的那个还要备案买域名,国外的也是好用的基本都要钱(且慢,我是要翻回国内,用国外的当然不行),那放国内的路由器上大概可以吧?

  1. 首先连回国内的路由器看看
    为了方便起见,把 ~/.ssh/id_rsa.pub里的key加到tomato的Adimistration里的Authorized Keys里,这样可以不用输密码,打开jffs后看看还省多少空间

    $ ssh root@router-in-China -p your-port
    root@unknown:/tmp/home/root# df -h
    Filesystem                Size      Used Available Use% Mounted on
    /dev/root                 5.4M      5.4M         0 100% /
    tmpfs                    30.0M    520.0K     29.5M   2% /tmp
    devfs                    30.0M         0     30.0M   0% /dev
    /dev/mtdblock3            1.4M    196.0K      1.2M  13% /jffs
    
    # 似乎空间所剩无几阿,先把server拷上去,还好就100k
    $ scp -P your-port ~/tomato/ss-install/bin/ss-server root@router-in-China:/home/root
    

    前台启动下看看能不能正常启动

    ss-server -s router-in-China -p your-port -k your-password -m aes-256-cfb
    

    *lz编译的ss似乎找不到MD5 symbol,所以默认的TABLE和RC4-MD5 cipher用不了,还没有进一步研究为何会如此
    后来又试了一下,似乎没问题了,不知道为什么

    root@unknown:/tmp/home/root# ss-server -s xxx.com -p 8388 -k xxx
     2015-09-10 11:36:15 INFO: initialize ciphers... table
    ss-server: can't resolve symbol 'MD5' in lib 'ss-server'.
    

    测试后发现static版本无此问题,可能是因为dynamic版本编译时候用到的某些library文件和路由器上自带的不同,不管了,反正我也不会用这个默认的table

    如果都试好了没问题,可以把配置写在配置文件里:

    mkdir -p /etc/shadowsocks
    vi /etc/shadowsocks/config.json
    

    配置文件内容

    {
        "server":"my_server_ip",
        "server_port":8388,
        "local_address": "127.0.0.1",
        "local_port":1080,
        "password":"mypassword",
        "timeout":300,
        "method":"aes-256-cfb",
        "fast_open": false,
        "workers": 1
    }
    

    插一句,往vi里贴东西的时候,先按i进入insert模式,不然如果你贴的内容里有i或o等字样的时候可能会莫名其妙的少几行
    然后启动试试

    root@unknown:/tmp/home/root# ss-server -c /etc/shadowsocks/config.json -f /tmp/ss.pid
     2015-09-10 05:24:56 INFO: initialize ciphers... aes-256-cfb
     2015-09-10 05:24:56 INFO: listening at router-in-China:8388
    

    很好,说明编译出来的ss可用

    简单起见,先拿客户端试试,比如拿shadowsocks-qt5这个gui客户端试试,没看到哪里有prebuilt binary,所以自己编译个试试看
    还得下个巨大无比的qt5.5,我了个去…(真是找麻烦,其实windows的有编译好的,拿windows试不就行了,不过lz是伪处女座,前面说过了)

    # repo上能装的先装了
    sudo yum install -y qt5-qtbase qt5-qtbase-devel qrencode qrencode-devel botan botan-devel libappindicator libappindicator-devel
    
    export PATH=~/Qt5.5.0/5.5/gcc_64/bin:$PATH
    
    # 装libQtShadowsocks
    git clone https://github.com/librehat/libQtShadowsocks.git
    cd libQtShadowsocks
    git checkout tags/v1.6.1
    qmake
    make
    sudo make install
    
    # 装zbar 
    git clone https://github.com/ZBar/ZBar.git
    cd ZBar
    sudo yum install -y pygtk2 pygtk2-devel ImageMagick ImageMagick-devel
    
    # 把-Werror去掉
    patch configure.ac < configure.ac.patch
    autoreconf -vif
    ./configure
    make
    sudo make install
    
    git clone https://github.com/librehat/shadowsocks-qt5.git
    cd shadowsocks-qt5
    git checkout tags/v2.4.2
    qmake INSTALL_PREFIX=/home/oglop/tomato/shadowsocks-qt5-install
    make && make install
    

    插播 zbar clone下来的代码compile不过去,似乎是因为-Werror,lz把他去了,这里是patch文件, 插播下Patch的用法

    # 创建
    diff -u configure.ac configure.new.ac > configure.ac.patch
    
    # 用
    patch configure.ac < configure.ac.patch
    
    # 如果文件搞乱了,想恢复默认
    git reset --hard HEAD && git clean -fxd
    

    zbar安装的时候有个文件找不到,改makefile直接跳过…

    make[4]: Leaving directory `/home/oglop/tomato/ZBar'
     /usr/bin/mkdir -p '/usr/local/share/man/man1'
     /usr/bin/install -c -m 644 ./doc/man/zbarcam.1 '/usr/local/share/man/man1'
    /usr/bin/install: cannot stat ‘./doc/man/zbarcam.1’: No such file or directory
    make[3]: *** [install-man1] Error 1
    make[3]: Leaving directory `/home/oglop/tomato/ZBar'
    make[2]: *** [install-am] Error 2
    make[2]: Leaving directory `/home/oglop/tomato/ZBar'
    make[1]: *** [install-recursive] Error 1
    make[1]: Leaving directory `/home/oglop/tomato/ZBar'
    make: *** [install] Error 2
    

    去到makefile里,把下面这两行去了,反正是帮助,不要紧吧

    am__append_64 = doc/man/zbarimg.1
    am__append_65 = doc/man/zbarcam.1
    

    跑题了这么远,我们来试试这个shadowsocks-qt5
    shadowsocks-qt5
    可是虽然能连不,但是总是显示timed out
    路由器上的iptables如下

    root@unknown:/tmp/home/root# iptables -L -n
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1194 
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    shlimit    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 state NEW 
    shlimit    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2223 state NEW 
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8081 
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1723 
    ACCEPT     47   --  0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
               all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.1.0/255.255.255.0 name: lan 
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
    TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU 
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    wanin      all  --  0.0.0.0/0            0.0.0.0/0           
    wanout     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain shlimit (2 references)
    target     prot opt source               destination         
               all  --  0.0.0.0/0            0.0.0.0/0           recent: SET name: shlimit side: source 
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source 
    
    Chain wanin (1 references)
    target     prot opt source               destination         
    
    Chain wanout (1 references)
    target     prot opt source               destination    
    

    我来加上一条

    iptables -A INPUT -p tcp --dport 8388 -j ACCEPT
    

    之后shadowsocks-qt5就能连上了,之前总是timeout,下面我们要把这行命令加到tomato的webui界面里,因为刚才临时敲命令加的重启路由器之后就没了,tomato的rules都是启动时候动态生成的,所以把他贴到Administration -> Scripts -> Firewall里即可

    下面在firefox里安装个FoxyProxy测试一下,添加localhost:1080的socks5 proxy,然后去虾米网站
    xiami_after

    内牛满面阿,世界终于和谐了

  2. 上面的手动操作已经确认了本文开头的想法可行,下面是进一步自动化操作
    由于上文中的国内的ss-server就相当于普通人使用ss的时候装在国外vps上的server端,所以这里我们要在国外的本地路由器上装客户端,以达到 自动”逆”翻墙路由器 的最终目的

    在设置客户端之前,我们来看看有没有更“高级“的运行方式。有人用nohup,装在台机上的人也有用supervisor的(python编的),本意都是为了以防万一server(作为daemon运行的时候)挂了能自动重启,这里我们用另外一个perp来试试,但由于不幸的是q3没有usb接口,空间太小没法上entware,所以暂时放弃了。

    1. 首先我们使用之前准备好的工具链来编译perp,lz这里使用了perp官网的2.07版本

      tar xvf perp-2.07.tar.gz
      cd perp-2.07
      
    2. 根据官网页面的install说明,首先要修改conf.mk,lz把修改过的版本放在了这里

      其实也就改了下说让用工具链里的gcc和strip,以及先暂时安装到我的临时目录

      export PATH=/home/oglop/x-tools/mipsel-unknown-linux-uclibc/bin:$PATH
      make
      
      1. 这里需要注意的是,由于make过程中会运行编译出来的可执行文件,来生成几个.h文件,由于我这是交叉编译,当然是运行不了的,这里采取脑残手动法,make到哪一步看无法进行了,就把可执行文件传到路由器上运行,生成了需要的header文件之后再拷回来,继续make orz.. 例如

      2. 首先你会看到
        mipsel-unknown-linux-uclibc-gcc -Wall -Wextra -Wshadow -DNDEBUG -O2 -I. -o outvec/mk_outvec outvec/mk_outvec.c
        ./outvec/mk_outvec > outvec/outvec_STDOUT.h
        /bin/sh: ./outvec/mk_outvec: cannot execute binary file
        make[1]: *** [outvec/outvec_STDOUT.h] Error 126
        make[1]: Leaving directory `/home/oglop/Downloads/perp-2.07/lasagna'
        make: *** [_done.lasagna] Error 2
        

        此时我们手动把outvec/mk_outvec拷到路由器上运行,得到生成的outvec_STDOUT.h的内容,再贴回来

        scp lasagna/outvec/mk_outvec root@router-address:/tmp
        
        # 然后去路由器上运行他
        ssh root@router-address
        /tmp/mk_outvec
        

        然后我们手动把生成的header文件的内容贴进outvec_STDOUT.h,继续运行make

      3. 第二个会看到的缺少header如下

        mipsel-unknown-linux-uclibc-gcc -Wall -Wextra -Wshadow -DNDEBUG -O2 -I. -o rlimit/mk_rlimit rlimit/mk_rlimit.c
        ./rlimit/mk_rlimit > rlimit/rlimit_defs.c.in
        /bin/sh: ./rlimit/mk_rlimit: cannot execute binary file
        make[1]: *** [rlimit/rlimit_defs.c.in] Error 126
        make[1]: Leaving directory `/home/oglop/Downloads/perp-2.07/lasagna'
        make: *** [_done.lasagna] Error 2
        

        同理如上所示

        scp lasagna/rlimit/mk_rlimit root@router-address:/tmp
        
        # 然后去路由器上运行他
        ssh root@router-address
        /tmp/mk_rlimit
        

        一样贴回rlimit_defs.c.in里,继续make

      4. 第三个少的文件如下

        mipsel-unknown-linux-uclibc-gcc -Wall -Wextra -Wshadow -DNDEBUG -O2 -I. -o sysstr/mksysstr sysstr/mksysstr.c
        ./sysstr/mksysstr errno > sysstr/sysstr_errno.c.in
        /bin/sh: ./sysstr/mksysstr: cannot execute binary file
        make[1]: *** [sysstr/sysstr_errno.c.in] Error 126
        make[1]: Leaving directory `/home/oglop/Downloads/perp-2.07/lasagna'
        make: *** [_done.lasagna] Error 2
        

        同理

        scp lasagna/sysstr/mksysstr root@router-address:/tmp
        
        # 然后去路由器上运行他
        ssh root@router-address
        /tmp/mksysstr errno
        

        贴回sysstr/sysstr_errno.c.in里

      5. 第4个少的文件是

        mipsel-unknown-linux-uclibc-gcc -Wall -Wextra -Wshadow -DNDEBUG -O2 -I. -c sysstr/sysstr_errno.c
        ./sysstr/mksysstr signo > sysstr/sysstr_signo.c.in
        /bin/sh: ./sysstr/mksysstr: cannot execute binary file
        make[1]: *** [sysstr/sysstr_signo.c.in] Error 126
        make[1]: Leaving directory `/home/oglop/Downloads/perp-2.07/lasagna'
        make: *** [_done.lasagna] Error 2
        

        同理

        ssh root@router-address
        /tmp/mksysstr signo
        

        贴回sysstr/sysstr_signo.c.in里

      6. 然后make就会华丽的完成了,你可以下载lz编译好的perp,当然也可以自己来一遍,既然lz已经掉进坑里,为了防止更多人跳坑,lz做了patch,放在这里了

        diff -Naur ~/Downloads/perp-2.07-original ~/Downloads/perp-2.07-new > ~/Downloads/perp-2.07/perp.patch
        

        用的时候你可以

        cd perp-2.07
        patch -p6 < perp.patch
        
    3. # 装到我们再config.mk设好的/home/oglop/tomato/perp-2.07-install下面去
      make install
      

      为了节省空间,我们把他strip一下再upx一下,刚编译出来的大小

      [oglop@localhost perp-2.07]$ ll /home/oglop/tomato/perp-2.07-install/usr/sbin/
      total 760
      -rwxr-xr-x. 1 oglop oglop 29328 Sep 11 22:26 perpboot
      -rwxr-xr-x. 1 oglop oglop 27932 Sep 11 22:26 perpctl
      -rwxr-xr-x. 1 oglop oglop 73117 Sep 11 22:26 perpd
      -rwxr-xr-x. 1 oglop oglop 22802 Sep 11 22:26 perphup
      -rwxr-xr-x. 1 oglop oglop 34241 Sep 11 22:26 perpls
      -rwxr-xr-x. 1 oglop oglop 27963 Sep 11 22:26 perpok
      -rwxr-xr-x. 1 oglop oglop  5261 Sep 11 22:26 perp-setup
      -rwxr-xr-x. 1 oglop oglop 42770 Sep 11 22:26 perpstat
      -rwxr-xr-x. 1 oglop oglop 28745 Sep 11 22:26 runargs
      -rwxr-xr-x. 1 oglop oglop 23193 Sep 11 22:26 runargv0
      -rwxr-xr-x. 1 oglop oglop 28057 Sep 11 22:26 runchoom
      -rwxr-xr-x. 1 oglop oglop 23254 Sep 11 22:26 rundetach
      -rwxr-xr-x. 1 oglop oglop 28794 Sep 11 22:26 rundeux
      -rwxr-xr-x. 1 oglop oglop 33540 Sep 11 22:26 runenv
      -rwxr-xr-x. 1 oglop oglop 28836 Sep 11 22:26 runfile
      -rwxr-xr-x. 1 oglop oglop 33550 Sep 11 22:26 runlimit
      -rwxr-xr-x. 1 oglop oglop 24029 Sep 11 22:26 runlock
      -rwxr-xr-x. 1 oglop oglop 23544 Sep 11 22:26 runpause
      -rwxr-xr-x. 1 oglop oglop 23234 Sep 11 22:26 runsession
      -rwxr-xr-x. 1 oglop oglop 47885 Sep 11 22:26 runtool
      -rwxr-xr-x. 1 oglop oglop 29050 Sep 11 22:26 runtrap
      -rwxr-xr-x. 1 oglop oglop 23454 Sep 11 22:26 runuid
      -rwxr-xr-x. 1 oglop oglop 19154 Sep 11 22:26 sissylog
      -rwxr-xr-x. 1 oglop oglop 42375 Sep 11 22:26 tinylog
      -rwxr-xr-x. 1 oglop oglop  1375 Sep 11 22:26 tinylog_run
      

      我们进行如下操作(正是练习一行命令行搞定体现高(da)逼(s)格(b)的好时机),其实就是不想对perp-setup和tinylog_run操作而已,因为他们只是文本的脚本而已

      # 除了那两个script文件,其他的都strip一下
      find /home/oglop/tomato/perp-2.07-install/usr/sbin/ \( -type f ! -name perp-setup ! -name tinylog_run \) -exec mipsel-unknown-linux-uclibc-strip "{}" \;
      
      # 再upx一下
      find /home/oglop/tomato/perp-2.07-install/usr/sbin/ \( -type f ! -name perp-setup ! -name tinylog_run \) -exec upx "{}" \;
      

      下面是整蛊之后的大小,309k 小了一半

      [oglop@localhost perp-2.07]$ ll /home/oglop/tomato/perp-2.07-install2/usr/sbin/
      total 356
      -rwxr-xr-x. 1 oglop oglop 13580 Sep 11 22:45 perpboot
      -rwxr-xr-x. 1 oglop oglop 13388 Sep 11 22:45 perpctl
      -rwxr-xr-x. 1 oglop oglop 26640 Sep 11 22:45 perpd
      -rwxr-xr-x. 1 oglop oglop 10764 Sep 11 22:45 perphup
      -rwxr-xr-x. 1 oglop oglop 15668 Sep 11 22:45 perpls
      -rwxr-xr-x. 1 oglop oglop 12588 Sep 11 22:45 perpok
      -rwxr-xr-x. 1 oglop oglop  5258 Sep 11 11:28 perp-setup
      -rwxr-xr-x. 1 oglop oglop 14920 Sep 11 22:45 perpstat
      -rwxr-xr-x. 1 oglop oglop 12228 Sep 11 22:45 runargs
      -rwxr-xr-x. 1 oglop oglop 10584 Sep 11 22:45 runargv0
      -rwxr-xr-x. 1 oglop oglop 12272 Sep 11 22:45 runchoom
      -rwxr-xr-x. 1 oglop oglop 10716 Sep 11 22:45 rundetach
      -rwxr-xr-x. 1 oglop oglop 12608 Sep 11 22:45 rundeux
      -rwxr-xr-x. 1 oglop oglop 14052 Sep 11 22:45 runenv
      -rwxr-xr-x. 1 oglop oglop 12244 Sep 11 22:45 runfile
      -rwxr-xr-x. 1 oglop oglop 14636 Sep 11 22:45 runlimit
      -rwxr-xr-x. 1 oglop oglop 11820 Sep 11 22:45 runlock
      -rwxr-xr-x. 1 oglop oglop 10980 Sep 11 22:45 runpause
      -rwxr-xr-x. 1 oglop oglop 10628 Sep 11 22:45 runsession
      -rwxr-xr-x. 1 oglop oglop 18900 Sep 11 22:45 runtool
      -rwxr-xr-x. 1 oglop oglop 13420 Sep 11 22:45 runtrap
      -rwxr-xr-x. 1 oglop oglop 11632 Sep 11 22:45 runuid
      -rwxr-xr-x. 1 oglop oglop  8236 Sep 11 22:45 sissylog
      -rwxr-xr-x. 1 oglop oglop 17608 Sep 11 22:45 tinylog
      -rwxr-xr-x. 1 oglop oglop  1375 Sep 11 11:28 tinylog_run
      
    4. 下面一步是把perp安装到路由器上,并让他监视ss-server,但是q3剩余空间太小,所以计划是把编译出来的perp压缩一下,放到jffs里,每次路由器启动的时候解开并安装到/tmp下面(内存里)

      # 压缩一下,拷到jffs里面,有214k
      scp -r usr/sbin/perp-2.07.tar.gz root@192.168.2.22:/jffs
      
      # 下面是手动测试,路由器重启后会被清空的,只有jffs,和nvram能保存数据
      mkdir -p ~/perp
      tar xvzf /jffs/perp-2.07.tar.gz -C ~/perp
      cd ~/perp
      
      # 安装下试试
      ./perp-setup /etc/perp
      
      # 不知为何没有提示,开debug模式试试
      sh -x ./perp-setup /etc/perp
      
      # 这次看到了
      + _mesg uh oh, neither /etc/inittab nor /etc/rc.local were found on your system!
      + echo perp-setup(1103): uh oh, neither /etc/inittab nor /etc/rc.local were found on your system!
      + _mesg this system will require manual startup configuration for perpd(8)/perpboot(8)
      + echo perp-setup(1103): this system will require manual startup configuration for perpd(8)/perpboot(8)
      + exit 1
      

      不过似乎少了点什么

      root@unknown:/tmp/home/root/perp# ./perpd
      ./perpd: can't resolve symbol 'fchdir' in lib './perpd'.
      

      同样的可执行文件放去rt-n66u上运行就没问题,看来q3的v131的tomato上的libc里少了点什么

      验证,看看我自己电脑上的

      $ nm -g  /usr/lib/libc.so.6  | grep fchdir
      000e6310 W fchdir
      

      废话,电脑当然有

      把rt-n66上的libc.so拷来看看

      mipsel-unknown-linux-uclibc-readelf -s libc.so.0 | grep fchdir
         157: 00008a90    84 FUNC    GLOBAL DEFAULT    6 fchdir
      

      有!不过q3上的libc就没有,这要如何破?不死心的lz又拿tomato自带的工具链试了一遍也不行

      试试其他版本的tomato行不行,用<a href="https://code.google.com/p/firmware-mod-kit/&quot; target="_blank"Firmware Modification Kit打开其他版本的trx文件试试

      sudo yum install -y python-magic file-libs
      ./extract-firmware.sh /home/oglop/Downloads/tomato-K26USB-1.28.RT-N5x-MIPSR2-131-AIO/image/tomato-K26USB-1.28.RT-N5x-MIPSR2-131-AIO.trx ~/temp/aio
      
      [oglop@localhost fmk]$ mipsel-unknown-linux-uclibc-readelf -s ~/temp/aio/rootfs/lib/libc.so.0  | grep fchdir
         157: 00008a90    84 FUNC    GLOBAL DEFAULT    6 fchdir
      #果然rt-n66u刷的AIO最大的固件里是有的
      
      ./extract-firmware.sh  /home/oglop/Downloads/tomato-K26USB-1.28.RT-N5x-MIPSR2-131-Big-VPN/image/tomato-K26USB-1.28.RT-N5x-MIPSR2-131-Big-VPN.trx  ~/temp/bigvpn
      mipsel-unknown-linux-uclibc-readelf -s ~/temp/bigvpn/rootfs/lib/libc.so.0  | grep fchdir
         147: 00008100    84 FUNC    GLOBAL DEFAULT    6 fchdir
      # 这个big-vpn版本居然有,不过他7.9mb,q3才8mb,放了就没地方放ss和perp了阿
      # 同理又查了<8mb的mini和mini-vpn版,都没有fchdir...
      

      至此已经走投无路了,只能自己build一个tomato出来,插播见这里

      ps:不知道这算不算多此一举,ss-server后面跟-f加pidfile的时候,就是把他自己daemon化(看到代码里调了daemonize函数,如果不会总是自己莫名其秒就挂了的话,其实用不着perp这种工具的)

      各build版本功能对比
      builds

  3. 为了提高安全性,不要使用root用户来运行ss
    显示现在有哪些用户
    cut -d: -f1 /etc/passwd
    

    因为tomato不带useradd那些命令,而且重启后也不保存你新加的用户,所以你得按官网说明如下操作

    UNAM=ss
    RNAM="ss user"
    UNUM=200
    UGRP=$UNUM
    #UGRP=0
    echo "$UNAM:x:$UNUM:$UGRP:$RNAM:/tmp:/bin/sh" >> /etc/passwd
    echo "$UNAM:x:$UNUM:$UGRP:$RNAM:/home/$UNAM:/bin/sh" >> /etc/passwd.custom
    [[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group
    [[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group.custom
    sed -n -e "s,^root:,$UNAM:,p" < /etc/shadow >> /etc/shadow.custom
    
    chmod 777 /tmp/home
    ssh $UNAM@localhost "mkdir /home/$UNAM;touch /home/$UNAM/.profile && echo success"
    # press return for the password prompt, you should see the word "success" reported
    
    chmod 755 /tmp/home
    
    nvram setfile2nvram /etc/passwd.custom
    nvram setfile2nvram /etc/group.custom
    nvram setfile2nvram /etc/shadow.custom
    nvram setfile2nvram /home/$UNAM/.profile
    nvram commit
    
    # The following can also be accomplished by a reboot, or toggling on and off authenticated file sharing in the UI.
    
    sed -i "/^$UNAM:/d" /etc/passwd
    grep "^${UNAM}:" < /etc/shadow.custom >> /etc/shadow
    grep "^${UNAM}:" < /etc/passwd.custom >> /etc/passwd
    

    因为我用的是entware,似乎没有sudo su等,命令

    root@unknown:/opt/bin# opkg update
    Downloading http://entware.wl500g.info/binaries/mipselsf/Packages.gz.
    Updated list of available packages in /opt/var/opkg-lists/mipselsf.
    
    root@unknown:/opt/bin# opkg install sudo
    

    把/jffs/etc/config/ss.fire用于自动启动的文件内容改成:

    #!/bin/sh
    sudo -u ss  /jffs/ss/ss-server -c /jffs/ss/config.json -f /tmp/ss.pid
    
  4. lz准备使用飞羽博客中的方案3,为此需要dnsmasq,下面来编译磊科q3可用的版本
    git clone git://thekelleys.org.uk/dnsmasq.git
    cd dnsmasq/
    git checkout tags/v2.75
    
    export PATH=/opt/brcm/hndtools-mipsel-linux/bin:/opt/brcm/hndtools-mipsel-uclibc/bin:$PATH
    
    CC=mipsel-linux-uclibc-gcc CXX=mipsel-linux-uclibc-g++ AR=mipsel-linux-uclibc-ar RANLIB=mipsel-linux-uclibc-ranlib make install PREFIX=/home/oglop/tomato/dnsmasq-install
    
    # 编译好以后strip,并upx,尺寸大概43k,拷到路由器jffs上
    mipsel-linux-uclibc-strip ~/tomato/dnsmasq-install/sbin/dnsmasq 
    upx ~/tomato/dnsmasq-install/sbin/dnsmasq
    scp ~/tomato/dnsmasq-install/sbin/dnsmasq  root@your-router-ip:/jffs
    
    

    如果是翻出去,那需要的是gfwlist,可是这里lz需要的是翻回去,lz需要用的也没几个网站,所以不如自己加

    一开始试的是2.9,但是重启路由器以后似乎没启动,没去查什么错,直接试了下面的一些的版本的
    2.73及以上都有这个错误

    inotify.c: In function 'inotify_dnsmasq_init':
    inotify.c:43: warning: implicit declaration of function 'inotify_init1'
    inotify.c:43: error: 'IN_NONBLOCK' undeclared (first use in this function)
    inotify.c:43: error: (Each undeclared identifier is reported only once
    inotify.c:43: error: for each function it appears in.)
    inotify.c:43: error: 'IN_CLOEXEC' undeclared (first use in this function)
    inotify.c:52: warning: null argument where non-null required (argument 2)
    make[1]: *** [inotify.o] Error 1
    make[1]: Leaving directory `/home/oglop/Downloads/dnsmasq/src'
    make: *** [all] Error 2
    

    没搜如何解决,最后用的版本是v2.72,似乎可行,在init script里替换tomato自己的2.73,据说是dnsmasq太新,ipset太旧

    mount --bind /jffs/dnsmasq/dnsmasq  /usr/sbin/dnsmasq
    killall dnsmasq
    #service dnsmasq restart
    
    # 路由器自带版本
    root@unknown:/tmp/home/root# dnsmasq --version
    Dnsmasq version 2.73  Copyright (c) 2000-2015 Simon Kelley
    Compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC loop-detect no-inotify
    
    This software comes with ABSOLUTELY NO WARRANTY.
    Dnsmasq is free software, and you are welcome to redistribute it
    under the terms of the GNU General Public License, version 2 or 3.
    
    # 我替换的版本
    root@unknown:/tmp/home/root# /jffs/dnsmasq/dnsmasq --version
    Dnsmasq version 2.72  Copyright (c) 2000-2014 Simon Kelley
    Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
    
    This software comes with ABSOLUTELY NO WARRANTY.
    Dnsmasq is free software, and you are welcome to redistribute it
    under the terms of the GNU General Public License, version 2 or 3.
    
    # 似乎compile time options有几处不同 no-RTC 和  Tomato-helper DNSSEC no-inotify
    # 既然原版参数里有 no-inotify,而我编译2.75的时候也有inotify有关的错误,那我把他也给加上好了
    
    
    # 所以下面编译dnsmasq
    git clone git://thekelleys.org.uk/dnsmasq.git 
    cd dnsmasq
    git checkout tags/v2.75
    export PATH=/opt/brcm/hndtools-mipsel-linux/bin:/opt/brcm/hndtools-mipsel-uclibc/bin:$PATH
    
    # 像下面这样就少了几个功能... 似乎我也用不到 -DHAVE_DNSSEC 加上又少nettle/rsa.h,不乱搞了, HAVE_TOMATO带来的asus fix也没了
    CC=mipsel-linux-uclibc-gcc CXX=mipsel-linux-uclibc-g++ AR=mipsel-linux-uclibc-ar RANLIB=mipsel-linux-uclibc-ranlib make install PREFIX=/home/oglop/tomato/dnsmasq-install COPTS="-DNO_INOTIFY -DHAVE_BROKEN_RTC"
    
    #压小一点
    mipsel-linux-uclibc-strip /home/oglop/tomato/dnsmasq-install/sbin/dnsmasq 
    upx /home/oglop/tomato/dnsmasq-install/sbin/dnsmasq
    
    # 拷到路由器上
    ssh root@router-address "mkdir -p /jffs/dnsmasq"
    scp /home/oglop/tomato/dnsmasq-install/sbin/dnsmasq root@router-address:/jffs/dnsmasq/
    
    似乎可以,又试了试2.72
    git clean
    git checkout tags/v2.72
    CC=mipsel-linux-uclibc-gcc CXX=mipsel-linux-uclibc-g++ AR=mipsel-linux-uclibc-ar RANLIB=mipsel-linux-uclibc-ranlib make install PREFIX=/home/oglop/tomato/dnsmasq-install
    
    

    然后在tomato webui里加入

    mount --bind /jffs/dnsmasq/dnsmasq  /usr/sbin/dnsmasq
    service dnsmasq restart
    

    这样路由器里的dnsmasq就会被替换为我编译的版本

    此外lz想尝试下把ipset换成新版

    # tomato kernel版本
    root@unknown:/tmp/home/root# uname -r
    2.6.22.19
    
    # 系统自带ipset是4.5
    root@unknown:/tmp/home/root# ipset --version
    ipset v4.5, protocol version 4.
    Kernel module protocol version 4.
    
    

    不幸的是根据主页说明,最高只能用到4.5,tomato里已经是最新的了

    所以最后lz编译了dnsmasq 2.75,不过比自带的版本少一些功能

    # 拷到路由器上
    ssh root@router-beside-me "mkdir -p /jffs/dnsmasq"
    scp dnsmasq root@router-beside-me:/jffs/dnsmasq/
    

    在tomato webui中做如下设置

    mount --bind /jffs/dnsmasq/dnsmasq  /usr/sbin/dnsmasq
    killall dnsmasq
    

    上面这一步替换dnsmasq似乎不是必要的,可以先不做,如果有问题连不上再试这一步

    参考:
    Does not build
    利用ipset进行选择性的翻墙 – 在云彼方

  5. 此处lz掉进大坑
    首先lz在DHCP/DNS设置中,添加xiami到gfwlist set,并勾选Intercept DNS port(UDP 53)
    tomato_dns

    server=/.xiami.com/127.0.0.1#53
    ipset=/.xiami.com/gfwlist
    

    然后ssh登入路由器,运行如下命令

    modprobe ipt_REDIRECT
    modprobe ipt_set
    
    ipset -N gfwlist iphash
    iptables -t nat -A PREROUTING -p tcp -m set --set gfwlist dst -j REDIRECT --to-port 1080
    
    # 注意很多教程里是--match-set, 不过lz用iptables -m set -h 查询后显示这个版本的iptables要用--set
    # 如果先
    

    此处有个坑是之前加入的ipset里没有xiami

    root@unknown:/tmp/home/root# ipset -L gfwlist
    Name: gfwlist
    Type: iphash
    References: 0
    Header: hashsize: 1024 probes: 8 resize: 50
    Members:
    
    # 此外下面命令可以看现在有哪些module
    cat /proc/net/ip_tables_matches
    
    # 看看加上没
    iptables -t nat -nvL
    
    # 看看ss-redir运行了没
    netstats -lnt
    
    # 删除加的redirect,测试用
    iptables -t nat -D PREROUTING 7
    
    # 关闭ss进程
    kill -9 `cat /tmp/ss-local.pid`
    

    试了半天无果,xiami那两行也可以放dnsmasq.custom里

    nvram setfile2nvram /etc/dnsmasq.custom
    nvram commit
    
    # 如果想删除
    nvram unset "FILE:/etc/dnsmasq.custom"
    nvram commit
    

    ss-redir配置文件内容

    {
        "server":"my_server_ip",
        "server_port":8388,
        "local_address": "0.0.0.0",
        "local_port":1080,
        "password":"mypassword",
        "method":"aes-256-cfb",
    }
    
    

    可以用下面命令来判断路由器上的1080端口是否打开,当然也可以通过前台运行ss-redir来判断是否连上了

    nmap -p 1080 192.168.2.1
    

    参考
    ipset 和 dnsmasq 不匹配怎么办?

  6. iptables no match by that name (ipset)
    openwrt下配置shadowsocks+dnsmasq+ipset+dns2socks
    openwrt使用ipset和shadowsocks实现自动代理
    配置OpenWrt路由器智能自动翻墙

问题:如果想搞成静态版怎么搞?
在shadowsocks-qt5.pro文件中加入

CONFIG += static

么?此外还需要把所有依赖都搞成静态的么?

乱搞备份:
用这个script把所有依赖拷到一起,再酌情自己目测删除行么?
Copying shared library dependencies

乱搞尝试:

用chrpath把rpath改为.
yum install epel-release
yum install qt5-qtbase qt5-qtbase-gui libappindicator-devel botan botan-devel

# 乱搞以后还是有错
[oglop@localhost min]$ ./ss-qt5
./ss-qt5: symbol lookup error: ./ss-qt5: undefined symbol: _ZN9QMetaType22registerNormalizedTypeERK10QByteArrayPFvPvEPFS3_S3_PKvEi6QFlagsINS_8TypeFlagEEPK11QMetaObject

# 用http://demangler.com/来demangle一下
QMetaType::registerNormalizedType(QByteArray const&, void (*)(void*), void* (*)(void*, void const*), int, QFlags<QMetaType::TypeFlag>, QMetaObject const*)

本文中编译出来的文件下载:
好像不是那么容易搞成static的,先不放了

shadowsocks-libev_2.3.1_mipsel_OpenSSL_static.tar.gz
shadowsocks-libev_2.3.1_mipsel_OpenSSL_dynamic.tar.gz
openssl-1.0.2d_dynamic.tar.gz

perp-2.07.tar.gz

tomato-K26-1.28.RT-N5x-MIPSR2-131-netcore-q3-Max.trx
tomato-K26-1.28.RT-N5x-MIPSR2-132-netcore-q3-Max.trx

参考:
Shadowsocks的图形化客户端Shadowsocks-Qt5介绍
How to statically link Qt 4
Building Qt Static (and Dynamic) and Making it Small with GCC, Microsoft Visual Studio, and the Intel Compiler
Where do executables look for shared objects at runtime
nohup Execute Commands After You Exit From a Shell Prompt

How to execute one command on all files within a folder
Exclude list of files from find
How do I list the symbols in a .so file
Router Decompiling
TomatoUSB – Script Name Extensions
Adding Your Own Users – tomatoUSB
Understanding /etc/passwd File Format
Understanding /etc/shadow file

Advertisements

One response to “shadowsocks反向用法 如何翻回国内 这也算是奇(chi)葩(bao)要(le)求(cheng)了(de) 以及自行编译tomato shibby 并把shadowsocks服务端直接放在路由器上(不买vps)

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: