Skip to content
Tech News
← Back to articles

Show HN: Mtproto.zig – High-performance Telegram proxy with DPI evasion

2026-04-03 | original
read original more articles
Why This Matters

Mtproto.zig offers a high-performance, lightweight Telegram proxy that effectively evades sophisticated network censorship techniques by mimicking standard TLS traffic and employing multiple DPI evasion strategies. Its minimal resource footprint and zero dependencies make it accessible and easy to deploy, providing enhanced privacy and access for users in restrictive environments. This advancement underscores the ongoing innovation in privacy-preserving tools within the tech industry, empowering consumers and developers alike.

Key Takeaways

mtproto.zig High-performance Telegram MTProto proxy written in Zig Disguises Telegram traffic as standard TLS 1.3 HTTPS to bypass network censorship. 126 KB binary. ~120 KB RAM. Boots in <2 ms. Zero dependencies. Features • Quick Start • Update • Docker • Deploy • Configuration • Troubleshooting

Features

Feature Description TLS 1.3 Fake Handshake Connections are indistinguishable from normal HTTPS to DPI systems MTProto v2 Obfuscation AES-256-CTR encrypted tunneling (abridged, intermediate, secure) DRS Dynamic Record Sizing Mimics real browser TLS behavior (Chrome/Firefox) to resist fingerprinting Multi-user Access Control Independent secret-based authentication per user Anti-replay Timestamp + Digest Cache Rejects replayed handshakes outside ±2 min window AND detects ТСПУ Revisor active probes Masking Connection Cloaking Forwards unauthenticated clients to a real domain Fast Mode Zero-copy S2C Drastically reduces CPU usage by delegating Server-to-Client AES encryption to the DC MiddleProxy Telemt-Compatible ME Optional ME transport for regular DC1..5 ( use_middle_proxy ) + required DC203 media relay Auto Refresh Telegram Metadata Periodically updates MiddleProxy endpoint and secret from Telegram core endpoints Promotion Tag Support Optional promotion tag for sponsored proxy channel registration IPv6 Hopping DPI Evasion Auto-rotates IPv6 from /64 subnet on ban detection via Cloudflare API TCPMSS=88 DPI Evasion Forces ClientHello fragmentation across 6 TCP packets, breaking ISP DPI reassembly TCP Desync DPI Evasion Integrated zapret ( nfqws ) OS-level desynchronization (fake packets + TTL spoofing) Split-TLS DPI Evasion 1-byte Application-level record chunking to defeat passive DPI signatures Zero-RTT DPI Evasion Local Nginx server deployed on-the-fly ( 127.0.0.1:8443 ) to defeat active probing timing analysis 0 deps Stdlib Only Built entirely on the Zig standard library 0 globals Thread Safety Dependency injection -- no global mutable state

Engineering Notes: For deep technical details, cryptography internals, systemd hardening, and benchmarks, see GEMINI.md (Engineering Notes).

Quick Start

Prerequisites

Zig 0.15.2 or later

Build & Run locally

# Clone git clone https://github.com/sleep3r/mtproto.zig.git cd mtproto.zig # Build (debug) make build # Build (optimized for production) make release # Run with default config.toml make run

Run Tests

... continue reading

Explore topics: telegram mtproto zig dpi evasion cloudflare
Related:
We sped up bun by 100x
Russia closes loophole to fully block payments for Apple services
EmDash: A Fresh Take on CMS
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity

© 2026 GoKawiil

About | Editorial Policy | Contact