starred/Cloak
1
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-25 12:35:59 +03:00
Code Issues 144 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #121] Failed to decrypt a frame for session #101

New issue
Closed
opened 2026-02-26 12:33:58 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 12:33:58 +03:00
Owner
Copy link

Originally created by @itman-co on GitHub (Jun 29, 2020).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/121

I have the following error on the server:

Jun 29 13:26:09 guest ck-server[2522]: time="2020-06-29T13:26:09Z" level=error msg="Failed to decrypt a frame for session 111641476: extra length is negative or extra length is greater than total pldWithOverHead length"

Environment:
Server: Debian 10
CK-Server 2.2.1
Shadowsocks-libev

Client: iPhone
App: Shadowrocket
Plugin: Cloak

Originally created by @itman-co on GitHub (Jun 29, 2020). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/121 I have the following error on the server: Jun 29 13:26:09 guest ck-server[2522]: time="2020-06-29T13:26:09Z" level=error msg="Failed to decrypt a frame for session 111641476: extra length is negative or extra length is greater than total pldWithOverHead length" Environment: Server: Debian 10 CK-Server 2.2.1 Shadowsocks-libev Client: iPhone App: Shadowrocket Plugin: Cloak
kerem closed this issue 2026-02-26 12:33:58 +03:00
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@beanslel commented on GitHub (Jun 30, 2020):

This is a problem with Shadowrocket using an older version of the Cloak client, not a problem with Cloak itself. Several versions ago, TLS header length was changed and it's not backwards compatible with older versions. I ran into this problem myself recently and I already contacted the Shadowrocket developer. They said they would update the Cloak version, but this was several weeks ago and still waiting.

As a temporary workaround you can downgrade your Cloak server several versions and it should work again. I did a quick check and found This commit that changes the HEADER_LEN value, which is used to define pldWithOverHead length that's throwing the error. Version 2.0.2 is from before this commit, so you can try to downgrade the server to this version.

<!-- gh-comment-id:651685036 --> @beanslel commented on GitHub (Jun 30, 2020): This is a problem with Shadowrocket using an older version of the Cloak client, not a problem with Cloak itself. Several versions ago, TLS header length was changed and it's not backwards compatible with older versions. I ran into this problem myself recently and I already contacted the Shadowrocket developer. They said they would update the Cloak version, but this was several weeks ago and still waiting. As a temporary workaround you can downgrade your Cloak server several versions and it should work again. I did a quick check and found [This](https://github.com/cbeuw/Cloak/commit/4fb1f55e2d0b48fbd83781acfe2d3fc59bff6e06) commit that changes the HEADER_LEN value, which is used to define pldWithOverHead length that's throwing the error. Version 2.0.2 is from before this commit, so you can try to downgrade the server to this version.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Jun 30, 2020):

@beanslel
If Shadowrocket uses a pre-2.1.0 client, then indeed it would be incompatible with 2.1.0+ servers.

<!-- gh-comment-id:651715108 --> @cbeuw commented on GitHub (Jun 30, 2020): @beanslel If Shadowrocket uses a pre-2.1.0 client, then indeed it would be incompatible with 2.1.0+ servers.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Jun 30, 2020):

On another note, this is the first time I've heard of Shadowrocket. If they implement the Cloak protocol from scratch there wouldn't have been any licencing issues, but it appears that they bundle Cloak client binaries with their app. Cloak is licenced under GPLv3, what they are doing would have been fine if they include the licence and a link to Cloak's source code in their app. I don't have access to the app so I don't know if they've done that. Additionally if they've modified Cloak's source code, they need to release that under GPLv3 as well. I'm fairly certain they have modified the code, to 1. make Cloak work on iOS and 2. fix bugs, as indicated from their changelog.

It looks as though Shadowrocket is entirely proprietary, and from this repo's GitHub insight, the fixes mentioned in Shadowrocket's changelogs do not appear in any of the forked repos (the code could have been hosted elsewhere of course, but I didn't find any).

<!-- gh-comment-id:651716530 --> @cbeuw commented on GitHub (Jun 30, 2020): On another note, this is the first time I've heard of Shadowrocket. If they implement the Cloak protocol from scratch there wouldn't have been any licencing issues, but it appears that they bundle Cloak client binaries with their app. Cloak is licenced under GPLv3, what they are doing would have been fine if they include the licence and a link to Cloak's source code in their app. I don't have access to the app so I don't know if they've done that. Additionally if they've modified Cloak's source code, they need to release that under GPLv3 as well. I'm fairly certain they have modified the code, to 1. make Cloak work on iOS and 2. fix bugs, as indicated from their changelog. It looks as though Shadowrocket is entirely proprietary, and from this repo's GitHub insight, the fixes mentioned in Shadowrocket's changelogs do not appear in any of the forked repos (the code could have been hosted elsewhere of course, but I didn't find any).
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@beanslel commented on GitHub (Jun 30, 2020):

Hah, I didn't notice it but funnily enough Shadowrocket was updated 10h after this issue was raised and now it works again with the latest Cloak version.

Shadowrocket has been around for a while, it bundles ss/v2ray/cloak into a single app so it's convenient. I had a quick look and there is a link to this github in the app, but it does not appear to include the license.

Maybe you can email the dev about it, the email is buginapp at gmail dot com

<!-- gh-comment-id:651727907 --> @beanslel commented on GitHub (Jun 30, 2020): Hah, I didn't notice it but funnily enough Shadowrocket was updated 10h after this issue was raised and now it works again with the latest Cloak version. Shadowrocket has been around for a while, it bundles ss/v2ray/cloak into a single app so it's convenient. I had a quick look and there is a link to this github in the app, but it does not appear to include the license. Maybe you can email the dev about it, the email is buginapp at gmail dot com
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Jun 30, 2020):

@beanslel Thanks for the info. I'm fine with them just leaving a link, but the main GPL issue is the modified source code. I couldn't test Cloak on iOS because I don't have a mac (thanks apple), but if someone else managed to do it that involves modification of Cloak, it'd be great (and indeed required by the licence) that they release it under a GPLv3 compatible licence so others can use it too.

I'll contact the devs regarding this. Thanks!

<!-- gh-comment-id:651755370 --> @cbeuw commented on GitHub (Jun 30, 2020): @beanslel Thanks for the info. I'm fine with them just leaving a link, but the main GPL issue is the modified source code. I couldn't test Cloak on iOS because I don't have a mac (thanks apple), but if someone else managed to do it that involves modification of Cloak, it'd be great (and indeed required by the licence) that they release it under a GPLv3 compatible licence so others can use it too. I'll contact the devs regarding this. Thanks!
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@itman-co commented on GitHub (Jul 1, 2020):

I have updated Shadowrocket to the latest version and it worked!
Thank you all.

<!-- gh-comment-id:652188517 --> @itman-co commented on GitHub (Jul 1, 2020): I have updated Shadowrocket to the latest version and it worked! Thank you all.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/go-github.com-refraction-networking-utls-vulnerability
dependabot/go_modules/golang.org/x/crypto-0.45.0
utls-1.7.0
deps-20250430
padding
docker-tests
ptspec
legacy-v1
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.1-pre
v2.7.0
v2.6.1
v2.6.0
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.1
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.2.0
v0.1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Cloak#101
No description provided.