Updating Android handshakes

- Android 13 and 14 were added. They are the same, see ja3 + ja4 value - as it turned out Android 11 and 12 have also the same ja3 + ja4 values (retrieved from old pcap files) - so both will be labeled 11/12 an 13/14 - old pcaps from Android 11/12 showed no ALPN --> corrected
2025-10-31 05:45:26 +01:00 · 2025-04-16 21:28:08 +02:00
parent fdb2da80d6
commit 4a2228f401
2 changed files with 73 additions and 13 deletions
--- a/etc/client-simulation.txt
+++ b/etc/client-simulation.txt
@@ -262,8 +262,8 @@
     requiresSha2+=(false)
     current+=(true)

-     names+=("Android 11 (native)")
-     short+=("android_11")
+     names+=("Android 11/12 (native)")
+     short+=("android_11_12")
     ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
     ch_sni+=("$SNI")
@@ -273,37 +273,41 @@
     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
     lowest_protocol+=("0x0301")
     highest_protocol+=("0x0304")
-     alpn+=("h2,http/1.1")
+     alpn+=("http/1.1")
     service+=("ANY")
     minDhBits+=(-1)
     maxDhBits+=(-1)
     minRsaBits+=(-1)
     maxRsaBits+=(-1)
     minEcdsaBits+=(-1)
-     curves+=("X25519:secp256r1:secp384r1")
+     curves+=("x25519:secp256r1:secp384r1")
     requiresSha2+=(false)
+     ja3+=("9b02ebd3a43b62d825e1ac605b621dc8")
+     ja4+=("t13d1713h1_5b57614c22b0_eca864cca44a")
     current+=(true)

-     names+=("Android 12 (native)")
-     short+=("android_12")
+     names+=("Android 13/14 (native)")
+     short+=("android_13_14")
     ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
     ch_sni+=("$SNI")
     warning+=("")
-     handshakebytes+=("1603010200010001fc0303ef9015ea56c63737ffffc0accb09384a436f080a39f77fe113356ae5bfd1254a20163dc9147addf7e7fdb45852fbfe8e3fb2b79ec6f725bfda838d429eba22e6670022130113021303c02bc02ccca9c02fc030cca8c009c00ac013c014009c009d002f00350100019100000010000e00000b662d64726f69642e6f726700170000ff01000100000a00080006001d00170018000b00020100002300000010000b000908687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201003300260024001d0020f209906d70ae4ba88ac3c89810eb7092be23e377f98d8c96696dec9296358c3e002d00020101002b0009080304030303020301001500ed000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+     handshakebytes+=("16030102330100022f0303564593a940b5d751d4cee7d4cd3ffbb68c310109b98a4a17e3ed6486d73dcee3202e82d4bbe870f4ad23988eee22f7b5c5036460e511edc31544211275bd9527960022130113021303c02bc02ccca9c02fc030cca8c009c00ac013c014009c009d002f0035010001c4000000180016000013706c61792e676f6f676c65617069732e636f6d00170000ff01000100000a00080006001d00170018000b00020100002300000010000b000908687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201003300260024001d00205551dfbfb939959b7aa673d638cd80e0ee8d202623f1a78f87741ff7bfa0c619002d00020101002b000504030403030029011c00f700f1025680712b38fc90496ec3b53ffa0ae9e00eafdaa742879902bc71a8956410ca53915661cbc5c3e60649f278b1268a6a3dfcd9be7269ae0eda3974dbad73f6368d430867a8e1d540aad8c0b9024adabb10adc58864062a0984fc03d62ad39b25d176f8500e93232446663fa256733f9b08efbce336afd2eaa090d8e20f7e53ec0a4135a83bdff4383cd1db1905377e9a5d81f41e045e6fd97d316b05f954102e6bcd3b110b0b2c2ccd1891d90057e9fe6795f4430942437ce9cad68c7a7d77c1a49eb29d33d7700c7274a552f1015dff3569a1492d746e59b372a1ecdbae650eba8771b931c648414d133f7e0e0633376d1b715cca002120dc30aa42c9d3367cce7f2bafd591d04b95e6b11081345ebd56d47b65bf89266c")
     protos+=("-no_ssl3 -no_ssl2")
-     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
-     lowest_protocol+=("0x0301")
+     tlsvers+=("-tls1_3 -tls1_2")
+     lowest_protocol+=("0x0303")
     highest_protocol+=("0x0304")
-     alpn+=("h2,http/1.1")
+     alpn+=("http/1.1")
     service+=("ANY")
     minDhBits+=(-1)
     maxDhBits+=(-1)
     minRsaBits+=(-1)
     maxRsaBits+=(-1)
     minEcdsaBits+=(-1)
-     curves+=("X25519:secp256r1:secp384r1")
+     curves+=("x25519:secp256r1:secp384r1")
     requiresSha2+=(false)
+     ja3+=("c67e9dc27d283f1f89b4ebb4b4670c21")
+     ja4+=("t13d1713h1_5b57614c22b0_352634941f3a")
     current+=(true)

     names+=("Chrome 27 Win 7")