Обновить fingerprint MTPROTO FakeTLS

[SanchoZZ2]

Is your feature request related to a problem?

In Russia, they are once again blocking connections to MTPROTO proxies. The blocking tests began on May 22, in the Siberian region (if that helps). According to traffic dumps, there is a problem with TLS Client Hello again. Telegram on Android and Windows uses the Ja4 fingerprint t13d1516h2_8daaf6152771_d8a2da3f94cd, which is typical for Chrome 134 on MacOS. As Chrome updates, the fingerprint changes over time, making it possible to detect the Client Hello from Telegram using the outdated Chrome fingerprint. The current Chrome 148 under WIn uses the fingerprint t13d1514h2_8daaf6152771_827b515c4f52.

Describe the solution you'd like

Could you update the fingerprint for Telegram clients to match the current browser versions, possibly using rotation (Chrome for Windows, Chrome for Android, and Firefox), so that the client cannot be identified by Ja4 in an outdated browser. Over time, the Client Hello fingerprint can be updated to match the current browser stack and the most popular platforms.

Describe alternatives you've considered

I don't see any other solutions that haven't been proposed before.

Additional context

No response

[SanchoZZ2]

I understand that there is a chance that the problem is not with the print, but at least they need to be updated periodically.

[john-preston]

@SanchoZZ2 I'm told that Chrome 148 on Windows produces the same fingerprint that Chrome 134 on macOS and tdesktop on all platforms.

[trvkn]

@SanchoZZ2 I'm told that Chrome 148 on Windows produces the same fingerprint that Chrome 134 on macOS and tdesktop on all platforms.

@john-preston Let's check JA4 fingerprint - https://tls.browserleaks.com/json

Overall, ideally would be to add Firefox/Safari fingerprint.

[john-preston]

@trvkn Well, I get "t13d1516h2_8daaf6152771_d8a2da3f94cd" on Windows, Chrome Version 148.0.7778.179, which is exactly what is reported for Telegram in this issue.

[trvkn]

@john-preston

[john-preston]

@trvkn Well, what can I do, it means it depends on something else.

[john-preston]

same version as yours

[Stranger21]

You need to add the BeyBeyDPI algorithm to the Telegram itself. If you enable mtproto proxies in Telegram and additionally enable the bbd app for fooling around, all blocked proxies will start working again!

[trvkn]

@john-preston

same version as yours

yeah, very interesting .. i reproduced t13d1516h2_8daaf6152771_d8a2da3f94cd on Chrome 148 Android, several Win/MacOS machines shows t13d1514h2_8daaf6152771_827b515c4f52 and even t13d1517h2_8daaf6152771_b6f405a00624. will look into this deeper.

what about mimic on other browsers?

[SanchoZZ2]

This is Ja4 for the desktop and mobile versions of Telegram.

and chrome

[john-preston]

@SanchoZZ2 well, you can see above, that it's not the case for me. So this is not as straightforward.

[trvkn]

i think we need to diff https://tls.browserleaks.com/ (without /json) with t13d1514h2_8daaf6152771_827b515c4f52 and with t13d1516h2_8daaf6152771_d8a2da3f94cd on the Windows machines to understand the reason for the difference.

[Ap0k]

i think we need to diff https://tls.browserleaks.com/ (without /json) with t13d1514h2_8daaf6152771_827b515c4f52 and with t13d1516h2_8daaf6152771_d8a2da3f94cd on the Windows machines to understand the reason for the difference.

The difference is in block 3. I could be wrong, but it seems to be responsible for enabled security functions and other features that may not be enabled for everyone.

[trvkn]

i think we need to diff https://tls.browserleaks.com/ (without /json) with t13d1514h2_8daaf6152771_827b515c4f52 and with t13d1516h2_8daaf6152771_d8a2da3f94cd on the Windows machines to understand the reason for the difference.

it is GREASE ECH or key_exchange diff affected by third-party EDR (security software) interference.

t13d1514h2_8daaf6152771_827b515c4f52 is without one and client JA4 change to this one would be inappropriate.

t13d1516h2_8daaf6152771_d8a2da3f94cd is correct one and matches mainstream https://thebotaquarium.com/fingerprint/archive

MINIMAL good job would be a mimic JA4 on other browsers (FF/Safari/Yandex.Browser?) since its confirmed it helps on a VLESS Reality blocks that co-affects MTPROTO.