Can I match content of packets with hex values without using layer7 ?
I want to match packets with containing hex values of "16030100410100003d0301".
On linux, I use iptables to match those packets with this rule:
iptables -I FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string '|16030100410100003d0301|' --algo bm -j LOG --log-prefix "ULTRASURF: "
And it works perfectly.

On the mikrotik I fill in the content of the mangle rule with this "0x16030100410100003d0301" (without quotes) but it doesn't work.

Thanks in advance.

You can try content as follows:
[admin@MikroTik] /ip firewall mangle> add chain=prerouting content="\16\03\01\00"

You can try content as follows:
[admin@MikroTik] /ip firewall mangle> add chain=prerouting content="\16\03\01\00"

Sory, that rule is not working.