Skip to content
DevMeme
6968 of 7435
Iranian Hackers Bypass Censorship via Sloppy APN String Matching
Security Post #7636, on Jan 19, 2026 in TG

Iranian Hackers Bypass Censorship via Sloppy APN String Matching

Description

A screenshot from X (Twitter) by Nariman Gharib (@NarimanGharib, 2h ago) describing how Iranian users discovered a censorship bypass on MCI mobile data. The post explains that the default 'mcinet' APN routes through heavy DPI that blocks VPN handshakes, but operators leave a lighter-filtered backdoor for Google services to avoid breaking phones. By creating a custom APN named exactly 'google.com', the network's loose string matching routes traffic through the cleaner gateway, letting obfuscated VPN traffic bypass filters. Below is a quoted tweet from IRCF (@ircfs..., 3h, in Persian/Farsi) with instructions. At the bottom are Android screenshots showing 'Access Point Names' settings with SIM 1/SIM 2 tabs, MCCI Internet entries, and an 'Edit access point' screen with Name: google.com, APN: google.com, and empty Proxy/Port/Username/Password fields

Comments

23
Anonymous ★ Top Pick When your national firewall's regex is basically `if (apn.includes('google'))` -- security by substring matching
  1. Anonymous ★ Top Pick

    When your national firewall's regex is basically `if (apn.includes('google'))` -- security by substring matching

  2. @maks_mikh 5mo

    Cool cool cool

  3. @Strangerx 5mo

    it might be the case ONLY if someone at MNO explicitly configured "google.com" as Network Identifier

  4. @AlexKart20129 5mo

    How is this even a meme? 🤔

  5. @ramillimar 5mo

    The wider it is spread online, faster countermeasures to this will be built. Not sure which side benefits more from these posts

  6. @dedlocc 5mo

    whomever

  7. @dollarbr 5mo

    Actually, just changing the APN name won't do anything because the MNO gateway won't recognize 'google.com' as a valid access point. The way this actually works is by using the default provider APN and then using a VPN payload. You have to spoof the SNI (Server Name Indication) inside the request so the DPI thinks the traffic is going to a whitelisted Google domain, while the VPN actually tunnels your data through that 'hole' in the firewall.

  8. @M4lenov 5mo

    "CRUMBLING censorship wall" and they patch it next month so you don't get to have it since then

    1. @mrfoxy_developer 5mo

      we Will find a way or make a way

  9. @saeed140382 5mo

    from iran i finally connected 💪🥴 🇮🇷

    1. @mrfoxy_developer 5mo

      iranian connected

      1. @saeed140382 5mo

        Just a few of people with slow internet,I use a proxy

        1. @mrfoxy_developer 5mo

          me using npv

          1. @saeed140382 5mo

            I don't know ? What is that?

          2. @saeed140382 5mo

            Where are you from?

            1. @mrfoxy_developer 5mo

              iran like you

              1. @saeed140382 5mo

                چه جالب فکر کردم من تنها تو این جور جاهام

                1. @mrfoxy_developer 5mo

                  تنها نیستی. u r not alone

    2. @mrfoxy_developer 5mo

      furry engineer Foxy congratulations to ya 🦊

  10. @saeed140382 5mo

    Npv دیگه چی؟

    1. @mrfoxy_developer 5mo

      just npv tunnel

      1. @saeed140382 5mo

        چی هست؟

        1. @mrfoxy_developer 5mo

          vpn

Use J and K for navigation