Nooshdaroo
THE ANTIDOTE TO CENSORSHIP
THE ANTIDOTE TO CENSORSHIP
Nooshdaroo makes your encrypted traffic look like innocent HTTPS, DNS, or SSH. Evade deep packet inspection. Break through firewalls. Reclaim your internet freedom.
Born from necessity. Built for resistance. Perfect for freedom.
Modern cryptographic protocol used by WhatsApp and WireGuard. ChaCha20-Poly1305 AEAD cipher, X25519 elliptic curve, perfect forward secrecy. Your traffic is end-to-end encrypted and authenticated.
Custom PSF (Protocol Shape File) interpreter that dynamically morphs encrypted payloads into legitimate HTTPS, DNS, or SSH packets. Deep packet inspection systems see authentic-looking traffic patterns.
Built on Tokio's async runtime with zero-copy buffer management. Measured: 711 Mbps encrypted throughput vs 905 Mbps direct (22% overhead). Optimized for 4K streaming, large transfers, and low-latency applications.
Pure Rust with C FFI bindings for iOS and Android. Embedded key management, minimal dependencies. Deploy natively on mobile, desktop, and server without runtime overhead.
Traffic classified as "Google" protocol by nDPI 4.15.0 with high DPI confidence. Noise-encrypted payloads successfully masquerade as legitimate application traffic, validated against industry-standard deep packet inspection.
100% open source Rust. GPG-signed releases, reproducible builds, comprehensive test suite. No proprietary components, no telemetry, no compromises. Verify every line yourself.
Validated on November 17, 2025 - MacBook Pro M1 to bare-metal server (1 Gbps connection)
Baseline performance without encryption or proxying
With ChaCha20-Poly1305 encryption and HTTPS protocol emulation
Acceptable for encrypted tunnel with complete DPI evasion
Version 0.2.0 - IPv6 support. Performance validated. GPG signed. SHA256 verified.
Install directly from crates.io - the fastest way to get started.
# Install latest stable version
cargo install nooshdaroo
# Run after installation
nooshdaroo --versionCompile for Windows, Android, iOS, or any Rust-supported platform.
git clone https://github.com/0xinf0/nooshdaroo
cd nooshdaroo
cargo build --release
# Windows cross-compile from Linux/macOS
cargo build --release --target x86_64-pc-windows-gnu
# iOS (requires Xcode)
cargo build --release --target aarch64-apple-ios
# Android (requires NDK)
cargo build --release --target aarch64-linux-androidAlways verify binary authenticity before running. Never trust. Always verify.
gpg --recv-keys F6DFBB0692DEF57F970B982E29665CE0835FADACOr download from keys.openpgp.org
gpg --fingerprint sina@redteam.netF6DF BB06 92DE F57F 970B 982E 2966 5CE0 835F ADAC
gpg --verify nooshdaroo.asc nooshdarooMust output: "Good signature from sina@redteam.net"
shasum -a 256 -c nooshdaroo.sha256On Linux: use sha256sum -c nooshdaroo.sha256
Get up and running in 60 seconds. Use example configurations.
# Server (create server.toml first)
nooshdaroo --config server.toml server
# Client (create client.toml first)
nooshdaroo --config client.toml client \
--server vpn.example.com:8443 \
--protocol httpsChoose which protocol to emulate for maximum stealth.
# HTTPS (TLS 1.2 application_data)
--protocol https
# DNS queries
--protocol dns
# SSH handshake
--protocol sshCreate server.toml configuration and start your server.
# Create server.toml
mode = "server"
protocol_dir = "protocols"
[encryption]
cipher = "cha-cha20-poly1305"
key_derivation = "argon2"
password = "your-secure-password"
[server]
listen_addr = "0.0.0.0:8443"
[transport]
pattern = "nk"
# Run server
nooshdaroo --config server.toml serverIntegrate into your Rust applications.
use nooshdaroo::*;
let config = NooshdarooConfig::default();
let client = NooshdarooClient::new(config)?;
// Rotate protocols
client.rotate().await?;Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. The technologies of the past did not allow for strong privacy, but electronic technologies do.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.
The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.
Onward.
Eric Hughes <hughes@soda.berkeley.edu>
9 March 1993
Built by cypherpunks, with love from Los Angeles to Tehran.