peer not authenticated

[Halbertz]

The game seemingly works fine after I added HnH's IPs (46.4.95.116/32 and 91.122.56.135/32) to my version of zapret (the dpi bypass). Specifically 46.4.95.116/32 is important, as the game only works if I add it, regardless of the second IP, so I guess it's being blocked?

I'm sorry, I don't quite understand what you are talking about. Is "zapret" something that didn't make it through translation, or is it a term I should be aware of? What is it that you did to make it work, more specifically? Where did you get 91.122.56.135 from? I don't think that's any of our IP addresses.

Zapret is the software that people in russia use to avoid dpi (deep packet inspection). It's morphing network packages to bypass restrictions to services our goverment (sometimes off record) putting on western recourses.

[DIhlosof]

I'm sorry, I don't quite understand what you are talking about. Is "zapret" something that didn't make it through translation, or is it a term I should be aware of? What is it that you did to make it work, more specifically? Where did you get 91.122.56.135 from? I don't think that's any of our IP addresses.

As the guy above explained, zapret is Russia-exclusive so it's not something you're expected to know, but it is what most people here use to bypass DPI, as it's quicker than a vpn since it uses WinDivert for its functions (https://github dot com/Flowseal/zapret-discord-youtube (there are other versions but this is the simplest)). It bypasses our government's blocking measures specifically, and any IP/website address can be added to the bypass list by the user. As for the IPs, I got them from some guy that wrote his solution here before me, assumed he knew both of those were HnH's.

[loftar]

I think I've fixed this now, by inserting a simple XOR-based obfuscation layer into the authentication protocol, just to obfuscate the TLS packet signatures. From what I can tell, it seems to work, but I've had to abuse the TLS layers a fair bit on both the client and server side to insert this obfuscation between them and the raw transport, so I'd appreciate if people could test it and see so that I haven't broken anything else in the process.

The client needs to support this obfuscation layer, of course. The default client does so now (both on the website and on Steam), but custom clients of course need to merge the obfuscation code in order to work with it. I've pushed the c0d3z to the public repos for any custom client author that wants to merge them.

[Selles]

I think I've fixed this now, by inserting a simple XOR-based obfuscation layer into the authentication protocol, just to obfuscate the TLS packet signatures. From what I can tell, it seems to work, but I've had to abuse the TLS layers a fair bit on both the client and server side to insert this obfuscation between them and the raw transport, so I'd appreciate if people could test it and see so that I haven't broken anything else in the process.

The client needs to support this obfuscation layer, of course. The default client does so now (both on the website and on Steam), but custom clients of course need to merge the obfuscation code in order to work with it. I've pushed the c0d3z to the public repos for any custom client author that wants to merge them.

Now default client works. Authenticating takes about 20 seconds, and the character with the Cyrillic name is now nameless for me (Although this does not prevent you from logging into the network as a character with an empty name), but otherwise it works the same as before for me. Thank you very very much!