mirror of
https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git
synced 2026-05-18 06:34:41 +03:00
Shin (Former Aleph)
96d1352728
The app is a Kotlin/Compose front-end that reuses the mhrv-rs crate
via JNI. It speaks VpnService to get a TUN fd, hands that to tun2proxy,
and funnels every app's traffic through the in-process SOCKS5 listener —
no per-app proxy setup on the device.
Two fixes in `src/proxy_server.rs` apply to desktop builds too:
* SNI peek via `LazyConfigAcceptor`. When a browser uses DoH (Chrome's
default), tun2proxy hands us a raw IP in the SOCKS5 CONNECT. Minting
a MITM cert for the IP produced `ERR_CERT_COMMON_NAME_INVALID` on
Cloudflare-fronted sites. We now read the ClientHello's SNI first
and use that both as the cert subject and as the upstream host for
the Apps Script relay (fetching `https://<IP>/...` with an IP in the
Host header gets rejected by CF anyway).
* Short-circuit CORS preflight at the MITM boundary. `UrlFetchApp.fetch()`
rejects `OPTIONS` with a Swedish "Ett attribut med ogiltigt värde
har angetts: method" error, which silently broke every fetch()/XHR
preflight and was the root cause of "JS doesn't load" on Discord,
Yahoo, and similar. Since we already terminate the TLS the browser
talks to, answering the preflight with a permissive 204 is safe —
the real request still goes through the relay.
Android-side capabilities (feature-parity with `mhrv-rs-ui` where it
fits on a phone):
* multi-deployment ID editor
* SNI rotation pool + per-SNI "Test" + "Test all" (JNI into scan_sni)
* live logs panel (JNI ring buffer drained on a 500 ms poll)
* Advanced section: verify_ssl, parallel_relay, log_level, upstream_socks5
* CA install flow that matches modern Android's reality: saves
`Downloads/mhrv-ca.crt` via MediaStore, deep-links Security settings,
then verifies post-hoc by fingerprint lookup in AndroidCAStore (the
KeyChain intent dead-ends with a Close-only dialog on Android 11+)
* Start/Stop debounced to dodge an emulator EGL renderer crash on
rapid taps
Theme matches the desktop palette exactly — always-dark, accent
`#4678B4`, card fill `#1C1E22`, 4dp button / 6dp card radii.
No dynamic color, no light scheme: the desktop is always dark and
we follow.
Build wiring:
* `Cargo.toml`: `cdylib` crate-type added; `jni` + `tun2proxy`
scoped to `cfg(target_os = "android")` so desktop builds pay
nothing.
* `src/data_dir.rs`: `set_data_dir()` override so the Android app's
private filesDir replaces the `directories` crate's desktop default.
* `src/android_jni.rs`: JNI entry points for start/stop/exportCa plus
a ring buffer draining to `Native.drainLogs()` and `testSni()` that
wraps `scan_sni::probe_one`.
* Gradle task chain runs `cargo ndk` before each assemble; post-step
normalizes tun2proxy's hash-suffixed cdylib to a stable filename
so `System.loadLibrary("tun2proxy")` works.
Verified end-to-end on an API 34 emulator: ipleak, yahoo, discord,
cloudflare.com all render; TLS is MITM-ed under our user-installed
CA; service survives rapid Stop/Start cycles.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
158 lines
5.3 KiB
Kotlin
158 lines
5.3 KiB
Kotlin
import org.gradle.api.tasks.Exec
|
|
|
|
plugins {
|
|
id("com.android.application")
|
|
id("org.jetbrains.kotlin.android")
|
|
id("org.jetbrains.kotlin.plugin.compose")
|
|
}
|
|
|
|
android {
|
|
namespace = "com.therealaleph.mhrv"
|
|
compileSdk = 34
|
|
|
|
defaultConfig {
|
|
applicationId = "com.therealaleph.mhrv"
|
|
minSdk = 24 // Android 7.0 — covers 99%+ of live devices.
|
|
targetSdk = 34
|
|
versionCode = 1
|
|
versionName = "0.1.0"
|
|
|
|
// Only arm64 for now — we can add armeabi-v7a in a second pass
|
|
// if field reports need it. Android emulators on Apple Silicon
|
|
// only run arm64 natively, so keeping things aarch64-only makes
|
|
// the dev loop fast.
|
|
ndk {
|
|
abiFilters += listOf("arm64-v8a")
|
|
}
|
|
}
|
|
|
|
buildTypes {
|
|
release {
|
|
isMinifyEnabled = false
|
|
proguardFiles(
|
|
getDefaultProguardFile("proguard-android-optimize.txt"),
|
|
"proguard-rules.pro",
|
|
)
|
|
}
|
|
}
|
|
|
|
compileOptions {
|
|
sourceCompatibility = JavaVersion.VERSION_17
|
|
targetCompatibility = JavaVersion.VERSION_17
|
|
}
|
|
|
|
kotlinOptions {
|
|
jvmTarget = "17"
|
|
}
|
|
|
|
buildFeatures {
|
|
compose = true
|
|
buildConfig = true
|
|
}
|
|
|
|
// libmhrv_rs.so is produced by `cargo ndk` in the repo root and dropped
|
|
// under app/src/main/jniLibs/<abi>/. The cargoBuild task below runs
|
|
// that before each assembleDebug / assembleRelease.
|
|
sourceSets["main"].jniLibs.srcDirs("src/main/jniLibs")
|
|
|
|
packaging {
|
|
resources.excludes += setOf(
|
|
"META-INF/AL2.0",
|
|
"META-INF/LGPL2.1",
|
|
)
|
|
}
|
|
}
|
|
|
|
dependencies {
|
|
val composeBom = platform("androidx.compose:compose-bom:2024.06.00")
|
|
implementation(composeBom)
|
|
androidTestImplementation(composeBom)
|
|
|
|
implementation("androidx.core:core-ktx:1.13.1")
|
|
implementation("androidx.activity:activity-compose:1.9.0")
|
|
implementation("androidx.lifecycle:lifecycle-runtime-ktx:2.8.2")
|
|
implementation("androidx.lifecycle:lifecycle-viewmodel-compose:2.8.2")
|
|
|
|
// Compose UI.
|
|
implementation("androidx.compose.ui:ui")
|
|
implementation("androidx.compose.ui:ui-graphics")
|
|
implementation("androidx.compose.ui:ui-tooling-preview")
|
|
implementation("androidx.compose.material3:material3")
|
|
implementation("androidx.compose.material:material-icons-extended")
|
|
|
|
debugImplementation("androidx.compose.ui:ui-tooling")
|
|
debugImplementation("androidx.compose.ui:ui-test-manifest")
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// Cross-compile the Rust crate to arm64 Android and drop the .so into the
|
|
// place Android's packager looks. We hand the work off to `cargo ndk` which
|
|
// wraps the right CC / AR / linker env vars for us.
|
|
//
|
|
// This ties to the `assemble*` task so every debug/release build triggers
|
|
// a `cargo ndk` — no manual step. In CI we'd cache the target/ dir to
|
|
// avoid full rebuilds.
|
|
// --------------------------------------------------------------------------
|
|
val rustCrateDir = rootProject.projectDir.parentFile
|
|
val jniLibsDir = file("src/main/jniLibs")
|
|
|
|
// After cargo-ndk dumps artifacts into jniLibs/arm64-v8a/, the tun2proxy
|
|
// cdylib lands as `libtun2proxy-<hash>.so` (rustc's deps/ naming convention,
|
|
// because tun2proxy is a transitive dep not a root crate). Android's
|
|
// System.loadLibrary expects a stable name, and the hash changes between
|
|
// builds, so we normalize it to `libtun2proxy.so` here. Also deletes any
|
|
// stale hash-suffixed copies from previous builds.
|
|
fun normalizeTun2proxySo() {
|
|
val abiDir = file("src/main/jniLibs/arm64-v8a")
|
|
if (!abiDir.isDirectory) return
|
|
val hashed = abiDir.listFiles { f -> f.name.matches(Regex("libtun2proxy-[0-9a-f]+\\.so")) }
|
|
?: emptyArray()
|
|
// Keep only the newest (release build) and rename it.
|
|
val newest = hashed.maxByOrNull { it.lastModified() }
|
|
if (newest != null) {
|
|
val target = abiDir.resolve("libtun2proxy.so")
|
|
if (target.exists()) target.delete()
|
|
newest.copyTo(target, overwrite = true)
|
|
}
|
|
hashed.forEach { it.delete() }
|
|
}
|
|
|
|
tasks.register<Exec>("cargoBuildDebug") {
|
|
group = "build"
|
|
// Intentionally ALWAYS uses --release. The Rust debug build is 80+MB
|
|
// of unoptimized object code vs 3MB with release; the 20x APK bloat is
|
|
// never worth it just for a Rust stack trace you wouldn't see in
|
|
// logcat anyway. If you need Rust debug symbols, temporarily drop
|
|
// `--release` below and accept the APK size.
|
|
description = "Cross-compile mhrv_rs for arm64-v8a (release — same as cargoBuildRelease)"
|
|
workingDir = rustCrateDir
|
|
commandLine(
|
|
"cargo", "ndk",
|
|
"-t", "arm64-v8a",
|
|
"-o", jniLibsDir.absolutePath,
|
|
"build", "--release",
|
|
)
|
|
doLast { normalizeTun2proxySo() }
|
|
}
|
|
|
|
tasks.register<Exec>("cargoBuildRelease") {
|
|
group = "build"
|
|
description = "Cross-compile mhrv_rs for arm64-v8a (release)"
|
|
workingDir = rustCrateDir
|
|
commandLine(
|
|
"cargo", "ndk",
|
|
"-t", "arm64-v8a",
|
|
"-o", jniLibsDir.absolutePath,
|
|
"build", "--release",
|
|
)
|
|
doLast { normalizeTun2proxySo() }
|
|
}
|
|
|
|
// Hook the right cargo task in front of each Android build variant.
|
|
tasks.configureEach {
|
|
when (name) {
|
|
"mergeDebugJniLibFolders" -> dependsOn("cargoBuildDebug")
|
|
"mergeReleaseJniLibFolders" -> dependsOn("cargoBuildRelease")
|
|
}
|
|
}
|