diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml new file mode 100644 index 0000000..6cb1e60 --- /dev/null +++ b/.github/workflows/build-docker.yml @@ -0,0 +1,33 @@ +name: Build docker image CI + +on: + push: + branches: master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64/v8 + tags: ${{ secrets.DOCKERHUB_USERNAME }}/tor-hiddenservice-nginx:latest \ No newline at end of file diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml new file mode 100644 index 0000000..5b9a31c --- /dev/null +++ b/.github/workflows/sonarqube.yml @@ -0,0 +1,24 @@ +name: Build + +on: + push: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + build: + name: Build + runs-on: ubuntu-latest + permissions: read-all + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + - uses: sonarsource/sonarqube-quality-gate-action@master + timeout-minutes: 5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..f53554e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "mkp224o"] + path = mkp224o + url = https://github.com/cathugger/mkp224o.git diff --git a/Dockerfile b/Dockerfile index 6aa9ad9..05e3c36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,16 @@ -FROM debian:jessie +FROM debian:bullseye -LABEL maintainer "opsxcq@strm.sh" +LABEL maintainer="ozeliurs@gmail.com" # Base packages RUN apt-get update && \ - apt-get -y install \ - nginx \ - tor torsocks ntpdate - -# Compile shallot -ADD ./shallot /shallot -RUN apt-get -y install \ - build-essential \ - libssl-dev && \ - cd /shallot && \ - ./configure && \ - make && \ - mv ./shallot /bin && \ - cd / && \ - rm -Rf /shallot && \ - apt-get -y purge build-essential libssl-dev && \ - rm -Rf /var/lib/apt/lists/* + apt-get -y install nginx tor torsocks ntpdate sudo \ + gcc libsodium-dev make autoconf + +ADD ./mkp224o /mkp224o +ADD ./main.sh /main.sh +ADD ./torrc /etc/tor/torrc +ADD ./nginx.conf /etc/nginx/nginx.conf # Security and permissions RUN useradd --system --uid 666 -M --shell /usr/sbin/nologin hidden @@ -29,19 +19,12 @@ RUN useradd --system --uid 666 -M --shell /usr/sbin/nologin hidden RUN ln --symbolic --force /dev/stdout /var/log/nginx/access.log RUN ln --symbolic --force /dev/stderr /var/log/nginx/error.log -# Main script -ADD ./main.sh /main.sh - -# Tor Config -ADD ./torrc /etc/tor/torrc - -# Add nginx default configuration -ADD ./nginx.conf /etc/nginx/nginx.conf - # Configuration files and data output folder VOLUME /web WORKDIR /web +EXPOSE 9050 + ENTRYPOINT ["/main.sh"] CMD ["serve"] diff --git a/README.md b/README.md index 4294ba2..00ce7f4 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,26 @@ # Easily create and run hidden services -[![Docker Pulls](https://img.shields.io/docker/pulls/strm/tor-hiddenservice-nginx.svg?style=plastic)](https://hub.docker.com/r/strm/tor-hiddenservice-nginx/) +[![Docker Pulls](https://img.shields.io/docker/pulls/ozeliurs/tor-hiddenservice-nginx.svg?style=plastic)](https://hub.docker.com/r/ozeliurs/tor-hiddenservice-nginx/) ![License](https://img.shields.io/badge/License-GPL-blue.svg?style=plastic) +This is a fork of opsxcq's project. This docker image now supports tor v3 +adresses and shallot has been replaced by mkp224o (v3 compatible). +Feel free to open issues on this project if you see something wrong. Easily run a hidden service inside the Tor network with this container - Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden -service contain the word 'boss', just use this word as argument. You can use -regular expressions, like ```^boss```, will generate an address wich will start -with 'boss'. Be aware that bigger the pattern, more time it will take to -generate it. +service contain the word 'boss', just use this word as argument. Be aware that +bigger the pattern, more time it will take to generate it. ```sh -docker run -it --rm -v $(pwd)/web:/web \ - strm/tor-hiddenservice-nginx generate +docker run -it --rm -v $(pwd)/web:/web ozeliurs/tor-hiddenservice-nginx generate ``` - Create an container named 'hiddensite' to serve your generated hidden service ```sh -docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web \ - strm/tor-hiddenservice-nginx +docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web ozeliurs/tor-hiddenservice-nginx ``` ## Example @@ -31,14 +28,14 @@ docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web \ Let's create a hidden service with the name beginning with strm. ```sh -docker pull strm/tor-hiddenservice-nginx +docker pull ozeliurs/tor-hiddenservice-nginx ``` Wait to the container image be downloaded. And them we can generate our site skeleton: ```sh -$docker run -it --rm -v $(pwd)/web:/web strm/tor-hiddenservice-nginx generate ^strm +$docker run -it --rm -v $(pwd)/web:/web ozeliurs/tor-hiddenservice-nginx generate strm [+] Generating the address with mask: ^strm [+] Found matching domain after 137072 tries: strmfyygjp5st54g.onion [+] Generating nginx configuration for site strmfyygjp5st54g.onion @@ -49,8 +46,7 @@ $docker run -it --rm -v $(pwd)/web:/web strm/tor-hiddenservice-nginx generate ^s Now we have our skeleton generated, we can run the container with: ```sh -docker run -d --restart=always --name hiddensite \ - -v $(pwd)/web:/web strm/tor-hiddenservice-nginx +docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web ozeliurs/tor-hiddenservice-nginx ``` And you have the service running ! :) @@ -67,69 +63,20 @@ And you have the service running ! :) # FAQ -## Anti-Pattern - -While is not a good thing to run everything in one container, this is a easy way -to get started if you don't have that much experience with docker and hidden -services. If you want to use something more elaborated, check this -[repository](https://github.com/opsxcq/docker-tor). - -Here is an example of how a deploy using this other image looks like. - -```yml -version: '3' - -services: - tor: - image: strm/tor - restart: always - depends_on: - - backend - environment: - LISTEN_PORT: "80" - REDIRECT: "backend:80" - PRIVATE_KEY: | - -----BEGIN RSA PRIVATE KEY----- - MIICXQIBAAKBgQDSqBzjGxL+UFdrFJSdc+LJn3RrXiaZ7k6kgSw8KqOCSRgIr2qO - XZrCa3YHE+PqsfbDVF0GO0Xy3A9fsIxRFMUo3K++3BaVJslUbqK2TH9fJt5Ji1b6 - N5UzXsEzf73atXwMF63hgVFZFLhfSWH8jGE1svwDXn0YQWP88PVX34SrWQIDASsd - AoGAUWdd+/m9TrTQyqK0IbzIr0fYQ5gDq4mv1GLEYjR4SWF8pSCxL1yOBsmQ02sj - BSS2Vw4dpFfloCrRw2ipM8ac4kdLGCoYefQHwW2Kfdf9raVfPDP7vcxrs37sOgOh - 2rSXCOOrmcoMrEka2/OTGW15jaNUEEoWacS3YL1Fj0Bi6g0CQQD4ZmBiF6qu2XnT - 8lMr1Asdz3K8fYiyfl6CzHItUubAbQ8ipv12q8CerJqk3dO98V+w8llAsQ7BT5wq - 8AZOPQR3AkEA2RobnACDvb2Jw+dYSFsqrHyIDojKsrNiDEFedkiFijRFqme+nrif - kJ4yTnSiphC+rSSBbvYMawsqiWBA7UPSrwJBAKXSVQClxNUpJ2PZt91HZAtuipRt - t8suGIY4mot1iDRN0XdiNN8TNZ3qLag7wUU4or+Yn/3Xae1euHpyftTxmYsCQQCd - oJxsGotYx62ULxPqz0um7yEWOU6hUAy8MB3X3FcTCjGO0PPKpfJ2ntXo0Ajcp5ci - msi81/e9DTnF9mPjtsY9AkAUG6heBlETMFzyka9FHPgu9aN2kRwvJ3QZDHuPxYG4 - VZwljLxstlx57+N74D0aj6wrJw+iBH2BI+b+ZpnLXyy7 - -----END RSA PRIVATE KEY----- -``` - -To make it work you should also add a webserver with the name `backend`, and add -your content there. There are more moving pieces using a deploy like this, so -this is the justification for this repository, for people who never put anything -on the deep web being able to enjoy it without busting their asses debugging -some infrastructure. - - -## Build +## Build Docker image ``` -docker build -t strm/tor-hiddenservice-nginx . +docker build -t ozeliurs/tor-hiddenservice-nginx . ``` -## Run +## Run Docker container ``` -docker run -d --restart=always --name hiddensite \ - -v $(pwd)/web:/web strm/tor-hiddenservice-nginx +docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web ozeliurs/tor-hiddenservice-nginx ``` ## Shell ``` -docker run -it --rm -v $(pwd)/web:/web \ - --entrypoint /bin/bash strm/tor-hiddenservice-nginx - +docker run -it --rm -v $(pwd)/web:/web --entrypoint /bin/bash ozeliurs/tor-hiddenservice-nginx ``` diff --git a/main.sh b/main.sh index 9e86a7d..e5b732d 100755 --- a/main.sh +++ b/main.sh @@ -12,13 +12,27 @@ then echo '[-] You dont provided any mask, please inform an mask to generate your address' exit -1 else + echo "[+] Building mkp224o" + cd /mkp224o + ./autogen.sh + ./configure + make + mv ./mkp224o /bin + cd / + rm -Rf /mkp224o + apt-get -y purge gcc libsodium-dev make autoconf + rm -Rf /var/lib/apt/lists/* + echo '[+] Generating the address with mask: '$2 - shallot -f /tmp/key $2 - echo '[+] '$(grep Found /tmp/key) - grep 'BEGIN RSA' -A 99 /tmp/key > /web/private_key + rm -rf /tmp/keys && mkdir /tmp/keys + + mkp224o $2 -n 1 -d /tmp/keys &> /dev/null + echo '[+] Found '$(cat /tmp/keys/*.onion/hostname) + cp /tmp/keys/*.onion/*secret_key /web/ + cp /tmp/keys/*.onion/hostname /web/ fi - address=$(grep Found /tmp/key | cut -d ':' -f 2 ) + address=$(cat /tmp/keys/*.onion/hostname) echo '[+] Generating nginx configuration for site '$address echo 'server {' > /web/site.conf @@ -30,16 +44,16 @@ then echo '[+] Creating www folder' mkdir /web/www - chmod 755 /web/ - chmod 755 /web/www + chmod 700 /web/ + chmod 700 /web/www echo '[+] Generating index.html template' echo 'Your very own hidden service is ready

Well done !

' > /web/www/index.html - chown hidden:hidden -R /web/www + chown hidden:hidden -R /web/ fi if [ "$1" == "serve" ] then - if [ ! -f /web/private_key ] + if [ ! -f /web/*secret_key ] then echo '[-] Please run this container with generate argument to initialize your web page' exit -1 @@ -47,9 +61,10 @@ then echo '[+] Initializing local clock' ntpdate -B -q 0.debian.pool.ntp.org echo '[+] Starting tor' - tor -f /etc/tor/torrc & + sudo -u hidden tor -f /etc/tor/torrc & echo '[+] Starting nginx' nginx & + # Monitor logs sleep infinity fi diff --git a/mkp224o b/mkp224o new file mode 160000 index 0000000..d202229 --- /dev/null +++ b/mkp224o @@ -0,0 +1 @@ +Subproject commit d202229a437d98b874f0ecc4affcf58f65596802 diff --git a/shallot/CHANGELOG b/shallot/CHANGELOG deleted file mode 100755 index ac89421..0000000 --- a/shallot/CHANGELOG +++ /dev/null @@ -1,41 +0,0 @@ -Changed from shallot-0.0.2 to shallot-0.0.3: - -* Fixed some memory leaks. -* More efficient use of memory. -* Added '-o' option to optimize prime size for SHA-1 hashing. - - -Changed from shallot-0.0.1 to shallot-0.0.2: - -* Corrected some things in the README. -* Removed redundant PEM generation. -* Improved SHA-1 hashing performance. -* The previous two performance enhancements give us a ~4.6x speed - boost. That's right, ~4.6 TIMES as fast. -* Added a "sanity" limit to e, so it doesn't get insanely high during - long hashing sessions. It's adjustable, too. -* Allowed the number of threads to be specified during startup. -* Added a "monitor" mode (try it out! -m) -* Added an option to automatically daemonize -* Added file output option -* Added a verbose flag (for debugging) -* Now configures for BSD-style build on OS X. -* Allows for building on unidentified systems, in a slightly crippled - form (defaults to 1 thread unless specified). -* OpenBSD is now officially supported and tested (it lacks support - for sysctlbyname(3), wtf?). -* Removed a (small) buffer overflow. - - -Changed from onionhash-0.0.2 to shallot-0.0.1: - -* Fixed a 1KB memory leak. -* Removed irrelevant code. -* Brute force loop no longer mallocs/frees, giving a ~1% increase in - hashing speed. -* Now completely multithreaded, allowing systems with several CPUs to - take full advantage of all of them to hash! -* Now follows PKCS#1 v2.1 for satisfactory public keys (previously on - a version prior to v2.0, i.e. v1.5). -* BSD and Linux ports (required due to autodetecting core count). - diff --git a/shallot/LICENSE b/shallot/LICENSE deleted file mode 100755 index 3f15b2e..0000000 --- a/shallot/LICENSE +++ /dev/null @@ -1,55 +0,0 @@ -Copyright (c) 2007 `Orum - - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the "Software"), -to deal in the Software without restriction, including without limitation -the rights to use, copy, modify, merge, publish, distribute, sublicense, -and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. - --------------------------------------------------------------------------- - -This software is based on onionhash-0.0.2 which bears the following -license: - -* If you believe in the ideology of "copyright" and what some folks call -* "interlectual property" you might consider reading the following license -* agreement. -* -* However, if you're - like me - a non-believer, a "copyright atheist", -* someone who thinks that information belongs to mankind itself and -* cannot be posessed by a person, you're free to simply ignore it :-) -* -*-------------------------------------------------------------------------- -* -* Copyright (c) 2006 Cowboy Bebop -* -* Permission is hereby granted, free of charge, to any person obtaining a -* copy of this software and associated documentation files (the "Software"), -* to deal in the Software without restriction, including without limitation -* the rights to use, copy, modify, merge, publish, distribute, sublicense, -* and/or sell copies of the Software, and to permit persons to whom the -* Software is furnished to do so, subject to the following conditions: -* -* The above copyright notice and this permission notice shall be included in -* all copies or substantial portions of the Software. -* -* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -* The X.Org Foundation BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF -* OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -* SOFTWARE. diff --git a/shallot/Makefile b/shallot/Makefile deleted file mode 100755 index 9d64843..0000000 --- a/shallot/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - - - -ifeq ($(CC),) - CC=gcc -endif - -ifeq ($(RM),) - RM=rm -f -endif - -ifeq ($(CP),) - CP=cp -endif - - -CFLAGS:=$(CFLAGS) -O3 -I/usr/include -I/usr/local/include -L/usr/lib -L/usr/local/lib -LIBS:=-lm -lpthread -lssl -lcrypto -WARNING_FLAGS:=$(WARNING_FLAGS) -Wall -DEBUG_FLAGS:=$(DEBUG_FLAGS) -g - - -OBJS:=src/math.o src/error.o src/linux.o src/print.o src/thread.o src/shallot.o -OBJS_DBG:=src/math.dbg.o src/error.dbg.o src/linux.dbg.o src/print.dbg.o src/thread.dbg.o src/shallot.dbg.o - - -all: $(OBJS) - $(CC) $(CFLAGS) -pthread $^ -o shallot $(LIBS) - -debug: $(OBJS_DBG) - $(CC) $(DEBUG_FLAGS) $(CFLAGS) -pthread $^ -o shallot $(LIBS) - -clean: - $(RM) shallot src/*.o -install: - $(CP) shallot /usr/bin/ -uninstall: - $(RM) /usr/bin/shallot - - - -src/%.o: src/%.c - $(CC) $(CFLAGS) $(WARNING_FLAGS) -o $@ -c $^ - -src/%.dbg.o: src/%.c - $(CC) $(DEBUG_FLAGS) $(CFLAGS) $(WARNING_FLAGS) -o $@ -c $^ - diff --git a/shallot/README.asciidoc b/shallot/README.asciidoc deleted file mode 100755 index bbfd2ad..0000000 --- a/shallot/README.asciidoc +++ /dev/null @@ -1,92 +0,0 @@ -Shallot -======= - -About ------ -Shallot allows you to create customized .onion addresses for -link:https://www.torproject.org/[Tor's] -link:https://www.torproject.org/docs/hidden-services[hidden services]. -(By customized, it is meant that part of the address can be selected. Choosing -an entire address would take far longer than the universe is believed to have -been in existence.) - -Installation ------------- - $ ./configure && make - $ ./shallot - -Usage ------ - $ ./shallot ^test - ---------------------------------------------------------------- - Found matching pattern after 99133 tries: testvztz3tfoiofv.onion - ---------------------------------------------------------------- - -----BEGIN RSA PRIVATE KEY----- - MIICXgIBAAKBgQC3R85m6NQaA1ZjaYqvz1hvFIjbL4RtKdJbG8hlC9xEBkvfr/BG - 8Z5vDiUzdbDt8mEBuZUDanx80uGJvbXTgmczX0UlkEOgGiZ8RKpnsbKaf/EJNrIw - T7MSXQmWNcm22nDeViV7fwy+Usyal2RE5cdVCFsPtEbVZqCumlKkEgCyFwIDBAZ7 - AoGBAJSa2cGuru/XhzJAEAIwHZbgPDnum9T/srOYxUKW6afHZeOu5S4Cclwb+xb/ - pGOtzn71XZfCKMfiVdxB/f3XTcRrYB2VnBoNToTD7WfH6DksdDf4zunqiEjvxi9K - R+tKhxmF7OedrRt8wIhUmFd1E2Q9nbTHI6icdB4kR4QkYKZzAkEA5M6samK7+495 - 6SWpRXiePIs7sHKWuxdCrG7kW5RNJrv2CcGYwK46TPcaXBcRfM4eq9+9PGoKi0IO - gSpOZ5vRYQJBAM0QAZYTZ6ApD014x372MX1ZNofuYL/+XF8ZPZV6Sh4+9MUBuNPb - yL7BENDr6pX4Zm6OepvAphhCa4vGno2pHncCQQCQnfhUCHANU4bjtX4EOoI63WDq - UwBOeIWxu0YvGt7Z25Dg9CNz/aX8UZIoj6VyKxLRbR9+K3mNrNgaopW+ZDKzAkEA - ttgTK1ALe+3v+5H+Ez1SvFPREDFcHihrfD1Ipc5zicY9ixTArgdyZvk+Pi+AMBVV - sL2HWvjRLEAgRclvKfkwWwJAFtM+BIGRM5me+fMALuBBEtKnbJ6maflsyucErEb0 - pIIBkovF5oyWO3lSBmtStJIANNkHOg8aXqjcgPKusDN7CQ== - -----END RSA PRIVATE KEY----- - -If you place the RSA private key (including its header and footer) in a file -called `private_key` in the `HiddenServiceDir` you specified in your torrc, (If -you don't know what that means, -link:https://www.torproject.org/docs/tor-manual[read the Tor man page]. If you -*still* don't understand, Shallot probably isn't for you.) then when you restart -your Tor, a `hostname` file will be created in `HiddenServiceDir` that contains -your shiny new .onion address. - -On the Security of Generated Keypairs -------------------------------------- -It is sometimes claimed that private keys generated by Shallot are less secure -than those generated by Tor. This is false. Although Shallot generates a -keypair with an unusually large public exponent e, it performs all of the -sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then -performs all of the sanity checks that Tor does when it generates an RSA -keypair (by calling the OpenSSL function RSA_check_key). - -Performance ------------ -.Time to Generate a .onion with a Given Number of Initial Characters on a 1.5Ghz Processor -[align="right",float="left",width="30%"] -|======================================= -|characters | time to generate (approx.) -| 1 | less than 1 second -| 2 | less than 1 second -| 3 | less than 1 second -| 4 | 2 seconds -| 5 | 1 minute -| 6 | 30 minutes -| 7 | 1 day -| 8 | 25 days -| 9 | 2.5 years -| 10 | 40 years -| 11 | 640 years -| 12 | 10 millenia -| 13 | 160 millenia -| 14 | 2.6 million years -|======================================= - -A History of Shallot --------------------- -Shallot has a long history in Onion Land. In its original incarnation, Shallot -was originally written by a mysterious Onion Lander called Bebop, who created -its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That -quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and -link:http://torlandypjxiligx.onion/[Bebop's New Home in Onionspace] mysteriously -vanished. At this point, it was picked up by `Orum, who gave Shallot its -current name, and went through three versions until `Orum's site, -link:http://hangman5naigg7rr.onion/[hangman - hidden (in plain) site], went -down. I (katmagic) got Shallot's sources from -link:http://taswebqlseworuhc.onion/[Tas's site] and put them into a Git -repository. I made a few modifications, wrote a new README, and put the whole -thing up on GitHub for all to see. diff --git a/shallot/configure b/shallot/configure deleted file mode 100755 index e6a75c5..0000000 --- a/shallot/configure +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -cfg_path=src/config.h - ->$cfg_path echo "#ifndef CONFIG_H" ->>$cfg_path echo "#define CONFIG_H" - -if [ `uname -s | grep -i bsd` ]; then - echo "BSD detected! Good job..." - >>$cfg_path echo "#define BSD" -elif [ `uname -s | grep -i linux` ]; then - echo "Liunx detected. Have you considered switching to BSD?" - >>$cfg_path echo "#define LINUX_PORT" -elif [ `uname -s | grep -i darwin` ]; then - echo "OS X detected. Who needs a GUI anyway?" - >>$cfg_path echo "#define BSD" - >>$cfg_path echo "#define OSX" -else - echo "Unable to determine OS. Configuring for a generic build..." - >>$cfg_path echo "#define GENERIC" -fi - ->>$cfg_path echo "#define _GNU_SOURCE" ->>$cfg_path echo "#endif" - -echo "Configuration successful. This does not mean it will build." -echo "If you are missing gcc, or required libraries/headers, you" -echo "will need to install them first." diff --git a/shallot/src/defines.h b/shallot/src/defines.h deleted file mode 100755 index 17f5442..0000000 --- a/shallot/src/defines.h +++ /dev/null @@ -1,50 +0,0 @@ -#ifndef DEFINES_H -#define DEFINES_H - -#include "config.h" -#include - -// our ever-important version string -#define VERSION "0.0.3-alpha" - -// default values -#define DEFAULT_THREADS 1 // not used on anything but unknown systems -#define DEFAULT_E_LIMIT 0xFFFFFFFFFFull // must be odd and <= MAXIMUM_E_LIMIT - // and >= RSA_PK_EXPONENT -#define MAXIMUM_E_LIMIT 0xFFFFFFFFFFFFFFFDull - -// crypt constants -#define REGEX_COMP_LMAX 0x40 -#define SHA1_DIGEST_LEN 20 -#define RSA_KEYS_BITLEN 0x400 -#define RSA_OPTM_BITLEN 0x380 // remember to subtract the length of e (in bits) -// be sure to keep these constants in sync if you change them! -#define RSA_PK_EXPONENT 0x10001ull -#define RSA_PK_E_LENGTH 3 -#define RSA_EXP_DER_LEN 0x8C -#define RSA_OPT_DER_LEN 0x77 -#define RSA_ADD_DER_OFF 2 // don't ask... -#define SHA_REL_CTX_LEN 10 * sizeof(SHA_LONG) - -#define BASE32_ONIONLEN 16 -#define BASE32_ALPHABET "abcdefghijklmnopqrstuvwxyz234567" - -#define PRINT_ONION_STR "Found matching domain after %"PRIi64" tries: %s.onion" -#define PRINT_ONION_MAX 79 - -#ifdef LINUX_PORT - // Linux constants (lol no API) - #define CPUINFO_BUF_SIZE 0x400 - #define CPUINFO_PATH "/proc/cpuinfo" - #define CPUINFO_PROC_STR "processor" - #define CPUINFO_PROC_STR_LEN 9 // don't include trailing NULL - // sanity checking for constants - #if CPUINFO_BUF_SIZE < 0x100 - #error CPUINFO_BUFFER_SIZE set too small. Please make it bigger. - #elif CPUINFO_BUF_SIZE > 0x7FFF - #error CPUINFO_BUFFER_SIZE set too large. Please make it smaller. - #endif -#endif - -#endif - diff --git a/shallot/src/error.c b/shallot/src/error.c deleted file mode 100755 index 8527cab..0000000 --- a/shallot/src/error.c +++ /dev/null @@ -1,144 +0,0 @@ -// error handling for shallot - -#include "error.h" -#include "globals.h" -#include "defines.h" - -#include -#include - -// help - how to use this stuff -void usage(void) { - printf("Usage: shallot [-dmopv] [-f ] [-t count] [-x time] [-e limit] pattern\n" - " -d : Daemonize (requires -f)\n" - " -m : Monitor mode (incompatible with -f)\n" - " -o : Optimize RSA key size to improve SHA-1 hashing speed\n" - " -p : Print 'pattern' help and exit\n" - " -f : Write output to \n" - " -t count : Forces exactly count threads to be spawned\n" - " -x secs : Sets a limit on the maximum execution time. Has no effect without -m\n" - " -e limit : Manually define the limit for e\n" - "Version: %s\n", VERSION); - exit(X_WRONG_NUMARGS); -} - -void pattern(void) { - printf("base32 alphabet allows letters [a-z] and digits [2-7]\n" - "pattern can be a POSIX-style regular expression, e.g.\n" - " xxx must contain 'xxx'\n" - " bar$ must end with 'bar'\n" - " ^foo must begin with 'foo'\n" - " b[a4]r may contain leetspeech ;)\n" - " ^ab|^cd must begin with 'ab' or 'cd'\n" - " [a-z]{16} must contain letters only, no digits\n" - " ^dusk.*dawn$ must begin with 'dusk' and end with 'dawn'\n"); - exit(X_WRONG_NUMARGS); -} - -// our big error handling/reporting function -void error(int32_t code) { - switch(code) { - case X_REGEX_COMPILE: { - fprintf(stderr, "ERROR: Bad pattern. Try again with something else!\n"); - break; - } - - case X_REGEX_INVALID: { - fprintf(stderr, "ERROR: Pattern cannot contain '-'.\n"); - break; - } - - case X_SGNL_INT_TERM: { - fprintf(stderr, "\nCaught SIGINT/SIGTERM after %"PRIu64" tries - exiting.\n", - loop); - break; - } - - case X_YOURE_UNLUCKY: { - fprintf(stderr, "\nERROR: You happened to find a bad key - congrats.\n"); - break; - } - - case X_KEY_GEN_FAILS: { - fprintf(stderr, "ERROR: RSA Key Generation failed. This is bad.\n"); - break; - } - - case X_THREAD_CREATE: { - fprintf(stderr, "ERROR: Failed to create thread. Terminating...\n"); - break; - } - - case X_BIGNUM_FAILED: { - fprintf(stderr, "ERROR: Failed to covert uint64_t to BIGNUM.\n"); - break; - } - - case X_INVALID_THRDS: { - fprintf(stderr, "ERROR: Invalid number of threads\n"); - break; - } - - case X_EXCLUSIVE_OPT: { - fprintf(stderr, "ERROR: -m is incompatible with -f/-v\n"); - break; - } - - case X_INVALID_E_LIM: { - fprintf(stderr, "ERROR: e limit must be odd, >= %llu, and <= %llu\n", - RSA_PK_EXPONENT, MAXIMUM_E_LIMIT); - break; - } - - case X_NEED_FILE_OUT: { - fprintf(stderr, "ERROR: -d requires -f \n"); - break; - } - - case X_FILE_OPEN_ERR: { - fprintf(stderr, "ERROR: Couldn't open file for output\n"); - break; - } - - case X_DAEMON_FAILED: { - fprintf(stderr, "ERROR: Daemonization failed\n"); - break; - } - - case X_OUT_OF_MEMORY: { - fprintf(stderr, "ERROR: Out of memory error.\n"); - break; - } - case X_MAXTIME_REACH: { - fprintf(stderr,"\n%s\n","Maximum execution time reached; exiting..."); - break; - } - - -#ifdef BSD - case X_SYSCTL_FAILED: { - fprintf(stderr, "ERROR: sysctlbyname failed.\n"); - break; - } - -#elif defined(LINUX_PORT) - case X_BAD_FILE_DESC: { - fprintf(stderr, "ERROR: Couldn't open processor information.\n"); - break; - } - - case X_ABNORMAL_READ: { - fprintf(stderr, "ERROR: Failed reading processor information.\n"); - break; - } -#endif - - default: { - fprintf(stderr, "Generic error. You should never see this...\n"); - break; - } - } // end switch - - exit(code); -} - diff --git a/shallot/src/error.h b/shallot/src/error.h deleted file mode 100755 index 17067b9..0000000 --- a/shallot/src/error.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef ERROR_H -#define ERROR_H - -#include "config.h" - -#include - -// error codes -#define X_WRONG_NUMARGS 0x01 -#define X_REGEX_COMPILE 0x02 -#define X_REGEX_INVALID 0x03 -#define X_SGNL_INT_TERM 0x04 -#define X_YOURE_UNLUCKY 0x05 -#define X_KEY_GEN_FAILS 0x06 -#define X_THREAD_CREATE 0x07 -#define X_BIGNUM_FAILED 0x08 -#define X_INVALID_THRDS 0x09 -#define X_EXCLUSIVE_OPT 0x0A -#define X_INVALID_E_LIM 0x0B -#define X_NEED_FILE_OUT 0x0C -#define X_FILE_OPEN_ERR 0x0D -#define X_DAEMON_FAILED 0x0E -#define X_OUT_OF_MEMORY 0x11 -#define X_MAXTIME_REACH 0x12 - - -#ifdef BSD - // BSD specific defines - #define X_SYSCTL_FAILED 0x0F -#elif defined(LINUX_PORT) - // Linux specific defines - #define X_BAD_FILE_DESC 0x0F - #define X_ABNORMAL_READ 0x10 -#endif - -void usage(void); -void pattern(void); -void error(int32_t code); - -#endif - diff --git a/shallot/src/globals.h b/shallot/src/globals.h deleted file mode 100755 index 0249a6a..0000000 --- a/shallot/src/globals.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef GLOBALS_H -#define GLOBALS_H - -#include "config.h" - -#include -#include -#include - -// global variables (saves us the trouble of passing pointers around) -// TODO: stop being lazy and pass this stuff where it's needed -// TODO: also put settings in a struct -uint64_t loop, elim; -uint8_t found, monitor, maxexectime; -pthread_t lucky_thread; -regex_t *regex; - -#endif diff --git a/shallot/src/linux.c b/shallot/src/linux.c deleted file mode 100755 index 6ead959..0000000 --- a/shallot/src/linux.c +++ /dev/null @@ -1,44 +0,0 @@ -// Linux-specific stuff for shallot - -#include "linux.h" - -#ifdef LINUX_PORT - -#include "defines.h" -#include - -// Linux-specific stuff (damn this is ugly code. blame Linus.) -uint8_t parse_cpuinfo(char *buf, uint16_t avail, uint16_t *used) { - uint16_t x = 0; - char procsfound = 0; - static uint8_t skip = 0; - - if(!skip) { - if(memcmp(&CPUINFO_PROC_STR, buf, CPUINFO_PROC_STR_LEN) == 0) - procsfound++; - } - - while((buf[x] != 0) && (x < avail)) { - if(x) { - if(buf[x - 1] == '\n') { - break; - } - } - x++; - } - - *used = x; - - if(!x) - return 0; // prevent the next if statement from causing a buffer overflow - - if((x == avail) && (buf[x - 1] != '\n')) - skip = 1; - else - skip = 0; - - return procsfound; -} - -#endif - diff --git a/shallot/src/linux.h b/shallot/src/linux.h deleted file mode 100755 index 2d8ed7f..0000000 --- a/shallot/src/linux.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef LINUX_H -#define LINUX_H - -#include "config.h" - -#if defined(LINUX_PORT) || defined(OSX) || defined(GENERIC) - -#include - -#if defined(OSX) || defined(GENERIC) - #include -#else - #include - #include -#endif - -#ifndef htobe64 - #if BYTE_ORDER == BIG_ENDIAN - #warning Compiling for a BIG_ENDIAN system. - #define htobe64(x) (x) - #define htobe16(x) (x) - - #elif BYTE_ORDER == LITTLE_ENDIAN - #warning Compiling for a LITTLE_ENDIAN system. - #define htobe64(x) (((uint64_t)htonl(x) << 32) | htonl(x >> 32)) - #define htobe16(x) htons(x) - - #else - #error Sell your PDP. - #endif -#endif - -#ifdef LINUX_PORT -uint8_t parse_cpuinfo(char *buf, uint16_t avail, uint16_t *used); -#endif - -#endif // defined(LINUX_PORT) || defined(OSX) || defined(GENERIC) - -#endif diff --git a/shallot/src/math.c b/shallot/src/math.c deleted file mode 100755 index 43f9870..0000000 --- a/shallot/src/math.c +++ /dev/null @@ -1,97 +0,0 @@ -// custom math routines for shallot - -#include "math.h" -#include "defines.h" - -void int_pow(uint32_t base, uint8_t pwr, uint64_t *out) { // integer pow() - *out = (uint64_t)base; - uint8_t round = 1; - for(; round < pwr; round++) - *out *= base; -} - -// LCM for BIGNUMs -uint8_t BN_lcm(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *gcd, BN_CTX *ctx) { - BIGNUM *tmp = BN_CTX_get(ctx); - if(!BN_div(tmp, NULL, a, gcd, ctx)) - return 0; - if(!BN_mul(r, b, tmp, ctx)) - return 0; - return 1; -} - -// wraps RSA key generation, DER encoding, and initial SHA-1 hashing -RSA *easygen(uint16_t num, uint8_t len, uint8_t *der, uint8_t edl, - SHA_CTX *ctx) { - uint8_t der_len; - RSA *rsa; - - for(;;) { // ugly, I know, but better than using goto IMHO - rsa = RSA_generate_key(num, 3, NULL, NULL); - - if(!rsa) // if key generation fails (no [P]RNG seed?) - return rsa; - - // encode RSA key in X.690 DER format - uint8_t *tmp = der; - der_len = i2d_RSAPublicKey(rsa, &tmp); - - if(der_len == edl - len + 1) - break; // encoded key was the correct size, keep going - - RSA_free(rsa); // encoded key was the wrong size, try again - } - - // adjust for the actual size of e - der[RSA_ADD_DER_OFF] += len - 1; - der[der_len - 2] += len - 1; - - // and prepare our hash context - SHA1_Init(ctx); - SHA1_Update(ctx, der, der_len - 1); - - return rsa; -} - -uint8_t sane_key(RSA *rsa) { // checks sanity of a RSA key (PKCS#1 v2.1) - uint8_t sane = 1; - - BN_CTX *ctx = BN_CTX_new(); - BN_CTX_start(ctx); - BIGNUM *p1 = BN_CTX_get(ctx), // p - 1 - *q1 = BN_CTX_get(ctx), // q - 1 - *chk = BN_CTX_get(ctx), // storage to run checks with - *gcd = BN_CTX_get(ctx), // GCD(p - 1, q - 1) - *lambda = BN_CTX_get(ctx); // LCM(p - 1, q - 1) - - BN_sub(p1, rsa->p, BN_value_one()); // p - 1 - BN_sub(q1, rsa->q, BN_value_one()); // q - 1 - BN_gcd(gcd, p1, q1, ctx); // gcd(p - 1, q - 1) - BN_lcm(lambda, p1, q1, gcd, ctx); // lambda(n) - - BN_gcd(chk, lambda, rsa->e, ctx); // check if e is coprime to lambda(n) - if(!BN_is_one(chk)) - sane = 0; - - // check if public exponent e is less than n - 1 - BN_sub(chk, rsa->e, rsa->n); // subtract n from e to avoid checking BN_is_zero - if(!chk->neg) - sane = 0; - - BN_mod_inverse(rsa->d, rsa->e, lambda, ctx); // d - BN_mod(rsa->dmp1, rsa->d, p1, ctx); // d mod (p - 1) - BN_mod(rsa->dmq1, rsa->d, q1, ctx); // d mod (q - 1) - BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx); // q ^ -1 mod p - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - // this is excessive but you're better off safe than (very) sorry - // in theory this should never be true unless I made a mistake ;) - if((RSA_check_key(rsa) != 1) && sane) { - fprintf(stderr, "WARNING: Key looked okay, but OpenSSL says otherwise!\n"); - sane = 0; - } - - return sane; -} - diff --git a/shallot/src/math.h b/shallot/src/math.h deleted file mode 100755 index 6ad4af6..0000000 --- a/shallot/src/math.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef MATH_H -#define MATH_H - -#include "config.h" - -// check config - include in first file including config -#ifdef BSD - #ifdef LINUX_PORT - #error BSD and LINUX_PORT defined. - #endif - #ifdef GENERIC - #error BSD and GENERIC defined. - #endif -#elif defined(LINUX_PORT) - #ifdef GENERIC - #error LINUX_PORT and GENERIC defined. - #endif -#elif !defined(GENERIC) - #error Nothing defined. Please run ./configure -#endif - -#include -#include -#include -#include - -void int_pow(uint32_t base, uint8_t pwr, uint64_t *out); -uint8_t BN_lcm(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *gcd, BN_CTX *ctx); -RSA *easygen(uint16_t num, uint8_t len, uint8_t *der, uint8_t edl, - SHA_CTX *ctx); -uint8_t sane_key(RSA *rsa); - -#endif - diff --git a/shallot/src/print.c b/shallot/src/print.c deleted file mode 100755 index 35f35a4..0000000 --- a/shallot/src/print.c +++ /dev/null @@ -1,73 +0,0 @@ -// printing functions for shallot - -#include "config.h" - -#include "print.h" -#include "defines.h" -#include "globals.h" -#include "error.h" - -#include -#include -#include - -// endian crap for htobe16() [only needed -// for base32_onion which should be moved] { -#include // OpenBSD needs this included before sys/endian.h - -#if defined(LINUX_PORT) || defined(OSX) || defined(GENERIC) - #include "linux.h" -#else - #include // OpenBSD needs this early on too - #include -#endif -// } - -// TODO: Move to math.c? -void base32_onion(char *dst, unsigned char *src) { // base32-encode hash - uint8_t byte = 0, // dst location - offset = 0; // bit offset - for(; byte < BASE32_ONIONLEN; offset += 5) { - if(offset > 7) { - offset -= 8; - src++; - } - dst[byte++] = BASE32_ALPHABET[(htobe16(*(uint16_t*)src) >> (11-offset)) - & (uint16_t)0x001F]; - } - dst[byte] = '\0'; -} - -void print_onion(char *onion) { // pretty-print hash - uint8_t i; - char *s; - #ifdef GENERIC - s = malloc(PRINT_ONION_MAX); - snprintf(s, PRINT_ONION_MAX, PRINT_ONION_STR, loop, onion); - #else - if (asprintf(&s, PRINT_ONION_STR, loop, onion) == -1) - error(X_OUT_OF_MEMORY); - #endif - for(i=0; ilength+1); - strncpy(dst, buf->data, buf->length); - dst[buf->length] = '\0'; - printf("%s", dst); - BUF_MEM_free(buf); -} - diff --git a/shallot/src/print.h b/shallot/src/print.h deleted file mode 100755 index 2d5d960..0000000 --- a/shallot/src/print.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef PRINT_H -#define PRINT_H - -#include - -void base32_onion(char *dst, unsigned char *src); -void print_onion(char *onion); -void print_prkey(RSA *rsa); - -#endif diff --git a/shallot/src/shallot.c b/shallot/src/shallot.c deleted file mode 100755 index 3ebbc34..0000000 --- a/shallot/src/shallot.c +++ /dev/null @@ -1,293 +0,0 @@ -/* program: shallot (based on the popular onionhash program by Bebop) - * version: 0.0.2 - * purpose: brute-force customized SHA1-hashes of RSA keys for Tor's - * .onion namespace - * license: OSI-approved MIT License - * credits: Bebop, for onionhash, which credits the following: - * - Plasmoid (The Hacker's Choice) - * - Roger Dingledine (Tor Project) - * - Nick Mathewson (Tor Project) - * - Eric Young (OpenSSL Project) - * - * I would also like to thank the following testers/benchmarkers: - * - seeess (Linux) - * - Cheeze- (Linux, OS X) - * - Tas (Linux, OS X, OpenBSD) - * - ^wAc^ (FreeBSD) - * - cybernetseraph (OpenBSD) - * - * Special thanks to nickm for some debugging assistance! - * Extra-special thanks to Tas for his patience and assistance - * in getting shallot to build on OpenBSD, OS X, and Linux - * - * contact: mention bugs to <`Orum@OFTC or `Orum@ORC> - */ - -/* TODO: - * - finish all TODOs - * - allow -m to be used with -f (use file for status output) [v0.0.3] - */ - -#include "config.h" - -#include "math.h" -#include "error.h" -#include "print.h" -#include "thread.h" -#include "defines.h" -#include "globals.h" - -#ifdef LINUX_PORT -// Linux specific headers -#include "linux.h" -#include -#include // included with something else on *BSD -#include -#endif - -#ifdef BSD -// BSD specific headers -#include // needed on OpenBSD -#include -#endif - -#include -#include -#include - -void terminate(int signum) { // Ctrl-C/kill handler - error(X_SGNL_INT_TERM); -} - -int main(int argc, char *argv[]) { // onions are fun, here we go - signal(SIGTERM, terminate); // always let people kill - - if(argc < 2) // not enough arguments - usage(); - - // set up our initial values - uint8_t daemon = 0, optimum = 0; - uint32_t threads = 1, x = 1; - char *file = 0; - elim = DEFAULT_E_LIMIT; - loop = 0; - found = 0; - monitor = 0; - - #ifdef BSD // my - int mib[2] = { CTL_HW, HW_NCPU }; // how - size_t size = sizeof(threads); // easy - if(sysctl(mib, 2, &threads, &size, NULL, 0)) // BSD - error(X_SYSCTL_FAILED); // is - - #elif defined(LINUX_PORT) // Oh no! We're on Linux... :( - // ...even *Windows 95* (gasp!) has a better way of doing this... - // TODO: move this to linux.c - char cpuinfo[CPUINFO_BUF_SIZE] = ""; - int fd = open(CPUINFO_PATH, O_RDONLY); - - if(fd < 0) - error(X_BAD_FILE_DESC); - - threads--; // reset threads to 0 - size_t r = 0; - ssize_t tmp = 1; // must not initially be 0! - uint16_t used = 0; - - do { - if(tmp) - tmp = read(fd, &cpuinfo[r], CPUINFO_BUF_SIZE - r); // fill the buffer - - if(tmp < 0) // something went wrong - error(X_ABNORMAL_READ); - - r += tmp; // add how much we read - - if(r < CPUINFO_BUF_SIZE) - cpuinfo[r] = 0; - - threads += parse_cpuinfo(&cpuinfo[0], (uint16_t)r, &used); - r -= used; // subtract what we parsed - - memmove(&cpuinfo[0], &cpuinfo[used], r); - } while(used > 0); - - close(fd); // TODO: add error handling! (is there any point?) - - if(!threads) { // This is needed for Linux/ARM (do not remove!) - printf("WARNING: No CPUs detected. Defaulting to 1 thread... " - "(or manually specify thread count with -t)\n"); - threads++; - } - - #elif defined(GENERIC) - printf("WARNING: Threads will default to 1 unless specified with -t\n"); - #endif - - // pattern help - if( argc >= x) - { - if( strcmp(argv[x], "-p") == 0) - { - pattern(); - } - } - - for(; x < argc - 1; x++) { // options parsing - if(argv[x][0] != '-') { - fprintf(stderr, "Error: Options must start with '-'\n"); - usage(); - } - uint32_t y = 1; - for(; argv[x][y] != '\0'; y++) { - uint8_t dbreak = 0; - switch(argv[x][y]) { - case 'd': { // daemonize - daemon = 1; - break; - } - case 'm': { // monitor - monitor = 1; - break; - } - case 'o': { // prime optimization - optimum = 1; - break; - } - case 'f': { // file - if((argv[x][y + 1] != '\0') || (x + 1 > argc)) { - fprintf(stderr, "Error: -f format is '-f '\n"); - usage(); - } - file = argv[x + 1]; - dbreak = 1; - break; - } - case 't': { // threads - if((argv[x][y + 1] != '\0') || (x + 1 > argc)) { - fprintf(stderr, "Error: -t format is '-t threads'\n"); - usage(); - } - threads = strtoul(argv[x + 1], NULL, 0); - dbreak = 1; - break; - } - case 'x': { // maximum execution time - if((argv[x][y + 1] != '\0') || (x + 1 > argc)) { - fprintf(stderr, "Error: -x format is '-x '\n"); - usage(); - } - maxexectime = strtoul(argv[x + 1], NULL, 0); - dbreak = 1; - break; - } - - case 'e': { // e limit - if((argv[x][y + 1] != '\0') || (x + 1 > argc)) { - fprintf(stderr, "Error: -e format is '-e limit'\n"); - usage(); - } - elim = strtoull(argv[x + 1], NULL, 0); - dbreak = 1; - break; - } - default: { // unrecognized - fprintf(stderr, "Error: Unrecognized option - '%c'\n", argv[x][y]); - usage(); - break; // redundant... but safe :) - } - } - if(dbreak) { - x++; // skip the next param - break; - } - } - } - - // now for our sanity checks - if(threads < 1) - error(X_INVALID_THRDS); - - if(monitor && file) - error(X_EXCLUSIVE_OPT); - - if(!(elim & 1) || (elim < RSA_PK_EXPONENT) || (elim > MAXIMUM_E_LIMIT)) - error(X_INVALID_E_LIM); - - if(daemon && !file) - error(X_NEED_FILE_OUT); - - // compile regular expression from argument - char *pattern = argv[argc - 1]; - - if(*pattern == '-') - error(X_REGEX_INVALID); - - regex = malloc(REGEX_COMP_LMAX); - - if(regcomp(regex, pattern, REG_EXTENDED | REG_NOSUB)) - error(X_REGEX_COMPILE); - - if(file) { - umask(077); // remove permissions to be safe - - // redirect output - if ( - (freopen(file, "w", stdout) == NULL) || - (freopen(file, "w", stderr) == NULL) - ) error(X_FILE_OPEN_ERR); - } - - if(daemon && (getppid() != 1)) { // daemonize if we should - pid_t pid = fork(); - - if(pid < 0) // fork failed - error(X_DAEMON_FAILED); - - if(pid) // exit on the parent process - exit(0); - - if(setsid() < 0) // get a new SID - error(X_DAEMON_FAILED); - - if(chdir("/") < 0) // cd to root - error(X_DAEMON_FAILED); - - // block input - if (freopen("/dev/null", "r", stdin) == NULL) - error(X_FILE_OPEN_ERR); - - // ignore certain signals - signal(SIGCHLD, SIG_IGN); - signal(SIGTSTP, SIG_IGN); - signal(SIGTTOU, SIG_IGN); - signal(SIGTTIN, SIG_IGN); - signal(SIGHUP, SIG_IGN); - - } else signal(SIGINT, terminate); // die on CTRL-C - - pthread_t thrd; - - // create our threads for 2+ cores - for(x = 1; x < threads; x++) { - - if(pthread_create(&thrd, NULL, worker, &optimum)) - error(X_THREAD_CREATE); - } - - if(monitor) { - // TODO: when support is added for -mv, put a message here - if(pthread_create(&thrd, NULL, monitor_proc, NULL)) - error(X_THREAD_CREATE); - } - - worker(&optimum); // use main thread for brute-forcing too - - if(pthread_self() != lucky_thread) { // be safe and avoid EDEADLK - - pthread_join(lucky_thread, NULL); // wait for the lucky thread to exit - } - - regfree(regex); - return 0; -} diff --git a/shallot/src/thread.c b/shallot/src/thread.c deleted file mode 100755 index 54769b7..0000000 --- a/shallot/src/thread.c +++ /dev/null @@ -1,168 +0,0 @@ -// thread procs for shallot - -#include "config.h" - -#include // OpenBSD needs this included before sys/endian.h - -#if defined(LINUX_PORT) || defined(OSX) || defined(GENERIC) - #include "linux.h" -#else - #include // OpenBSD needs this early on too - #include -#endif - -#include "math.h" -#include "print.h" -#include "error.h" -#include "thread.h" -#include "defines.h" -#include "globals.h" - -#include -#include -#include -#include -#include - -void *worker(void *params) { // life cycle of a cracking pthread - uint64_t e_be; // storage for our "big-endian" version of e - uint8_t buf[SHA1_DIGEST_LEN], - der[RSA_EXP_DER_LEN + 1], // TODO: is the size of this right? - optimum = *(uint8_t*)params; - char onion[BASE32_ONIONLEN]; - SHA_CTX hash, copy; - RSA *rsa; - - while(!found) { - // keys are only generated every so often - // every 549,755,781,120 tries by default - - if(optimum) - rsa = easygen(RSA_OPTM_BITLEN - RSA_PK_E_LENGTH * 8, RSA_PK_E_LENGTH, - der, RSA_OPT_DER_LEN, &hash); - else - rsa = easygen(RSA_KEYS_BITLEN, RSA_PK_E_LENGTH, der, RSA_EXP_DER_LEN, - &hash); - - if(!rsa) // if key generation fails (no [P]RNG seed?) - error(X_KEY_GEN_FAILS); - - uint8_t e_bytes = RSA_PK_E_LENGTH; // number of bytes e occupies - uint64_t e = RSA_PK_EXPONENT; // public exponent - uint64_t e_byte_thresh; - - int_pow(2, e_bytes * 8, &e_byte_thresh); - e_byte_thresh++; - - uint8_t *e_ptr = ((uint8_t*)&e_be) + 8 - e_bytes; - - while((e <= elim) && !found) { // main loop - // copy the relevant parts of our already set up context - memcpy(©, &hash, SHA_REL_CTX_LEN); // 40 bytes here... - copy.num = hash.num; // and don't forget the num (9) - - // convert e to big-endian format - e_be = htobe64(e); - - // compute SHA1 digest (majority of loop time spent here!) - SHA1_Update(©, e_ptr, e_bytes); - SHA1_Final(buf, ©); - - base32_onion(onion, buf); // base32-encode SHA1 digest - loop++; // keep track of our tries... - - if(!regexec(regex, onion, 0, 0, 0)) { // check for a match - - // let our main thread know on which thread to wait - lucky_thread = pthread_self(); - found = 1; // kill off our other threads, asynchronously - - if(monitor) - printf("\n"); // keep our printing pretty! - - if(!BN_bin2bn(e_ptr, e_bytes, rsa->e)) // store our e in the actual key - error(X_BIGNUM_FAILED); // and make sure it got there - - if(!sane_key(rsa)) // check our key - error(X_YOURE_UNLUCKY); // bad key :( - - print_onion(onion); // print our domain - print_prkey(rsa); // and more importantly the key - - RSA_free(rsa); // free up what's left - - return 0; - } - - e += 2; // do *** NOT *** forget this! - - if(e == e_byte_thresh) { // ASN.1 stuff (hey, it could be worse!) - // calculate our new threshold - int_pow(2, ++e_bytes * 8, &e_byte_thresh); - e_byte_thresh++; - - if(optimum) { - RSA_free(rsa); - easygen(RSA_OPTM_BITLEN - e_bytes * 8, e_bytes, der, RSA_OPT_DER_LEN, - &hash); - - if(!rsa) - error(X_KEY_GEN_FAILS); - } else { - // play with our key structure (do not try this at home!) - der[RSA_ADD_DER_OFF]++; - der[RSA_EXP_DER_LEN - RSA_PK_E_LENGTH - 1]++; - - // and our prebuilt hash - SHA1_Init(&hash); // TODO: move to a function - SHA1_Update(&hash, der, RSA_EXP_DER_LEN - RSA_PK_E_LENGTH); - } - - e_ptr--; // and move the pointer back - } - } - RSA_free(rsa); - } - - return 0; -} - -void *monitor_proc(void *unused) { - fprintf(stderr,"\033[sPlease wait a moment for statistics..."); - time_t start = time(NULL); - - for(;;) { - fflush(stderr); // make sure it gets printed - int i = 0; - - //this next little section sleeps 20 seconds before continuing - //and checks every second whether the maximum execution time (-x) has - //been reached. - for(i=0;i<20;i++){ - sleep(1); - time_t current = time(NULL); - time_t elapsed = current - start; - if(elapsed>maxexectime || elapsed==maxexectime){ - if(maxexectime > 0){ - error(X_MAXTIME_REACH); - } - } - } - - - if(found) - return 0; - - time_t current = time(NULL); - time_t elapsed = current - start; - - if(!elapsed) - continue; // be paranoid and avoid divide-by-zero exceptions - - fprintf(stderr,"\033[u\033[KHashes: %-20"PRIu64" Time: %-10d Speed: %-"PRIu64"", - loop, (int)elapsed, loop / elapsed); - - } - - return 0; // unreachable code, but prevents warnings (!?) -} diff --git a/shallot/src/thread.h b/shallot/src/thread.h deleted file mode 100755 index 3cd245d..0000000 --- a/shallot/src/thread.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef THREAD_H -#define THREAD_H - -void *worker(void *params); -void *monitor_proc(void *unused); - -#endif diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..ac7c984 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1 @@ +sonar.projectKey=docker-tor-hiddenservice-nginx diff --git a/torrc b/torrc index bd70ad2..2956fdf 100644 --- a/torrc +++ b/torrc @@ -1,4 +1,5 @@ DataDirectory /tmp/tor HiddenServiceDir /web/ +HiddenServiceVersion 3 HiddenServicePort 80 127.0.0.1:8080 Log notice stdout