Thomas White
Thomas White

Privacy and technology activist. Full time Linuxer. Audentes fortuna adiuvat.

Thomas White
Author

Share


Twitter


Generating a custom .onion address (Ubuntu)

Thomas WhiteThomas White

Ever wondered how some places manage to create themselves a snazzy .onion address? If you've been following my previous guides for hidden services, you will note you receive a random address, which is quite difficult to remember. So, what if you wanted one that looked a little fancier? Well, fortunately, there is a way to do it. The downside is, it requires a lot of computational power.

Obligatory Explanation

Although I won't go into great detail concerning how Tor Hidden Service addresses work, here is the idea: when you create a hidden service, you are creating a cryptographic key, and that key is generated using random data to ensure nobody else can replicate the key you are using. Then, from that cryptographic key, we put it through a one-way function known as a hash, which then gives us the hidden service address we type in the address bar to reach those sites. I'm sure those with more technical know-how will say this isn't entirely on a technical level, but it should be enough to demonstrate why he can't just generate thomaswhite.onion for example. Doing so would require knowledge of the output of that hashing function before we generated the data to achieve it, which is, of course, impossible.

Therefore, to get one we like, we have to keep generating random keys, until one matches the pattern we are after. There is no tools from Tor Project to achieve this, and doing it using Tor itself would be painfully slow. So at this point, I would like to introduce a pretty neat tool called Scallion, which has been a staple of hidden service address generation for a while. Scallion takes advantage of the power of GPUs, which are extremely well suited to this kind of task, and can make quick work of short addresses.

For this guide, I will be using Ubuntu 16.04, and a NVidia GeForce GTX 1060 6GB GPU, but this guide should work with Ubuntu 14.04 and above using most NVidia GPUs. I will also assume you already know the basics of how to SSH into the server and have a user with sudo access or the root user. With that said, let's get to it.

Generating the address

Firstly, let's bring the system up to date and refresh the repository cache.

sudo apt-get update && sudo apt-get upgrade -y  

Once updated, let's install the dependencies and tools we will need for this guide. I won't go into great detail for each of them, but they are required to take advantage of the GPU on the machine and act as an interface with the hardware.

sudo apt-get install -y nvidia-opencl-dev unzip libssl-dev mono-complete  

Once all the dependencies are installed, let's download the binaries. If you want to compile this yourself, you can follow the instructions provided in the public repository.

wget https://github.com/lachesis/scallion/raw/binaries/scallion-v2.0.zip  

And now, extract the contents of the compressed archive.

unzip scallion-v2.0.zip  

With the contents extracted, you will need to view the devices available to the program. You can view them using

mono scallion-v2.0/scallion.exe -l  

You should then see an output similar to the below

[email protected]:~# mono scallion-v2.0/scallion.exe -l  
WARNING: The runtime version supported by this application is unavailable.  
Using default runtime: v4.0.30319  
Id:0 Name:GeForce GTX 1060 6GB  
    PreferredGroupSizeMultiple:32 ComputeUnits:10 ClockFrequency:1746
    MaxConstantBufferSize:65536 MaxConstantArgs:9 MaxMemAllocSize:1591934976

Here you can see, I am using a single GTX 1060 which is ID 0. This is the device I want to use. By default, the application will use ID 0, so I always specify the device ID to ensure it is using the GPU and not anything else I may have on that device. So using the above ID, we can now start to search for the name we want.

Onion addresses consist of 16 characters, using any letter and numbers 2 to 7. For this example, I will be searching for "thomasw". The longer the name you are searching for, the longer this will take. On modern GPUs, eight characters should be quite easily achievable.

mono scallion-v2.0/scallion.exe -d 0 thomasw  

While this is searching, you will be provided with a guideline for how long this search will take. The prediction provided is an average only, and there is no way to track progress. As the entire process is probabilistic, if you cancel the process and restart it, you aren't starting from scratch, and likewise, you can run multiple instances of it, and you would not be repeating work. Therefore, a prediction of 5 minutes does not guarantee it will be completed within 10 minutes.

Scallion progress generating the hidden service key

Once the search has completed, you will see the output of the key, similar to mine shown below.

LoopIteration:2671  HashCount:44811.94MH  Speed:3082.0MH/s  Runtime:00:00:14  Predicted:00:00:05  Found new key! Found 1 unique keys.  
<XmlMatchOutput>  
  <GeneratedDate>2017-07-18T16:05:09.690746Z</GeneratedDate>
  <Hash>thomasw67ofim2mr.onion</Hash>
  <PrivateKey>-----BEGIN RSA PRIVATE KEY-----
MIICXQIABAKBgQDeDsJzUP01pj1WChVzoQ5ykREFE7g4QGRg1SZdR17F4Zr1m5/c  
F0mkjqdRK/wZbpBp2So5BtSwkq0LuPtrDpRbMMcuq1YTkm6qpos8J+2Wp4ThgLR1  
oUNGtFjo84w6KVwGCB+xyguOaIn19cZlZ6Bouea4znaoqPjc04TlT1CXiwIEUFW6  
7QKBgAf+MmD7LrlP/lNbYW6Z0GpJc3sSjAyQ18sL54st34JdI93LdjNFQEg4D12A  
oEJJ7bP0T1w+U+PXfkX4AdkZoPz1E+cAGRruqs92MUlC7GWh+koChId5LaesuLH/  
VEhQ8CCQXvvlLZn7kzJOUND1i+tbpu9ZMhI2OKqkO9Ut0aLlAkEA9mhWDo8KgGHB  
zGJpX0SZnkD/Flk4DwKcqPXrflnT/9tbjNkOaT6WPdpMY3+cbmdXmddaLoHl6x3E  
k3bqvI1fiwJBAOazwW2B28z8LHUFxq4fqPbqsGTKZJEPTLFcdPFxpyl52GI7c1+1  
k0OnobmnRJfYP3xxa/c0M6NnMWZ4T+YwqAECQFK44HVrZnqfaZOPc/X1bXUBixJ8  
UPI8ezQbLgDKZQjEaJWiyeu4VCjUcTQeqIGImD+NHc2tZYHN3AJI+yBndOUCQQDi  
MjjvlDvL2MsNzn6JihH5+GFy/Rw4oahczNG5mNc+RQFMjLFqivsaLAVk52VEe0Ou  
fZgbKNyqHXwN/0g4zjrlAkAwCDFA+0OK2SS6E/zRW2TWHQu4K6owIMAaWTIQyRRZ  
DVyVUvATHEW6/x2GVyLFa5IopD9x1CcMRlOiHHmChbWx  
-----END RSA PRIVATE KEY-----
</PrivateKey>  
  <PublicModulusBytes>3g7Cc1D9NaY9VgoVc6EOcpBRERO4OEBkYNUmXUdexeGa9Z3ufBdJpI6nUSv7GW6QadkqOQbUsJKtC7j7Q66UWzDHLqtKM5JquqaLPCftlqeE4YC0daFDRrRY6POMOilcBggfscoLjmiJ9fXGZWgeaLnmuM52qKj43NOE5U9Ql4s=</PublicModulusBytes>
  <PublicExponentBytes>UFW67Q==</PublicExponentBytes>
</XmlMatchOutput>  
init: 239ms / 1 (239ms, 4.18/s)  
generate key: 2159ms / 48 (44.98ms, 22.23/s)  
cpu precompute: 13ms / 48 (0.27ms, 3692.31/s)  
total without init: 14668ms / 1 (14668ms, 0.07/s)  
set buffers: 7ms / 2671 (0ms, 381571.43/s)  
write buffers: 77ms / 2671 (0.03ms, 34688.31/s)  
read results: 14109ms / 2671 (5.28ms, 189.31/s)  
check results: 131ms / 2671 (0.05ms, 20389.31/s)

3055.08 million hashes per second

Stopping the GPU and shutting down...  

The two parts we care about, are the following

  <Hash>thomasw67ofim2mr.onion</Hash>
  <PrivateKey>-----BEGIN RSA PRIVATE KEY-----
MIICXQIABAKBgQDeDsJzUP01pj1WChVzoQ5ykREFE7g4QGRg1SZdR17F4Zr1m5/c  
F0mkjqdRK/wZbpBp2So5BtSwkq0LuPtrDpRbMMcuq1YTkm6qpos8J+2Wp4ThgLR1  
oUNGtFjo84w6KVwGCB+xyguOaIn19cZlZ6Bouea4znaoqPjc04TlT1CXiwIEUFW6  
7QKBgAf+MmD7LrlP/lNbYW6Z0GpJc3sSjAyQ18sL54st34JdI93LdjNFQEg4D12A  
oEJJ7bP0T1w+U+PXfkX4AdkZoPz1E+cAGRruqs92MUlC7GWh+koChId5LaesuLH/  
VEhQ8CCQXvvlLZn7kzJOUND1i+tbpu9ZMhI2OKqkO9Ut0aLlAkEA9mhWDo8KgGHB  
zGJpX0SZnkD/Flk4DwKcqPXrflnT/9tbjNkOaT6WPdpMY3+cbmdXmddaLoHl6x3E  
k3bqvI1fiwJBAOazwW2B28z8LHUFxq4fqPbqsGTKZJEPTLFcdPFxpyl52GI7c1+1  
k0OnobmnRJfYP3xxa/c0M6NnMWZ4T+YwqAECQFK44HVrZnqfaZOPc/X1bXUBixJ8  
UPI8ezQbLgDKZQjEaJWiyeu4VCjUcTQeqIGImD+NHc2tZYHN3AJI+yBndOUCQQDi  
MjjvlDvL2MsNzn6JihH5+GFy/Rw4oahczNG5mNc+RQFMjLFqivsaLAVk52VEe0Ou  
fZgbKNyqHXwN/0g4zjrlAkAwCDFA+0OK2SS6E/zRW2TWHQu4K6owIMAaWTIQyRRZ  
DVyVUvATHEW6/x2GVyLFa5IopD9x1CcMRlOiHHmChbWx  
-----END RSA PRIVATE KEY-----
</PrivateKey>  

If you recall, when generating a hidden service, we had a file called private and hostname. If you replaced the contents of hostname with your generated hostname (thomasw67ofim2mr.onion in my example), and then private with the supplied private key such as the below, you then just need to reload your Tor process, and like magic, you have your own custom hidden service address.

-----BEGIN RSA PRIVATE KEY-----
MIICXQIABAKBgQDeDsJzUP01pj1WChVzoQ5ykREFE7g4QGRg1SZdR17F4Zr1m5/c  
F0mkjqdRK/wZbpBp2So5BtSwkq0LuPtrDpRbMMcuq1YTkm6qpos8J+2Wp4ThgLR1  
oUNGtFjo84w6KVwGCB+xyguOaIn19cZlZ6Bouea4znaoqPjc04TlT1CXiwIEUFW6  
7QKBgAf+MmD7LrlP/lNbYW6Z0GpJc3sSjAyQ18sL54st34JdI93LdjNFQEg4D12A  
oEJJ7bP0T1w+U+PXfkX4AdkZoPz1E+cAGRruqs92MUlC7GWh+koChId5LaesuLH/  
VEhQ8CCQXvvlLZn7kzJOUND1i+tbpu9ZMhI2OKqkO9Ut0aLlAkEA9mhWDo8KgGHB  
zGJpX0SZnkD/Flk4DwKcqPXrflnT/9tbjNkOaT6WPdpMY3+cbmdXmddaLoHl6x3E  
k3bqvI1fiwJBAOazwW2B28z8LHUFxq4fqPbqsGTKZJEPTLFcdPFxpyl52GI7c1+1  
k0OnobmnRJfYP3xxa/c0M6NnMWZ4T+YwqAECQFK44HVrZnqfaZOPc/X1bXUBixJ8  
UPI8ezQbLgDKZQjEaJWiyeu4VCjUcTQeqIGImD+NHc2tZYHN3AJI+yBndOUCQQDi  
MjjvlDvL2MsNzn6JihH5+GFy/Rw4oahczNG5mNc+RQFMjLFqivsaLAVk52VEe0Ou  
fZgbKNyqHXwN/0g4zjrlAkAwCDFA+0OK2SS6E/zRW2TWHQu4K6owIMAaWTIQyRRZ  
DVyVUvATHEW6/x2GVyLFa5IopD9x1CcMRlOiHHmChbWx  
-----END RSA PRIVATE KEY-----

And that's it! There is, of course, more to it than this, and you can use the following command to view the help file for a full list of commands available.

mono scallion-v2.0/scallion.exe -h  

If you really can't be bothered with the whole above process, and want a custom .onion address, don't hesitate to ask and I might even be open to generating one for you for a price.

If you would like to see this guide for Windows, let me know on Twitter and I will consider writing it if it gathers enough support!

Thomas White
Author

Thomas White

Comments