-
Notifications
You must be signed in to change notification settings - Fork 80
/
README
435 lines (302 loc) · 16.4 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
About:
------
Eschalot is a Tor hidden service name generator, it allows one to produce
a (partially) customized vanity .onion address using a brute-force method.
See https://torproject.org for more information about the Tor network
and https://torproject.org/docs/hidden-services for the hidden services
documentation.
Why eschalot? Well, eschalot is a different name for shallot and it is
a fork of an older .onion names generator called shallot.
See https://github.com/katmagic/Shallot for information about the shallot
and also see the History section at the end of this document.
Eschalot is distributed in source form under BSD license. It should compile
on any Unix or Linux system, but might need some minor modifications.
It was developed and most extensively tested on OpenBSD, but was also tested
to compile and run on DragonFlyBSD, FreeBSD, CentOS Linux, and couple other
mainstream Linux distributions whose names I do not recall at the moment.
Various combinations of big/little endian platforms, 32bit/64bit platforms,
and gcc/pcc/llvm/clang static analizer were tested. Many bugs were uncovered,
some were fixed, some are still there - see TODO list if interested.
Compilation:
------------
Eschalot requires OpenSSL-0.9.7-or-later libraries with source headers.
You will also need a make utility (either BSD or GNU make will do) and
a C compiler (gcc, pcc, or llvm/clang).
Download the latest version of eschalot (currently eschalot-1.2.0), open a
terminal emulator, such as xterm, and change directory to where you saved
the eschalot-1.2.0.tar.gz archive (for examle /home/username/Download);
$ cd Download
$ tar xzvf eschalot-1.2.0.tar.gz
$ cd eschalot-1.2.0
$ make
To use a different (other than your system default) C compiler (such as pcc):
$ make clean
$ env CC=pcc make
If compilation fails, see some hints below under "Compilation Troubleshooting"
close to the end of this document.
If make succeeds, you might want to run a simple functionality test/demo with
$ make test
This will use the included worgen utility to create a test wordlist out of the
three small wordlists included with the distribution, will save the list to
'wordlist.txt', and will launch eschalot running with 4 threads to start
looking for the onion names with the prefixes in the wordlist.txt file.
The results will be redirected to the 'results.txt' file. This test needs
a fairly fast machine with at least 250Mb of RAM.
To remove the test files execute
$ make cleantest
To remove the compiled binaries execute
$ make clean
To cleanup everything execute
$ make cleanall
Example output from 'make test':
--------------------------------
$ make test
cc -std=c99 -O2 -fPIC -finline-functions -Wall -W -Wunused -pedantic -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wcast-qual -Wextra -o eschalot eschalot.c -lpthread -lssl -lcrypto
cc -std=c99 -O2 -fPIC -finline-functions -Wall -W -Wunused -pedantic -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wcast-qual -Wextra -o worgen worgen.c
./worgen 8-16 top150adjectives.txt 3-16 top400nouns.txt 3-16 top1000.txt 3-16 > wordlist.txt
Will be producing 8-16 character long word combinations.
Reading 3-16 characters words from top150adjectives.txt.
Reading 3-16 characters words from top400nouns.txt.
Reading 3-16 characters words from top1000.txt.
Loading words from top150adjectives.txt.
Loaded 150 words from top150adjectives.txt.
Loading words from top400nouns.txt.
Loaded 400 words from top400nouns.txt.
Loading words from top1000.txt.
Loaded 974 words from top1000.txt.
Working. 100% complete, 31122412 words (approximately 377Mb) produced.
Final count: 31366539 word combinations.
./eschalot -vct4 -f wordlist.txt > results.txt
Verbose, continuous, no digits, 4 threads, prefixes 8-16 characters long.
Reading words from wordlist.txt, please wait...
Loaded 31366539 words.
Sorting the word hashes and removing duplicates.
Final word count: 31363570.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Running, collecting performance data...
Found a key for acidfall (8) - acidfalleyt3kkva.onion
Total hashes: 131241356, running time: 10 seconds, hashes per second: 13124135
Found a key for redglass (8) - redglass6i2pxool.onion
Found a key for loudwalk (8) - loudwalk72kvhr4n.onion
Found a key for illarteye (9) - illarteyedjxf3pj.onion
Total hashes: 394606458, running time: 30 seconds, hashes per second: 13153548
Found a key for cutcolor (8) - cutcolorxqxz7ck4.onion
Found a key for safefold (8) - safefold7hmcigr7.onion
Found a key for tallidea (8) - tallideac5zyn3f7.onion
Found a key for wetactago (9) - wetactagot7b42kx.onion
Found a key for pooryear (8) - pooryearxutsizhe.onion
^C*** Signal SIGINT in eschalot-1.2.0 (test)
Usage:
------
Type
$ ./eschalot
and
$ ./worgen
without any options to get a quick usage information.
To search using 4 threads (if your CPU has 4 cores), in a verbose mode,
continuing to search after an .onion address is found, looking for a single
prefix "test":
$ ./eschalot -t4 -v -c -p test
or simply
$ ./eschalot -vct4 -p test
To search using a regular expression looking for names starting with "test"
or ending with "exam":
$ ./eschalot -vct4 -r "^test|exam$"
To search for a single prefix "hello" using one thread, redirecting the
output to a file named "results.txt", exiting after the first name is found:
$ ./eschalot -p hello >> results.txt
To search for prefixes from 8 to 10 characters long from a file named
"wordlist.txt" using 6 threads, in continuous and verbose mode,
redirecting the results to a file:
$ ./eschalot -vct6 -l8-10 -f wordlist.txt >> results.txt
If eschalot is running on a different machine than will host the onion
service, then it is good to store the results in an encrypted file without
hitting the disk in plain text. That is easy to do by piping to gpg:
$ ./eschalot -vct3 -p test | gpg --trust-model always --encrypt \
--recipient 0xfakefakefakefakefakefakefake > results.gpg
Generating a wordlist:
----------------------
You can use the included utility "worgen" to generate large wordlists for
eschalot. This utility is far from complete and is not very user friendly,
but can be used if needed. To demonstrate by example:
Generate a (relatively small) list of 8 to 12 character long words by
mixing 3-10 character words from top1000.txt file, 3-6 character words
from top400nouns.txt, and 3-6 character words from top140adjectives.txt,
redirect the results to wordlist.txt:
$ ./worgen 8-12 top1000.txt 3-10 top400nouns.txt \
3-6 top150adjectives.txt 3-6 > wordlist.txt
Generate a large (~1.2Gb) file of 10 character long words by mixing twice
words from a single file:
$ ./worgen 10-10 nouns.txt 3-10 nouns.txt 3-10 > wordlist.txt
At this point you might want to try running
$ ./eschalot -vct6 -l 10-10 -f wordlist.txt > results.txt
to test if your system can load a large file into memory.
The result should look something like this:
$ ./eschalot -vct6 -l 10-10 -f wordlist.txt > results.txt
Verbose, continuous, no digits, 6 threads, prefixes 10-10 characters long.
Reading words from wordlist.txt, please wait...
Loaded 110792061 words.
Sorting the word hashes and removing duplicates.
Final word count: 110558812.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Thread #5 started.
Thread #6 started.
Running, collecting performance data...
Found a key for museumazof (10) - museumazofgsihx2.onion
Found a key for balzacnick (10) - balzacnickaxtbd4.onion
Found a key for methodmoor (10) - methodmooraudcft.onion
Found a key for gneissbutt (10) - gneissbuttieicps.onion
Found a key for todcorypha (10) - todcoryphadr7zv4.onion
Found a key for pleveniyar (10) - pleveniyarpa3hlx.onion
Found a key for caputwight (10) - caputwightz46r3n.onion
Found a key for mervensalp (10) - mervensalpskbwad.onion
Found a key for hallelenid (10) - hallelenidmhln6o.onion
Found a key for quotalysis (10) - quotalysisadbc57.onion
Found a key for longabarth (10) - longabarthvvdjpw.onion
Found a key for vannlozier (10) - vannlozierwqadcv.onion
Found a key for uriahcadre (10) - uriahcadreac7ujz.onion
Found a key for denmarkjew (10) - denmarkjewfyozqj.onion
Found a key for kochiiclod (10) - kochiiclodifftuw.onion
Found a key for fondusamba (10) - fondusambaialjro.onion
^C
As you see, it finds a lot of prefixes in just a few seconds, but most of them
are useless - that's the downside of using a really large wordlist with either
junk or extremely uncommon words combinations in it. Experiment with it! :)
Security of generated keys:
---------------------------
Original note from Shallot:
It is sometimes claimed that private keys generated by Shallot are less
secure than those generated by Tor. This is false. Although Shallot generates
a keypair with an unusually large public exponent e, it performs all of the
sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then
performs all of the sanity checks that Tor does when it generates an RSA
keypair (by calling the OpenSSL function RSA_check_key).
Eschalot additions:
Now the public exponent is limited to the range of
(0xFFFFFF + 2) to (0xFFFFFFFF) - basically, odd values that take at least,
and no more than, 4 bytes.
In addition, unlike shallot, after the RSA key has been finalized, the
.onion name is regenerated using the same procedure as used in the official
TOR client - this filters out the occasional bogus .onions that shallot
generated occasionally (and eschalot does too - this is a bug I have not
tracked down yet).
Now, there is nothing stopping the TOR developers from modifying the TOR
client to only accept manually imported keys with public exponent equal,
lets say, 65537 and nothing else, but that would be silly of them. It would
not improve TOR's performance much or serve any other purpose, but to
knock offline several well established hidden websites that have been using
shallot-generated keys for years. I would not worry about it.
Performance:
------------
Depends on how fast your CPU is and how many cores you have, but generally
speaking it's a bit faster than shallot. Up to twice as fast in some cases,
but it depends greatly on how fast the OpenSSL's SHA1 implementation is on
the system. Some use hand-optimized assembly, some use C versions.
Wordlist mode is obviously slower than a single fixed prefix mode, but not
by much. The difference between searching in a 100 words list and a 100 million
words list is negligible due to the binary search and hashed tree data
storage. Of course, that is if the whole wordlist fits in RAM completely.
Memory needed is approximately 0.5-0.7 of the size of the wordlist size
on disk (yes, eschalot needs less memory than the file takes due to the words
getting converted into binary format and stored in a sort of a hashed tree).
Compilation Troubleshooting:
----------------------------
1). Does the error message you are getting give you any hints?
2). If the error message complains that make/gmake/gcc/cc cannot be found,
you will need to install the make/gmake utility and gcc or some other C
compiler. Some of the Linuxes split the gcc package into several smaller ones
- you will need the one that says "GNU C Compiler" or something like that.
Note: most of the mainstream Linuxes do not come with a compiler by default
theese days even if you choose a complete - often 5-10Gb - installation.
(Yeah, that was a shock for me too), but it's fairly easy to install it by
using your operating system's software manager.
3). If it says something like "SHA1*** / RSA*** /BN_*** function not defined"
or "missing <openssl/***.h> header", you will need to make sure you not
only have the dynamic OpenSSL libraries installed, but also the header files.
On Linuxes, they are sometimes distributed in a different package from the
main OpenSSL and are called something like "OpenSSL-development" or
"OpenSSL-sources-and-headers" or something like that - look around.
4). If you get an error message about 'htobe32' function not being defined,
you can try using a locally-supplied copy by compiling with
$ env CFLAGS=-DNEED_HTOBE32 make
Same if your system does not have strnlen - try
$ env CFLAGS=-DNEED_STRNLEN make
Or might even have to define both like this:
$ env CFLAGS="-DNEED_HTOBE32 -DNEED_STRNLEN" make
5). If all of the above fails, take a look inside the Makefile, and see if
you need to disable or enable some additional C flags.
6). If your error message says something about endian.h, take a look at the
beginning of the eschalot.c file, see how that file is being included.
You might need to adjust it a bit (that part needs work - see TODO list).
7). If all else fails, send me an email or post something on the feedback
forum. I'll be happy to hear any feedback, positive or negative, and will try
to help.
Bugs and ToDo list:
-------------------
0). Highest priority bug:
Every so often, while searching in a wordlist mode, eschalot finds the
right prefix, but then, after finalizing the key and regenerating the .onion
name, the result is garbage. I suspected my CPU or RAM overheating at first,
but now I tend to think it's a bug in the program (or OpenSSL) somewhere.
It gets detected and rejected and a message is printed on STDERR, but it's
a big waste of hash cycles. Have to track it down.
1). worgen dumps core on 32-bit OpenBSD when using fairly large input
wordlists (triggers stack smash protection). Works fine on 64-bit systems.
2). I tried to optimize the main loop somewhat, but the wordlist loading
could use some improvement - realloc'ing 8 bytes at a time is slow (was
concerned about total memory used when loading large files when I did it).
3). Need better statistics with estimated time needed predictions.
4). Half the variables are global - does not hurt in this case, but is ugly.
5). Print out the public exponent used when a key is found.
6). Write a manpage.
7). Optimize and improve the worgen utility, it was a quick hack.
8). More testing on different OSes, finalize the htobe32/strnlen defines mess.
9). Attempt to implement a GPU hashing mode for Linux.
10). Add a local SHA1 function written in assembly for sparc/sparc64.
11). Make it compile on windows and provide windows binary.
12). Go over the numerous TODOs in the code and address them.
13). Generate one ultimate wordlist with good word combinations 8-16 chars
long, about 5-10Gb in size total, so it could be used to search for a
specific lengths even if the whole thing cannot fit in RAM at once. Perhaps
grab all the phrases and word combinations from a few hundred ebooks
instead of generating randomly mixed rubbish?
14). Move the defines, includes, and functions shared between eschalot and
worgen into "common.h/common.c" files.
15). Add a real self-test with fixed initial RSA key, compare a few hundred
generated .onion names to a known good file. Or something like that.
Make it all driven through the Makefile to simplify testing on different
platforms.
History:
--------
Circa 2006, a person with a nickname Cowboy Bebop created the original
onionhash-0.0.1, which evolved into onionhash-0.0.2 and 0.0.3, until Bebop
and his home at torlandypjxiligx.onion mysteriously vanished.
At this point, it was picked up by someone called Orum, who renamed the
onionhash to shallot and went through three versions until Orum's site at
hangman5naigg7rr.onion disappeared.
Another concerned OnionLand citizen Katmagic got shallot's sources from
taswebqlseworuhc.onion and put them into a Git repository. Made a few
modifications, wrote a new README, and put the whole thing up on GitHub.
I stumbled on the project at some point and had a few ideas on how to make
it more flexible. However, the changes I planned to make were too extensive
to consider simply patching shallot, so I decided to fork it and work on
it for my own private use. After messing with it (very) occasionally for
couple of months, I figured it might be of use to some other TOR enthusiasts,
even though I would not call my remake of shallot "production ready".
Initially I named my project "scallion", however, just a few days ago, I have
learned of yet another .onion names generator recently released which was,
unsurprisingly, named scallion, so I renamed my project to "eschalot".
See https://github.com/lachesis/scallion for more details on scallion.
It's all about choices and now you have several!
P.S. Following the tradition set forth by the previous authors, I will
remain anonymous for the time being.
P.P.S. Sending my greetings and thanks to all the people who worked on this
project before me and kept it alive over the years!
--Unperson Hiro
19 February 2013