Information Security *

Analyzing a Denuvo bypass approach based on virtualization (Resident Evil: Requiem).

This article serves more or so to analyze this bypass approach and how to circumvent it on Denuvo’s side.

In November, 2025 Russia-based web host Media Land was sanctioned by several countries as a bulletproof service — the one hackers relied on to launch DDoS attacks and attack businesses in the United States and in allied countries. “Bulletproof” may refer to a VPN as well, as it usually means abuse resistant and private. Xeovo explains how genuinely reliable anonymous VPNs and hostings differ from bulletproof services — and why the real bulletproof operators are often not those who call themselves that.

Hey, Habr! Ivan Glinkin is here again, head of the hardware research group from the Bastion team. 

"A flash drive with a combination lock," "a flash drive with hardware encryption," "an encrypted USB drive," and finally, the proper term — "Cryptographic Module". An encrypted USB flash drive goes by many names, but the core concept remains the same.

The purpose of such a device is to protect sensitive information from unauthorized access at both the software and hardware levels through encryption, anti-tampering mechanisms, and various other safeguards. But are these secure USB drives really as reliable as they're made out to be, or is it all just smoke and mirrors? 

We decided to look past the marketing claims and conduct our own investigation, attempting to crack several of these devices using hardware reverse engineering. We attempted to extract data, identify the encryption algorithms used, physically open the drives, and read their memory chips.

The results were quite interesting. Read on for the details.

This article is not about Puppeteer being a bad tool. Puppeteer is excellent. And competent TLS fingerprinting will bypass most defenses. But there is a class of tasks where even a perfect network stack won't save you — because detection has long since landed at the level of rendering engine behavior. Let's take a look at how Cloudflare and Akamai expose you through WebGL and Canvas, and why “clean” code no longer works.

Yesterday I wrote about the graphical shell Launcher for GoodbyeDPI, which allows you to intuitively use the GoodbyeDPI solution from ValdikSS to solve the problem of YouTube throttling and the unavailability of a number of sites in Russia. Everything was fine, but these were solutions only for Windows. In the comments, the main questions were about what to do with Android, Linux, and Mac, and why not in the source code. Alas, the repressions of the RKN (Roskomnadzor) force the Habr administration to censor articles, I am forbidden from making changes to yesterday's article, and the link itself is only available outside of Russia, so I am explaining about Android, Linux, and Mac here, with links to the source code.

So, for Android there are a lot of projects, I liked Release ByeDPI 1.0.0 · dovecoteescapee/ByeDPIAndroid · GitHub. For Mac and Linux I would install https://github.com/xvzc/SpoofDPI/releases. All in source code.

ByeDPI for Android is an application that runs a local VPN service to bypass DPI (Deep Packet Inspection) and censorship. A SOCKS5 proxy ByeDPI is launched locally on your device and all traffic is redirected through it.

In this guide, we will install the v2rayA package on OpenWRT using the stable 23.05.0. A router with at least 128 MB of RAM (256 is preferable) and more than 16 MB of storage is recommended (the installation takes about 30 MB of storage)

v2rayA is a simple-to-use and powerful client focused on Linux. Despite its name, the current version uses xray-core, although it's also possible to use v2ray-core. It has a web interface for managing settings and importing configurations and subscriptions. It supports everything that xray-core supports:

Shadowsocks (incl. 2022), ShadowsocksR, Trojan, Vless (including XTLS-Reality, XHTTP), Vmess, Juicity, Tuic

The guide will include:

1. Installation from the repository

2. Configuring v2rayA and bypassing blocks using Re:filter, Antifilter GeoIP, Geosite

Wireshark is a widely used tool for capturing and analyzing network traffic, actively used for both educational purposes and for troubleshooting computer or network issues. Wireshark works with almost all OSI model protocols, has a user-friendly interface, and a convenient data filtering system. In addition, the program is cross-platform and supports the following operating systems: Windows, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD.

With the rise of privacy threats and constant internet restrictions, using a VPN has become the norm for many users. However, behind the simplicity of connecting lie technical features that can significantly impact

the user experience. One of the key factors is the choice of VPN protocol, which determines the speed, stability, and security level of the connection.

This article will provide a detailed breakdown of the most popular VPN protocols, their features, advantages, and disadvantages, and will also offer examples of how to use each of them.

By the way, I took all the pictures from those, you know, the internets, but I analyzed and explained them myself, just for you :)

It's been two years since I posted a video and a post about how I recovered my friend's Telegram account using JavaScript. Since then, I've helped over a hundred people regain access to their accounts. Then the method stopped working

I decided to gather the important security aspects of your Telegram account in one place.

My second article—an analysis of MAX's network requests and why this analysis is my biggest disappointment! I certainly didn't expect this, but I described everything as it is.

This weekend was all about 'Connection Reset.' While news channels vaguely reported that 'users are complaining about outages,' we were in chats and on test servers trying to understand the physics of the process.

Friends, today I want to share a story that made me believe in miracles for half an hour. And at the same time, I'll break down a new scam scheme that showed me that criminals are evolving too.

Welcome back, dear readers! We are continuing our 'SHKH' series of articles, and today our main course is Telegram. In earlier articles, we looked at ways to find a target user's accounts by their nickname, after which we conducted reconnaissance on their account on the VKontakte social network. At this stage, our important goal is to find out the user's phone number, as the number can be a good starting point for reconnaissance and can reveal even more details about its owner. In the last article we tried to find out the number using a VKontakte page, and in this one, as you might have guessed from the title, we will try to find out as much information as possible about a Telegram account. This material has been edited and republished due to the blocking of the previous material by the RKN (Roskomnadzor) in the Russian Federation.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is published solely for familiarization and study of the mechanisms of the technologies used.

We were asked to talk about the protocol technology XHTTP in the context of XRay, VLESS, and others. You asked for it, so here it is!

First, a bit of history. The classic use of VLESS and similar proxy protocols (including with XTLS-Reality) involves the client connecting directly to a proxy server running on some VPS. However, in many countries (including Russia), entire subnets of popular hosting providers have started to be blocked (or throttled), and in other countries, censors have begun to monitor connections to 'single' addresses with high traffic volumes. Therefore, for a long time, ideas of connecting to proxy servers through CDNs (Content Delivery Networks) have been considered and tested. Most often, the websocket transport was used for this, but this option has two major drawbacks: it has one characteristic feature (I won't specify it here to not make the RKN's job easier), and secondly, the number of CDNs that support websocket proxying is not that large, and it would be desirable to be able to proxy through those that do not.

Therefore, first in the well-known Tor project for bridges, the meek transport was invented, which allowed data to be transmitted using numerous HTTP request-response pairs, thus allowing connections to bridges (proxies) through any CDN. A little later, the same transport was implemented in the briefly resurrected V2Ray. But meek has two very significant drawbacks that stem from its operating principle: the speed is very low (in fact, we have half-duplex transmission and huge overhead from constant requests-responses), and due to the huge number of GET/POST requests every second, free CDNs can quickly kick us out, and paid ones can present a hefty bill.

Hello everyone, in this article I will explain how many people manage to bypass whitelists, and what the root of the problem is. If you are a 'newbie' and don't want to bother with all the setup, at the <a href="#services"> end of the article</a> I've listed services that are mentioned in discussions.

Direct connect VLESS + Reality to Europe (Amsterdam, Germany, Finland) is being shaped for almost everyone. TSPU has mastered a new tactic: they don't terminate the session via RST, but simply 'freeze' it. As soon as the data volume in a single TCP session exceeds 15-20 KB, packets stop arriving. The connection hangs until the client times out.

Lately, there has been a flood of comments that goodbyedpi is not working again, so I decided to make instructions for you on 4 working ways to restore goodbyedpi's functionality. It works differently for everyone, so test them out to see which one suits you. Write in the comments what helped you, maybe some of your own values!

Greetings, dear readers! Continuing the SH article series, in this article we decided to focus in more detail on bots in Telegram, as in many cases they are no worse and more effective than common OSINT tools. The bots discussed in this article will mainly concern reconnaissance on Telegram users.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is provided for informational purposes only, and for studying the mechanisms of the technologies used.

In a changing network infrastructure, mobile internet users face questions: what resources remain available, and what does this look like on a technical level? This material is the result of a practical study using standard network analysis tools.

No speculation—only measurements, numbers, and technical facts.

Hello everyone!

I, at my own risk, decided to install MAX and see what happens after installation. My research will result in at least 2 articles.

This is the first article. In it, I will compare the permissions requested by the MAX app for Android with the permissions requested by Telegram and WhatsApp.