├── .github ├── modified-ci-build.sh └── workflows │ ├── build_module.yml │ └── test-build-module.yml ├── CHANGELOG.md ├── DISCLAIMER ├── LICENSE ├── README.md ├── icon.png ├── module ├── META-INF │ └── com │ │ └── google │ │ └── android │ │ ├── update-binary │ │ └── updater-script ├── action.sh ├── config │ ├── current-strategy │ ├── dnscrypt-cloaking-rules-update │ ├── dnscrypt-enable │ └── update-on-start ├── customize.sh ├── dnscrypt │ ├── blocked-ips.txt │ ├── blocked-names.txt │ ├── cloaking-rules.txt │ ├── custom-cloaking-rules.sh │ ├── custom-cloaking-rules.txt │ ├── dnscrypt-proxy.toml │ ├── dnscrypt.sh │ └── make-unkillable.sh ├── fake │ ├── quic_for_tls_clienthello_18.bin │ ├── quic_initial_www_google_com.bin │ ├── tls_clienthello_18.bin │ └── tls_clienthello_www_google_com.bin ├── ipset │ ├── custom.txt │ ├── exclude.txt │ ├── ipset-v4.txt │ └── ipset-v6.txt ├── list │ ├── custom.txt │ ├── default.txt │ ├── exclude.txt │ ├── google.txt │ └── reestr.txt ├── service.sh ├── strategy │ ├── flowseal-alt6-old.sh │ └── z-o-doublehttps.sh ├── system │ ├── app │ │ └── VpnHotspot.apk │ └── bin │ │ └── zapret ├── uninstall.sh ├── update.sh ├── webroot │ ├── fumo.mp3 │ ├── fumo.png │ └── index.html ├── zapret-main.sh └── zapret │ ├── make-unkillable.sh │ ├── nfqws.sh │ └── zapret.sh └── update.json /.github/modified-ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PACKAGE_VERSION="$1" 4 | 5 | NDK_VER=r20 6 | curl -LOs https://dl.google.com/android/repository/android-ndk-${NDK_VER}-linux-x86_64.zip 7 | unzip -q android-ndk-${NDK_VER}-linux-x86_64.zip -d ${HOME} 8 | rm android-ndk-${NDK_VER}-linux-x86_64.zip 9 | NDK_TOOLS=${HOME}/android-ndk-${NDK_VER} 10 | export PATH=${PATH}:${NDK_TOOLS}/toolchains/llvm/prebuilt/linux-x86_64/bin 11 | 12 | build_android() { 13 | ARCH=$1 14 | CC=$2 15 | CXX=$3 16 | GOARCH=$4 17 | 18 | go clean 19 | env CC=${CC} CXX=${CXX} CGO_ENABLED=1 GOOS=android GOARCH=${GOARCH} go build -mod vendor -ldflags="-s -w" 20 | mv dnscrypt-proxy dnscrypt-proxy-${ARCH} 21 | } 22 | 23 | build_android "arm" "armv7a-linux-androideabi19-clang" "armv7a-linux-androideabi19-clang++" "arm" 24 | build_android "arm64" "aarch64-linux-android21-clang" "aarch64-linux-android21-clang++" "arm64" 25 | build_android "i386" "i686-linux-android19-clang" "i686-linux-android19-clang++" "386" 26 | build_android "x86_64" "x86_64-linux-android21-clang" "x86_64-linux-android21-clang++" "amd64" 27 | 28 | rm -rf ${NDK_TOOLS} 29 | -------------------------------------------------------------------------------- /.github/workflows/build_module.yml: -------------------------------------------------------------------------------- 1 | name: Build Zapret Pocket 2 | run-name: ${{ startsWith(github.ref, 'refs/tags/') && format('Release {0}', github.ref_name) || null }} 3 | 4 | on: 5 | workflow_dispatch: 6 | push: 7 | tags: 8 | - '[0-9]+*' 9 | 10 | jobs: 11 | build-zapret: 12 | name: zapret for Android ${{ matrix.abi }} 13 | runs-on: ubuntu-latest 14 | strategy: 15 | matrix: 16 | include: 17 | - abi: armeabi-v7a 18 | target: armv7a-linux-androideabi 19 | - abi: arm64-v8a 20 | target: aarch64-linux-android 21 | - abi: x86 22 | target: i686-linux-android 23 | - abi: x86_64 24 | target: x86_64-linux-android 25 | 26 | steps: 27 | - name: Checkout 28 | uses: actions/checkout@v4 29 | with: 30 | repository: bol-van/zapret 31 | path: zapret 32 | 33 | - name: Build 34 | env: 35 | ABI: ${{ matrix.abi }} 36 | TARGET: ${{ matrix.target }} 37 | run: | 38 | DEPS_DIR=$GITHUB_WORKSPACE/deps 39 | export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64 40 | export API=21 41 | export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API" 42 | export AR=$TOOLCHAIN/bin/llvm-ar 43 | export AS=$CC 44 | export LD=$TOOLCHAIN/bin/ld 45 | export RANLIB=$TOOLCHAIN/bin/llvm-ranlib 46 | export STRIP=$TOOLCHAIN/bin/llvm-strip 47 | export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig 48 | 49 | curl -sSL https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj 50 | curl -sSL https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj 51 | curl -sSL https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj 52 | curl -sSL https://raw.githubusercontent.com/bol-van/zapret/master/.github/workflows/libnetfilter_queue-android.patch | patch -p1 -d libnetfilter_queue-1.0.5 53 | 54 | for i in libmnl libnfnetlink libnetfilter_queue; do 55 | ( 56 | cd $i-* 57 | 58 | CFLAGS="-Os -flto=auto -Wno-implicit-function-declaration" \ 59 | ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking 60 | 61 | make install -j$(nproc) DESTDIR=$DEPS_DIR 62 | ) 63 | sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc 64 | done 65 | 66 | CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -I$DEPS_DIR/include" \ 67 | LDFLAGS="-L$DEPS_DIR/lib" \ 68 | make -C zapret android -j$(nproc) 69 | 70 | - name: Upload Artifacts 71 | uses: actions/upload-artifact@v4 72 | with: 73 | name: nfqws-${{ matrix.abi }} 74 | path: zapret/binaries/my/nfqws 75 | if-no-files-found: error 76 | 77 | build-dnscrypt: 78 | name: dnscrypt-proxy for Android (All) 79 | runs-on: ubuntu-latest 80 | steps: 81 | - name: Checkout 82 | uses: actions/checkout@v4 83 | with: 84 | repository: DNSCrypt/dnscrypt-proxy 85 | path: dnscrypt-proxy 86 | 87 | - name: Set up Go 88 | uses: actions/setup-go@v5 89 | with: 90 | go-version: 1 91 | check-latest: true 92 | id: go 93 | 94 | - name: Build All 95 | run: | 96 | cd dnscrypt-proxy/dnscrypt-proxy 97 | curl -sSL "https://raw.githubusercontent.com/${{ github.repository }}/refs/heads/main/.github/modified-ci-build.sh" | bash 98 | mkdir binaries 99 | mv dnscrypt-proxy-* binaries/ 100 | 101 | - name: Upload Artifacts 102 | uses: actions/upload-artifact@v4 103 | with: 104 | name: dnscrypt-proxy 105 | path: dnscrypt-proxy/dnscrypt-proxy/binaries/* 106 | 107 | build-curl: 108 | name: curl for Android ${{ matrix.abi }} 109 | runs-on: ubuntu-latest 110 | strategy: 111 | matrix: 112 | include: 113 | - abi: armeabi-v7a 114 | target: armv7a-linux-androideabi 115 | openssl: android-arm 116 | - abi: arm64-v8a 117 | target: aarch64-linux-android 118 | openssl: android-arm64 119 | - abi: x86 120 | target: i686-linux-android 121 | openssl: android-x86 122 | - abi: x86_64 123 | target: x86_64-linux-android 124 | openssl: android-x86_64 125 | steps: 126 | - name: Build 127 | env: 128 | TARGET: ${{ matrix.target }} 129 | OPENSSL_TARGET: ${{ matrix.openssl }} 130 | ABI: ${{ matrix.abi }} 131 | run: | 132 | export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64 133 | export API=21 134 | export PATH=$TOOLCHAIN/bin:$PATH 135 | export CC=${TARGET}${API}-clang 136 | export CXX=${TARGET}${API}-clang++ 137 | export AR=llvm-ar 138 | export AS=$CC 139 | export LD=ld.lld 140 | export RANLIB=llvm-ranlib 141 | export STRIP=llvm-strip 142 | 143 | curl -sSL https://www.openssl.org/source/openssl-3.3.0.tar.gz | tar -xz 144 | cd openssl-3.3.0 145 | ./Configure $OPENSSL_TARGET -D__ANDROID_API__=$API no-shared no-tests no-apps no-dso --prefix=$PWD/../openssl-out 146 | make install_sw -j$(nproc) 147 | cd .. 148 | 149 | curl -sSL https://curl.se/download/curl-8.7.1.tar.xz | tar -xJ 150 | cd curl-8.7.1 151 | ./configure --host=$TARGET --with-openssl=../openssl-out --disable-shared --enable-static --without-libidn2 --without-libssh2 --disable-ldap --disable-ldaps --disable-manual 152 | make -j$(nproc) 153 | $STRIP src/curl 154 | mv src/curl ../curl 155 | 156 | - name: Upload Artifacts 157 | uses: actions/upload-artifact@v4 158 | with: 159 | name: curl-${{ matrix.abi }} 160 | path: curl 161 | if-no-files-found: error 162 | 163 | build-module: 164 | name: Zapret Pocket Module 165 | runs-on: ubuntu-latest 166 | needs: [build-zapret, build-dnscrypt, build-curl] 167 | steps: 168 | - name: Checkout 169 | uses: actions/checkout@v4 170 | 171 | - name: Download nfqws armeabi-v7a 172 | uses: actions/download-artifact@v4 173 | with: 174 | name: nfqws-armeabi-v7a 175 | path: module 176 | 177 | - name: Rename nfqws to nfqws-arm 178 | run: | 179 | mv module/nfqws module/zapret/nfqws-arm 180 | 181 | - name: Download nfqws arm64-v8a 182 | uses: actions/download-artifact@v4 183 | with: 184 | name: nfqws-arm64-v8a 185 | path: module 186 | 187 | - name: Rename nfqws to nfqws-aarch64 188 | run: | 189 | mv module/nfqws module/zapret/nfqws-aarch64 190 | 191 | - name: Download nfqws x86 192 | uses: actions/download-artifact@v4 193 | with: 194 | name: nfqws-x86 195 | path: module 196 | 197 | - name: Rename nfqws to nfqws-x86 198 | run: | 199 | mv module/nfqws module/zapret/nfqws-x86 200 | 201 | - name: Download nfqws x86_64 202 | uses: actions/download-artifact@v4 203 | with: 204 | name: nfqws-x86_64 205 | path: module 206 | 207 | - name: Rename nfqws to nfqws-x86_64 208 | run: | 209 | mv module/nfqws module/zapret/nfqws-x86_64 210 | 211 | - name: Download curl armeabi-v7a 212 | uses: actions/download-artifact@v4 213 | with: 214 | name: curl-armeabi-v7a 215 | path: module 216 | 217 | - name: Rename curl to curl-arm 218 | run: | 219 | mv module/curl module/curl-arm 220 | 221 | - name: Download curl arm64-v8a 222 | uses: actions/download-artifact@v4 223 | with: 224 | name: curl-arm64-v8a 225 | path: module 226 | 227 | - name: Rename curl to curl-aarch64 228 | run: | 229 | mv module/curl module/curl-aarch64 230 | 231 | - name: Download curl x86 232 | uses: actions/download-artifact@v4 233 | with: 234 | name: curl-x86 235 | path: module 236 | 237 | - name: Rename curl to curl-x86 238 | run: | 239 | mv module/curl module/curl-x86 240 | 241 | - name: Download curl x86_64 242 | uses: actions/download-artifact@v4 243 | with: 244 | name: curl-x86_64 245 | path: module 246 | 247 | - name: Rename curl to curl-x86_64 248 | run: | 249 | mv module/curl module/curl-x86_64 250 | 251 | - name: Download dnscrypt-proxy 252 | uses: actions/download-artifact@v4 253 | with: 254 | name: dnscrypt-proxy 255 | path: module/dnscrypt 256 | 257 | - name: Build Module 258 | run: | 259 | version=${{ github.ref_name }} 260 | version_code=$(echo "${version}" | sed 's/[^0-9]//g') 261 | echo "version=${version}" >> $GITHUB_ENV 262 | echo "versionCode=${version_code}" >> $GITHUB_ENV 263 | echo version=${version} 264 | echo versionCode=${version_code} 265 | 266 | sudo apt update 267 | sudo apt install -y p7zip-full 268 | cd module 269 | 270 | mkdir -p system/app ipset list 271 | apk_url=$(curl -s https://api.github.com/repos/Mygod/VPNHotspot/releases/latest | jq -r '.assets[] | select(.name | endswith(".apk")) | .browser_download_url') 272 | curl -L -o ./system/app/VpnHotspot.apk "$apk_url" || true 273 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v4.txt > ./ipset/ipset-v4.txt || true 274 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v6.txt > ./ipset/ipset-v6.txt || true 275 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/reestr_filtered.txt -o ./list/reestr.txt || true 276 | curl -s https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/cloaking-rules.txt -o ./dnscrypt/cloaking-rules.txt || true 277 | 278 | echo "id=zapret" > module.prop 279 | echo "name=zapret" >> module.prop 280 | echo "version=${version}" >> module.prop 281 | echo "versionCode=${version_code}" >> module.prop 282 | echo "author=sevcator, t.me/nigga2011, GAME-OVER-op, bol-van, DNSCrypt, ImMALWARE, Fenrir-0xFF, Flowseal, LeonMskRu" >> module.prop 283 | echo "description=⚡ DPI bypass on Android with additional features" >> module.prop 284 | echo "updateJson=https://raw.githubusercontent.com/${{ github.repository }}/refs/heads/main/update.json" >> module.prop 285 | 286 | cd .. 287 | 7z a zapret-pocket.zip ./module/* 288 | 289 | - name: Set up Git 290 | run: | 291 | git config --global user.name "github-actions" 292 | git config --global user.email "github-actions@github.com" 293 | 294 | - name: Push updated files to Main branch 295 | run: | 296 | echo '{ 297 | "version": "${{ env.version }}", 298 | "versionCode": "${{ env.versionCode }}", 299 | "zipUrl": "https://github.com/${{ github.repository }}/releases/download/${{ env.version }}/zapret-pocket.zip", 300 | "changelog": "https://raw.githubusercontent.com/${{ github.repository }}/main/CHANGELOG.md" 301 | }' > update.json 302 | git add update.json 303 | git add module/system/app/VpnHotspot.apk 304 | git add module/ipset/ipset-v4.txt 305 | git add module/ipset/ipset-v6.txt 306 | git add module/list/reestr.txt 307 | git add module/dnscrypt/cloaking-rules.txt 308 | git commit -m "Release ${{ env.version }}" 309 | git push origin HEAD:main --force || echo "No changes to commit" 310 | 311 | - name: Calculate SHA-256 checksum 312 | id: sha256 313 | run: echo "SHA256=$(sha256sum zapret-pocket.zip | awk '{ print $1 }')" >> $GITHUB_ENV 314 | 315 | - name: Upload Module Zip 316 | uses: actions/upload-artifact@v4 317 | with: 318 | name: zapret-pocket 319 | path: zapret-pocket.zip 320 | if-no-files-found: error 321 | 322 | - name: Upload to Release 323 | uses: softprops/action-gh-release@v2 324 | env: 325 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 326 | with: 327 | fail_on_unmatched_files: true 328 | draft: false 329 | files: | 330 | zapret-pocket.zip 331 | 332 | - name: Send to Telegram 333 | run: | 334 | curl -X POST \ 335 | -F document=@"zapret-pocket.zip" \ 336 | -F chat_id="${TELEGRAM_CHAT_ID}" \ 337 | -F caption="$(echo -e "🔔 New release: $VERSION\n🔑 SHA256: $SHA256")" \ 338 | -F parse_mode=HTML \ 339 | -F disable_web_page_preview=true \ 340 | "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendDocument?chat_id=${TELEGRAM_CHAT_ID}" 341 | curl -X POST \ 342 | -H "Content-Type: application/json" \ 343 | -d '{ 344 | "chat_id": "'"${TELEGRAM_CHAT_ID_2}"'", 345 | "text": "🔔 Нoвый рeлиз '"${VERSION}"' мoдyля ZМ вышeл! Скачать...", 346 | "parse_mode": "HTML", 347 | "disable_web_page_preview": true 348 | }' \ 349 | "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN_2}/sendMessage?chat_id=${TELEGRAM_CHAT_ID_2}" 350 | env: 351 | VERSION: ${{ github.ref_name }} 352 | SHA256: ${{ env.SHA256 }} 353 | TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }} 354 | TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }} 355 | TELEGRAM_BOT_TOKEN_2: ${{ secrets.TELEGRAM_BOT_TOKEN_2 }} 356 | TELEGRAM_CHAT_ID_2: ${{ secrets.TELEGRAM_CHAT_ID_2 }} 357 | LINK_TO_CHANNEL: ${{ secrets.LINK_TO_CHANNEL }} 358 | -------------------------------------------------------------------------------- /.github/workflows/test-build-module.yml: -------------------------------------------------------------------------------- 1 | name: Test Build Zapret Pocket 2 | run-name: ${{ startsWith(github.ref, 'refs/tags/') && format('Release {0}', github.ref_name) || null }} 3 | 4 | on: 5 | workflow_dispatch: 6 | push: 7 | tags: 8 | - '[0-9]+*' 9 | 10 | jobs: 11 | build-zapret: 12 | name: zapret for Android ${{ matrix.abi }} 13 | runs-on: ubuntu-latest 14 | strategy: 15 | matrix: 16 | include: 17 | - abi: armeabi-v7a 18 | target: armv7a-linux-androideabi 19 | - abi: arm64-v8a 20 | target: aarch64-linux-android 21 | - abi: x86 22 | target: i686-linux-android 23 | - abi: x86_64 24 | target: x86_64-linux-android 25 | 26 | steps: 27 | - name: Checkout 28 | uses: actions/checkout@v4 29 | with: 30 | repository: bol-van/zapret 31 | path: zapret 32 | 33 | - name: Build 34 | env: 35 | ABI: ${{ matrix.abi }} 36 | TARGET: ${{ matrix.target }} 37 | run: | 38 | DEPS_DIR=$GITHUB_WORKSPACE/deps 39 | export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64 40 | export API=21 41 | export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API" 42 | export AR=$TOOLCHAIN/bin/llvm-ar 43 | export AS=$CC 44 | export LD=$TOOLCHAIN/bin/ld 45 | export RANLIB=$TOOLCHAIN/bin/llvm-ranlib 46 | export STRIP=$TOOLCHAIN/bin/llvm-strip 47 | export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig 48 | 49 | curl -sSL https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj 50 | curl -sSL https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj 51 | curl -sSL https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj 52 | curl -sSL https://raw.githubusercontent.com/bol-van/zapret/master/.github/workflows/libnetfilter_queue-android.patch | patch -p1 -d libnetfilter_queue-1.0.5 53 | 54 | for i in libmnl libnfnetlink libnetfilter_queue; do 55 | ( 56 | cd $i-* 57 | 58 | CFLAGS="-Os -flto=auto -Wno-implicit-function-declaration" \ 59 | ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking 60 | 61 | make install -j$(nproc) DESTDIR=$DEPS_DIR 62 | ) 63 | sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc 64 | done 65 | 66 | CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -I$DEPS_DIR/include" \ 67 | LDFLAGS="-L$DEPS_DIR/lib" \ 68 | make -C zapret android -j$(nproc) 69 | 70 | - name: Upload Artifacts 71 | uses: actions/upload-artifact@v4 72 | with: 73 | name: nfqws-${{ matrix.abi }} 74 | path: zapret/binaries/my/nfqws 75 | if-no-files-found: error 76 | 77 | build-dnscrypt: 78 | name: dnscrypt-proxy for Android (All) 79 | runs-on: ubuntu-latest 80 | steps: 81 | - name: Checkout 82 | uses: actions/checkout@v4 83 | with: 84 | repository: DNSCrypt/dnscrypt-proxy 85 | path: dnscrypt-proxy 86 | 87 | - name: Set up Go 88 | uses: actions/setup-go@v5 89 | with: 90 | go-version: 1 91 | check-latest: true 92 | id: go 93 | 94 | - name: Build All 95 | run: | 96 | cd dnscrypt-proxy/dnscrypt-proxy 97 | curl -sSL "https://raw.githubusercontent.com/${{ github.repository }}/refs/heads/main/.github/modified-ci-build.sh" | bash 98 | mkdir binaries 99 | mv dnscrypt-proxy-* binaries/ 100 | 101 | - name: Upload Artifacts 102 | uses: actions/upload-artifact@v4 103 | with: 104 | name: dnscrypt-proxy 105 | path: dnscrypt-proxy/dnscrypt-proxy/binaries/* 106 | 107 | build-curl: 108 | name: curl for Android ${{ matrix.abi }} 109 | runs-on: ubuntu-latest 110 | strategy: 111 | matrix: 112 | include: 113 | - abi: armeabi-v7a 114 | target: armv7a-linux-androideabi 115 | openssl: android-arm 116 | - abi: arm64-v8a 117 | target: aarch64-linux-android 118 | openssl: android-arm64 119 | - abi: x86 120 | target: i686-linux-android 121 | openssl: android-x86 122 | - abi: x86_64 123 | target: x86_64-linux-android 124 | openssl: android-x86_64 125 | steps: 126 | - name: Build 127 | env: 128 | TARGET: ${{ matrix.target }} 129 | OPENSSL_TARGET: ${{ matrix.openssl }} 130 | ABI: ${{ matrix.abi }} 131 | run: | 132 | export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64 133 | export API=21 134 | export PATH=$TOOLCHAIN/bin:$PATH 135 | export CC=${TARGET}${API}-clang 136 | export CXX=${TARGET}${API}-clang++ 137 | export AR=llvm-ar 138 | export AS=$CC 139 | export LD=ld.lld 140 | export RANLIB=llvm-ranlib 141 | export STRIP=llvm-strip 142 | 143 | curl -sSL https://www.openssl.org/source/openssl-3.3.0.tar.gz | tar -xz 144 | cd openssl-3.3.0 145 | ./Configure $OPENSSL_TARGET -D__ANDROID_API__=$API no-shared no-tests no-apps no-dso --prefix=$PWD/../openssl-out 146 | make install_sw -j$(nproc) 147 | cd .. 148 | 149 | curl -sSL https://curl.se/download/curl-8.7.1.tar.xz | tar -xJ 150 | cd curl-8.7.1 151 | ./configure --host=$TARGET --with-openssl=../openssl-out --disable-shared --enable-static --without-libidn2 --without-libssh2 --disable-ldap --disable-ldaps --disable-manual 152 | make -j$(nproc) 153 | $STRIP src/curl 154 | mv src/curl ../curl 155 | 156 | - name: Upload Artifacts 157 | uses: actions/upload-artifact@v4 158 | with: 159 | name: curl-${{ matrix.abi }} 160 | path: curl 161 | if-no-files-found: error 162 | 163 | build-module: 164 | name: Zapret Pocket Module 165 | runs-on: ubuntu-latest 166 | needs: [build-zapret, build-dnscrypt, build-curl] 167 | steps: 168 | - name: Checkout 169 | uses: actions/checkout@v4 170 | 171 | - name: Download nfqws armeabi-v7a 172 | uses: actions/download-artifact@v4 173 | with: 174 | name: nfqws-armeabi-v7a 175 | path: module 176 | 177 | - name: Rename nfqws to nfqws-arm 178 | run: | 179 | mv module/nfqws module/zapret/nfqws-arm 180 | 181 | - name: Download nfqws arm64-v8a 182 | uses: actions/download-artifact@v4 183 | with: 184 | name: nfqws-arm64-v8a 185 | path: module 186 | 187 | - name: Rename nfqws to nfqws-aarch64 188 | run: | 189 | mv module/nfqws module/zapret/nfqws-aarch64 190 | 191 | - name: Download nfqws x86 192 | uses: actions/download-artifact@v4 193 | with: 194 | name: nfqws-x86 195 | path: module 196 | 197 | - name: Rename nfqws to nfqws-x86 198 | run: | 199 | mv module/nfqws module/zapret/nfqws-x86 200 | 201 | - name: Download nfqws x86_64 202 | uses: actions/download-artifact@v4 203 | with: 204 | name: nfqws-x86_64 205 | path: module 206 | 207 | - name: Rename nfqws to nfqws-x86_64 208 | run: | 209 | mv module/nfqws module/zapret/nfqws-x86_64 210 | 211 | - name: Download curl armeabi-v7a 212 | uses: actions/download-artifact@v4 213 | with: 214 | name: curl-armeabi-v7a 215 | path: module 216 | 217 | - name: Rename curl to curl-arm 218 | run: | 219 | mv module/curl module/curl-arm 220 | 221 | - name: Download curl arm64-v8a 222 | uses: actions/download-artifact@v4 223 | with: 224 | name: curl-arm64-v8a 225 | path: module 226 | 227 | - name: Rename curl to curl-aarch64 228 | run: | 229 | mv module/curl module/curl-aarch64 230 | 231 | - name: Download curl x86 232 | uses: actions/download-artifact@v4 233 | with: 234 | name: curl-x86 235 | path: module 236 | 237 | - name: Rename curl to curl-x86 238 | run: | 239 | mv module/curl module/curl-x86 240 | 241 | - name: Download curl x86_64 242 | uses: actions/download-artifact@v4 243 | with: 244 | name: curl-x86_64 245 | path: module 246 | 247 | - name: Rename curl to curl-x86_64 248 | run: | 249 | mv module/curl module/curl-x86_64 250 | 251 | - name: Download dnscrypt-proxy 252 | uses: actions/download-artifact@v4 253 | with: 254 | name: dnscrypt-proxy 255 | path: module/dnscrypt 256 | 257 | - name: Build Module 258 | run: | 259 | version=${{ github.ref_name }} 260 | version_code=$(echo "${version}" | sed 's/[^0-9]//g') 261 | echo "version=${version}" >> $GITHUB_ENV 262 | echo "versionCode=${version_code}" >> $GITHUB_ENV 263 | echo version=${version} 264 | echo versionCode=${version_code} 265 | 266 | sudo apt update 267 | sudo apt install -y p7zip-full 268 | cd module 269 | 270 | mkdir -p system/app ipset list 271 | apk_url=$(curl -s https://api.github.com/repos/Mygod/VPNHotspot/releases/latest | jq -r '.assets[] | select(.name | endswith(".apk")) | .browser_download_url') 272 | curl -L -o ./system/app/VpnHotspot.apk "$apk_url" || true 273 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v4.txt > ./ipset/ipset-v4.txt || true 274 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v6.txt > ./ipset/ipset-v6.txt || true 275 | curl -s https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/reestr_filtered.txt -o ./list/reestr.txt || true 276 | curl -s https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/cloaking-rules.txt -o ./dnscrypt/cloaking-rules.txt || true 277 | 278 | echo "id=zapret" > module.prop 279 | echo "name=zapret" >> module.prop 280 | echo "version=${version}" >> module.prop 281 | echo "versionCode=${version_code}" >> module.prop 282 | echo "author=sevcator, t.me/nigga2011, GAME-OVER-op, bol-van, DNSCrypt, ImMALWARE, Fenrir-0xFF, Flowseal, LeonMskRu" >> module.prop 283 | echo "description=⚡ DPI bypass on Android with additional features" >> module.prop 284 | echo "updateJson=https://raw.githubusercontent.com/${{ github.repository }}/refs/heads/main/update.json" >> module.prop 285 | 286 | cd .. 287 | 7z a zapret-pocket.zip ./module/* 288 | 289 | - name: Set up Git 290 | run: | 291 | git config --global user.name "github-actions" 292 | git config --global user.email "github-actions@github.com" 293 | 294 | - name: Calculate SHA-256 checksum 295 | id: sha256 296 | run: echo "SHA256=$(sha256sum zapret-pocket.zip | awk '{ print $1 }')" >> $GITHUB_ENV 297 | 298 | - name: Upload Module Zip 299 | uses: actions/upload-artifact@v4 300 | with: 301 | name: zapret-pocket 302 | path: zapret-pocket.zip 303 | if-no-files-found: error 304 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | [📢 Telegram Channel](https://t.me/sevcator/921) 2 | 3 | [📁 Repository](https://github.com/sevcator/zapret-pocket/) 4 | 5 | [📖 Report Issues](https://github.com/sevcator/zapret-pocket/issues) 6 | 7 | [💸 Donate](https://t.me/sevcator/909) 8 | 9 | [👓 Author](https://github.com/sevcator/) 10 | -------------------------------------------------------------------------------- /DISCLAIMER: -------------------------------------------------------------------------------- 1 | Disclaimer of Liability 2 | - This software is provided for educational, research, and network diagnostic purposes only. 3 | - The author is not responsible for how this software is used. The use of this software is entirely at the user’s own risk. 4 | 5 | No Warranty 6 | - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. 7 | - IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | 9 | User Responsibility 10 | - Users are solely responsible for ensuring their compliance with all applicable laws and regulations in their jurisdiction, including but not limited to laws regarding content access, network usage, and data privacy. 11 | - The software must not be used to engage in or promote illegal activity. The author does not endorse or condone the circumvention of any legally imposed restrictions. 12 | 13 | Jurisdiction 14 | - This notice is governed by the applicable law in the user’s jurisdiction. The author does not accept any responsibility for legal consequences arising from the use of this software in violation of local laws. 15 | 16 | Contact 17 | - For questions or concerns, contact: sevcatorhatesyou@gmail.com 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This project includes components under different licenses: 2 | 3 | 1. GNU General Public License v2.0 (GPL-2.0): 4 | - Applies to custom scripts and netfilter components. 5 | - Copyright (C) sevcator 6 | - Full text: https://www.gnu.org/licenses/gpl-2.0.txt 7 | 8 | 2. MIT License: 9 | - Applies to zapret binaries. 10 | - Copyright (c) bol-van 11 | - Full text: https://github.com/bol-van/zapret/blob/master/docs/LICENSE.txt 12 | 13 | The licenses apply to their respective components. For further details, see individual files. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | > [!CAUTION] 2 | > This notice is governed by the applicable law in the user’s jurisdiction. The author does not accept any responsibility for legal consequences arising from the use of this software in violation of local laws. See the [DISCLAIMER](https://github.com/sevcator/zapret-pocket/blob/main/DISCLAIMER) for details. 3 | 4 |

5 | zapret 9 |

10 | 11 |

zapret Pocket

12 | 13 |
14 | 📢 Telegram Channel | 15 | 💸 Donate 16 |
17 | 18 | # License 19 | This project is licensed. See the [LICENSE](https://github.com/sevcator/zapret-pocket/blob/main/LICENSE) file for details. 20 | 21 | # Contributing 22 | Feel free to contribute to this project by submitting issues or pull requests. 23 | -------------------------------------------------------------------------------- /icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/icon.png -------------------------------------------------------------------------------- /module/META-INF/com/google/android/update-binary: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | 3 | umask 022 4 | 5 | ui_print() { echo "$1"; } 6 | 7 | OUTFD=$2 8 | ZIPFILE=$3 9 | 10 | . /data/adb/magisk/util_functions.sh 11 | 12 | install_module 13 | exit 0 14 | -------------------------------------------------------------------------------- /module/META-INF/com/google/android/updater-script: -------------------------------------------------------------------------------- 1 | #MAGISK 2 | -------------------------------------------------------------------------------- /module/action.sh: -------------------------------------------------------------------------------- 1 | MODPATH="/data/adb/modules/zapret" 2 | echo "! Please wait, this action takes some time" 3 | if pgrep -f "nfqws" >/dev/null 2>&1; then 4 | sh "$MODPATH/uninstall.sh" > /dev/null 2>&1 5 | echo "- Service stopped" 6 | else 7 | sh "$MODPATH/service.sh" > /dev/null 2>&1 8 | echo "- Service started" 9 | fi 10 | -------------------------------------------------------------------------------- /module/config/current-strategy: -------------------------------------------------------------------------------- 1 | flowseal-alt6-old-modded 2 | -------------------------------------------------------------------------------- /module/config/dnscrypt-cloaking-rules-update: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /module/config/dnscrypt-enable: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /module/config/update-on-start: -------------------------------------------------------------------------------- 1 | 1 -------------------------------------------------------------------------------- /module/customize.sh: -------------------------------------------------------------------------------- 1 | MODPATH="/data/adb/modules/zapret" 2 | MODUPDATEPATH="/data/adb/modules_update/zapret" 3 | APKMODPATH="$MODPATH/system/app/VpnHotspot.apk" 4 | APKMODUPDATEPATH="$MODUPDATEPATH/system/app/VpnHotspot.apk" 5 | PACKAGENAME="be.mygod.vpnhotspot" 6 | ui_print "- Mounting /data" 7 | mount -o remount,rw /data 8 | check_requirements() { 9 | command -v iptables >/dev/null 2>&1 || abort "! iptables: Not found" 10 | ui_print "- iptables: Found" 11 | command -v ip6tables >/dev/null 2>&1 || abort "! ip6tables: Not found" 12 | ui_print "- ip6tables: Found" 13 | grep -q 'NFQUEUE' /proc/net/ip_tables_targets || abort "! iptables - NFQUEUE: Not found" 14 | ui_print "- iptables - NFQUEUE: Found" 15 | grep -q 'NFQUEUE' /proc/net/ip6_tables_targets || abort "! ip6tables - NFQUEUE: Not found" 16 | ui_print "- ip6tables - NFQUEUE: Found" 17 | grep -q 'DNAT' /proc/net/ip_tables_targets || abort "! iptables - DNAT: Not found" 18 | ui_print "- iptables - DNAT: Found" 19 | grep -q 'DNAT' /proc/net/ip6_tables_targets || abort "! ip6tables - DNAT: Not found" 20 | ui_print "- ip6tables - DNAT: Found" 21 | } 22 | binary_by_architecture() { 23 | ABI=$(grep_get_prop ro.product.cpu.abi) 24 | case "$ABI" in 25 | arm64-v8a) BINARY="nfqws-aarch64"; BINARY2="dnscrypt-proxy-arm64"; BINARY3="curl-aarch64" ;; 26 | x86_64) BINARY="nfqws-x86_x64"; BINARY2="dnscrypt-proxy-x86_64"; BINARY3="curl-x86_64" ;; 27 | armeabi-v7a) BINARY="nfqws-arm"; BINARY2="dnscrypt-proxy-arm"; BINARY3="curl-arm" ;; 28 | x86) BINARY="nfqws-x86"; BINARY2="dnscrypt-proxy-i386"; BINARY3="curl-x86" ;; 29 | *) abort "! Unsupported Architecture: $ABI" ;; 30 | esac 31 | ui_print "- Device Architecture: $ABI" 32 | ui_print "- Binary (Zapret): $BINARY" 33 | ui_print "- Binary (DNSCrypt): $BINARY2" 34 | ui_print "- Binary (curl): $BINARY3" 35 | } 36 | install_tethering_app() { 37 | APKPATH="$1" 38 | if pm list packages | grep -q "$PACKAGENAME"; then 39 | ui_print "- Tethering app already installed" 40 | rm -rf "$(dirname "$APKPATH")" 41 | return 42 | fi 43 | if pm install "$APKPATH" > /dev/null 2>&1; then 44 | ui_print "- pm install completed" 45 | else 46 | ui_print "! pm install failed" 47 | fi 48 | if pm list packages | grep -q "$PACKAGENAME"; then 49 | ui_print "- Tethering app already installed" 50 | rm -rf "$(dirname "$APKPATH")" 51 | return 52 | else 53 | API=$(getprop ro.build.version.sdk) 54 | if [ -n "$API" ]; then 55 | if [ "$API" -gt 30 ]; then 56 | ui_print "! Device Android API: $API => 30" 57 | ui_print "! The app will not be pre-installed" 58 | elif [ "$API" -lt 25 ]; then 59 | ui_print "! Device Android API: $API <= 25" 60 | ui_print "! The app will not be pre-installed" 61 | else 62 | ui_print "- Device Android API: $API" 63 | ui_print "- The app will be pre-installed" 64 | fi 65 | else 66 | ui_print "! Failed to detect Android API" 67 | fi 68 | rm -rf "$(dirname "$APKPATH")" 69 | fi 70 | } 71 | SCRIPT_DIRS="$MODPATH $MODUPDATEPATH $MODPATH/zapret $MODUPDATEPATH/zapret $MODPATH/strategy $MODUPDATEPATH/strategy $MODPATH/dnscrypt $MODUPDATEPATH/dnscrypt $MODPATH/config $MODUPDATEPATH/config" 72 | for DIR in $SCRIPT_DIRS; do 73 | for FILE in "$DIR"/*.sh; do 74 | [ -f "$FILE" ] && sed -i 's/\r$//' "$FILE" 75 | done 76 | done 77 | if [ -f "$MODPATH/uninstall.sh" ]; then 78 | "$MODPATH/uninstall.sh" 79 | fi 80 | check_requirements 81 | binary_by_architecture 82 | mkdir -p "$MODPATH" 83 | if [ -d "$MODUPDATEPATH" ]; then 84 | cp -an "$MODPATH/strategy/"* "$MODUPDATEPATH/strategy/" 85 | ui_print "- Backing up old files" 86 | rm -rf "$MODPATH/.old_files" 87 | mkdir -p "$MODUPDATEPATH/.old_files" 88 | cp -a "$MODPATH/"* "$MODUPDATEPATH/.old_files/" 2>/dev/null 89 | ui_print "- Updating module" 90 | mkdir -p "$MODUPDATEPATH/config" 91 | cp -af "$MODPATH/config/." "$MODUPDATEPATH/config/" 92 | cp -f "$MODPATH/dnscrypt/custom-cloaking-rules.txt" "$MODUPDATEPATH/dnscrypt/custom-cloaking-rules.txt" 93 | cp -f "$MODPATH/list/exclude.txt" "$MODUPDATEPATH/list/exclude.txt" 94 | cp -f "$MODPATH/ipset/exclude.txt" "$MODUPDATEPATH/ipset/exclude.txt" 95 | cp -f "$MODPATH/list/custom.txt" "$MODUPDATEPATH/list/custom.txt" 96 | cp -f "$MODPATH/ipset/custom.txt" "$MODUPDATEPATH/ipset/custom.txt" 97 | ui_print "- Installing tethering app" 98 | install_tethering_app "$APKMODUPDATEPATH" 99 | mv "$MODUPDATEPATH/zapret/$BINARY" "$MODUPDATEPATH/zapret/nfqws" 100 | mv "$MODUPDATEPATH/dnscrypt/$BINARY2" "$MODUPDATEPATH/dnscrypt/dnscrypt-proxy" 101 | mv "$MODUPDATEPATH/$BINARY3" "$MODUPDATEPATH/curl" 102 | rm -f "$MODUPDATEPATH/zapret/nfqws-"* 103 | rm -f "$MODUPDATEPATH/dnscrypt/dnscrypt-proxy-"* 104 | rm -f "$MODUPDATEPATH/curl-"* 105 | set_perm_recursive "$MODUPDATEPATH" 0 2000 0755 0755 106 | else 107 | ui_print "- Installing tethering app" 108 | install_tethering_app "$APKMODPATH" 109 | mv "$MODPATH/zapret/$BINARY" "$MODPATH/zapret/nfqws" 110 | mv "$MODPATH/dnscrypt/$BINARY2" "$MODPATH/dnscrypt/dnscrypt-proxy" 111 | mv "$MODPATH/$BINARY3" "$MODPATH/curl" 112 | rm -f "$MODPATH/zapret/nfqws-"* 113 | rm -f "$MODPATH/dnscrypt/dnscrypt-proxy-"* 114 | rm -f "$MODPATH/curl-"* 115 | set_perm_recursive "$MODPATH" 0 2000 0755 0755 116 | fi 117 | ui_print "- Disabling Private DNS" 118 | settings put global private_dns_mode off 119 | ui_print "- Disabling Tethering Hardware Acceleration" 120 | settings put global tether_offload_disabled 1 121 | ui_print "* sevcator.t.me ! sevcator.github.io *" 122 | ui_print "* サポートありがとうございます!!" 123 | if [ -d "$MODUPDATEPATH" ]; then 124 | ui_print "- Please reboot the device to continue use module" 125 | fi 126 | -------------------------------------------------------------------------------- /module/dnscrypt/blocked-ips.txt: -------------------------------------------------------------------------------- 1 | ############################## 2 | # IP blocklist # 3 | ############################## 4 | 5 | ## Author : d3cim : https://github.com/d3cim 6 | ## https://git.nixnet.services/d3cim 7 | ## 8 | ## Based on : DNSCrypt : Rebind Protection : https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebind-protection 9 | ## 10 | ## License : GPLv3 : https://github.com/d3cim/block/blob/master/LICENSE.md 11 | ## 12 | ## 13 | ## DO NOT DELETE THIS FILE !! 14 | ## 15 | ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it. 16 | ## 17 | ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters 18 | ## https://github.com/d3cim/block 19 | 20 | # Blocklist from [https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebinding-protection] 21 | # Localhost rebinding protection 22 | 0.0.0.0 23 | 127.0.0.* 24 | 25 | # RFC1918 rebinding protection 26 | 10.* 27 | 172.16.* 28 | 172.17.* 29 | 172.18.* 30 | 172.19.* 31 | 172.20.* 32 | 172.21.* 33 | 172.22.* 34 | 172.23.* 35 | 172.24.* 36 | 172.25.* 37 | 172.26.* 38 | 172.27.* 39 | 172.28.* 40 | 172.29.* 41 | 172.30.* 42 | 172.31.* 43 | 192.168.* 44 | 45 | # https://github.com/LeonMskRu/arti_windows/blob/main/TEMP/DHT.txt 46 | 134.195.198.230 47 | 62.210.95.121 48 | 62.210.91.222 49 | 51.159.125.31 50 | 51 | # https://github.com/LeonMskRu/arti_windows/blob/main/TEMP/DHT.txt.ipv6 52 | 2000::/3 53 | 54 | # https://github.com/LeonMskRu/arti_windows/blob/main/TEMP/tixati.txt 55 | 31.200.225.0/24 56 | 31.200.249.0/24 57 | 31.200.224.0/20 58 | 31.200.248.0/21 59 | 212.127.0.0/19 60 | 100.64.0.0/10 61 | 62 | # https://github.com/LeonMskRu/arti_windows/blob/main/TEMP/tixati.txt.ipv6 63 | 2a1:620:15:c::/64 64 | 5ef2::/16 65 | fc00::/7 66 | fd00::/8 67 | fe80::/10 68 | ff00::/8 -------------------------------------------------------------------------------- /module/dnscrypt/blocked-names.txt: -------------------------------------------------------------------------------- 1 | ########################### 2 | # Blocklist # 3 | ########################### 4 | 5 | # For https://github.com/sevcator/zapret-pocket <3 6 | 7 | ## Rules for name-based query blocking, one per line 8 | ## 9 | ## Example of valid patterns: 10 | ## 11 | ## ads.* | matches anything with an "ads." prefix 12 | ## *.example.com | matches example.com and all names within that zone such as www.example.com 13 | ## example.com | identical to the above 14 | ## =example.com | block example.com but not *.example.com 15 | ## *sex* | matches any name containing that substring 16 | ## ads[0-9]* | matches "ads" followed by one or more digits 17 | ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster 18 | 19 | ## Time-based rules 20 | 21 | # *.youtube.* @time-to-sleep 22 | # facebook.com @work 23 | -------------------------------------------------------------------------------- /module/dnscrypt/cloaking-rules.txt: -------------------------------------------------------------------------------- 1 | ################################ 2 | # Cloaking rules # 3 | ################################ 4 | 5 | # For https://github.com/sevcator/zapret-pocket <3 6 | 7 | # Multiple IP entries for the same name are supported. 8 | # In the following example, the same name maps both to IPv4 and IPv6 addresses: 9 | 10 | localhost 127.0.0.1 11 | localhost ::1 12 | 13 | # For load-balancing, multiple IP addresses of the same class can also be 14 | # provided using the same format, one pair per line. 15 | 16 | # ads.* 192.168.100.1 17 | # ads.* 192.168.100.2 18 | # ads.* ::1 19 | 20 | # PTR records can be created by setting cloak_ptr in the main configuration file 21 | # Entries with wild cards will not have PTR records created, but multiple 22 | # names for the same IP are supported 23 | 24 | # example.com 192.168.100.1 25 | # my.example.com 192.168.100.1 26 | 27 | # t.me/immalware hosts 28 | =accounts.spotify.com 204.12.192.222 29 | =accounts.supercell.com 45.95.233.23 30 | =aet.spotify.com 204.12.192.222 31 | =aisandbox-pa.googleapis.com 204.12.192.219 32 | =aistudio.google.com 204.12.192.222 33 | =aitestkitchen.withgoogle.com 204.12.192.222 34 | =alkalimakersuite-pa.clients6.google.com 204.12.192.221 35 | android.chat.openai.com 204.12.192.219 36 | anthropic.com 204.12.192.220 37 | =ap-gew1.spotify.com 204.12.192.222 38 | =api-partner.spotify.com 204.12.192.222 39 | =api.spotify.com 204.12.192.222 40 | =appresolve.spotify.com 204.12.192.222 41 | =assistant-s3-pa.googleapis.com 204.12.192.221 42 | auth0.com 204.12.192.222 43 | =builds.parsec.app 107.150.34.99 44 | canva.com 50.7.85.222 45 | =cdn.id.supercell.com 3.160.212.81 46 | =cdn.oaistatic.com 204.12.192.222 47 | chatgpt.com 204.12.192.222 48 | =clashofclans.inbox.supercell.com 108.157.194.81 49 | claude.ai 204.12.192.222 50 | =copilot.microsoft.com 204.12.192.222 51 | deepl.com 204.12.192.222 52 | dell.com 204.12.192.219 53 | download.jetbrains.com 204.12.192.222 54 | dyson.com 45.95.233.23 55 | dyson.fr 45.95.233.23 56 | =edgeservices.bing.com 204.12.192.222 57 | elevenlabs.io 204.12.192.222 58 | elevenreader.io 204.12.192.222 59 | =encore.scdn.co 204.12.192.222 60 | =files.oaiusercontent.com 204.12.192.222 61 | =game-assets.brawlstarsgame.com 18.239.69.129 62 | =game-assets.clashofclans.com 3.162.38.39 63 | =game-assets.clashroyaleapp.com 18.66.195.96 64 | =game.brawlstarsgame.com 179.43.168.109 65 | =game.clashroyaleapp.com 51.158.190.98 66 | =gamea.clashofclans.com 70.34.251.56 67 | =gemini.google.com 204.12.192.222 68 | =generativelanguage.googleapis.com 204.12.192.222 69 | =gew1-spclient.spotify.com 204.12.192.222 70 | grok.com 204.12.192.222 71 | guilded.gg 204.12.192.219 72 | images.tidal.com 204.12.192.221 73 | intel.com 204.12.192.222 74 | jetbrains.com 50.7.85.221 75 | =jules.google.com 204.12.192.222 76 | =labs.google 204.12.192.222 77 | =login.app.spotify.com 204.12.192.222 78 | =login5.spotify.com 204.12.192.222 79 | manus.im 64.188.98.242 80 | =notebooklm.google 204.12.192.222 81 | =notebooklm.google.com 204.12.192.222 82 | notion.so 204.12.192.222 83 | ntc.party 130.255.77.28 84 | nvidia.com 204.12.192.220 85 | =o.pki.goog 204.12.192.222 86 | onetrust.com 204.12.192.222 87 | =open.spotify.com 204.12.192.221 88 | openai.com 204.12.192.222 89 | operator.chatgpt.com 204.12.192.221 90 | plugins.jetbrains.com 107.150.34.100 91 | =proactivebackend-pa.googleapis.com 204.12.192.222 92 | =rewards.bing.com 204.12.192.221 93 | =security.id.supercell.com 18.172.112.81 94 | sora.com 204.12.192.222 95 | =spclient.wg.spotify.com 204.12.192.222 96 | squareup.com 204.12.192.222 97 | =stitch.withgoogle.com 204.12.192.222 98 | =store.supercell.com 204.12.192.222 99 | =sydney.bing.com 204.12.192.222 100 | tidal.com 204.12.192.222 101 | tria.ge 204.12.192.220 102 | truthsocial.com 204.12.192.221 103 | =usher.ttvnw.net 45.95.233.23 104 | w.deepl.com 204.12.192.219 105 | =web.archive.org 142.54.189.106 106 | =webchannel-alkalimakersuite-pa.clients6.google.com 204.12.192.222 107 | =www.spotify.com 204.12.192.222 108 | x.ai 204.12.192.222 109 | =xpui.app.spotify.com 204.12.192.222 110 | 111 | # custom t.me/immalware hosts 112 | genius.com 204.12.192.222 113 | soundcloud.com 204.12.192.222 114 | -------------------------------------------------------------------------------- /module/dnscrypt/custom-cloaking-rules.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | set -e 3 | 4 | MODPATH=/data/adb/modules/zapret 5 | CLOAKING_RULES=$MODPATH/dnscrypt/cloaking-rules.txt 6 | CUSTOM_RULES=$MODPATH/dnscrypt/custom-cloaking-rules.txt 7 | 8 | ensure_newline() { 9 | [ -f "$1" ] || return 10 | [ -s "$1" ] || return 11 | [ "$(tail -c1 "$1")" = "" ] && return 12 | printf "\n" >> "$1" 13 | } 14 | 15 | append() { 16 | [ -f "$CUSTOM_RULES" ] || return 1 17 | grep -Fxq "# custom hosts" "$CLOAKING_RULES" 2>/dev/null && return 0 18 | 19 | mkdir -p "$(dirname "$CLOAKING_RULES")" 20 | touch "$CLOAKING_RULES" 21 | ensure_newline "$CLOAKING_RULES" 22 | 23 | { 24 | printf "\n" 25 | printf "# custom hosts\n" 26 | cat "$CUSTOM_RULES" 27 | } >> "$CLOAKING_RULES" 28 | } 29 | 30 | disappend() { 31 | [ -f "$CLOAKING_RULES" ] || return 1 32 | tmp="${CLOAKING_RULES}.tmp" 33 | sed '/^# custom hosts$/,$d' "$CLOAKING_RULES" > "$tmp" 34 | mv "$tmp" "$CLOAKING_RULES" 35 | } 36 | 37 | case "$1" in 38 | append) append ;; 39 | disappend) disappend ;; 40 | *) exit 1 ;; 41 | esac 42 | -------------------------------------------------------------------------------- /module/dnscrypt/custom-cloaking-rules.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /module/dnscrypt/dnscrypt-proxy.toml: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # For github.com/sevcator/zapret-pocket # 3 | ######################################################## 4 | 5 | listen_addresses = ['127.0.0.1:5253'] 6 | 7 | server_names = ['google'] 8 | 9 | max_clients = 250 10 | ipv4_servers = true 11 | ipv6_servers = false 12 | dnscrypt_servers = true 13 | doh_servers = true 14 | odoh_servers = true 15 | require_dnssec = true 16 | require_nolog = false 17 | require_nofilter = true 18 | disabled_server_names = [] 19 | 20 | force_tcp = false 21 | http3 = true 22 | timeout = 8000 23 | keepalive = 60 24 | 25 | use_syslog = false 26 | log_level = 2 27 | log_file = 'latest.log' 28 | log_file_latest = true 29 | 30 | cert_refresh_delay = 240 31 | bootstrap_resolvers = ['8.8.8.8:53', '8.8.4.4:53'] 32 | ignore_system_dns = true 33 | netprobe_timeout = 10 34 | netprobe_address = '8.8.4.4:53' 35 | 36 | block_ipv6 = true 37 | block_unqualified = false 38 | block_undelegated = true 39 | reject_ttl = 10 40 | 41 | cache = true 42 | cache_size = 1024 43 | cache_min_ttl = 300 44 | cache_max_ttl = 7200 45 | cache_neg_min_ttl = 30 46 | cache_neg_max_ttl = 180 47 | 48 | cloaking_rules = 'cloaking-rules.txt' 49 | 50 | [blocked_names] 51 | blocked_names_file = 'blocked-names.txt' 52 | 53 | [blocked_ips] 54 | blocked_ips_file = 'blocked-ips.txt' 55 | 56 | [broken_implementations] 57 | fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cisco-sandbox', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] 58 | 59 | [anonymized_dns] 60 | skip_incompatible = true 61 | 62 | [static] 63 | [static.'google'] 64 | stamp = 'sdns://AgUAAAAAAAAABzguOC44LjggsKKKE4EwvtIbNjGjagI2607EdKSVHowYZtyvD9iPrkkHOC44LjguOAovZG5zLXF1ZXJ5' 65 | 66 | -------------------------------------------------------------------------------- /module/dnscrypt/dnscrypt.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | 3 | MODPATH="/data/adb/modules/zapret" 4 | REFRESH=$(cat "$MODPATH/config/dnscrypt-rules-fix" 2>/dev/null || echo "0") 5 | 6 | setup() { 7 | echo 1 >/proc/sys/net/ipv4/conf/all/route_localnet 8 | for chain in PREROUTING OUTPUT FORWARD; do 9 | for proto in udp tcp; do 10 | iptables -t nat -C "$chain" -p $proto --dport 53 -j DNAT --to-destination 127.0.0.1:5253 2>/dev/null || iptables -t nat -A "$chain" -p $proto --dport 53 -j DNAT --to-destination 127.0.0.1:5253 11 | ip6tables -t nat -C "$chain" -p $proto --dport 53 -j REDIRECT --to-ports 5253 2>/dev/null || ip6tables -t nat -A "$chain" -p $proto --dport 53 -j REDIRECT --to-ports 5253 12 | done 13 | done 14 | for chain in OUTPUT FORWARD; do 15 | for proto in udp tcp; do 16 | iptables -t filter -C $chain -p $proto --dport 853 -j DROP 2>/dev/null || iptables -t filter -A $chain -p $proto --dport 853 -j DROP 17 | ip6tables -t filter -C $chain -p $proto --dport 853 -j DROP 2>/dev/null || ip6tables -t filter -A $chain -p $proto --dport 853 -j DROP 18 | done 19 | done 20 | } 21 | 22 | start_bg(){ 23 | [ -x "$MODPATH/dnscrypt/make-unkillable.sh" ] && nohup sh "$MODPATH/dnscrypt/make-unkillable.sh" >/dev/null 2>&1 & 24 | [ -x "$MODPATH/dnscrypt/dnscrypt-proxy" ] || { echo "dnscrypt-proxy not found" >&2; exit 1; } 25 | pgrep -x dnscrypt-proxy >/dev/null || "$MODPATH/dnscrypt/dnscrypt-proxy" >/dev/null 2>&1 & 26 | } 27 | 28 | start_fg(){ 29 | [ -x "$MODPATH/dnscrypt/make-unkillable.sh" ] && nohup sh "$MODPATH/dnscrypt/make-unkillable.sh" >/dev/null 2>&1 & 30 | [ -x "$MODPATH/dnscrypt/dnscrypt-proxy" ] || { echo "dnscrypt-proxy not found" >&2; exit 1; } 31 | "$MODPATH/dnscrypt/dnscrypt-proxy" >/dev/null 2>&1 32 | } 33 | 34 | if [ "$REFRESH" = "1" ]; then 35 | while true; do 36 | setup 37 | start_bg 38 | sleep 5 39 | done 40 | else 41 | while true; do 42 | setup 43 | start_fg 44 | sleep 5 45 | done 46 | fi 47 | -------------------------------------------------------------------------------- /module/dnscrypt/make-unkillable.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | sleep 9 3 | ALL_PIDS=$(pgrep -f "dnscrypt") 4 | if [ -z "$ALL_PIDS" ]; then 5 | exit 6 | fi 7 | for pid in $ALL_PIDS; do 8 | if [ -d "/proc/$pid" ]; then 9 | renice -n -20 -p "$pid" 2>/dev/null 10 | if [ -w "/proc/$pid/oom_score_adj" ]; then 11 | echo -1000 > "/proc/$pid/oom_score_adj" 12 | elif [ -w "/proc/$pid/oom_adj" ]; then 13 | echo -17 > "/proc/$pid/oom_adj" 14 | fi 15 | fi 16 | done 17 | -------------------------------------------------------------------------------- /module/fake/quic_for_tls_clienthello_18.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/fake/quic_for_tls_clienthello_18.bin -------------------------------------------------------------------------------- /module/fake/quic_initial_www_google_com.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/fake/quic_initial_www_google_com.bin -------------------------------------------------------------------------------- /module/fake/tls_clienthello_18.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/fake/tls_clienthello_18.bin -------------------------------------------------------------------------------- /module/fake/tls_clienthello_www_google_com.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/fake/tls_clienthello_www_google_com.bin -------------------------------------------------------------------------------- /module/ipset/custom.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/ipset/custom.txt -------------------------------------------------------------------------------- /module/ipset/exclude.txt: -------------------------------------------------------------------------------- 1 | 1.0.0.1 2 | 1.1.1.1 3 | 101.45.255.0/24 4 | 101.47.188.0/24 5 | 103.136.220.0/23 6 | 103.136.220.0/24 7 | 103.136.221.0/24 8 | 103.136.222.0/24 9 | 103.136.223.0/24 10 | 118.26.132.0/24 11 | 141.105.71.21 12 | 18.244.128.0/19 13 | 18.244.96.0/19 14 | 212.109.195.93 15 | 2404:9dc0:cd01::/48 16 | 2404:9dc0:cd03::/48 17 | 2404:9dc0:cd05::/48 18 | 71.18.227.0/24 19 | 71.18.247.0/24 20 | 71.18.248.0/24 21 | 71.18.251.0/24 22 | 71.18.252.0/24 23 | 71.18.253.0/24 24 | 71.18.255.0/24 25 | 83.220.169.155 26 | 134.195.198.230 27 | 62.210.95.121 28 | 62.210.91.222 29 | 51.159.125.31 30 | 2000::/3 31 | 31.200.225.0/24 32 | 31.200.249.0/24 33 | 31.200.224.0/20 34 | 31.200.248.0/21 35 | 212.127.0.0/19 36 | 100.64.0.0/10 37 | 2a1:620:15:c::/64 38 | 5ef2::/16 39 | fc00::/7 40 | fd00::/8 41 | fe80::/10 42 | ff00::/8 -------------------------------------------------------------------------------- /module/list/custom.txt: -------------------------------------------------------------------------------- 1 | roskomsvoboda.org 2 | whoer.net 3 | speedtest.net 4 | ookla.com 5 | -------------------------------------------------------------------------------- /module/list/default.txt: -------------------------------------------------------------------------------- 1 | connectivitycheck.gstatic.com 2 | play.google.com 3 | googlevideo.com 4 | youtu.be 5 | youtube.com 6 | youtubei.googleapis.com 7 | youtubeembeddedplayer.googleapis.com 8 | ytimg.l.google.com 9 | ytimg.com 10 | jnn-pa.googleapis.com 11 | youtube-nocookie.com 12 | youtube-ui.l.google.com 13 | yt-video-upload.l.google.com 14 | wide-youtube.l.google.com 15 | youtubekids.com 16 | ggpht.com 17 | discord.com 18 | gateway.discord.gg 19 | cdn.discordapp.com 20 | discordapp.net 21 | discordapp.com 22 | discord.gg 23 | media.discordapp.net 24 | images-ext-1.discordapp.net 25 | discord.app 26 | discord.media 27 | discordcdn.com 28 | discord.dev 29 | discord.new 30 | discord.gift 31 | discordstatus.com 32 | dis.gd 33 | discord.co 34 | discord-attachments-uploads-prd.storage.googleapis.com 35 | 7tv.app 36 | 7tv.io 37 | 10tv.app 38 | betterttv.net 39 | x.com 40 | twitter.com 41 | twimg.com 42 | t.co 43 | soundcloud.com 44 | sndcdn.com 45 | soundcloud.cloud 46 | instagram.com 47 | cdninstagram.com 48 | facebook.com 49 | fbcdn.net 50 | -------------------------------------------------------------------------------- /module/list/exclude.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/list/exclude.txt -------------------------------------------------------------------------------- /module/list/google.txt: -------------------------------------------------------------------------------- 1 | connectivitycheck.gstatic.com 2 | play.google.com 3 | googlevideo.com 4 | youtu.be 5 | youtube.com 6 | youtubei.googleapis.com 7 | youtubeembeddedplayer.googleapis.com 8 | ytimg.l.google.com 9 | ytimg.com 10 | jnn-pa.googleapis.com 11 | youtube-nocookie.com 12 | youtube-ui.l.google.com 13 | yt-video-upload.l.google.com 14 | wide-youtube.l.google.com 15 | youtubekids.com 16 | ggpht.com -------------------------------------------------------------------------------- /module/service.sh: -------------------------------------------------------------------------------- 1 | MODPATH="/data/adb/modules/zapret" 2 | IPV6ENABLE=$(cat "$MODPATH/config/ipv6-enable" 2>/dev/null || echo "0") 3 | NETWORKTWEAKS=$(cat "$MODPATH/config/network-tweaks" 2>/dev/null || echo "0") 4 | # Disable TCP timestamps (ntc.party) 5 | sysctl -w net.ipv4.tcp_timestamps=0 > /dev/null 2>&1 & 6 | if [ "$IPV6ENABLE" != "1" ]; then 7 | resetprop net.ipv6.conf.default.accept_redirects 0 > /dev/null 2>&1 & 8 | resetprop net.ipv6.conf.all.accept_redirects 0 > /dev/null 2>&1 & 9 | resetprop net.ipv6.conf.default.disable_ipv6 1 > /dev/null 2>&1 & 10 | resetprop net.ipv6.conf.all.disable_ipv6 1 > /dev/null 2>&1 & 11 | fi 12 | if [ "$NETWORKTWEAKS" = "1" ]; then 13 | # BPF JIT 14 | sysctl -w net.core.bpf_jit_enable=1 > /dev/null 2>&1 & 15 | sysctl -w net.core.bpf_harden=0 > /dev/null 2>&1 & 16 | sysctl -w net.core.bpf_kallsyms=1 > /dev/null 2>&1 & 17 | sysctl -w net.core.bpf_limit=33554432 > /dev/null 2>&1 & 18 | # Busy polling 19 | sysctl -w net.core.busy_poll=0 > /dev/null 2>&1 & 20 | sysctl -w net.core.busy_read=0 > /dev/null 2>&1 & 21 | # Default queue discipline 22 | sysctl -w net.core.default_qdisc=pfifo_fast > /dev/null 2>&1 & 23 | # Network packet processing weight 24 | sysctl -w net.core.dev_weight=64 > /dev/null 2>&1 & 25 | sysctl -w net.core.dev_weight_rx_bias=1 > /dev/null 2>&1 & 26 | sysctl -w net.core.dev_weight_tx_bias=1 > /dev/null 2>&1 & 27 | # Flow control limits 28 | sysctl -w net.core.flow_limit_cpu_bitmap=00 > /dev/null 2>&1 & 29 | sysctl -w net.core.flow_limit_table_len=4096 > /dev/null 2>&1 & 30 | # Packet fragments 31 | sysctl -w net.core.max_skb_frags=17 > /dev/null 2>&1 & 32 | # Messaging 33 | sysctl -w net.core.message_burst=10 > /dev/null 2>&1 & 34 | sysctl -w net.core.message_cost=5 > /dev/null 2>&1 & 35 | # Netdev backlog 36 | sysctl -w net.core.netdev_max_backlog=28000000 > /dev/null 2>&1 & 37 | sysctl -w net.core.netdev_budget=1000 > /dev/null 2>&1 & 38 | sysctl -w net.core.netdev_budget_usecs=16000 > /dev/null 2>&1 & 39 | # Socket memory 40 | sysctl -w net.core.optmem_max=65536 > /dev/null 2>&1 & 41 | # Read/write buffers 42 | sysctl -w net.core.rmem_default=229376 > /dev/null 2>&1 & 43 | sysctl -w net.core.rmem_max=67108864 > /dev/null 2>&1 & 44 | sysctl -w net.core.wmem_default=229376 > /dev/null 2>&1 & 45 | sysctl -w net.core.wmem_max=67108864 > /dev/null 2>&1 & 46 | # Connection queue 47 | sysctl -w net.core.somaxconn=1024 > /dev/null 2>&1 & 48 | # Timestamps and XFRM 49 | sysctl -w net.core.tstamp_allow_data=1 > /dev/null 2>&1 & 50 | sysctl -w net.core.xfrm_acq_expires=3600 > /dev/null 2>&1 & 51 | sysctl -w net.core.xfrm_aevent_etime=10 > /dev/null 2>&1 & 52 | sysctl -w net.core.xfrm_aevent_rseqth=2 > /dev/null 2>&1 & 53 | sysctl -w net.core.xfrm_larval_drop=1 > /dev/null 2>&1 & 54 | fi 55 | boot_wait() { 56 | while [ -z "$(getprop sys.boot_completed)" ]; do sleep 2; done 57 | } 58 | boot_wait 59 | sleep 2 60 | . "$MODPATH/zapret-main.sh" 61 | -------------------------------------------------------------------------------- /module/strategy/flowseal-alt6-old.sh: -------------------------------------------------------------------------------- 1 | # Zapret Configuration 2 | # <-- --> 3 | 4 | config="--filter-tcp=80 --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist=$MODPATH/list/custom.txt --hostlist-exclude=$MODPATH/list/exclude.txt --ipset=$MODPATH/ipset/custom.txt --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=fake,fakedsplit --dpi-desync-fooling=md5sig,badseq --dpi-desync-autottl --new" 5 | config="$config --filter-tcp=443 --hostlist=$MODPATH/list/custom.txt --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist-exclude=$MODPATH/list/exclude.txt --dpi-desync=multisplit --dpi-desync-repeats=2 --dpi-desync-split-seqovl=681 --dpi-desync-split-pos=1 --dpi-desync-fooling=badseq,hopbyhop2 --dpi-desync-split-seqovl-pattern=$MODPATH/fake/tls_clienthello_www_google_com.bin --new" 6 | config="$config --filter-udp=80,443 --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist=$MODPATH/list/custom.txt --hostlist-exclude=$MODPATH/list/exclude.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=$MODPATH/fake/quic_initial_www_google_com.bin --new" 7 | 8 | config="$config --filter-tcp=443 --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset=$MODPATH/ipset/custom.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=multisplit --dpi-desync-repeats=2 --dpi-desync-split-seqovl=226 --dpi-desync-split-seqovl-pattern=$MODPATH/fake/tls_clienthello_18.bin --dup=2 --dup-cutoff=n3 --new" 9 | config="$config --filter-udp=443 --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset=$MODPATH/ipset/custom.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=$MODPATH/fake/quic_for_tls_clienthello_18.bin --new" 10 | 11 | if [ "$(cat "$MODPATH/config/bypass-calls" 2>/dev/null || echo 0)" = "1" ]; then 12 | config="$config --filter-udp=50000-65535 --filter-l7=discord --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-cutoff=n2 --new" 13 | config="$config --filter-l3=ipv4 --filter-udp=1400,50000-65535 --filter-l7=stun,unknown --dpi-desync=fake --dpi-desync-autottl --dup=2 --dup-autottl --dup-cutoff=n3 --new" 14 | config="$config --filter-l3=ipv6 --filter-udp=1400,50000-65535 --filter-l7=stun,unknown --dpi-desync=fake --dpi-desync-autottl6 --dup=2 --dup-autottl6 --dup-cutoff=n3" 15 | fi 16 | -------------------------------------------------------------------------------- /module/strategy/z-o-doublehttps.sh: -------------------------------------------------------------------------------- 1 | # Zapret Configuration 2 | # <-- --> 3 | 4 | config="--filter-tcp=80 --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist=$MODPATH/list/custom.txt --hostlist-exclude=$MODPATH/list/exclude.txt --ipset=$MODPATH/ipset/custom.txt --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=fake,fakedsplit --dpi-desync-fooling=md5sig,badseq --dpi-desync-autottl --new" 5 | config="$config --filter-tcp=443 --hostlist=$MODPATH/list/custom.txt --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist-exclude=$MODPATH/list/exclude.txt --dpi-desync=split2 --dpi-desync-split-seqovl=681 --dpi-desync-split-seqovl-pattern=$MODPATH/fake/tls_clienthello_www_google_com.bin --new" 6 | config="$config --filter-tcp=443 --hostlist=$MODPATH/list/custom.txt --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist-exclude=$MODPATH/list/exclude.txt --dpi-desync=fake,multisplit --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fooling=badseq --dpi-desync-fake-tls=$MODPATH/fake/tls_clienthello_www_google_com.bin --new" 7 | config="$config --filter-udp=80,443 --hostlist=$MODPATH/list/default.txt --hostlist=$MODPATH/list/reestr.txt --hostlist=$MODPATH/list/custom.txt --hostlist-exclude=$MODPATH/list/exclude.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=$MODPATH/fake/quic_initial_www_google_com.bin --new" 8 | 9 | config="$config --filter-tcp=443 --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset=$MODPATH/ipset/custom.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=multisplit --dpi-desync-repeats=2 --dpi-desync-split-seqovl=226 --dpi-desync-split-seqovl-pattern=$MODPATH/fake/tls_clienthello_18.bin --dup=2 --dup-cutoff=n3 --new" 10 | config="$config --filter-udp=443 --ipset=$MODPATH/ipset/ipset-v4.txt --ipset=$MODPATH/ipset/ipset-v6.txt --ipset=$MODPATH/ipset/custom.txt --ipset-exclude=$MODPATH/ipset/exclude.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=$MODPATH/fake/quic_for_tls_clienthello_18.bin --new" 11 | 12 | if [ "$(cat "$MODPATH/config/bypass-calls" 2>/dev/null || echo 0)" = "1" ]; then 13 | config="$config --filter-udp=50000-65535 --filter-l7=discord --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-cutoff=n2 --new" 14 | config="$config --filter-l3=ipv4 --filter-udp=1400,50000-65535 --filter-l7=stun,unknown --dpi-desync=fake --dpi-desync-autottl --dup=2 --dup-autottl --dup-cutoff=n3 --new" 15 | config="$config --filter-l3=ipv6 --filter-udp=1400,50000-65535 --filter-l7=stun,unknown --dpi-desync=fake --dpi-desync-autottl6 --dup=2 --dup-autottl6 --dup-cutoff=n3" 16 | fi 17 | -------------------------------------------------------------------------------- /module/system/app/VpnHotspot.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/system/app/VpnHotspot.apk -------------------------------------------------------------------------------- /module/system/bin/zapret: -------------------------------------------------------------------------------- 1 | MODPATH="/data/adb/modules/zapret" 2 | CURLPATH="$MODPATH/curl" 3 | CURRENTSTRATEGY=$(cat "$MODPATH/config/current-strategy" 2>/dev/null || echo "Unknown") 4 | DNSCRYPTENABLE=$(cat "$MODPATH/config/dnscrypt-enable" 2>/dev/null || echo "0") 5 | CLOAKINGUPDATE=$(cat "$MODPATH/config/dnscrypt-cloaking-rules-update" 2>/dev/null || echo "0") 6 | CLOAKINGRULESLINK=$(cat "$MODPATH/config/dnscrypt-cloaking-rules-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/cloaking-rules.txt") 7 | BLOCKEDUPDATE=$(cat "$MODPATH/config/dnscrypt-blocked-names-update" 2>/dev/null || echo "0") 8 | BLOCKEDNAMESLINK=$(cat "$MODPATH/config/dnscrypt-blocked-names-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/blocked-yandex.txt") 9 | UPDATEONSTART=$(cat "$MODPATH/config/update-on-start" 2>/dev/null || echo "1") 10 | CUSTOMLINKIPSETV4=$(cat "$MODPATH/config/ipset-v4-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v4.txt") 11 | CUSTOMLINKIPSETV6=$(cat "$MODPATH/config/ipset-v6-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v6.txt") 12 | CUSTOMLINKREESTR=$(cat "$MODPATH/config/reestr-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/reestr_filtered.txt") 13 | IPV6ENABLE=$(cat "$MODPATH/config/ipv6-enable" 2>/dev/null || echo "0") 14 | NETWORKTWEAKS=$(cat "$MODPATH/config/network-tweaks" 2>/dev/null || echo "0") 15 | BYPASSCALLS=$(cat "$MODPATH/config/bypass-calls" 2>/dev/null || echo "0") 16 | 17 | command_info() { 18 | echo "--- zapret Pocket ---" 19 | echo "! Current strategy: $CURRENTSTRATEGY" 20 | if [ "$UPDATEONSTART" = "1" ]; then 21 | echo "! Update on start enabled" 22 | else 23 | echo "! Update on start disabled" 24 | fi 25 | if [ "$CLOAKINGUPDATE" = "1" ]; then 26 | echo "! DNSCrypt cloaking rules auto-update enabled" 27 | else 28 | echo "! DNSCrypt cloaking rules auto-update disabled" 29 | fi 30 | if [ "$IPV6ENABLE" = "1" ]; then 31 | echo "! IPv6 enabled" 32 | else 33 | echo "! IPv6 disabled" 34 | fi 35 | if [ "$NETWORKTWEAKS" = "1" ]; then 36 | echo "! Network tweaks enabled" 37 | else 38 | echo "! Network tweaks disabled" 39 | fi 40 | if [ "$BYPASSCALLS" = "1" ]; then 41 | echo "! Bypass calls enabled" 42 | else 43 | echo "! Bypass calls disabled" 44 | fi 45 | echo "------ Available commands ------" 46 | echo " * Service control" 47 | echo " start - Start the zapret service" 48 | echo " stop - Stop the zapret service" 49 | echo " restart - Restart the zapret service" 50 | echo " toggle - Toggle the zapret service" 51 | echo " setup - Configure the zapret service" 52 | echo " * Hostlists, ipsets and other" 53 | echo " update - Update the module files" 54 | echo " search - Search the domain/ip/cidr" 55 | echo " custom - Add/remove custom list/ipset" 56 | echo " import-strategy - Import strategy from URL" 57 | echo " cloaking - Add/remove custom hosts" 58 | echo " exclude - Add/remove exclude list/ipset" 59 | return 0 60 | } 61 | 62 | start_service() { 63 | if pgrep -f "nfqws" >/dev/null 2>&1; then 64 | echo "! nfqws is already running" 65 | return 1 66 | else 67 | if [ -x "$MODPATH/service.sh" ]; then 68 | "$MODPATH/service.sh" >/dev/null 2>&1 69 | echo "- Service started" 70 | return 0 71 | else 72 | echo "! service.sh not found or not executable" 73 | return 1 74 | fi 75 | fi 76 | } 77 | 78 | stop_service() { 79 | if [ -x "$MODPATH/uninstall.sh" ]; then 80 | su -c "$MODPATH/uninstall.sh" >/dev/null 2>&1 && echo "- Service stopped" && return 0 81 | echo "! Failed to stop service" 82 | return 1 83 | else 84 | echo "! uninstall.sh not found or not executable" 85 | return 1 86 | fi 87 | } 88 | 89 | toggle_service() { 90 | . "$MODPATH/action.sh" && return 0 || return 1 91 | } 92 | 93 | restart_service() { 94 | stop_service && sleep 1 && start_service && return 0 95 | return 1 96 | } 97 | 98 | setup() { 99 | mkdir -p "$MODPATH/config" 100 | UPDATEONSTART="0" 101 | BYPASSCALLS="0" 102 | echo "! If the selection is anything other than \"Y\" or \"Yes\", it is considered a negative choice" 103 | 104 | echo -n "- Enable update on start? " 105 | read response 106 | case "$(echo "$response" | tr A-Z a-z)" in 107 | y|yes) echo "- Enabled"; UPDATEONSTART="1" ;; 108 | esac 109 | 110 | echo -n "- Enable IPv6? " 111 | read response 112 | case "$(echo "$response" | tr A-Z a-z)" in 113 | y|yes) 114 | echo "- Enabled" 115 | IPV6ENABLE="1" 116 | ;; 117 | esac 118 | 119 | echo -n "- Enable Network Tweaks? " 120 | read response 121 | case "$(echo "$response" | tr A-Z a-z)" in 122 | y|yes) echo "- Enabled"; NETWORKTWEAKS="1" ;; 123 | esac 124 | 125 | echo -n "- Enable bypass calls? " 126 | read response 127 | case "$(echo "$response" | tr A-Z a-z)" in 128 | y|yes) echo "- Enabled"; BYPASSCALLS="1" ;; 129 | esac 130 | 131 | if [ "$IPV6ENABLE" != "1" ]; then 132 | echo -n "- Enable DNSCrypt? " 133 | read response 134 | case "$(echo "$response" | tr A-Z a-z)" in 135 | y|yes) echo "- Enabled"; DNSCRYPTENABLE="1" ;; 136 | esac 137 | fi 138 | 139 | echo "- Available strategies:" 140 | find "$MODPATH/strategy" -type f -name "*.sh" 2>/dev/null | while IFS= read -r file; do 141 | strategy_name=$(basename "$file" .sh) 142 | echo " * $strategy_name" 143 | done 144 | 145 | echo -n "- Enter the strategy name: " 146 | read user_strategy 147 | if [ ! -f "$MODPATH/strategy/${user_strategy}.sh" ]; then 148 | echo "! Invalid or empty strategy, using current: $CURRENTSTRATEGY" 149 | user_strategy="$CURRENTSTRATEGY" 150 | else 151 | echo "- Strategy selected!" 152 | fi 153 | 154 | if [ "$UPDATEONSTART" = "1" ]; then 155 | echo -n "- Do you want to change source links for update zapret files? " 156 | read resp 157 | case "$(echo "$resp" | tr A-Z a-z)" in 158 | y|yes) 159 | echo -n "- Enter link to ipset-v4.txt (leave blank to keep current): " 160 | read new_ipset_v4 161 | if [ -n "$new_ipset_v4" ]; then 162 | CUSTOMLINKIPSETV4="$new_ipset_v4" 163 | echo "- Link updated" 164 | else 165 | echo "- Keeping old link: $CUSTOMLINKIPSETV4" 166 | fi 167 | 168 | echo -n "- Enter link to ipset-v6.txt (leave blank to keep current): " 169 | read new_ipset_v6 170 | if [ -n "$new_ipset_v6" ]; then 171 | CUSTOMLINKIPSETV6="$new_ipset_v6" 172 | echo "- Link updated" 173 | else 174 | echo "- Keeping old link: $CUSTOMLINKIPSETV6" 175 | fi 176 | 177 | echo -n "- Enter link to reestr.txt (leave blank to keep current): " 178 | read new_reestr 179 | if [ -n "$new_reestr" ]; then 180 | CUSTOMLINKREESTR="$new_reestr" 181 | echo "- Link updated" 182 | else 183 | echo "- Keeping old link: $CUSTOMLINKREESTR" 184 | fi 185 | ;; 186 | esac 187 | fi 188 | 189 | if [ "$IPV6ENABLE" != "1" ] && [ "$DNSCRYPTENABLE" = "1" ]; then 190 | echo -n "- Auto-update cloaking rules for DNSCrypt? " 191 | read resp 192 | case "$(echo "$resp" | tr A-Z a-z)" in 193 | y|yes) CLOAKINGUPDATE="1"; echo "- Enabled" ;; 194 | esac 195 | 196 | echo -n "- Auto-update blocked names for DNSCrypt? " 197 | read resp 198 | case "$(echo "$resp" | tr A-Z a-z)" in 199 | y|yes) BLOCKEDUPDATE="1"; echo "- Enabled" ;; 200 | esac 201 | 202 | echo -n "- Do you want to change source links for update DNSCrypt files? " 203 | read resp2 204 | case "$(echo "$resp2" | tr A-Z a-z)" in 205 | y|yes) 206 | echo -n "- Enter link to cloaking-rules.txt (leave blank to keep current): " 207 | read new_cloaking 208 | if [ -n "$new_cloaking" ]; then 209 | CLOAKINGRULESLINK="$new_cloaking" 210 | echo "- Link updated" 211 | else 212 | echo "- Keeping old link: $CLOAKINGRULESLINK" 213 | fi 214 | 215 | echo -n "- Enter link to blocking-names.txt (leave blank to keep current): " 216 | read new_blocking 217 | if [ -n "$new_blocking" ]; then 218 | BLOCKEDNAMESLINK="$new_blocking" 219 | echo "- Link updated" 220 | else 221 | echo "- Keeping old link: $BLOCKEDNAMESLINK" 222 | fi 223 | ;; 224 | esac 225 | fi 226 | 227 | echo "$DNSCRYPTENABLE" > "$MODPATH/config/dnscrypt-enable" 228 | echo "$user_strategy" > "$MODPATH/config/current-strategy" 229 | echo "$CLOAKINGUPDATE" > "$MODPATH/config/dnscrypt-cloaking-rules-update" 230 | echo "$CLOAKINGRULESLINK" > "$MODPATH/config/dnscrypt-cloaking-rules-link" 231 | echo "$BLOCKEDUPDATE" > "$MODPATH/config/dnscrypt-blocked-names-update" 232 | echo "$BLOCKEDNAMESLINK" > "$MODPATH/config/dnscrypt-blocked-names-link" 233 | echo "$UPDATEONSTART" > "$MODPATH/config/update-on-start" 234 | echo "$CUSTOMLINKIPSETV4" > "$MODPATH/config/ipset-v4-link" 235 | echo "$CUSTOMLINKIPSETV6" > "$MODPATH/config/ipset-v6-link" 236 | echo "$CUSTOMLINKREESTR" > "$MODPATH/config/reestr-link" 237 | echo "$IPV6ENABLE" > "$MODPATH/config/ipv6-enable" 238 | echo "$NETWORKTWEAKS" > "$MODPATH/config/network-tweaks" 239 | echo "$BYPASSCALLS" > "$MODPATH/config/bypass-calls" 240 | 241 | echo "- Done! Changes will apply on next start" 242 | return 0 243 | } 244 | 245 | update() { 246 | . "$MODPATH/update.sh" && return 0 || return 1 247 | } 248 | 249 | search() { 250 | query="$1" 251 | if [ -z "$query" ]; then 252 | echo "! No query provided" 253 | return 1 254 | fi 255 | 256 | SEARCH_DIRS="$MODPATH/list $MODPATH/ipset" 257 | total_matches=0 258 | file_matches=0 259 | 260 | for dir in $SEARCH_DIRS; do 261 | [ -d "$dir" ] || continue 262 | for file in "$dir"/*.txt; do 263 | [ -f "$file" ] || continue 264 | matches=$(grep -iF "$query" "$file" 2>/dev/null) 265 | if [ -n "$matches" ]; then 266 | file_matches=$((file_matches + 1)) 267 | count=$(echo "$matches" | wc -l) 268 | total_matches=$((total_matches + count)) 269 | echo " * $(basename "$file") [$count match(es)]:" 270 | echo "$matches" | sort -u | sed 's/^/ /' 271 | fi 272 | done 273 | done 274 | 275 | if [ "$total_matches" -eq 0 ]; then 276 | echo "! Nothing found" 277 | return 1 278 | else 279 | echo "- Found $total_matches line(s) in $file_matches file(s)!" 280 | return 0 281 | fi 282 | } 283 | 284 | import_strategy() { 285 | url="$1" 286 | [ -n "$url" ] || { echo "! No URL provided"; return 1; } 287 | 288 | mkdir -p "$MODPATH/strategy" 289 | 290 | filename="${url%%\?*}" 291 | filename="${filename##*/}" 292 | [ "${filename##*.}" = "sh" ] || filename="downloaded-$(date +%Y%m%d%H%M%S).sh" 293 | 294 | if "$CURLPATH" -fsSL -o "$MODPATH/strategy/$filename" "$url"; then 295 | chmod +x "$MODPATH/strategy/$filename" 296 | echo "- Saved as $filename" 297 | else 298 | echo "! Download failed" 299 | return 1 300 | fi 301 | } 302 | 303 | custom() { 304 | entry="$1" 305 | [ -z "$entry" ] && echo "! No domain/IP/CIDR provided" && return 1 306 | 307 | LIST_CUSTOM="$MODPATH/list/custom.txt" 308 | IPSET_CUSTOM="$MODPATH/ipset/custom.txt" 309 | 310 | mkdir -p "$(dirname "$LIST_CUSTOM")" "$(dirname "$IPSET_CUSTOM")" 311 | touch "$LIST_CUSTOM" "$IPSET_CUSTOM" 312 | 313 | if grep -Fxq "$entry" "$LIST_CUSTOM" 2>/dev/null || grep -Fxq "$entry" "$IPSET_CUSTOM" 2>/dev/null; then 314 | for file in "$LIST_CUSTOM" "$IPSET_CUSTOM"; do 315 | [ -f "$file" ] || continue 316 | if grep -Fxq "$entry" "$file" 2>/dev/null; then 317 | grep -Fvx "$entry" "$file" > "$file.tmp" && mv "$file.tmp" "$file" 318 | fi 319 | done 320 | echo "- Removed" 321 | return 0 322 | fi 323 | 324 | if find "$MODPATH/list" "$MODPATH/ipset" -type f -name "*.txt" ! -name "custom.txt" 2>/dev/null | xargs grep -Fq "$entry" 2>/dev/null; then 325 | echo "! Already added in other lists, aborted" 326 | return 1 327 | fi 328 | 329 | if echo "$entry" | grep -q "/"; then 330 | printf '%s\n' "$entry" >> "$IPSET_CUSTOM" 331 | else 332 | printf '%s\n' "$entry" >> "$LIST_CUSTOM" 333 | fi 334 | 335 | echo "- Added" 336 | return 0 337 | } 338 | 339 | exclude() { 340 | entry="$1" 341 | [ -z "$entry" ] && echo "! No domain/IP/CIDR provided" && return 1 342 | 343 | LIST_EXCLUDE="$MODPATH/list/exclude.txt" 344 | IPSET_EXCLUDE="$MODPATH/ipset/exclude.txt" 345 | 346 | mkdir -p "$(dirname "$LIST_EXCLUDE")" "$(dirname "$IPSET_EXCLUDE")" 347 | touch "$LIST_EXCLUDE" "$IPSET_EXCLUDE" 348 | 349 | if grep -Fxq "$entry" "$LIST_EXCLUDE" 2>/dev/null || grep -Fxq "$entry" "$IPSET_EXCLUDE" 2>/dev/null; then 350 | for file in "$LIST_EXCLUDE" "$IPSET_EXCLUDE"; do 351 | [ -f "$file" ] || continue 352 | if grep -Fxq "$entry" "$file" 2>/dev/null; then 353 | grep -Fvx "$entry" "$file" > "$file.tmp" && mv "$file.tmp" "$file" 354 | fi 355 | done 356 | echo "- Removed" 357 | return 0 358 | fi 359 | 360 | if echo "$entry" | grep -q "/"; then 361 | printf '%s\n' "$entry" >> "$IPSET_EXCLUDE" 362 | else 363 | printf '%s\n' "$entry" >> "$LIST_EXCLUDE" 364 | fi 365 | 366 | echo "- Added" 367 | return 0 368 | } 369 | 370 | cloaking() { 371 | val1="$1" 372 | val2="$2" 373 | 374 | CLOAKING_FILE="$MODPATH/dnscrypt/custom-cloaking-rules.txt" 375 | GLOBAL_CLOAKING_FILE="$MODPATH/dnscrypt/cloaking-rules.txt" 376 | 377 | if [ -z "$val1" ]; then 378 | echo "! Usage: cloaking [replacement]" 379 | return 1 380 | fi 381 | 382 | mkdir -p "$(dirname "$CLOAKING_FILE")" 383 | touch "$CLOAKING_FILE" 384 | 385 | if [ -z "$val2" ]; then 386 | if grep -E -q "^($val1|\S+\.$val1)\s+" "$CLOAKING_FILE"; then 387 | sed -i -E "\|^($val1|\S+\.$val1)\s+.*$|d" "$CLOAKING_FILE" 388 | echo "- Removed" 389 | else 390 | echo "! Nothing to remove" 391 | fi 392 | return 0 393 | fi 394 | 395 | line="$val1 $val2" 396 | 397 | if grep -Fxq "$line" "$CLOAKING_FILE"; then 398 | grep -Fxv "$line" "$CLOAKING_FILE" > "$CLOAKING_FILE.tmp" && mv "$CLOAKING_FILE.tmp" "$CLOAKING_FILE" 399 | echo "- Removed" 400 | return 0 401 | fi 402 | 403 | if grep -Eq "^$val1\s+" "$CLOAKING_FILE" || grep -Eq "^\S+\.$val1\s+" "$CLOAKING_FILE"; then 404 | echo "! Already added" 405 | return 1 406 | fi 407 | if [ -f "$GLOBAL_CLOAKING_FILE" ]; then 408 | if grep -Eq "^$val1\s+" "$GLOBAL_CLOAKING_FILE" || grep -Eq "^\S+\.$val1\s+" "$GLOBAL_CLOAKING_FILE"; then 409 | echo "! Domain or subdomain already exists. Aborted" 410 | return 1 411 | fi 412 | fi 413 | 414 | printf '%s\n' "$line" >> "$CLOAKING_FILE" 415 | echo "- Added" 416 | return 0 417 | } 418 | 419 | unknown_command() { 420 | echo "! Unknown command: $1" 421 | return 1 422 | } 423 | 424 | case "$1" in 425 | ""|help|-help|--help|h|--h|-h) command_info ;; 426 | start) start_service ;; 427 | stop) stop_service ;; 428 | toggle) toggle_service ;; 429 | restart) restart_service ;; 430 | setup) setup ;; 431 | update) update ;; 432 | search) search "$2" ;; 433 | custom) custom "$2" ;; 434 | import-strategy) import_strategy "$2" ;; 435 | exclude) exclude "$2" ;; 436 | cloaking) cloaking "$2" "$3" ;; 437 | *) unknown_command "$1" ;; 438 | esac 439 | -------------------------------------------------------------------------------- /module/uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | MODPATH="/data/adb/modules/zapret" 3 | SELF="$$" 4 | PARENT="$PPID" 5 | SCRIPT_PATH="$(readlink -f "$0" 2>/dev/null || realpath "$0" 2>/dev/null || echo "$0")" 6 | PIDS_FROM_DIR="$(pgrep -f "$MODPATH" 2>/dev/null || true)" 7 | for pid in $PIDS_FROM_DIR; do 8 | [ "$pid" = "$SELF" ] && continue 9 | [ "$pid" = "$PARENT" ] && continue 10 | if [ -r "/proc/$pid/cmdline" ] && \ 11 | tr '\0' ' ' < "/proc/$pid/cmdline" 2>/dev/null | grep -qF "$SCRIPT_PATH"; then 12 | continue 13 | fi 14 | if [ -d "/proc/$pid" ]; then 15 | renice -n 0 -p "$pid" 2>/dev/null 16 | if [ -w "/proc/$pid/oom_score_adj" ]; then 17 | echo 0 > "/proc/$pid/oom_score_adj" 18 | elif [ -w "/proc/$pid/oom_adj" ]; then 19 | echo 0 > "/proc/$pid/oom_adj" 20 | fi 21 | kill -9 "$pid" 2>/dev/null 22 | while [ -d "/proc/$pid" ]; do 23 | sleep 0.2 24 | done 25 | echo "- Killed process, ID: $pid" 26 | fi 27 | done 28 | for iface in all default lo; do 29 | resetprop net.ipv6.conf.$iface.disable_ipv6 0 > /dev/null 2>&1 & 30 | resetprop net.ipv6.conf.$iface.accept_redirects 1 > /dev/null 2>&1 & 31 | done 32 | sysctl net.netfilter.nf_conntrack_tcp_be_liberal=0 > /dev/null 2>&1 & 33 | sysctl net.netfilter.nf_conntrack_checksum=1 > /dev/null 2>&1 & 34 | echo 0 > /proc/sys/net/ipv4/conf/all/route_localnet 35 | for chain in PREROUTING OUTPUT FORWARD; do 36 | for proto in udp tcp; do 37 | if iptables -t nat -C $chain -p $proto --dport 53 -j DNAT --to-destination 127.0.0.1:5253 2>/dev/null; then 38 | iptables -t nat -D $chain -p $proto --dport 53 -j DNAT --to-destination 127.0.0.1:5253 39 | fi 40 | if ip6tables -t nat -C $chain -p $proto --dport 53 -j REDIRECT --to-ports 5253 2>/dev/null; then 41 | ip6tables -t nat -D $chain -p $proto --dport 53 -j REDIRECT --to-ports 5253 42 | fi 43 | done 44 | done 45 | for chain in OUTPUT FORWARD; do 46 | for proto in udp tcp; do 47 | if iptables -t filter -C $chain -p $proto --dport 853 -j DROP 2>/dev/null; then 48 | iptables -t filter -D $chain -p $proto --dport 853 -j DROP 49 | fi 50 | if ip6tables -t filter -C $chain -p $proto --dport 853 -j DROP 2>/dev/null; then 51 | ip6tables -t filter -D $chain -p $proto --dport 853 -j DROP 52 | fi 53 | done 54 | done 55 | for ipt in iptables ip6tables; do 56 | for chain in PREROUTING POSTROUTING; do 57 | if $ipt -t mangle -C $chain -j NFQUEUE --queue-num 200 --queue-bypass 2>/dev/null; then 58 | $ipt -t mangle -D $chain -j NFQUEUE --queue-num 200 --queue-bypass 59 | fi 60 | done 61 | done 62 | . "$MODPATH/dnscrypt/custom-cloaking-rules.sh" disappend > /dev/null 2>&1 63 | -------------------------------------------------------------------------------- /module/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set +e 3 | 4 | MODPATH="/data/adb/modules/zapret" 5 | if [ ! -x "$MODPATH/curl" ]; then 6 | echo "curl command not found: $MODPATH/curl" >&2 7 | exit 1 8 | fi 9 | DNSCRYPTLISTSDIR="$MODPATH/dnscrypt" 10 | ZAPRETLISTSDIR="$MODPATH/list" 11 | ZAPRETIPSETSDIR="$MODPATH/ipset" 12 | IPV6ENABLE=$(cat "$MODPATH/config/ipv6-enable" 2>/dev/null || echo "0") 13 | CLOAKINGUPDATE=$(cat "$MODPATH/config/dnscrypt-cloaking-rules-update" 2>/dev/null || echo "0") 14 | BLOCKEDUPDATE=$(cat "$MODPATH/config/dnscrypt-blocked-names-update" 2>/dev/null || echo "0") 15 | DNSCRYPTFILES_cloaking_rules=$(cat "$MODPATH/config/dnscrypt-cloaking-rules-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/cloaking-rules.txt") 16 | DNSCRYPTFILES_blocked_names=$(cat "$MODPATH/config/dnscrypt-blocked-names-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/dnscrypt-proxy-stuff/refs/heads/main/blocked-yandex.txt") 17 | CUSTOMLINKIPSETV4=$(cat "$MODPATH/config/ipset-v4-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v4.txt") 18 | CUSTOMLINKIPSETV6=$(cat "$MODPATH/config/ipset-v6-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/ipset-v6.txt") 19 | CUSTOMLINKREESTR=$(cat "$MODPATH/config/reestr-link" 2>/dev/null || echo "https://raw.githubusercontent.com/sevcator/zapret-lists/refs/heads/main/reestr_filtered.txt") 20 | 21 | PREDEFINED_LIST_FILES="reestr.txt default.txt google.txt" 22 | PREDEFINED_IPSET_FILES="ipset-v4.txt ipset-v6.txt" 23 | ZAPRETLISTSDEFAULTLINK="https://raw.githubusercontent.com/sevcator/zapret-pocket/refs/heads/main/module/list/" 24 | ZAPRETIPSETSDEFAULTLINK="https://raw.githubusercontent.com/sevcator/zapret-pocket/refs/heads/main/module/ipset/" 25 | IGNORE_FILES="custom.txt exclude.txt" 26 | get_overwrite_url() { 27 | file="$1" 28 | case "$file" in 29 | "reestr.txt") echo "$CUSTOMLINKREESTR" ;; 30 | "ipset-v4.txt") echo "$CUSTOMLINKIPSETV4" ;; 31 | "ipset-v6.txt") echo "$CUSTOMLINKIPSETV6" ;; 32 | *) echo "" ;; 33 | esac 34 | } 35 | 36 | update_file() { 37 | file="$1" 38 | url="$2" 39 | name=$(basename "$file") 40 | 41 | tmp_file="${file}.tmp" 42 | for _ in 1 2 3 4 5; do 43 | if "$MODPATH/curl" -fsSL -o "$tmp_file" "$url" >/dev/null 2>&1; then 44 | if [ ! -f "$file" ] || ! cmp -s "$tmp_file" "$file"; then 45 | mv "$tmp_file" "$file" 46 | echo "[ $name ] Downloaded" 47 | else 48 | rm -f "$tmp_file" 49 | echo "[ $name ] Unchanged" 50 | fi 51 | return 52 | fi 53 | done 54 | rm -f "$tmp_file" 55 | echo "[ $name ] Failed" 56 | } 57 | 58 | update_dir() { 59 | dir="$1" 60 | base_url="$2" 61 | predefined_files="$3" 62 | 63 | mkdir -p "$dir" 64 | updated_files="" 65 | 66 | for file_path in "$dir"/*; do 67 | [ -f "$file_path" ] || continue 68 | file_name=$(basename "$file_path") 69 | 70 | case " $IGNORE_FILES " in 71 | *" $file_name "*) continue ;; 72 | esac 73 | case " $updated_files " in 74 | *" $file_name "*) continue ;; 75 | esac 76 | 77 | if [ "$dir" = "$ZAPRETIPSETSDIR" ]; then 78 | url=$(get_overwrite_url "$file_name") 79 | url="${url:-${base_url}${file_name}}" 80 | else 81 | url="${base_url}${file_name}" 82 | fi 83 | 84 | update_file "$file_path" "$url" 85 | updated_files="$updated_files $file_name" 86 | done 87 | 88 | for file_name in $predefined_files; do 89 | case " $IGNORE_FILES " in 90 | *" $file_name "*) continue ;; 91 | esac 92 | case " $updated_files " in 93 | *" $file_name "*) continue ;; 94 | esac 95 | 96 | file_path="$dir/$file_name" 97 | if [ "$dir" = "$ZAPRETIPSETSDIR" ]; then 98 | url=$(get_overwrite_url "$file_name") 99 | url="${url:-${base_url}${file_name}}" 100 | else 101 | url="${base_url}${file_name}" 102 | fi 103 | 104 | update_file "$file_path" "$url" 105 | updated_files="$updated_files $file_name" 106 | done 107 | } 108 | 109 | if [ "$IPV6ENABLE" != "1" ]; then 110 | . "$MODPATH/dnscrypt/custom-cloaking-rules.sh" disappend > /dev/null 2>&1 & 111 | sleep 2 112 | fi 113 | 114 | update_dir "$ZAPRETLISTSDIR" "$ZAPRETLISTSDEFAULTLINK" "$PREDEFINED_LIST_FILES" 115 | update_dir "$ZAPRETIPSETSDIR" "$ZAPRETIPSETSDEFAULTLINK" "$PREDEFINED_IPSET_FILES" 116 | 117 | [ "$IPV6ENABLE" != "1" ] && [ "$CLOAKINGUPDATE" = "1" ] && update_file "$DNSCRYPTLISTSDIR/cloaking-rules.txt" "$DNSCRYPTFILES_cloaking_rules" 118 | [ "$IPV6ENABLE" != "1" ] && [ "$BLOCKEDUPDATE" = "1" ] && update_file "$DNSCRYPTLISTSDIR/blocked-names.txt" "$DNSCRYPTFILES_blocked_names" 119 | 120 | if [ "$IPV6ENABLE" != "1" ]; then 121 | . "$MODPATH/dnscrypt/custom-cloaking-rules.sh" append > /dev/null 2>&1 & 122 | sleep 2 123 | fi 124 | -------------------------------------------------------------------------------- /module/webroot/fumo.mp3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/webroot/fumo.mp3 -------------------------------------------------------------------------------- /module/webroot/fumo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sevcator/zapret-pocket/851b0244f37b3d13d08d4fa8d90d0eb250708c69/module/webroot/fumo.png -------------------------------------------------------------------------------- /module/webroot/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | zapret 7 | 705 | 706 | 707 | 711 | 721 | 722 |
723 |
724 |
725 |

zapret

726 |
727 | 728 | v... 729 | 730 |
731 |
732 |
733 |
734 |

Статус

735 |
736 |
737 | 738 | zapret 739 | 740 |
741 | 742 | 743 | 744 | Loading... 745 | 746 |
747 |
748 |
749 | 750 | DNSCrypt Proxy 751 | 752 |
753 | 754 | 755 | 756 | Loading... 757 | 758 |
759 |
760 |
761 |
762 |
763 |

Управление

764 |
765 | 774 |
775 |
776 |
777 |

778 | zapret Pocket by 779 | 780 | sevcator 781 | 782 |
783 | WebUI for module by 784 | 785 | @nigga2011 786 | 787 |

788 |
789 |
790 |
791 |
792 |
793 |

Редактор списков

794 |
795 |
796 |
797 |
798 | 799 | 800 | 801 | 802 | 803 |
804 |
805 |
806 | 807 |
808 | 809 | Строк: 0 810 | 811 | 817 | 818 |
819 |
820 |
821 | 822 |
823 | 824 | Строк: 0 825 | 826 | 832 | 833 |
834 |
835 |
836 | 837 |
838 | 839 | Строк: 0 840 | 841 | 847 | 848 |
849 |
850 |
851 | 852 |
853 | 854 | Строк: 0 855 | 856 | 862 | 863 |
864 |
865 |
866 | 867 |
868 | 869 | Строк: 0 870 | 871 | 877 | 878 |
879 |
880 |
881 |
882 |
883 |
884 |
885 |
886 |

Настройки

887 |
888 |
889 |
890 |

Параметры модуля

891 |
892 |
893 | 894 |
895 |
896 | 897 | 898 |
899 |
900 | 901 | 906 |
907 |
908 | 909 | 914 |
915 |
916 | 917 | 922 |
923 |
924 | 925 | 930 |
931 |
932 | 933 | 938 |
939 |
940 | 941 | 946 |
947 |
948 | 949 | 954 |
955 |
956 | 957 | 962 |
963 |
964 |

Свои ссылки

965 |
966 |
967 | 968 | 969 |
970 |
971 | 972 | 973 |
974 |
975 | 976 | 977 |
978 |
979 | 980 | 981 |
982 |
983 | 984 | 985 |
986 |
987 |

После изменения настроек не забудьте перезапустить службу.

988 |
989 |
990 |

Интерфейс

991 |
992 |
993 | 994 | 999 |
1000 |
1001 | 1002 | 1006 |
1007 |
1008 |
1009 |
1010 |
1011 |
1012 |
1013 |

Логи

1014 |
1015 |
1016 |
1017 |
1018 |

zapret

1019 | 1025 |
1026 |
1027 |
1028 | Загрузка... 1029 |
1030 |
1031 |
1032 |
1033 |
1034 |

DNSCrypt Proxy

1035 | 1041 |
1042 |
1043 |
1044 | Загрузка... 1045 |
1046 |
1047 |
1048 |
1049 |
1050 |
1051 |
1052 | 1061 | 1070 | 1079 | 1088 |
1089 | 1778 | 1779 | 1780 | -------------------------------------------------------------------------------- /module/zapret-main.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | MODPATH="/data/adb/modules/zapret" 3 | UPDATEONSTART=$(cat "$MODPATH/config/update-on-start" 2>/dev/null || echo "1") 4 | IPV6ENABLE=$(cat "$MODPATH/config/ipv6-enable" 2>/dev/null || echo "0") 5 | touch "$MODPATH/dnscrypt/cloaking-rules.txt" 6 | touch "$MODPATH/dnscrypt/custom-cloaking-rules.txt" 7 | touch "$MODPATH/dnscrypt/blocked-names.txt" 8 | touch "$MODPATH/dnscrypt/blocked-ips.txt" 9 | touch "$MODPATH/ipset/custom.txt" 10 | touch "$MODPATH/ipset/exclude.txt" 11 | touch "$MODPATH/ipset/ipset-v4.txt" 12 | touch "$MODPATH/ipset/ipset-v6.txt" 13 | touch "$MODPATH/list/custom.txt" 14 | touch "$MODPATH/list/default.txt" 15 | touch "$MODPATH/list/exclude.txt" 16 | touch "$MODPATH/list/providers.txt" 17 | touch "$MODPATH/list/google.txt" 18 | touch "$MODPATH/list/reestr.txt" 19 | if [ "$UPDATEONSTART" = "1" ]; then 20 | . "$MODPATH/update.sh" > /dev/null 2>&1 21 | sleep 2 22 | fi 23 | if [ "$IPV6ENABLE" != "1" ] && [ "$(cat "$MODPATH/config/dnscrypt-enable" 2>/dev/null)" = "1" ]; then 24 | nohup sh "$MODPATH/dnscrypt/dnscrypt.sh" > /dev/null 2>&1 & 25 | fi 26 | nohup sh "$MODPATH/zapret/zapret.sh" > /dev/null 2>&1 & 27 | 28 | -------------------------------------------------------------------------------- /module/zapret/make-unkillable.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | sleep 9 3 | SCRIPT_PIDS=$(pgrep -f "zapret.sh") 4 | NFQWS_PIDS=$(pgrep nfqws) 5 | ALL_PIDS="$SCRIPT_PIDS $NFQWS_PIDS" 6 | if [ -z "$ALL_PIDS" ]; then 7 | exit 8 | fi 9 | for pid in $ALL_PIDS; do 10 | if [ -d "/proc/$pid" ]; then 11 | renice -n -20 -p "$pid" 2>/dev/null 12 | if [ -w "/proc/$pid/oom_score_adj" ]; then 13 | echo -1000 > "/proc/$pid/oom_score_adj" 14 | elif [ -w "/proc/$pid/oom_adj" ]; then 15 | echo -17 > "/proc/$pid/oom_adj" 16 | fi 17 | fi 18 | done -------------------------------------------------------------------------------- /module/zapret/nfqws.sh: -------------------------------------------------------------------------------- 1 | MODPATH="/data/adb/modules/zapret" 2 | while true; do 3 | if ! pgrep -x "nfqws" > /dev/null; then 4 | . "$MODPATH/zapret/make-unkillable.sh" & 5 | "$MODPATH/zapret/nfqws" --uid=0:0 --bind-fix4 --bind-fix6 --qnum=200 $config > "$MODPATH/zapret/latest.log" 6 | fi 7 | sleep 5 8 | done 9 | -------------------------------------------------------------------------------- /module/zapret/zapret.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | 3 | MODPATH="/data/adb/modules/zapret" 4 | CURRENTSTRATEGY=$(cat "$MODPATH/config/current-strategy") 5 | . "$MODPATH/strategy/$CURRENTSTRATEGY.sh" 6 | sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 > /dev/null 2>&1 & 7 | if echo "$config" | grep -q 'badsum'; then 8 | sysctl net.netfilter.nf_conntrack_checksum=0 > /dev/null 2>&1 & 9 | fi 10 | . "$MODPATH/zapret/nfqws.sh" & 11 | tcp_ports="$(echo $config | grep -oE 'filter-tcp=[0-9,-]+' | sed -e 's/.*=//g' -e 's/,/\n/g' -e 's/ /,/g' | sort -un)"; 12 | udp_ports="$(echo $config | grep -oE 'filter-udp=[0-9,-]+' | sed -e 's/.*=//g' -e 's/,/\n/g' -e 's/ /,/g' | sort -un)"; 13 | iptAdd() { 14 | iptDPort="$iMportD $2"; iptSPort="$iMportS $2"; 15 | iptables -t mangle -I POSTROUTING -p $1 $iptDPort $iCBo $iMark -j NFQUEUE --queue-num 200 --queue-bypass 16 | iptables -t mangle -I PREROUTING -p $1 $iptSPort $iCBr $iMark -j NFQUEUE --queue-num 200 --queue-bypass 17 | } 18 | ip6tAdd() { 19 | ip6tDPort="$i6MportD $2"; ip6tSPort="$i6MportS $2"; 20 | ip6tables -t mangle -I POSTROUTING -p $1 $ip6tDPort $i6CBo $i6Mark -j NFQUEUE --queue-num 200 --queue-bypass 21 | ip6tables -t mangle -I PREROUTING -p $1 $ip6tSPort $i6CBr $i6Mark -j NFQUEUE --queue-num 200 --queue-bypass 22 | } 23 | addMultiPort() { 24 | for current_port in $2; do 25 | case "$current_port" in 26 | *-*) 27 | for i in $(seq "${current_port%-*}" "${current_port#*-}"); do 28 | iptAdd "$1" "$i" 29 | ip6tAdd "$1" "$i" 30 | done 31 | ;; 32 | *) 33 | iptAdd "$1" "$current_port" 34 | ip6tAdd "$1" "$current_port" 35 | ;; 36 | esac 37 | done 38 | } 39 | if [ "$(cat /proc/net/ip_tables_targets | grep -c 'NFQUEUE')" == "0" ]; then 40 | echo "iptables is bad!" 41 | exit 42 | fi 43 | if [ "$(cat /proc/net/ip6_tables_targets | grep -c 'NFQUEUE')" == "0" ]; then 44 | echo "ip6tables is bad!" 45 | exit 46 | fi 47 | if [ "$(cat /proc/net/ip_tables_matches | grep -c 'multiport')" != "0" ]; then 48 | iMportS="-m multiport --sports" 49 | iMportD="-m multiport --dports" 50 | else 51 | iMportS="--sport" 52 | iMportD="--dport" 53 | fi 54 | if [ "$(cat /proc/net/ip6_tables_matches | grep -c 'multiport')" != "0" ]; then 55 | i6MportS="-m multiport --sports" 56 | i6MportD="-m multiport --dports" 57 | else 58 | i6MportS="--sport" 59 | i6MportD="--dport" 60 | fi 61 | if iptables -t mangle -A POSTROUTING -p tcp -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -j ACCEPT 2>/dev/null; then 62 | iptables -t mangle -D POSTROUTING -p tcp -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -j ACCEPT 2>/dev/null 63 | 64 | cbOrig="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12" 65 | cbReply="-m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:6" 66 | else 67 | cbOrig="" 68 | cbReply="" 69 | fi 70 | if [ "$(cat /proc/net/ip_tables_matches | grep -c 'connbytes')" != "0" ]; then 71 | iCBo="$cbOrig" 72 | iCBr="$cbReply" 73 | else 74 | iCBo="" 75 | iCBr="" 76 | fi 77 | if [ "$(cat /proc/net/ip_tables_matches | grep -c 'mark')" != "0" ]; then 78 | iMark="-m mark ! --mark 0x40000000/0x40000000" 79 | else 80 | iMark="" 81 | fi 82 | if [ "$(cat /proc/net/ip6_tables_matches | grep -c 'mark')" != "0" ]; then 83 | i6Mark="-m mark ! --mark 0x40000000/0x40000000" 84 | else 85 | i6Mark="" 86 | fi 87 | addMultiPort "tcp" "$tcp_ports"; 88 | addMultiPort "udp" "$udp_ports"; 89 | -------------------------------------------------------------------------------- /update.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "21.0", 3 | "versionCode": "210", 4 | "zipUrl": "https://github.com/sevcator/zapret-pocket/releases/download/main/zapret-pocket.zip", 5 | "changelog": "https://raw.githubusercontent.com/sevcator/zapret-pocket/main/CHANGELOG.md" 6 | } 7 | --------------------------------------------------------------------------------