diff --git a/shadowsocks/common.py b/shadowsocks/common.py
index 11b0622..cc88d5d 100644
--- a/shadowsocks/common.py
+++ b/shadowsocks/common.py
@@ -21,7 +21,7 @@ from __future__ import absolute_import, division, print_function, \
 import socket
 import struct
 import logging
-
+import binascii
 
 def compat_ord(s):
     if type(s) == int:
@@ -140,7 +140,7 @@ def pack_addr(address):
 
 def pre_parse_header(data):
     datatype = ord(data[0])
-    if datatype == 0x80 :
+    if datatype == 0x80:
         if len(data) <= 2:
             return None
         rand_data_size = ord(data[1])
@@ -151,7 +151,7 @@ def pre_parse_header(data):
         data = data[rand_data_size + 2:]
     elif datatype == 0x81:
         data = data[1:]
-    elif datatype == 0x82 :
+    elif datatype == 0x82:
         if len(data) <= 3:
             return None
         rand_data_size = struct.unpack('>H', data[1:3])[0]
@@ -160,6 +160,21 @@ def pre_parse_header(data):
                          'encryption method')
             return None
         data = data[rand_data_size + 3:]
+    elif datatype == 0x88:
+        if len(data) <= 7 + 7:
+            return None
+        data_size = struct.unpack('>H', data[1:3])[0]
+        ogn_data = data
+        data = data[:data_size]
+        crc = binascii.crc32(data) & 0xffffffff
+        if crc != 0xffffffff:
+            logging.warn('uncorrect CRC32, maybe wrong password or '
+                         'encryption method')
+            return None
+        start_pos = 3 + ord(data[3])
+        data = data[start_pos:-4]
+        if data_size < len(ogn_data):
+            data += ogn_data[data_size:]
     return data
 
 def parse_header(data):
diff --git a/shadowsocks/encrypt.py b/shadowsocks/encrypt.py
index 5d11138..834b18c 100644
--- a/shadowsocks/encrypt.py
+++ b/shadowsocks/encrypt.py
@@ -21,7 +21,6 @@ import os
 import sys
 import hashlib
 import logging
-import random
 
 from shadowsocks import common
 from shadowsocks.crypto import rc4_md5, openssl, sodium, table
@@ -35,10 +34,7 @@ method_supported.update(table.ciphers)
 
 
 def random_string(length):
-    try:
-        return os.urandom(length)
-    except (AttributeError, NotImplementedError):
-        return ''.join(chr(random.randrange(255)) for _ in range(length))
+    return os.urandom(length)
 
 
 cached_keys = {}
diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
index e9d78e2..8c53113 100644
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@@ -341,6 +341,8 @@ class TCPRelayHandler(object):
                     logging.error('unknown command %d', cmd)
                     self.destroy()
                     return
+            if False and ord(data[0]) != 0x88: # force new header
+                raise Exception('can not parse header')
             data = pre_parse_header(data)
             if data is None:
                 raise Exception('can not parse header')