├── .gitattributes
├── .gitignore
├── LICENSE
├── Surge_ss_module
└── SSEncrypt.module
├── image
├── CfA.png
├── Quantumult.png
├── Snipaste_2018-09-12_09-12-18.png
├── Snipaste_2018-09-12_09-22-01.png
├── Snipaste_2018-09-12_09-24-32.png
├── Surge_Mac.png
├── ass.png
├── clashX.png
├── cw.png
├── cwpostss.png
├── macOsNG.png
├── newOS.png
├── postern.png
├── reward.png
├── shadowrocket.png
├── sr.png
├── surge.png
└── surge1.png
├── readme.md
├── readme_en.md
└── server_instruction
└── instruction.md
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # General
2 | .DS_Store
3 | .AppleDouble
4 | .LSOverride
5 |
6 | # Icon must end with two \r
7 | Icon
8 |
9 | # Thumbnails
10 | ._*
11 |
12 | # Files that might appear in the root of a volume
13 | .DocumentRevisions-V100
14 | .fseventsd
15 | .Spotlight-V100
16 | .TemporaryItems
17 | .Trashes
18 | .VolumeIcon.icns
19 | .com.apple.timemachine.donotpresent
20 |
21 | # Directories potentially created on remote AFP share
22 | .AppleDB
23 | .AppleDesktop
24 | Network Trash Folder
25 | Temporary Items
26 | .apdisk
27 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Attribution-ShareAlike 4.0 International
2 |
3 | =======================================================================
4 |
5 | Creative Commons Corporation ("Creative Commons") is not a law firm and
6 | does not provide legal services or legal advice. Distribution of
7 | Creative Commons public licenses does not create a lawyer-client or
8 | other relationship. Creative Commons makes its licenses and related
9 | information available on an "as-is" basis. Creative Commons gives no
10 | warranties regarding its licenses, any material licensed under their
11 | terms and conditions, or any related information. Creative Commons
12 | disclaims all liability for damages resulting from their use to the
13 | fullest extent possible.
14 |
15 | Using Creative Commons Public Licenses
16 |
17 | Creative Commons public licenses provide a standard set of terms and
18 | conditions that creators and other rights holders may use to share
19 | original works of authorship and other material subject to copyright
20 | and certain other rights specified in the public license below. The
21 | following considerations are for informational purposes only, are not
22 | exhaustive, and do not form part of our licenses.
23 |
24 | Considerations for licensors: Our public licenses are
25 | intended for use by those authorized to give the public
26 | permission to use material in ways otherwise restricted by
27 | copyright and certain other rights. Our licenses are
28 | irrevocable. Licensors should read and understand the terms
29 | and conditions of the license they choose before applying it.
30 | Licensors should also secure all rights necessary before
31 | applying our licenses so that the public can reuse the
32 | material as expected. Licensors should clearly mark any
33 | material not subject to the license. This includes other CC-
34 | licensed material, or material used under an exception or
35 | limitation to copyright. More considerations for licensors:
36 | wiki.creativecommons.org/Considerations_for_licensors
37 |
38 | Considerations for the public: By using one of our public
39 | licenses, a licensor grants the public permission to use the
40 | licensed material under specified terms and conditions. If
41 | the licensor's permission is not necessary for any reason--for
42 | example, because of any applicable exception or limitation to
43 | copyright--then that use is not regulated by the license. Our
44 | licenses grant only permissions under copyright and certain
45 | other rights that a licensor has authority to grant. Use of
46 | the licensed material may still be restricted for other
47 | reasons, including because others have copyright or other
48 | rights in the material. A licensor may make special requests,
49 | such as asking that all changes be marked or described.
50 | Although not required by our licenses, you are encouraged to
51 | respect those requests where reasonable. More_considerations
52 | for the public:
53 | wiki.creativecommons.org/Considerations_for_licensees
54 |
55 | =======================================================================
56 |
57 | Creative Commons Attribution-ShareAlike 4.0 International Public
58 | License
59 |
60 | By exercising the Licensed Rights (defined below), You accept and agree
61 | to be bound by the terms and conditions of this Creative Commons
62 | Attribution-ShareAlike 4.0 International Public License ("Public
63 | License"). To the extent this Public License may be interpreted as a
64 | contract, You are granted the Licensed Rights in consideration of Your
65 | acceptance of these terms and conditions, and the Licensor grants You
66 | such rights in consideration of benefits the Licensor receives from
67 | making the Licensed Material available under these terms and
68 | conditions.
69 |
70 |
71 | Section 1 -- Definitions.
72 |
73 | a. Adapted Material means material subject to Copyright and Similar
74 | Rights that is derived from or based upon the Licensed Material
75 | and in which the Licensed Material is translated, altered,
76 | arranged, transformed, or otherwise modified in a manner requiring
77 | permission under the Copyright and Similar Rights held by the
78 | Licensor. For purposes of this Public License, where the Licensed
79 | Material is a musical work, performance, or sound recording,
80 | Adapted Material is always produced where the Licensed Material is
81 | synched in timed relation with a moving image.
82 |
83 | b. Adapter's License means the license You apply to Your Copyright
84 | and Similar Rights in Your contributions to Adapted Material in
85 | accordance with the terms and conditions of this Public License.
86 |
87 | c. BY-SA Compatible License means a license listed at
88 | creativecommons.org/compatiblelicenses, approved by Creative
89 | Commons as essentially the equivalent of this Public License.
90 |
91 | d. Copyright and Similar Rights means copyright and/or similar rights
92 | closely related to copyright including, without limitation,
93 | performance, broadcast, sound recording, and Sui Generis Database
94 | Rights, without regard to how the rights are labeled or
95 | categorized. For purposes of this Public License, the rights
96 | specified in Section 2(b)(1)-(2) are not Copyright and Similar
97 | Rights.
98 |
99 | e. Effective Technological Measures means those measures that, in the
100 | absence of proper authority, may not be circumvented under laws
101 | fulfilling obligations under Article 11 of the WIPO Copyright
102 | Treaty adopted on December 20, 1996, and/or similar international
103 | agreements.
104 |
105 | f. Exceptions and Limitations means fair use, fair dealing, and/or
106 | any other exception or limitation to Copyright and Similar Rights
107 | that applies to Your use of the Licensed Material.
108 |
109 | g. License Elements means the license attributes listed in the name
110 | of a Creative Commons Public License. The License Elements of this
111 | Public License are Attribution and ShareAlike.
112 |
113 | h. Licensed Material means the artistic or literary work, database,
114 | or other material to which the Licensor applied this Public
115 | License.
116 |
117 | i. Licensed Rights means the rights granted to You subject to the
118 | terms and conditions of this Public License, which are limited to
119 | all Copyright and Similar Rights that apply to Your use of the
120 | Licensed Material and that the Licensor has authority to license.
121 |
122 | j. Licensor means the individual(s) or entity(ies) granting rights
123 | under this Public License.
124 |
125 | k. Share means to provide material to the public by any means or
126 | process that requires permission under the Licensed Rights, such
127 | as reproduction, public display, public performance, distribution,
128 | dissemination, communication, or importation, and to make material
129 | available to the public including in ways that members of the
130 | public may access the material from a place and at a time
131 | individually chosen by them.
132 |
133 | l. Sui Generis Database Rights means rights other than copyright
134 | resulting from Directive 96/9/EC of the European Parliament and of
135 | the Council of 11 March 1996 on the legal protection of databases,
136 | as amended and/or succeeded, as well as other essentially
137 | equivalent rights anywhere in the world.
138 |
139 | m. You means the individual or entity exercising the Licensed Rights
140 | under this Public License. Your has a corresponding meaning.
141 |
142 |
143 | Section 2 -- Scope.
144 |
145 | a. License grant.
146 |
147 | 1. Subject to the terms and conditions of this Public License,
148 | the Licensor hereby grants You a worldwide, royalty-free,
149 | non-sublicensable, non-exclusive, irrevocable license to
150 | exercise the Licensed Rights in the Licensed Material to:
151 |
152 | a. reproduce and Share the Licensed Material, in whole or
153 | in part; and
154 |
155 | b. produce, reproduce, and Share Adapted Material.
156 |
157 | 2. Exceptions and Limitations. For the avoidance of doubt, where
158 | Exceptions and Limitations apply to Your use, this Public
159 | License does not apply, and You do not need to comply with
160 | its terms and conditions.
161 |
162 | 3. Term. The term of this Public License is specified in Section
163 | 6(a).
164 |
165 | 4. Media and formats; technical modifications allowed. The
166 | Licensor authorizes You to exercise the Licensed Rights in
167 | all media and formats whether now known or hereafter created,
168 | and to make technical modifications necessary to do so. The
169 | Licensor waives and/or agrees not to assert any right or
170 | authority to forbid You from making technical modifications
171 | necessary to exercise the Licensed Rights, including
172 | technical modifications necessary to circumvent Effective
173 | Technological Measures. For purposes of this Public License,
174 | simply making modifications authorized by this Section 2(a)
175 | (4) never produces Adapted Material.
176 |
177 | 5. Downstream recipients.
178 |
179 | a. Offer from the Licensor -- Licensed Material. Every
180 | recipient of the Licensed Material automatically
181 | receives an offer from the Licensor to exercise the
182 | Licensed Rights under the terms and conditions of this
183 | Public License.
184 |
185 | b. Additional offer from the Licensor -- Adapted Material.
186 | Every recipient of Adapted Material from You
187 | automatically receives an offer from the Licensor to
188 | exercise the Licensed Rights in the Adapted Material
189 | under the conditions of the Adapter's License You apply.
190 |
191 | c. No downstream restrictions. You may not offer or impose
192 | any additional or different terms or conditions on, or
193 | apply any Effective Technological Measures to, the
194 | Licensed Material if doing so restricts exercise of the
195 | Licensed Rights by any recipient of the Licensed
196 | Material.
197 |
198 | 6. No endorsement. Nothing in this Public License constitutes or
199 | may be construed as permission to assert or imply that You
200 | are, or that Your use of the Licensed Material is, connected
201 | with, or sponsored, endorsed, or granted official status by,
202 | the Licensor or others designated to receive attribution as
203 | provided in Section 3(a)(1)(A)(i).
204 |
205 | b. Other rights.
206 |
207 | 1. Moral rights, such as the right of integrity, are not
208 | licensed under this Public License, nor are publicity,
209 | privacy, and/or other similar personality rights; however, to
210 | the extent possible, the Licensor waives and/or agrees not to
211 | assert any such rights held by the Licensor to the limited
212 | extent necessary to allow You to exercise the Licensed
213 | Rights, but not otherwise.
214 |
215 | 2. Patent and trademark rights are not licensed under this
216 | Public License.
217 |
218 | 3. To the extent possible, the Licensor waives any right to
219 | collect royalties from You for the exercise of the Licensed
220 | Rights, whether directly or through a collecting society
221 | under any voluntary or waivable statutory or compulsory
222 | licensing scheme. In all other cases the Licensor expressly
223 | reserves any right to collect such royalties.
224 |
225 |
226 | Section 3 -- License Conditions.
227 |
228 | Your exercise of the Licensed Rights is expressly made subject to the
229 | following conditions.
230 |
231 | a. Attribution.
232 |
233 | 1. If You Share the Licensed Material (including in modified
234 | form), You must:
235 |
236 | a. retain the following if it is supplied by the Licensor
237 | with the Licensed Material:
238 |
239 | i. identification of the creator(s) of the Licensed
240 | Material and any others designated to receive
241 | attribution, in any reasonable manner requested by
242 | the Licensor (including by pseudonym if
243 | designated);
244 |
245 | ii. a copyright notice;
246 |
247 | iii. a notice that refers to this Public License;
248 |
249 | iv. a notice that refers to the disclaimer of
250 | warranties;
251 |
252 | v. a URI or hyperlink to the Licensed Material to the
253 | extent reasonably practicable;
254 |
255 | b. indicate if You modified the Licensed Material and
256 | retain an indication of any previous modifications; and
257 |
258 | c. indicate the Licensed Material is licensed under this
259 | Public License, and include the text of, or the URI or
260 | hyperlink to, this Public License.
261 |
262 | 2. You may satisfy the conditions in Section 3(a)(1) in any
263 | reasonable manner based on the medium, means, and context in
264 | which You Share the Licensed Material. For example, it may be
265 | reasonable to satisfy the conditions by providing a URI or
266 | hyperlink to a resource that includes the required
267 | information.
268 |
269 | 3. If requested by the Licensor, You must remove any of the
270 | information required by Section 3(a)(1)(A) to the extent
271 | reasonably practicable.
272 |
273 | b. ShareAlike.
274 |
275 | In addition to the conditions in Section 3(a), if You Share
276 | Adapted Material You produce, the following conditions also apply.
277 |
278 | 1. The Adapter's License You apply must be a Creative Commons
279 | license with the same License Elements, this version or
280 | later, or a BY-SA Compatible License.
281 |
282 | 2. You must include the text of, or the URI or hyperlink to, the
283 | Adapter's License You apply. You may satisfy this condition
284 | in any reasonable manner based on the medium, means, and
285 | context in which You Share Adapted Material.
286 |
287 | 3. You may not offer or impose any additional or different terms
288 | or conditions on, or apply any Effective Technological
289 | Measures to, Adapted Material that restrict exercise of the
290 | rights granted under the Adapter's License You apply.
291 |
292 |
293 | Section 4 -- Sui Generis Database Rights.
294 |
295 | Where the Licensed Rights include Sui Generis Database Rights that
296 | apply to Your use of the Licensed Material:
297 |
298 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right
299 | to extract, reuse, reproduce, and Share all or a substantial
300 | portion of the contents of the database;
301 |
302 | b. if You include all or a substantial portion of the database
303 | contents in a database in which You have Sui Generis Database
304 | Rights, then the database in which You have Sui Generis Database
305 | Rights (but not its individual contents) is Adapted Material,
306 |
307 | including for purposes of Section 3(b); and
308 | c. You must comply with the conditions in Section 3(a) if You Share
309 | all or a substantial portion of the contents of the database.
310 |
311 | For the avoidance of doubt, this Section 4 supplements and does not
312 | replace Your obligations under this Public License where the Licensed
313 | Rights include other Copyright and Similar Rights.
314 |
315 |
316 | Section 5 -- Disclaimer of Warranties and Limitation of Liability.
317 |
318 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
319 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
320 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
321 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
322 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
323 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
324 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
325 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
326 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
327 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
328 |
329 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
330 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
331 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
332 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
333 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
334 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
335 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
336 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
337 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
338 |
339 | c. The disclaimer of warranties and limitation of liability provided
340 | above shall be interpreted in a manner that, to the extent
341 | possible, most closely approximates an absolute disclaimer and
342 | waiver of all liability.
343 |
344 |
345 | Section 6 -- Term and Termination.
346 |
347 | a. This Public License applies for the term of the Copyright and
348 | Similar Rights licensed here. However, if You fail to comply with
349 | this Public License, then Your rights under this Public License
350 | terminate automatically.
351 |
352 | b. Where Your right to use the Licensed Material has terminated under
353 | Section 6(a), it reinstates:
354 |
355 | 1. automatically as of the date the violation is cured, provided
356 | it is cured within 30 days of Your discovery of the
357 | violation; or
358 |
359 | 2. upon express reinstatement by the Licensor.
360 |
361 | For the avoidance of doubt, this Section 6(b) does not affect any
362 | right the Licensor may have to seek remedies for Your violations
363 | of this Public License.
364 |
365 | c. For the avoidance of doubt, the Licensor may also offer the
366 | Licensed Material under separate terms or conditions or stop
367 | distributing the Licensed Material at any time; however, doing so
368 | will not terminate this Public License.
369 |
370 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
371 | License.
372 |
373 |
374 | Section 7 -- Other Terms and Conditions.
375 |
376 | a. The Licensor shall not be bound by any additional or different
377 | terms or conditions communicated by You unless expressly agreed.
378 |
379 | b. Any arrangements, understandings, or agreements regarding the
380 | Licensed Material not stated herein are separate from and
381 | independent of the terms and conditions of this Public License.
382 |
383 |
384 | Section 8 -- Interpretation.
385 |
386 | a. For the avoidance of doubt, this Public License does not, and
387 | shall not be interpreted to, reduce, limit, restrict, or impose
388 | conditions on any use of the Licensed Material that could lawfully
389 | be made without permission under this Public License.
390 |
391 | b. To the extent possible, if any provision of this Public License is
392 | deemed unenforceable, it shall be automatically reformed to the
393 | minimum extent necessary to make it enforceable. If the provision
394 | cannot be reformed, it shall be severed from this Public License
395 | without affecting the enforceability of the remaining terms and
396 | conditions.
397 |
398 | c. No term or condition of this Public License will be waived and no
399 | failure to comply consented to unless expressly agreed to by the
400 | Licensor.
401 |
402 | d. Nothing in this Public License constitutes or may be interpreted
403 | as a limitation upon, or waiver of, any privileges and immunities
404 | that apply to the Licensor or You, including from the legal
405 | processes of any jurisdiction or authority.
406 |
407 |
408 | =======================================================================
409 |
410 | Creative Commons is not a party to its public
411 | licenses. Notwithstanding, Creative Commons may elect to apply one of
412 | its public licenses to material it publishes and in those instances
413 | will be considered the “Licensor.” The text of the Creative Commons
414 | public licenses is dedicated to the public domain under the CC0 Public
415 | Domain Dedication. Except for the limited purpose of indicating that
416 | material is shared under a Creative Commons public license or as
417 | otherwise permitted by the Creative Commons policies published at
418 | creativecommons.org/policies, Creative Commons does not authorize the
419 | use of the trademark "Creative Commons" or any other trademark or logo
420 | of Creative Commons without its prior written consent including,
421 | without limitation, in connection with any unauthorized modifications
422 | to any of its public licenses or any other arrangements,
423 | understandings, or agreements concerning use of licensed material. For
424 | the avoidance of doubt, this paragraph does not form part of the
425 | public licenses.
426 |
427 | Creative Commons may be contacted at creativecommons.org.
428 |
--------------------------------------------------------------------------------
/Surge_ss_module/SSEncrypt.module:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/Surge_ss_module/SSEncrypt.module
--------------------------------------------------------------------------------
/image/CfA.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/CfA.png
--------------------------------------------------------------------------------
/image/Quantumult.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/Quantumult.png
--------------------------------------------------------------------------------
/image/Snipaste_2018-09-12_09-12-18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/Snipaste_2018-09-12_09-12-18.png
--------------------------------------------------------------------------------
/image/Snipaste_2018-09-12_09-22-01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/Snipaste_2018-09-12_09-22-01.png
--------------------------------------------------------------------------------
/image/Snipaste_2018-09-12_09-24-32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/Snipaste_2018-09-12_09-24-32.png
--------------------------------------------------------------------------------
/image/Surge_Mac.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/Surge_Mac.png
--------------------------------------------------------------------------------
/image/ass.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/ass.png
--------------------------------------------------------------------------------
/image/clashX.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/clashX.png
--------------------------------------------------------------------------------
/image/cw.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/cw.png
--------------------------------------------------------------------------------
/image/cwpostss.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/cwpostss.png
--------------------------------------------------------------------------------
/image/macOsNG.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/macOsNG.png
--------------------------------------------------------------------------------
/image/newOS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/newOS.png
--------------------------------------------------------------------------------
/image/postern.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/postern.png
--------------------------------------------------------------------------------
/image/reward.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/reward.png
--------------------------------------------------------------------------------
/image/shadowrocket.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/shadowrocket.png
--------------------------------------------------------------------------------
/image/sr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/sr.png
--------------------------------------------------------------------------------
/image/surge.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/surge.png
--------------------------------------------------------------------------------
/image/surge1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KeiKinn/ShadowsocksBio/0ca48c706042930d3688fe3731912b862fc0b06f/image/surge1.png
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
1 | # Shadowsocks 笔记
2 | 
3 | 
4 |
5 | [English Version](readme_en.md)
6 |
7 | > 时间会遗忘的。
8 | * [前言](#前言)
9 | + [经典思路](#经典思路)
10 | + [新思路](#新思路)
11 | * [Shadowsocks](#Shadowsocks)
12 | + [一些历史事件](#一些历史事件)
13 | - [风云突变](#风云突变)
14 | - [一些话](#一些话)
15 | - [SSR之死](#SSR之死)
16 | * [传承](#传承)
17 | * [变数](#变数)
18 | + [收紧的手](#收紧的手)
19 | + [时间线](#时间线)
20 | + [小心翼翼](#小心翼翼)
21 | * [新生代](#新生代)
22 | + [Surge --- 破局者](#Surge-----破局者)
23 | - [题外话](#题外话)
24 | + [Shadowrocket --- 小火箭](#Shadowrocket-----小火箭)
25 | + [Others](#Others)
26 | + [Android](#Android)
27 | - [Clash for Android](#Clash-for-Android)
28 | - [Postern](#Postern)
29 | * [总结](#总结)
30 | * [后记](#后记)
31 | - [个人搭建指南](#个人搭建指南)
32 | * [服务器选择](#服务器选择)
33 | * [服务器系统](#服务器系统)
34 | * [Shadowsocks-libev](#Shadowsocks-libev)
35 | - [obfs 混淆](#obfs-混淆)
36 | + [Shadowsocks-libev 安装与配置](#Shadowsocks-libev-安装与配置)
37 | * [Shadowsocks客户端](#Shadowsocks客户端)
38 | + [Windows](#Windows)
39 | - [下载地址](#下载地址)
40 | - [本地配置](#本地配置)
41 | + [macos](#macos)
42 | - [Shadowsocks-NG](#Shadowsocks-NG)
43 | - [ClashX](#ClashX)
44 | - [Surge](#Surge)
45 | + [iOS](#iOS)
46 | - [Surge](#Surge-1)
47 | - [Shadowrocket](#Shadowrocket)
48 | - [Quantumult](#Quantumlt)
49 | - [Loon](#loon)
50 | + [Android](#Android-1)
51 | - [Shadowsocks](#Shadowsocks-1)
52 | - [Postern](#Postern-1)
53 |
54 | ## 前言
55 |
56 | 中国国家防火墙(非官方)是管理中国出入境网络流量的一套软硬件系统的集合,其被中国网民戏称为中国防火长城(Great Firewall, GFW)。长期以来,由于 GFW 的存在,在中国大陆境内无法访问 Google,Twitter,Facebook 等境外网站,因为能够定向屏蔽境外网站,GFW 事实上将互联网划分为了中国大陆内网与境外互联网两种互联网体系。在大多数情况下,“墙” 会被用来代指 GFW。
57 |
58 | 翻越 GFW 有很多种方法,大浪淘沙,很多的方法都已经消失了,在我能够想起来的过去的,现在的,做一简单的记录:
59 |
60 | ### 经典思路
61 |
62 | 1. 修改电脑内部的 host 文件:通过自主指定相关网站的 IP 地址,避开 DNS 以达到翻墙的目的,这种方法最为简单粗暴,但依然存在,同时存在相关的软件项目定期更新 host 列表;
63 | 2. 强制指定系统DNS:GFW 主要攻击手段之一是 DNS 污染,于是便有了强制指定系统 DNS 的方式以避免返回无效 IP 地址,这种方法经常会结合 1 使用;
64 | 3. VPN:原本用来作为一种匿名,安全,保密的 VPN 服务也被发掘出翻墙的潜力,其原理比较简单,选择一个没有被 GFW 封杀的服务器,通过该服务器将相关网站的流量转发到自己的设备,而设备与VPN服务器之间的通信并不在GFW的屏蔽范围之内,于是便达成了翻墙的目的。VPN 最初的目的是用于企业服务,方便员工远程登录企业内网进行操作,主要协议有 PPTP、L2TP、IPsec、IKEv2、openVPN 等等;
65 | 4. GoAgent,自由门,fqrouter 等一系列网络服务;
66 |
67 | ### 新思路
68 | 4. Shadowsocks 类:主要包括各类 Shadowsocks 衍生版本,ShadowsocksR,Shadowsocks-libev等,特点是加密了通信过程中的数据以及流量分流;
69 | 5. 内网穿透:比较典型的是 [ZeroTier](https://www.zerotier.com),建立一个中继的管理服务器,加入服务器的客户端相当于处于同一个局域网中,不仅可以翻墙,由于其虚拟内网的特性,可以实现局域网内多设备联动。ZeroTier 有一个公有的服务器,官方称之为 Earth,同时用户可以自建 ZeroTier 中继服务器,官方称之为 Moon。
70 | 6. V2Ray:V2Ray 是 Project V 下的一个工具。Project V 是一个包含一系列构建特定网络环境工具的项目,而 V2Ray 属于最核心的一个。官方介绍 Project V 提供了单一的内核和多种界面操作方式。内核(V2Ray)用于实际的网络交互、路由等针对网络数据的处理,而外围的用户界面程序提供了方便直接的操作流程。不过从时间上来说,先有 V2Ray才有Project V;如今 V2Ray 的开发者已经失联,V2Ray 的开发维护工作基本上已经陷入停滞。
71 | 7. 大杀器:奇怪的名字,似乎是一个有趣的人开发的,个人没有关注过。
72 |
73 | ## Shadowsocks
74 | ### 一些历史事件
75 | 2012年4月22日,V2EX 用户 clowwindy 分享了一个自己自用一年多的翻墙工具:**Shadowsocks**
76 | 
77 |
78 | 在日常中,当我们谈到 Shadowsocks (Shadowsocks),实际上指的是围绕 Shadowsocks 所建立起来的一套完整的翻墙组件,其中包括了 Shadowsocks 协议,Shadowsocks 服务端,Shadowsocks 客户端。然而本质上,狭义的 Shadowsocks 是一套加密协议,被加密后的网络数据隐匿了目标地址与内容特征,使得 GFW 无法对我们期望的流量进行污染或者拦截,从而实现网络自由。传统的 VPN 技术的主要目的是保证数据安全,降低敏感数据泄漏的风险,因此,当开启 VPN 之后,所有的流量都会通过 VPN 通道进行传输,这意味着无需代理的网络流量也会被转发到远程的 VPN 服务器,即使个人建立了 VPN 通道,也难以避免网络访问效率上的下降,同时也难以避免版权内容在服务器 IP 所在地区无法播放的情况。
79 |
80 | 相对于传统的 VPN 技术,Shadowsocks 的建立初衷便是为了翻墙,因此 Shadowsocks 接管网络之后,并不会对所有的流量进行加密处理,通过引入配置文件(PAC)实现了网络分流技术,也就是配置文件中的网站走代理通道,配置文件之外的地址全部走直连通道,一个客户端,两套出口,互不干扰,极大的提升了上网体验。
81 |
82 | 初生的 Shadowsocks 点燃了开发者的热情,基于各类语言的 Shadowsocks 实现与主流平台的客户端如雨后春笋一般很快建立起来了,这是一段热情而又喧闹的时期,参与在其中的人们毫不吝惜自己的聪明才智与旺盛精力,围绕 Shadowsocks 这个内核与骨架,每个人都在努力作出自己的贡献。彼时,传统而又相对成熟的 VPN 业务足以应对不成熟的 GFW,Shadowsocks 只不过是刚刚萌发的幼芽,脆弱而生机勃勃,默默吸收着养分,等待着时机的爆发。
83 |
84 | 最初的 Shadowsocks 客户端都内置了节点信息,网上也有人分享自己的节点,虽然速度略慢,稳定性不佳,但丰俭由人,普通用户安装后无需额外配置即可食用,有需求有技术的群体可以在自己的服务器上搭建 Shadowsocks 服务。唯一遗憾的是当年的 iOS 上并没有网络通道的权限,要么使用 Shadowsocks 浏览器有限翻墙,要么越狱安装客户端接管网络,实现 Shadowsocks 代理。
85 |
86 | #### 风云突变
87 | **2015年8月20日**,clowwindy 在 GitHub 发出如下一段话:
88 |
89 | >Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.
90 | >
91 | >I hope one day I’ll live in a country where I have freedom to write any code I like without fearing.
92 | >
93 | >I believe you guys will make great stuff with Network Extensions.
94 | >
95 | >Cheers!
96 |
97 | 当晚,clowwindy 把他所维护的几个 shadowsocks 代码仓库内的 Isuesses 面板全部关闭,所有帮助信息全部删除,并将所有的描述都改成了 **Something happened**。于此同时,他还清空了这些仓库 / 组织的 membership,或者将所有成员全部转入隐私状态,不对外公开。
98 |
99 | 空气中弥漫着不寻常。
100 |
101 | **2015年8月21日** 网络上开始传出 clowwindy 被请去喝茶的消息,稍后 clowwindy 在 shadowsocks-windows 的 #305 issue 下回复道
102 |
103 | >I was invited for some tea yesterday. I won’t be able to continue developing this project.
104 |
105 | 同时他也开启了 twitter 的隐私保护功能,除已关注者外,其他人无法查看他的动态;
106 | 当晚 clowwindy 发布了 thanks. 后的推文,证明人没事。
107 | 
108 |
109 | 至此,Shadowsocks 原作者退出。
110 |
111 | #### 一些话
112 | clowwindy 的遭遇并未完全消灭所有开发者的热情,因此后续的开发维护工作并未停止,在这段不安的时间里,前前后后也着实发生了很多的事情,乱花渐欲迷人眼,前因后果在此不计。
113 |
114 | ShadowsocksR 的作者 breakwa11 是一个极富争议性的人,她接手了后续 Shadowsocks的开发工作,却违反开源协议封闭源代码,同时发布的过程中暗示自己是原作者,在 [shadosocks-windows/Issue108](https://github.com/shadowsocks/shadowsocks-windows/issues/293#issuecomment-132253168) 中 clowwindy 做出了一些回应:
115 |
116 | >那是自然的咯。这边加了什么功能,它(SSR)马上扒过去合并了。它那边加了什么却不会贡献出来给其他人用,久而久之,不就是它那边功能更多了吗。
117 |
118 | >一直以来我什么都没说是因为我对他还有点希望,所以得给他一点面子不是。一开始我还只是纳闷他为什么不发 pull request,过了一段时间我才明白,这个世界上也有这一类的人。不尊重 GPL 就算了,把作者名字换成自己的,还在主页上加上官方的字样。为什么我们这边反而不说官方呢?因为我希望这个项目是没有官方的,人人都是贡献者。想不到这个社会人人都围着官转,人人都巴不得当官 。
119 |
120 | >既然他没有尊重别人劳动成果的意愿,那他那些不开源的理由想必也只是借口。说因为加了一些试验性功能会不兼容所以暂不开源。他弄了一个混淆 TCP 协议头功能,在界面上标注提升安全性,吸引用户打开,然后安装他自己的不兼容服务端。然而我分析了一下之后发现这个功能的设计就是想当然,用得多了以后反而会增加特征。如果你真有什么试验性功能,不是更应该开放出来让所有人帮你分析么,大家一起讨论么?在加密算法领域,只有经过足够多人和机构的审视的算法,才能视作是安全的,闭门造出来的怎么能用。。
121 |
122 | >当然啦,大部分用户才不会管这些,他们不会分析你是不是真的安全,也不会做道德判断,只要他们觉得好用就行。所以可以看到,这种环境下开源其实并没有什么优势,只不过为一些人抄袭提供了便利。这种环境下最后留下来的都是这些人。
123 |
124 | >我一直想象的那种大家一起来维护一个项目的景象始终没有出现,也没有出现的迹象。维护这个项目的过程中,遇到 @chenshaoju 这样主动分享的同学并不多。很多来汇报问题的人是以一种小白求大大解决问题,解决完就走人的方式来的,然而既不愿提供足够的信息,也不愿写一些自己尝试的过程供后人参考。互帮互助的气氛就是搞不起来。对比下国外的社区差好远。
125 |
126 | >最适合这个民族的其实是一群小白围着大大转,大大通过小白的夸奖获得自我满足,然后小白的吃喝拉撒都包给大大解决的模式。通过这个项目我感觉我已经彻底认识到这个民族的前面为什么会有一堵墙了。没有墙哪来的大大。所以到处都是什么附件回帖可见,等级多少用户组可见,一个论坛一个大大供小白跪舔,不需要政府造墙,网民也会自发造墙。这尼玛连做个翻墙软件都要造墙,真是令人叹为观止。这是一个造了几千年墙的保守的农耕民族,缺乏对别人的基本尊重,不愿意分享,喜欢遮遮掩掩,喜欢小圈子抱团,大概这些传统是改不掉了吧。
127 |
128 | >现在维护这些项目已经越来越让我感到无趣。我还是努力工作,好好养家,早日肉翻吧。
129 |
130 | 值得反思。
131 |
132 | #### SSR 之死
133 |
134 | 争议始终是存在着的,但是这也未曾阻挡 SSR 前进发展的步伐,越来越多的人开始转向 SSR,SS 逐步落入下风,但是也有一批拥促。平静的水面下隐藏着汹涌的暗流,爆发的那一刻已然迟已,开发者 breakwa11 的遭遇不论真假,同样令人胆寒
135 |
136 | 2017年7月19日,breakwa11 在 Telegram 频道 ShadowsocksR news 里转发了深圳市启用 Shadowsocks 协议检测结果,被大量用户转发,引发恐慌。
137 |
138 | 2017年7月27日,breakwa11 遭到自称 "ESU.TV" 的不明身份人士人身攻击,对方宣称如果不停止开发并阻止用户讨论此事件将发布更多包含个人隐私的资料,随后 breakwa11 表示遭到对方人肉搜索,而被他们所公开的个人资料属于完全无关人士,是自己当时随便填写的信息,为了防止对方继续伤害无关人士,breakwa11 决定删除 GitHub 上的所有代码、解散相关交流群组,停止 ShadowsocksR 项目。他在 Telegram 发出以下这段话:
139 |
140 | >这次的人肉事件,让我严重怀疑我自己做 SSR 是不是对的,首先不管资料对不对,从行为上看,就是有人希望我死,希望这个项目死,恨一个人能恨到如此程度。我知道我很做作,因此得罪了很多人,尤其最近公开 Shadowsocks 可被检测的问题,更是让很多人义愤填膺,非要干掉我不可。尽管从我的角度看,我只是希望通过引起关注然后促进 Shadowsocks 那边进行修改,这并不是希望 Shadowsocks 死掉的意思,我每次提出的问题之后不是都得到了改进了吗,包括 OTA 和 AEAD,AEAD 我也是有参与设计的,你们可以问 Syrone Wong,以及 NoisyFox 证实,而且 Shadowsocks-windows 有一部分也是我参与修改的。但如今,人肉的资料我也稍微看了一下,真是太令人心寒,连对方的支付宝流水都拉出来了,这样真的好吗?我并不希望因为我自己的问题而害了另一个人。我期望和那些反对我的人来一笔交易,我可以以停止开发 SSR 作为交换,删除项目及相关的东西,以后不再出现,SSR 群从此解散,账号注销,删除代码。对于我来说,这个项目不过是我用来证实自己的想法的一个东西,可有可无,制作也只是兴趣,扔掉也没有什么可惜的,反正替代品非常多,根本就不缺我这一个。你们老说我圈粉,你们真想太多了,真没这个必要。如果可以以这个换取另一人免受网络暴力,我也觉得这是值得的。相反的,如果人肉的结果仍然公开了,那就是我的行为已经救不了了,那我就可以继续开发 SSR。不过也不会太久,估计最多只多坚持一年到我毕业之前。谢谢这两年来大家的支持,这次应该是真正的和大家再见,看结果吧,今天晚上 12 点以 SSR 群解散作为标志,如果解散了那就正式和大家说一声再见
141 |
142 | 当晚12点,breakwa11 解散了 Telegram 群组。
143 |
144 | 至此,SSR 作者退出。
145 |
146 | ## 传承
147 |
148 | clowwindy 与 breakwa11 的遭遇与随后的退出,其实在暗示着 GFW 的成长,它不仅仅是技术上的博弈,它的概念开始扩展至更广泛的领域,技术永远都是有漏洞的,这些漏洞可以不断被弥补,但开发者自身的漏洞却是很难去修改的,不仅需要解决问题,同时也要解决制造问题的源头。
149 |
150 | 得益于 clowwindy 最初开源 Shadowsocks 的决定,大量的 fork 使得 Shadowsocks 依然在更新之中,从 GitHub 现有结果来看,各个平台(甚至是路由器)的 Shadowsocks 仍然不断的在更新,在提交 Issue,也有大功能更新,每一滴微小的力量都推动着项目的前进,只是前途在何处仍然是未知数。
151 |
152 | 奔涌的潮水会退回去,但下一次,下一次,它依然会积蓄着力量汹涌而来,真是我所抱有的美好期待,然而自从2018年开始,实际上各类协议的开发工作事实上陷入了瓶颈期,似乎是在与 GFW 博弈中达到了某种平衡,可以感觉到整个社区不再关注核心的加密以及特征隐藏。更多的开发者将心思放在了机场上,从某种意义上说,Shadowsocks 所引发的力量在技术层面已经进入了休眠,这无异于吃下了蓝色的药丸。
153 |
154 | ## 变数
155 |
156 | ### 收紧的手
157 |
158 | 2017年7月底,中国区 App Store 多款 VPN 相关应用在无任何说明与通知的情况下,突然集体被下架,且已经购买的用户在自己的已购项目中无法下载这些应用,显然苹果这次的下架直接封杀了国行 App Store 所有渠道的下载,性质显然不同于以往。苹果给出的回应是:
159 |
160 | > 我们已经收到要求,在中国移除一些不符合规范的 VPN App。这些 App 在其他市场的运营则不受影响
161 |
162 | 此次下架回应中所谓的规范即是2017年1月工业和信息化部印发的《关于清理规范互联网网络接入服务市场的通知》,《通知》中明确表明:
163 |
164 | > 规范的对象是未经电信主管部门批准,无国际通信业务经营资质的企业或个人,租用国际专线或VPN,私自开展跨境的电信业务经营活动。外贸企业、跨国企业因办公自用等原因,需要通过专线等方式跨境联网时,可以向依法设置国际通信出入口局的电信业务经营者租用,《通知》的相关规定不会对其正常运转造成影响。
165 |
166 | 受此影响,大量的用户只能与开发者联系,不少开发者只能通过 TestFlight 对用户分发更新,但是由于 TestFlight 分发的 app 90天后就会失效,开发者一旦弃更,用户便无法再使用该软件,此种风险也使得不少用户注册了外区的 Apple ID 并重新购买应用。由于工信部要求备案,且个人无备案资格,基本上表明了此次被下架的应用无法再上架,此次的风波也受到了国际社会的广泛关注与批评,唯一算作欣慰的是,苹果在下架软件的同时,倒逼政府出台了相应的明确细则。
167 |
168 | 2017年10月,伴随着十九大的开幕,大量线路被封杀,尤其以 SSR 为甚,各大机场与 tg 群一片哀嚎,所幸大会闭幕后不少 IP 被解封,不清楚具体的比例。
169 |
170 | 2018年1月,以及接下来的两会期间,执行了更大规模的 IP 封杀,涉及范围更广,基于各种算法的翻墙方法均有涉及,Shadowsocks 的 Issues 中有用户反映刚刚搭好十几分钟即被封杀。
171 |
172 | 2018年9月30日,公安部下发[通知](http://www.mps.gov.cn/n2254314/n2254409/n4904353/c6263180/content.html)
173 |
174 | > 《公安机关互联网安全监督检查规定》已经2018年9月5日公安部部长办公会议通过,现予发布,自**2018年11月1日**起施行。
175 |
176 | ### 时间线
177 |
178 | #### 2019/04/25
179 |
180 | 2019年4月25日,河南省新密市人民检察院发出[公告](http://www.ajxxgk.jcy.gov.cn/html/20190425/1/9344870.html ):
181 |
182 | > 2019年3月25日,新密市人民检察院依法以提供侵入计算机系统工具罪对孙东洋提起公诉,案件正在进一步办理当中。
183 |
184 | 2019 年 5 月 31 日,河南省新密市人民法院依法作出判决:
185 |
186 | > 被告人孙东洋......,使用家中电脑通过租用境外(美国、日本)服务器创建网站,非法在网站上出售“翻墙”程序软件账号及引导使用教程,有486人购买孙东洋出售的“翻墙”程序软件账号,借助该软件运用通讯加密和混淆技术手段,绕过和突破国家对国际互联网的网络安全技术防护措施(系统),可以访问被国际互联网网络安全技术防护措施屏蔽和过滤的境外网站及其他互联网应用、服务 ......
187 |
188 | *孙东洋即逗比根据地网站主创办人SSR,2018年11月失联。*
189 |
190 | #### 2019/05/14
191 |
192 | Shadowsocks 一键安装脚本先驱秋水逸冰在 twitter 上发推:
193 |
194 | > 斟酌再三,还是觉得已经没有继续坚持下去的必要了。 不如就此告别,后会有期。 [https://teddysun.com/548.html ](https://t.co/AfkNolQGgd)
195 |
196 |
197 | 长期关注无线路由器相关固件的恩山论坛上,lean,hiboy,荒野无灯,abccba94 等多名重要维护者宣布退出。
198 |
199 | #### 2019/09/16 - 2019/09/xx
200 |
201 | 国家网络安全宣传周,大量的机场出现大规模节点被封的情况,个别机场的 ip 甚至全数被封。Twitter 上有人反映甚至出现平常仅使用 Shadowsocks 进行网络学习的服务器被封的情况。
202 |
203 | ### 小心翼翼
204 |
205 | 网传的一份联通客户端对于各个协议的识别情况:
206 |
207 | | 软件和协议 | 联通检测类型 | 访问网址 |
208 | | -------------------------- | --------------------------------------------------- | ------------ |
209 | | Shadowsocks | TCP 业务 | 显示服务器IP |
210 | | Shadowsocks + http_simple(80端口) | 上网 (Web方式get) | 显示混淆域名 |
211 | | SSR | TCP 业务 | 显示服务器IP |
212 | | SSR + http_simple | 上网 (Web方式get) | 显示混淆域名 |
213 | | SSR + TLS(443) | * 安全类网页浏览 (HTTPS VPN) 流量 <br/>* HTTPS 链接 | 显示混淆域名 |
214 | | SSR + TLS(995) | 安全协议的收邮件流量 | 显示IP |
215 | | SSR + TLS(非443) | * 网络连接(网页)<br/>* HTTPS 链接 | 显示混淆域名 |
216 | | OpenConnect | UDP 业务 | 显示服务器IP |
217 | | IPSec VPN | UDP 业务 | 显示服务器IP |
218 | | V2Ray | TCP 业务 | 显示服务器IP |
219 | | V2Ray + TLS | HTTPS 网络连接 | 显示证书域名 |
220 | | nghttpx + TLS | HTTPS 网络连接 | 显示证书域名 |
221 | | kcptun | UDP 业务 | 显示服务器IP |
222 |
223 | *注:由于这份资料真假未知,仅做分享,请勿有不必要的恐慌。*
224 |
225 | ## 新生代
226 |
227 | 所有的主流平台中,iOS 是比较特殊的,不仅是因为它对权限管理相当的严格,更多的是因为没有相关的网络 API,开发者也是巧妇难为无米之炊。直到 iOS 9 苹果才对开发者开放 VPN 相关的 Network Extension 权限,在此之前,iOS 用户只能在越狱环境下才能获得相对完整的 Shadowsocks 体验,App Store 仅有一款 Shadowsocks 浏览器,只能实现浏览器内翻墙。毫不夸张地说,相对于 Android,此时的 iOS 在翻墙领域仍处于蛮荒时代。
228 |
229 | #### Surge --- 破局者
230 |
231 | Surge 出生于 iOS 平台,带着枷锁跳舞,其思路打破了之前 Shadowsocks 圈内的桎梏,再次促进了 Shadowsocks 代理软件生态的发展。
232 |
233 | 最初的 Surge 定位于网络调试工具,作者本人写了一个 Shadowsocks module 实现了 Shadowsocks,也许作者本人的想法并不是翻墙,所以该 module 从开始就是一个黑箱,且长时间没有支持 V2Ray 等新型协议,直至 2019 年和 2020 年才分别加入了对 V2Ray 与 Trojan 的支持。另外,Surge 于 2019 年起添加了对其自研闭源协议 Snell 的支持,并于2020年发布了该协议的 v2 版本。无心栽柳柳成荫,通过使用 Network Extension 建立 VPN 通道,Surge 可以接管 iOS 设备网络,实现全局代理,网络分流,并且 Surge 的稳定性非常好,68 的售价并没有挡住人们热情的购买力,网络上逐渐开始出现关于 Surge 的讨论,使用教程乃至付费共享。
234 |
235 | 无论站在当时还是现在的角度来看,Surge 的模式非常具有开创性:
236 |
237 | 1. 新生的 Surge 在 UI 设计与用户体验上,还是相对比较简陋的,但是作者同时引入了以文本 config 的形式对软件进行设置,摆脱用户界面的同时也赋予了用户比较高的自由度;
238 | 2. Surge 定位为网络调试工具,当它接管设备的网络之后,可以获取到设备的网络访问信息,通过单独设置设备对某网络信息的响应模式(主要包含了 proxy,direct,reject 3种核心模式),可以实现网络分流,阻止响应,阻止发送等功能,经由网友们的一番探索,最终实现了指定代理地址,屏蔽广告,解析视频地址等功能,堪称完美。
239 |
240 | 
241 |
242 | ##### 题外话
243 |
244 | Surge 固然好,但是其开发者 Yachen Liu 却着实是一个富有争议的人,整理的 Surge 时间线如下:
245 |
246 | - 2015年10月26日 Surge 以68元的售价上架 App Store;
247 |
248 | - 2015年11月29日 Yachen Liu 自称被喝茶;
249 |
250 | - 2015 年 12 月 4 日 ,Surge App Store **全区下架**,之后又以648元的高价短期上线,作者解释为方便已购买用户更新;
251 |
252 | - 2016 年 3 月,Surge iOS 2.0 版本发布,承诺 648 元**永不降价**,同时启用反盗版策略,180天内仅能激活十台设备;
253 |
254 | - 2016 年 8 月,Surge Mac 2.0 版本发布,iOS 版本价格调整为 328元,作者解释 648 元为 macOS 与 iOS 双版本价格,价格调整是售卖策略发生变化;
255 |
256 | - 2017年5月,Surge 限时8折;
257 |
258 | - 2018 年 1 月,iOS Surge 3 发布,根据老用户购买时间提供免费升级和优惠升级,同时提升反盗版策略,7天内仅能激活3台设备;
259 |
260 | - 2018年10月,作者发推表示
261 |
262 | > 计划给 Surge iOS 加一个新功能,可以选择将自己的授权与 iCloud 账号绑定,绑定后最多可激活 6 个设备,但是仅可以在自己的 iCloud 登录的设备上使用。
263 |
264 | 作者确实是网络技术大牛,截至目前,Surge 仍然是iOS端最优秀的 Shadowsocks 客户端,但是其营销策略极富争议性,喝茶事件至今无法证实,且之后全区下架客户端也毫无道理,之后长期上架 App Store 也不能很好的自圆其说,因此被称为喝茶营销 (仅作记录,不代表个人观点)。
265 |
266 | 作者对高价的解释是 Surge 是面向国际的网络调试设备,主要竞品是老牌应用 Charles,但是这几年的发展下来,调试功能这种核心并没有实质的长进,反盗版能力,UI设计倒是提升不少,口嫌体直般升级了 Shadowsocks 的最新版本, ~~ 却死活不肯添加 V2ray 等新协议,~~ 面向国际的软件,核心用户却是国内用户,可以说是相当的傲娇。
267 |
268 | 即使面临大量的争议,Surge 仍然是 iOS/macOS 领域内,最具有创新力的网络软件之一,良好的用户体验与创新的功能也为 Surge 带来了大量的拥簇。
269 | #### Shadowrocket --- 小火箭
270 |
271 | Surge 下架上架来回折腾的时候,不少开发者也看到了机遇,Shadowrocket 便是当时的 Surge 追随者,最初上架性能虽然不佳,但是 6 元的售价并且兼容 Surge 规则还是吸引了不少人下载,一时间风头无两,被称为小火箭。
272 |
273 | 最初小火箭比较简陋,随着快速的迭代更新,小火箭功能逐渐完善起来,稳定性也提高了不少,在摆脱 Surge 的同时,小火箭也开发出了不少让人眼前一亮的新功能。
274 |
275 | 与 Surge 不同,小火箭的初衷就是为了翻墙,所以作者直接就内置了各种翻墙协议,通过UI界面非常容易添加和修改,作者也针对国内的环境开发出了场景模式,按需求连接,服务器订阅等模式,同时作者在[Telegram](https://t.me/ShadowrocketApp)上创建了群组,用户之间的交流以及开发者的反馈速度很快。
276 |
277 | 
278 |
279 | 现在的小火箭可以说已经尽善尽美了,作者更新的频率大大降低,但是仅仅 \$2.99 元的售价显得非常的亲民。
280 |
281 | 2020 年 12 月 2 日,根据 Apple 所公布的 2020 年公布的应用下载数据,Shadowrocket 为 2020 年度付费应用下载量第 9 名,考虑到国区 App Store 已经下架了 Shadowrocket,而其目标用户又大多是国人,取得如此的成绩着实亮眼。
282 |
283 | #### Quantumult
284 | [Quantumult](https://itunes.apple.com/us/app/quantumult/id1252015438#?platform=iphone) 是新近崛起的一款代理软件,$4.99 的售价可以实现 Surge 的大部分功能,支持多种协议,相较于小火箭又多出了抓包功能,测试规则更方便,同时,Quantumult 扩展了规则中的屏蔽性能,使得屏蔽广告更有针对性。
285 |
286 | (2021/01)Quantumult 的更新已经陷入停滞,目前作者的主要精力均放置在 Quantumult X,相较于 Quantumult,功能更加强大以及多样,网络上也有更多的资源可以参考。
287 |
288 | 
289 |
290 | #### Loon
291 | TBD
292 |
293 | #### Others
294 |
295 | iOS上还有A.BIG.T,Potatso等VPN软件,16年,17年与小火箭战的难舍难分,无奈后劲不足,现在大概是明日黄花了。
296 |
297 |
298 | #### Android
299 |
300 | Android 平台因为其自由开放的特性,使得各类 VPN 应用均能找到对应的用户群,因此 Shadowsocks 客户端的发展最初比较缓慢,较为完善的基础客户端仅有 Shadowsocks,但是其仅提供了分流代理功能,并不能实现广告拦截等功能。随着时间的推移,越来越多的开发者参与到开源社区的建设中,也伴随着机场托管,订阅的发展,Android 也涌现出越来越多的优秀应用。只不过受限于个人精力,并没有对更多的应用保持关注。
301 |
302 | ##### Clash for Android
303 |
304 | Clash for Android 是 Android 平台上的一款开源 Clash 客户端,其界面简洁,美观,支持机场订阅,托管,经过多次的迭代之后,基础功能已经相当的完善,性能表现稳定,能够满足大多数人的日常使用。
305 |
306 | 项目地址:[GitHub](https://github.com/Kr328/ClashForAndroid)
307 |
308 | 下载地址:[GitHub](https://github.com/Kr328/ClashForAndroid/releases) | [Google Play](https://play.google.com/store/apps/details?id=com.github.kr328.clash)
309 |
310 | 
311 |
312 | ##### Postern (个人并不推荐)
313 |
314 | **2021 年 1 月更新:Android 上已经有不少的优秀应用了,考虑到 Postern 在 Google Play 上最近的一次更新是 2018 年 10 月 7 日,无论是功能,用户体验,稳定性,个人对该 APP 不做推荐,文章中仅作为记录。**
315 |
316 | Postern是在 Android 上最接近于 Surge 模式的软件,其可以兼容 Surge 规则,直接将 Surge 的配置文件导入即可使用,整体功能也算中规中矩,但是 Postern 的 UI 相对简陋,作者对此的解释是:
317 |
318 | > 很多Postern用户抱怨软件UI的问题,确实UI比较简陋。主要是Postern是从Linux下一堆C代码演化过来的,刚开始并没有任何UI只有命令行,开发者只求运行稳定快速。我也希望能强化UI,不过无奈主业实在太忙,最近更是几乎没有时间维护。仅就今后尽量改进吧。
319 |
320 | 截止目前(2019/03/12),Postern Android 版仍未支持混淆,SSR 之后兴起的新型加密格式也未获得支持,如果有相关的需求可以尝试,对于一般人来说也许 shadowsocks 更为合适些。Postern 可以在 Google Play Store 获取,同时 Postern 的 Github 中包含了[说明手册](https://github.com/postern-overwal/postern-stuff),从 Github 的文件来看,作者同时也放出了 Mac 版的安装包(个人并不推荐),在 iOS 美区也可以购买 iOS 版 (个人并不推荐)。
321 |
322 | 
323 |
324 | ##### 评论
325 | 根据 [Issue #7](https://github.com/KeiKinn/ShadowsocksBio/issues/7),@Mosney 根据自己的经验,提出了多个平台上的新兴 App 与应用,现做摘录如下:
326 | > Android:
327 | 之前在hockyapp上公测的Surfboard,现在也已经在play商店发布1.0版本,唯一的劣势可能就是配置文件独树一帜。
328 | Clash for Android也已经注册play商店超前体验,UI很漂亮,clash内核提供更广泛的兼容性。
329 | Android还有一些我没用过的客户端,ClashA等。
330 |
331 | > Windows:
332 | 目前个人感觉Clash for Windows日臻完善。
333 |
334 | >Others:
335 | 另外目前x86机器做路由实现网关透明代理似乎也越来越流行,其中大部分是用的现有的Shadowsocks+OpenWrt luci插件作为前端方案,还有少部分是用的clash+luci界面,据我所了解目前也有几个开发者在维护适用于OpenWrt的软件包或分支。
336 |
337 | #### 总结
338 |
339 | 总体来看,得益于 Surge 的开创性思路,iOS 端的代理软件一度诸侯林立,逐鹿中原,相关软件的讨论也是层出不穷,是一段相当甜美的蜜月期。随着政策的逐渐收紧,潮水退去,国区内基本上已经没有太多的选择,蛰伏至外区的软件们随着各类原因或离开或留下,如今天下大势已定,或许很难比较各自的用户数量,但几大软件已经有了稳定的核心用户群。整体而言,Shadowrocket 专注于翻墙需求,在基本的用户体验上已经做到了至善至美,对于大多数用户已经足够了,Quantumult X 拥有更加复杂的功能,翻墙仅仅是基础的需求,相对来说,它对技术群体更加友好,现在开发者更多资源都是放在了脚本的开发与优化上,事实上 Quantumult X 拥有更好的用户氛围,更多,更复杂的脚本功能,Surge 还在稳扎稳打走着自己的路,新入门的代理软件仍需在夹缝中找寻自己的位置。
340 |
341 | 喧闹过后,一片白茫茫大地。
342 |
343 | ## 后记
344 |
345 | 并未经历过墙垒砌的时间段,那段时间的我并不足以对世界产生认知,当高墙矗立,互联网缩小成了局域网,我慢慢才明白所有的一切都陷入了疯狂。得益于各个开发者孜孜不倦的努力与付出,像我这种普通人才真正接触到了互联网。
346 |
347 | 感叹于各个网站,各个博客之间的信息分散,内容相互交叉重叠,大多数人在实现目标后也就弃之而去,再加上这些年自己也尝试了不少的软件与上网方法,一点一点拼凑了这篇文章,并未有他想,只是希望作为一个小传留存下来,随着时间的推移,这篇文章迟早会成为历史的尘埃。
348 |
349 | 这篇文章洋洋洒洒写了很多,圄于个人知识,能力所限,难免有所遗漏与错误,还望大家海涵。
350 |
351 | ## 喝杯奶茶🍵
352 |
353 | 不知不觉得这个项目已经坚持了相当长的一段时间,能够将这段历史书写出来也是非常的开心呢~~
354 |
355 | 如果你认为这个项目对你有所帮助,欢迎大家打赏一下以资鼓励。
356 |
357 | 
--------------------------------------------------------------------------------
/readme_en.md:
--------------------------------------------------------------------------------
1 | ## Preface
2 | The China National Firewall (unofficially), is a collection of software and hardware systems that manage inbound and outbound network traffic in China. It is known among Chinese internet users as the "Great Firewall" (GFW). Due to the GFW, access to foreign websites such as Google, Twitter, and Facebook is restricted within mainland China, as the GFW can selectively block foreign websites, effectively dividing the internet into two separate systems - a domestic internet and an international internet. In most cases, "the Wall" refers to the GFW.
3 |
4 | There are many ways to bypass the GFW. Here is a brief overview of some classic and new methods:
5 |
6 | ### Classic methods
7 | - Modify the computer's host file: By manually specifying the IP addresses of relevant websites, this method can bypass DNS and achieve the goal of climbing over the wall. Although it is the simplest and most direct method, it still exists, and there are software projects that regularly update the host list.
8 | - Forcefully specify the system DNS: One of the main attack methods of the GFW is DNS pollution, so forcing the system DNS is a way to avoid returning invalid IP addresses. This method is often used in conjunction with Method 1.
9 | - VPN: Originally used as an anonymous, secure, and confidential VPN service, it has been discovered to have the potential for climbing over the wall. The principle is relatively simple: select a server that has not been blocked by the GFW and use it to forward the traffic of relevant websites to your device. The communication between the device and the VPN server is not within the range of the GFW's blocking, thus achieving the goal of climbing over the wall. VPN was originally designed for enterprise services, allowing employees to remotely log in to the company's intranet for operations. The main protocols include PPTP, L2TP, IPsec, IKEv2, and OpenVPN, among others.
10 | - A series of network services such as GoAgent, FreeGate, and fqrouter.
11 | ### New methods
12 | -Shadowsocks-like: This mainly includes various versions of Shadowsocks derivatives, such as ShadowsocksR and Shadowsocks-libev. The feature of this method is that it encrypts the data during communication and routes the traffic.
13 | - Intranet penetration: A typical example is ZeroTier, which establishes a relay management server. Clients that join the server are equivalent to being in the same LAN. Not only can they climb over the wall, but they can also achieve multi-device linkage within the virtual intranet. ZeroTier has a public server called Earth, and users can also build their own ZeroTier relay servers, called Moon by the official.
14 | - V2Ray: V2Ray is a tool under Project V. Project V is a project that includes a series of tools to build specific network environments. V2Ray is the core of the project. The official introduction of Project V provides a single kernel and multiple interfaces. The kernel (V2Ray) is used for actual network interaction, routing, and handling of network data, while the peripheral user interface program provides a convenient and direct operation process. However, in terms of time, V2Ray came before Project V. Today, the developer of V2Ray has gone missing, and the development and maintenance work of V2Ray has basically stalled.
15 | - Great Weapon: It's a strange name, seemingly developed by an interesting person. I have not paid attention to it personally.
16 |
17 | ## Shadowsocks
18 | ## A brief history
19 | On April 22, 2012, a user named "clowwindy" on V2EX shared a tool that he had been using for over a year to bypass Internet censorship, called **Shadowsocks**.
20 |
21 | 
22 |
23 | In essence, Shadowsocks is an encryption protocol that obscures the destination address and content of network data, making it difficult for the Great Firewall (GFW) to detect and block unwanted traffic. Unlike traditional VPN technology that routes all traffic through a VPN server, Shadowsocks uses a configuration file (PAC) to implement network routing, allowing users to specify which websites to proxy and which ones to access directly. This greatly improves browsing performance and allows users to access blocked content without relying on the VPN server's location.
24 |
25 | Shadowsocks quickly gained popularity among developers and users due to its flexibility and ease of use. It inspired the creation of various implementations in different programming languages and clients on major platforms. People were passionate and enthusiastic about contributing their expertise and ideas to the development of Shadowsocks.
26 |
27 | At the time, traditional VPN services were able to cope with the immature GFW, while Shadowsocks was still a fragile and thriving young bud, quietly absorbing nutrients and waiting for the right time to bloom.
28 |
29 | The initial Shadowsocks clients came with built-in node information, and some people shared their own nodes online. Although the speed was slightly slow and the stability was not good, they were still a good option for ordinary users who didn't need to configure anything extra. For those with the demand and technical expertise, they could set up their own Shadowsocks servers on their own servers. The only regret was that iOS at the time did not have network access permissions. Users either had to use the limited Shadowsocks browser for bypassing restrictions, or jailbreak their devices to install the Shadowsocks client and take over the network to enable Shadowsocks proxy.
30 |
31 |
32 |
33 | ## Winter is coming
34 |
35 | **On August 20, 2015**, Clowwindy posted the several sentences on GitHub:
36 |
37 | >Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.
38 | >
39 | >I hope one day I’ll live in a country where I have freedom to write any code I like without fearing.
40 | >
41 | >I believe you guys will make great stuff with Network Extensions.
42 | >
43 | >Cheers!
44 |
45 | That night, Clowwindy closed all the Issues panels in several Shadowsocks code repositories he maintained, deleted all help information, and changed all descriptions to "Something happened". At the same time, he also cleared the membership of these repositories/organizations, or transferred all members to private status, not publicly visible.
46 |
47 | There was an air of unusualness.
48 |
49 | **On August 21, 2015**, news began to spread online that Clowwindy had been invited for tea (a euphemism for being interrogated by authorities). Later, Clowwindy replied to issue #305 of Shadowsocks-Windows, saying:
50 |
51 | > I was invited for some tea yesterday. I won’t be able to continue developing this project.
52 |
53 | At the same time, he enabled Twitter's privacy protection feature, which prevented anyone who wasn't already following him from viewing his tweets.
54 |
55 | That night, Clowwindy posted a tweet with the word "thanks" to indicate that he was safe and sound.
56 |
57 | 
58 |
59 | ### Some words followed
60 |
61 | Clowwindy's experience did not completely extinguish the passion of all developers, so the subsequent development and maintenance work did not stop. A lot of things happened during this uncertain period, which can be quite confusing. We won't go into the details of the causes and consequences here.
62 |
63 | The author of ShadowsocksR, Breakwa11, is a highly controversial figure. She took over the development work of Shadowsocks after Clowwindy's departure, but violated the open-source agreement by closing the source code. She also implied in her release that she was the original author. Clowwindy made some responses to this in issue #108 of shadowsocks-windows (https://github.com/shadowsocks/shadowsocks-windows/issues/293#issuecomment-132253168):
64 |
65 | >那是自然的咯。这边加了什么功能,它(SSR)马上扒过去合并了。它那边加了什么却不会贡献出来给其他人用,久而久之,不就是它那边功能更多了吗。
66 | >
67 | >That's natural. If we added a new feature here, then SSR would quickly copy it and merge it into their own code. But if they added a feature on their side, they wouldn't contribute it back to the community for others to use. Over time, this would mean that their version would have more features.
68 |
69 | >一直以来我什么都没说是因为我对他还有点希望,所以得给他一点面子不是。一开始我还只是纳闷他为什么不发 pull request,过了一段时间我才明白,这个世界上也有这一类的人。不尊重 GPL 就算了,把作者名字换成自己的,还在主页上加上官方的字样。为什么我们这边反而不说官方呢?因为我希望这个项目是没有官方的,人人都是贡献者。想不到这个社会人人都围着官转,人人都巴不得当官 。
70 | >
71 | >I haven't said anything all along because I still had some hope for him, so I wanted to preserve basic respect and decency for him/her. At first, I just wondered why he/she didn't submit a pull request, but after a while, I realized that there are people like that in this world. Not only did he/she not respect the GPL, he/she also changed the author's name to his own and added the word "official" to his homepage. Why don't we use the word "official" on our side? Because I hope this project have no such called official things, and everyone could be a contributor. I didn't expect that in this society, everyone revolves around officialdom, and everyone wants to be an official deadly.
72 |
73 | >既然他没有尊重别人劳动成果的意愿,那他那些不开源的理由想必也只是借口。说因为加了一些试验性功能会不兼容所以暂不开源。他弄了一个混淆 TCP 协议头功能,在界面上标注提升安全性,吸引用户打开,然后安装他自己的不兼容服务端。然而我分析了一下之后发现这个功能的设计就是想当然,用得多了以后反而会增加特征。如果你真有什么试验性功能,不是更应该开放出来让所有人帮你分析么,大家一起讨论么?在加密算法领域,只有经过足够多人和机构的审视的算法,才能视作是安全的,闭门造出来的怎么能用。。
74 | >
75 | >Since he/she has no intention of respecting the labor achievements of others, his/her reasons for not open sourcing are probably just excuses. He/She said that because he/she added some experimental functions that may be incompatible, he/she will not open source them for the time being. He/She made a function of obfuscating the TCP protocol header, marked it as improving security on the interface, and attracted users to turn it on, and then installed his own incompatible server. However, after analyzing it, I found that the design of this function was based on assumptions, and it would actually increase features after being used more. If you really have any experimental features, shouldn't you open them up for everyone to analyze and discuss together? In the field of encryption algorithms, only algorithms that have been scrutinized by enough people and institutions can be considered secure, and how can those developed behind closed doors be used?
76 |
77 | >当然啦,大部分用户才不会管这些,他们不会分析你是不是真的安全,也不会做道德判断,只要他们觉得好用就行。所以可以看到,这种环境下开源其实并没有什么优势,只不过为一些人抄袭提供了便利。这种环境下最后留下来的都是这些人。
78 | >
79 | >Of course, most users don't care about these things. They won't analyze whether you are truly secure, nor make moral judgments. They just want something that works well. So you can see that in this environment, open source doesn't really have any advantages, it just makes it easier for some people to copy. In this environment, the only ones left in the end are those people.
80 |
81 | >我一直想象的那种大家一起来维护一个项目的景象始终没有出现,也没有出现的迹象。维护这个项目的过程中,遇到 @chenshaoju 这样主动分享的同学并不多。很多来汇报问题的人是以一种小白求大大解决问题,解决完就走人的方式来的,然而既不愿提供足够的信息,也不愿写一些自己尝试的过程供后人参考。互帮互助的气氛就是搞不起来。对比下国外的社区差好远。
82 | >
83 | >I have always imagined the scene where everyone comes together to maintain a project, but it has never appeared, nor is there any sign of it. In the process of maintaining this project, there are not many pals like @chenshaoju who actively share. Many people who come to report problems come in a way of seeking help from experts as a novice, and they leave after the problem is solved. However, they are unwilling to provide sufficient information or write down the process they tried for later reference. The atmosphere of mutual assistance just cannot be created. Compared to foreign communities, ours is still far behind.
84 |
85 |
86 |
87 | >最适合这个民族的其实是一群小白围着大大转,大大通过小白的夸奖获得自我满足,然后小白的吃喝拉撒都包给大大解决的模式。通过这个项目我感觉我已经彻底认识到这个民族的前面为什么会有一堵墙了。没有墙哪来的大大。所以到处都是什么附件回帖可见,等级多少用户组可见,一个论坛一个大大供小白跪舔,不需要政府造墙,网民也会自发造墙。这尼玛连做个翻墙软件都要造墙,真是令人叹为观止。这是一个造了几千年墙的保守的农耕民族,缺乏对别人的基本尊重,不愿意分享,喜欢遮遮掩掩,喜欢小圈子抱团,大概这些传统是改不掉了吧。
88 | >
89 | >The most suitable for this nation is actually a group of novices surrounding an expert, and the expert gains self-satisfaction through the praises of the novices, while the novices rely on the expert to solve all their problems, including their basic daily needs. Through this project, I feel like I have thoroughly understood why there is a wall in front of this nation. Without the wall, there would be no such expert. So everywhere you go, you see things like "attachments visible after replying" and "user groups with certain levels can view", a forum with an expert for novices to worship. They even fxxking build a wall for developing a proxy software. It is truly astonishing. This is a conservative agricultural nation that has built walls for thousands of years, lacking basic respect for others, unwilling to share, and preferring to cover up and form small circles. Perhaps these traditions cannot be changed.
90 |
91 | >现在维护这些项目已经越来越让我感到无趣。我还是努力工作,好好养家,早日肉翻吧。
92 | >
93 | >Now maintaining these projects has become more and more boring for me. It is much better for me to work hard, support my family well, and get out of here as soon as possible. ( “get out of here” is a slang term that means “to leave one’s country by physical means”)
94 |
95 | ## The Sudden Death of SSR
96 |
97 | Controversy has always existed, but this has not stopped the progress of SSR. More and more people are turning to SSR, and SS is gradually falling behind, but there is also a group of supporters. Beneath the calm surface, there are turbulent undercurrents, and the moment of eruption has already passed. Whether the encounter of developer breakwa11 is true or false, it is equally chilling.
98 |
99 | On July 19, 2017, breakwa11 forwarded the Shadowsocks protocol detection results in Shenzhen on the Telegram channel "ShadowsocksR news", which was forwarded by a large number of users and caused panic.
100 |
101 | On July 27, 2017, breakwa11 was attacked by an unidentified person claiming to be "ESU.TV". They claimed that if he did not stop developing and prevent users from discussing this event, more personal privacy information would be released. Later, breakwa11 stated that he was the target of doxing, and the personal information that they made public was completely irrelevant to him. It was just information he randomly filled out at the time. To prevent they from continuing to harm unrelated people, breakwa11 decided to delete all the code on GitHub, dissolve the relevant communication groups, and stop the ShadowsocksR project. He posted the following message on Telegram:
102 |
103 | > This doxing incident has made me seriously doubt whether it is right for me to do SSR. First of all, regardless of whether the information is correct or not, from the behavior point of view, someone wants me to die, wants this project to die, and hates someone to such an extent. I know that I am very pretentious, so I have offended many people, especially recently I publicly raised the issue that Shadowsocks can be detected, which has made many people indignant and determined to get rid of me. Although from my perspective, I just hope to raise attention and promote modifications on the Shadowsocks side. This does not mean that I want Shadowsocks to die. Haven't all the issues I raised been improved, including OTA and AEAD? I also participated in the design of AEAD, you can ask Syrone Wong, and NoisyFox can confirm it. Moreover, I also participated in the modification of a part of Shadowsocks-windows. However, now that I have looked at the doxing information, it is really chilling. They even pulled out the other party's Alipay transaction records. Is this really okay? I do not want to harm another person because of my own problems. I hope to make a deal with those who oppose me. I can stop developing SSR in exchange for deleting the project and related things and never appearing again. The SSR group will be dissolved, the account will be cancelled, and the code will be deleted. For me, this project is just something I use to prove my own ideas. It is dispensable, and the production is just for interest. There is nothing to regret about throwing it away. There are so many substitutes, and I am not necessary. You always say that I am attracting fans. You really think too much. There is no need for this. If this can exchange for another person to be free from online violence, I also think it is worth it. On the contrary, if the result of doxing is still made public, then my behavior cannot save it. Then I can continue to develop SSR. But it won't be too long, probably no more than a year before I graduate. Thank you for your support over the past two years. Tonight at 12 o'clock, with the dissolution of the SSR group as a sign, if it dissolves, then I will officially say goodbye to everyone.
104 |
105 | At 12 o'clock that night, breakwa11 disbanded the Telegram group.
106 |
107 | Thus, the author of SSR withdrew.
108 |
109 | ## Inheritance
110 |
111 | The encounter and subsequent exit of clowwindy and breakwa11 actually implies the growth of the GFW. It is not just a technological game, but its concept is beginning to expand into broader fields. Technology always has loopholes that can be continuously filled, but it is difficult to fix the developer's own loopholes. It not only needs to solve problems but also needs to solve the root cause of the problem.
112 |
113 | Thanks to clowwindy's decision to open source Shadowsocks, a large number of forks have kept Shadowsocks up-to-date. According to the current results on GitHub, Shadowsocks on various platforms (even routers) is still constantly being updated, with major feature updates and new issues being submitted. Every drop of small power is pushing the project forward, but its future is still unknown.
114 |
115 | The surging tide will recede, but the next time, the next time, it will still gather strength and surge forward, which is the beautiful expectation I hold. However, since 2018, the development of various protocols has actually entered a bottleneck, and it seems to have reached a certain balance in the game with GFW. The whole community can feel that it is no longer focusing on core encryption and feature hiding. More developers are putting their thoughts on airport services (that will provide different VPN severs at the same time). In a sense, the power that Shadowsocks has aroused in the technical field has entered a period of dormancy, which is equivalent to taking the blue pill.
116 |
117 | ## The plot thickens
118 |
119 | ### Tightened Control
120 |
121 | At the end of July 2017, several VPN-related applications on the China App Store were suddenly removed without any explanation or notification. Users who had already purchased these applications were unable to download them from their purchased items, indicating that Apple's removal directly blocked all channels for downloading from the China App Store. Apple's response was:
122 |
123 | > We have received a request to remove some non-compliant VPN apps in China. These apps are not affected in other markets.
124 |
125 | The so-called regulations referred to in the response were the "Notice on Cleaning up and Standardizing the Internet Network Access Service Market" issued by the Ministry of Industry and Information Technology in January 2017, which clearly stated:
126 |
127 | > The standard applies to enterprises or individuals who have not obtained the qualifications for international communication business, rent international dedicated lines or VPNs, and conduct cross-border telecommunications business activities without the approval of the telecommunications regulatory authority. For foreign trade enterprises and multinational enterprises that need to connect to the Internet across borders for office use, they can rent from telecommunications service operators that have set up international communication entry and exit offices in accordance with the law. The relevant provisions of the "Notice" will not have any impact on their normal operation.
128 |
129 | Affected by this, many users could only contact the developers, and many developers could only distribute updates to users through TestFlight. However, because apps distributed through TestFlight expire after 90 days, once the developer stops updating, users will no longer be able to use the software. This risk has also led many users to register for an Apple ID in another region and repurchase the application. Since filing is required by the Ministry of Industry and Information Technology, and individuals do not have the qualifications for filing, it basically means that the removed applications cannot be reinstated. This incident has also received widespread attention and criticism from the international community, and the only consolation is that Apple's removal of the software has forced the government to introduce corresponding clear rules.
130 |
131 | In October 2017, with the opening of the 19th National Congress, a large number of routes were blocked, especially SSR. Major airports and Telegram groups were all lamenting. Fortunately, many IPs were unblocked after the congress closed, but the specific ratio is unclear.
132 |
133 | During the January 2018 and subsequent "Two Sessions" periods, a larger-scale IP blocking was implemented, covering a wider range and involving various algorithms for circumventing the Great Firewall. Some users reported on Shadowsocks' Issues that their freshly set up server was blocked within just a few minutes.
134 |
135 | On September 30, 2018, the Ministry of Public Security issued a [Regulation on Internet Security Supervision and Inspection by Public Security Organs]((http://www.mps.gov.cn/n2254314/n2254409/n4904353/c6263180/content.html)), which was passed at the Ministerial Office Meeting of the Ministry of Public Security on September 5, 2018, and will be implemented from November 1, 2018.
--------------------------------------------------------------------------------
/server_instruction/instruction.md:
--------------------------------------------------------------------------------
1 | # 个人搭建指南
2 |
3 | **这篇文章写就于3年前,许多的技术已经发生了改变,因此请谨慎使用该教程**
4 |
5 | ## 服务器选择
6 |
7 | 一般来说,VPS 的虚拟化技术主流为 OpenVZ 与 KVM 架构,从各种资源以及 Shadowsocks 服务支持上,建议选择 KVM 架构的机器,以下所有的说明都是基于搬瓦工 KVM 建构的机器。
8 |
9 | ## 服务器系统
10 |
11 | 服务器建议安装带有BBR技术的Linux系统,TCP BBR 拥塞控制算法由 Google 开发,并提交到了 Linux 内核,从 4.9 开始,Linux 内核已经用上了该算法。根据以往的传统,Google 总是先在自家的生产环境上线运用后,才会将代码开源,此次也不例外。根据实地测试,在部署了最新版内核并开启了 TCP BBR 的机器上,网速甚至可以提升好几个数量级。
12 |
13 | 搬瓦工的机器可以在控制面板 ---> install new os ---> centos-7-x86_64-bbr,快速更换系统,注意备份服务器上的数据。
14 |
15 | 
16 |
17 | ## Shadowsocks-libev
18 |
19 | 随着技术发展,Shadowsocks与墙之间的交锋也是一次比一次激烈,据传说,即使是Shadowsocks的256位加密,运营商可以做到解密,监视Shadowsocks使用者的上网流量,真实性未知,但小心点总不会错。
20 |
21 | 目前有4个衍生版本的Shadowsocks:
22 |
23 | 1. Shadowsocks-go: 二进制编译, 轻量, 快速
24 | 2. Shadowsocks-python: 无功无过,也是最原始的版本,近年来更新速度略慢
25 | 3. Shadowsocks-libev: 一直处于更新之中,最大的特点是支持obfs混淆
26 | 4. ShadowsocksR: 从作者到产品都极负争议性, obfs混淆模式开创者, 但是前一段时间SSR服务器普遍遭到GFW的封杀.
27 |
28 | 现阶段为了能在安全与速度之间取得平衡,我个人更加推荐使用 Shadowsocks-libev + obfs混淆。
29 |
30 | #### obfs 混淆
31 |
32 | obfs 混淆最大的作用是对 Shadowsocks 流量进行伪装, 在不添加obfs的情况下, 运营商服务器通过的流量为未知的加密流量, 据说 GFW 已经有一定的包检测的能力, 仅仅加密流量具有一定的风险, 添加 obfs http 模式之后, 通过运营商的流量会被识别为设定好的网址的流量, 假设你设定的是 bing, 那么你的 Shadowsocks 流量会被判别为你当前正在访问 bing, 减少了被封杀的可能性,**tls模式安全性高于http模式**。
33 |
34 | 之前流量不是无限的时代, 因为只有运营商的 APP 可以无限使用流量, 比如什么天翼视讯, 利用 obfs 混淆, 可以将你的手机流量伪装为天翼视讯的流量, 从而达到无限使用使用流量, 这种操作太骚, 实测可以成功, 不过还是低调的好.
35 |
36 | ### Shadowsocks-libev 安装与配置
37 |
38 | 请注意,随着时间流逝,以下教程必然会过时,因此仅作为个人服务器搭建的参考。
39 |
40 | 安装图省心推荐秋水逸冰的[一键安装脚本](https://teddysun.com/357.html)
41 |
42 | **请注意,秋水逸冰已经宣布放弃继续维护该脚本,因此该脚本可能随时会失效**
43 |
44 | 1. 使用 root 用户 SSH 登录
45 |
46 | ```shell
47 | wget --no-check-certificate -O shadowsocks-all.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
48 | chmod +x shadowsocks-all.sh
49 | ./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
50 | ```
51 |
52 | 2. 跟随提示选择相对应的模式即可
53 |
54 | 1. 加密方式推荐 **chacha20-itef-poly1305**,
55 | 2. 端口可以尽量设置高一点,避免443, 1080等常用端口,
56 | 3. **安装 simple-obfs , 选择 http 模式**
57 |
58 | 安装成功后会有如下提示:
59 |
60 | ```shell
61 | Congratulations, your_shadowsocks_version install completed!
62 | Your Server IP :your_server_ip
63 | Your Server Port :your_server_port
64 | Your Password :your_password
65 | Your Encryption Method:your_encryption_method
66 |
67 | Your QR Code: (For Shadowsocks Windows, OSX, Android and iOS clients)
68 | ss://your_encryption_method:your_password@your_server_ip:your_server_port
69 | Your QR Code has been saved as a PNG file path:
70 | your_path.png
71 |
72 | Welcome to visit:https://teddysun.com/486.html
73 | Enjoy it!
74 | ```
75 |
76 | 
77 |
78 | 3. 卸载
79 |
80 | 使用root用户登录
81 |
82 | ```shell
83 | ./shadowsocks-all.sh uninstall
84 | ```
85 |
86 | 4. 常用命令
87 |
88 | ```shell
89 | 启动:/etc/init.d/shadowsocks-libev start
90 | 停止:/etc/init.d/shadowsocks-libev stop
91 | 重启:/etc/init.d/shadowsocks-libev restart
92 | 查看状态:/etc/init.d/shadowsocks-libev status
93 | ```
94 |
95 | 5. 配置文件地址
96 | ```shell
97 | //etc/shadowsocks-libev/config.json
98 | ```
99 | ## Shadowsocks客户端
100 |
101 | Shadowsocks 客户端已经全平台覆盖了, Github 上有专门的开源客户端项目.
102 |
103 | ### Windows
104 |
105 | #### 下载地址
106 |
107 | - [Win Shadowsocks客户端下载地址](https://github.com/shadowsocks/shadowsocks-windows/releases)
108 | - [Shadowsocks obfs-local插件下载地址](https://github.com/shadowsocks/simple-obfs/releases)
109 |
110 | #### 本地配置
111 |
112 | 服务器端已将安装了 obfs, 本地端直接下载obfs-local插件, 解压后**将插件 obfs-local 与Shdowsocks.exe 同一路径下**即可.
113 |
114 | 
115 |
116 | obfs可以直接在Shadowsocks的服务器编辑页面修改参数
117 |
118 | 
119 |
120 | 插件选项为 **obfs=http;obfs-host=www.bing.com**, 实际上可以将 www.bing.com 更换为任意的一个网址, 只要不是被GFW封杀的就可以, 推荐像腾讯视频, 优酷, bing这种流量较大的网站, ~~如果填写是Google或者YouTube, 活着不好么......~~
121 |
122 |
123 |
124 | ### macOS
125 |
126 | ~~macOS上的Shadowsocks客户端目前似乎还是不支持obfs混淆.~~
127 | 2018/10/06更新
128 | #### Shadowsocks-NG
129 |
130 | GitHub上存在好几种Mac客户端,使用最广的是Shadowsocks-NG,目前的版本中已经支持obfs混淆,并且已经直接集成于客户端之中,无需额外下载,按照windows的设置填写参数即可。
131 | 
132 |
133 | - [Shadowsocks-NG 下载地址](https://github.com/shadowsocks/ShadowsocksX-NG/releases)
134 |
135 | #### ClashX
136 |
137 | 最近出现了一个新的类Surge软件,ClashX,目前还在快速迭代期之中,兼容 Surge 的 config 文件,基本上对其稍作修改便可以导入 ClashX 中使用。可以去官方[ Telegram 群](t.me/clash_discuss)参与讨论
138 |
139 | 类Surge软件的核心都在于config文件,在Shadowsocks网络分流的基础上,对不同的流量产生不同的行为,可以实现指定网址代理,广告屏蔽等效果,自由度更高。
140 |
141 | 
142 |
143 | - [ClashX 下载地址](https://github.com/yichengchen/clashX/releases)
144 |
145 | #### Surge
146 |
147 | 支持obfs混淆,在3.0版本中加入了全新的rule-set模式,config的管理从本地可以完全移至云端,不同的rule-set对应不同的应用规则,更容易管理,~~只可惜没钱截图😂~~
148 |
149 | 
150 |
151 | ### iOS
152 |
153 | iOS上推荐的客户端为 Shadowrocket 与 Surge, 首推 Shadowrocket, 因为便宜够用, 唯一遗憾的是国区下架了, 只能用非国区的 Apple ID 购买与下载, Surge3 目前可以在国区下载, 虽然 Surge 是配置文件类开创者, UI 更好看, 功能更强大,颇高的上手难度与 328 的价格会吓退不少人,但一句话,Surge 贵在稳定。
154 |
155 | 两款客户端均支持 obfs, Surge 2 与 Surge 3 均支持 tls 与 http 两种模式; shadowrocket 支持 http 与 tls 两种模式
156 |
157 | 2018年10月8日更新:Quantumult 最近热度也上来了,在小火箭与 Quantumult 任选其一既可。
158 |
159 | #### Surge
160 |
161 | Surge 在编辑服务器的 Advance 设置中可以配置混淆
162 |
163 | 
164 |
165 | #### Shadowrocket
166 |
167 | shadowrocket在服务器的编辑页面中即可设置混淆
168 |
169 | 
170 |
171 | ### Android
172 |
173 | #### Shadowsocks
174 |
175 | 推荐在Google Play上下载Shadowsocks app, 同时下载obfs插件, 开发者均为 Max Lv.
176 |
177 | 也可以前往 [Shadowsocks-Android](https://github.com/shadowsocks/shadowsocks-android/releases) 的 GitHub 仓库下载。
178 |
179 | 
180 |
181 | #### Postern
182 |
183 | Postern 目前尚不支持混淆模式。
184 |
--------------------------------------------------------------------------------