[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22369 [Metrics/Censorship analysis]: Increase of users in Ukraine due to block of Russia-based services
#22369: Increase of users in Ukraine due to block of Russia-based services
-----------------------------------------+------------------------------
Reporter: dcf | Owner: metrics-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Metrics/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: censorship block ua | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+------------------------------
Comment (by dcf):
cacahuatl wrote a deobfuscator and produced this output:
* attachment:blckd.json.decoded
Deobfuscator source code:
{{{
#!/usr/bin/env python3
import requests
hosts = ['updtbrwsr.com', 'updtapi.com', 'brwsrapi.com', 'mrbrwsr.com',
'savebrwsr.com', 'svbrwsr.com']
salt = 1234567890
for host in hosts:
r = requests.get('https://update.{}/blckd.json'.format(host))
j = b""
for c in r.text:
j += bytes([(ord(c) ^ salt) & 0xff])
print("%s" % j.decode('utf-8'))
}}}
The decoded file looks like this (abridged):
{{{
{
"records": [
{
"host": "vk.com",
"endpoint": "http://vk.com/ping.txt";,
"hash": "b5b607d573e6a901ef215db6b1247404c92bb9ce"
},
...
"mail.ru"
],
"defaults": {
"endpoint": "http://vk.com/ping.txt";,
"hash": "b5b607d573e6a901ef215db6b1247404c92bb9ce"
}
}
}}}
The list of `host`s in the lone `"mail.ru"` record contains these domains:
* vk.com
* vkontakte.ru
* vk.me
* vk.cc
* ok.ru
* odnoklassniki.ru
* odnoklassniki.ua
* ok.me
* vk-cdn.net
* userapi.com
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22369#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs