obfs2/obfs3 AES counter initialization is incorrect.
From obfsproxy/common/aes.py
:
self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
From the Crypto.Util.Counter
docstring:
allow_wraparound : boolean
If *True*, the counter will automatically restart from zero after
reaching the maximum value (``2**nbits-1``).
If *False* (default), the object will raise an *OverflowError*.
The docs on the pycrypto web page are incorrect (https://github.com/dlitz/pycrypto/commit/f73d0a11697e2be0a3a1819fdb91a5dadc4e6af8) and haven't been regenerated yet.
The obfs2/3 protocols uses a initial value derived from the UniformDH handshake, allow_wraparound=True
should be passed to the constructor here to avoid mysterious (though extremely unlikely) connection failures.