Create Customized .onion Addresses For Tor Hidden Services

Create Customized .onion Addresses For Tor Hidden Services

Tor’s .onion links can often look quite random in this article I will show you how to create customized .onion address for use with Tor’s hidden services.

Customized .onion links can often help other Tor users find and recognize your site easier.

For example take Facebook’s .onion hidden service that lets users access Facebook’s website more safely. Facebook .onion link is facebookcorewwwi.onion For a hash of a public key that’s randomly generated, it doesn’t look very random this got a lot of users wondering how they brute forced a full .onion link. The article linked below explain more about the processes Facebook took to create their custom .onion link.

Quote Tor “The short answer is that for the first half of it (“facebook”), which is only 40 bits, they generated keys over and over until they got some keys whose first 40 bits of the hash matched the string they wanted.”

https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs

https://en.wikipedia.org/wiki/Birthday_attack

In this article we won’t be creating a .onion link as extravagant as Facebook’s .onion link as we don’t have as much processing power to handle an entire address as it would take as long as the universe is believed to have been in existence so we will be creating a custom .onion link will fewer characters.

To create customized .onion links we can use a open source tool called Shallot.

Shallot allows you to create customized .onion addresses for Tor’s hidden services. By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.

Installing Shallot

sudo apt-get install libcurl4-openssl-dev
git clone https://github.com/katmagic/Shallot.git Shallot
cd Shallot
./configure && make
./shallot

Usage

$ ./shallot ^test
—————————————————————-
Found matching pattern after 99133 tries: testvztz3tfoiofv.onion
—————————————————————-
—–BEGIN RSA PRIVATE KEY—–
MIICXgIBAAKBgQC3R85m6NQaA1ZjaYqvz1hvFIjbL4RtKdJbG8hlC9xEBkvfr/BG
8Z5vDiUzdbDt8mEBuZUDanx80uGJvbXTgmczX0UlkEOgGiZ8RKpnsbKaf/EJNrIw
T7MSXQmWNcm22nDeViV7fwy+Usyal2RE5cdVCFsPtEbVZqCumlKkEgCyFwIDBAZ7
AoGBAJSa2cGuru/XhzJAEAIwHZbgPDnum9T/srOYxUKW6afHZeOu5S4Cclwb+xb/
pGOtzn71XZfCKMfiVdxB/f3XTcRrYB2VnBoNToTD7WfH6DksdDf4zunqiEjvxi9K
R+tKhxmF7OedrRt8wIhUmFd1E2Q9nbTHI6icdB4kR4QkYKZzAkEA5M6samK7+495
6SWpRXiePIs7sHKWuxdCrG7kW5RNJrv2CcGYwK46TPcaXBcRfM4eq9+9PGoKi0IO
gSpOZ5vRYQJBAM0QAZYTZ6ApD014x372MX1ZNofuYL/+XF8ZPZV6Sh4+9MUBuNPb
yL7BENDr6pX4Zm6OepvAphhCa4vGno2pHncCQQCQnfhUCHANU4bjtX4EOoI63WDq
UwBOeIWxu0YvGt7Z25Dg9CNz/aX8UZIoj6VyKxLRbR9+K3mNrNgaopW+ZDKzAkEA
ttgTK1ALe+3v+5H+Ez1SvFPREDFcHihrfD1Ipc5zicY9ixTArgdyZvk+Pi+AMBVV
sL2HWvjRLEAgRclvKfkwWwJAFtM+BIGRM5me+fMALuBBEtKnbJ6maflsyucErEb0
pIIBkovF5oyWO3lSBmtStJIANNkHOg8aXqjcgPKusDN7CQ==
—–END RSA PRIVATE KEY—–

On the Security of Generated Key Pairs

“It is sometimes claimed that private keys generated by Shallot are less secure than those generated by Tor. This is false. Although Shallot generates a keypair with an unusually large public exponent e, it performs all of the sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then performs all of the sanity checks that Tor does when it generates an RSA key pair (by calling the OpenSSL function RSA_check_key).”

Adding new RSA private key to Tor hidden service

Setting up a Tor hidden service is quite simple it requires starting a web server on machine and setting the HiddenServiceDir and HiddenServicePort on tor’s configuration file.

Location of torrc: /etc/tor/torrc

nano /etc/tor/torrc

When Tor starts a hidden service first it will generate a new public/private keypair for the hidden service. The key pair is further written to a file called private_key. Web masters are advised to keep this key safe from others if an attacker was to gain access to these keys they would then be able to impersonate a hidden service and conduct various Man-in-the-middle and downgrade attacks on the target Tor hidden service. If you replace the RSA private key (including its header and footer) in a file called private_key in the HiddenServiceDir you specified in your torrc, then when you restart your Tor, a hostname file will be created in HiddenServiceDir that contains your shiny new .onion address.

If you require more information on setting up Tor hidden services and configuration of torrc refer to the following article.

https://www.torproject.org/docs/tor-hidden-service.html.en

Performance Time Taken to Generate Custom .onion Links

Time to Generate an Tor .onion link with a Given Number of Initial Characters on a 1.5Ghz Processor

 

Amount of characters

time to generate (approx.)

1 less than a second

2 less than a second

3 less than a second

4 – 2 seconds

5 – 1 minute

6 – 30 minutes

7 – 1 day

8 – 25 days

9 – 2.5 years

10 – 40 years

11 – 640 years

12 – 10 millenia

13 – 160 millenia

14 – 2.6 million years

Shallot Git Repo

Scallion Oinionhash Generator

Hacking TOR Hidden Services