Originalmente publicado el 1 de Junio de 2016
TOR is incredibly important and useful in the current state of the Internet.
It provides the ability to browse with a pretty thick layer of anonymity but it also includes some amazing stuff, called “hidden services”.
These services are the building block of the most know DarkNet nowdays.
Hidden services provide nice technical challenges but they are fundamental because they can not be taken down due to an ISP blacklising an IP or registrant taking down the domain.
They give the Internet a resiliency layer to ensure that information gets out there.
Run hidden services
There are no particular differences between a normal computer service and a TOR hidden service. The difference is in the routing.
Instead of connecting to a DNS to resolve certain name and then connect directly to the ip a hidden service is only reachable via the TOR network.
.onion address generation
From wikipedia:
Addresses in the .onion TLD are generally opaque, non-mnemonic, 16-character alpha-semi-numeric hashes which are automatically generated based on a public key when a hidden service is configured.
These 16-character hashes can be made up of any letter of the alphabet, and decimal digits from 2 to 7, thus representing an 80-bit number in base32. It is possible to set up a human-readable .onion URL (e.g. starting with an organization name) by generating massive numbers of key pairs (a computational process that can be parallelized) until a sufficiently desirable URL is found
Getting a “good” address takes time, a lot. The longer the wanted address the longer the time.
For example in the Facebook onion address scenario they did a smart workaround which was generating a long but not full .onion address and just pick the one that looked the better.
You can generate the private key in many ways but I opted for Scallion because it uses GPU for the hashing so it can run really fast if you have a proper video card.
Start the generation of the private key is as easy as:
mono scallion.exe elcuervo
This is the output, you can use -o [FILE]
to avoid depending of stdout
:
<XmlMatchOutput>
<GeneratedDate>2016-06-02T01:25:55.540627Z</GeneratedDate>
<Hash>elcuervogx7fy5kz.onion</Hash>
<PrivateKey>-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
</PrivateKey>
</XmlMatchOutput>
This is an extract of my torrc
config file:
HiddenServiceDir /var/lib/tor/elcuervo/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 22 127.0.0.1:22
You can can have as many hidden services as you want just add the private_key
and the hostname
file.
add a hostname
with the newly generated hash and add the key to the
private_key
file.
I ran this process in a gx.large
EC2 instance using GPU. It took 19 minutes to
generate it.
Server configuration
For this example I’ll be using Caddy because is just awesome and really easy:
Caddyfile
:
elcuervo.net, http://elcuervogx7fy5kz.onion {
root /var/www/elcuervo.net
}
Be sure to restart the both tor
and caddy
and you are good to go. You can
read this same information in the onion version of my blog:
http://elcuervogx7fy5kz.onion/
Just download TORBrowser and give it a try.