Generate A Vanity .onion Address For Your Tor Hidden Service Using Scallion

Ever wonder how Tor sites get those custom vanity .onion addresses such as silkroada7bc3kld.onion? These addresses can be generated by hidden service operators for production use, and are just as secure as the automatically generated (and often more cryptic) addresses.

Hidden service .onion addresses are really just the public part of a key pair. Utilizing asymmetric encryption, a hidden service uses the public key (a 16 character string that functions as the actual address prefix) and a private key (a much longer string that is known only to the hidden service) to verify the identity of the service. Anyone connecting to the public key can only do so if the hidden service has access to the private key. Under normal circumstances, only the service operator has access to that private key, so you could trust that the address has not been hijacked.

Keep in mind, while it takes a long time, it is possible for someone to generate the same keypair as another hidden service. While computationally expensive, entities able to throw enough resources at generating an identical address would be able to do so much more quickly than someone acting alone on a sole machine.

 

Generation with Scallion

Scallion is one tool that can be used for generation. Unlike previous tools for generation addresses, Scallion focuses on GPUs, meaning it works much faster than CPU-targeting utilities in most cases. In my experience, Scallion does not work on ARM devices (Use Shallot or Eschalot instead), but if you have an x86_64 processor and some sort of video graphics (integrated or otherwise), you should be good to go.

Let’s get started generating custom .onion addresses. I will assume that you have access to a Linux machine and are familiar with the terminal. I will be using Debian, but this guide should be easy to modify for most distributions.

First, install some dependencies and then clone Scallion onto your machine:

$ sudo apt install clinfo mono-complete mono-devel nvidia-opencl-common nvidia-opencl-dev nvidia-opencl-icd libssl1.0-dev beignet beignet-dev ocl-icd-opencl-dev ocl-icd-libopencl1
$ git clone https://github.com/lachesis/scallion.git

Now, we will move to the scallion directory, and build the scallion executable:

$ cd scallion
$ xbuild scallion.sln /p:TargetFrameworkVersion="v4.5"

Next, we will get a list of all of the devices that can be used for generating addresses:

$ mono scallion/bin/Debug/scallion.exe -l
Id:0 Name:Intel(R) HD Graphics Skylake Desktop GT2
    PreferredGroupSizeMultiple:16 ComputeUnits:24 ClockFrequency:1000
    MaxConstantBufferSize:134217728 MaxConstantArgs:8 MaxMemAllocSize:3221225472

We can see I have one device with an identifier 0 that I can target. You may have more than one device.

Now we can use Scallion to find an address that starts with a word or phrase of our choice. Let’s start Scallion with 8 threads, and have it use device 0. We will look for addresses that start with “apple”. After a little waiting, you should get some similar output with the .onion address (public key) and the private key:

$ mono scallion/bin/Debug/scallion.exe -t8 -d 0 apple
Cooking up some delicious scallions...
Using kernel optimized from file kernel.cl (Optimized4)
Using work group size 16
Compiling kernel... done.
Testing SHA1 hash...
CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
Looks good!
LoopIteration:1  HashCount:16.78MH  Speed:98.7MH/s  Runtime:00:00:00  Predicted:00:00:00  Found new key! Found 1 unique keys.

  2018-01-03T00:24:24.645322Z
  applencoaipu4tqj.onion
  -----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCcDTg3+pON2oUclpStVlFVhtcpleNwtmdO3ZVuN2cPe9tyATjH
fye++edUSTwVm6EZZABrK3iSBdGAITXxRpc5dBM+SHPals6DEECRffa+d2QazJq2
xjhU7sfocXMzly+lALtE3T/I8yhFwcDlv/LGsWn6P9Hh2A2otDz3SCeGCQIEXGYD
DwKBgBkW9kDgDFafPvLhA0YIaDei5tBR5gJXt2vqabJfbi8P7RKF3GJ6vlHXu7xS
XikDmN5lJ+dAeFH5mH4mx0TAyfpjHvwrvCcVFPuXnt8ufDHYnRc5B8hYg/bpe0eS
9iZpSFKvq1Io49Wlt04KKAW86Nk0EJRPlkU6ewfOvs5AHI9vAkEAz+N847csHbcx
79RlBhvoT+GUYoSdKvtB+0pyv4mRYEV3SHFATVwXlTksOcPkI1dFVftkoXaEEld2
RTmsVlaLNQJBAMAqnKx+s4LAj2NxzBTpbcpeVY+DauWBoNMUo5Qdqm3SSV4hPsbd
Bf99XvCWS+7tD+jhks4mffOcKQZNK4JHVgUCQQDH6n4Uf2QWhZHvnY0niHE0ydiu
f2KIBc2spzWzcCWiyBqmtAbjhT3/HajJHB3zYdzHPrI0uVFHVqrjBnhRKSVjAkEA
vWUSQ9u4jPBH/z3ahdD6kbvQA90Jxo/JQgrwaHAUrli/SvmOC3xx/kSWLVPSlSk4
p96zeIgMolOS4Tfiff+newJAUaCQumLZori7RCT+2XOXFCoV03TLlujS8L+2sNH1
LPR8Brc3CBv+ZlleYnJCR4J88py8dFGYSYM95qmpCek1SA==
-----END RSA PRIVATE KEY-----

After generating a private key and address, you will want to use them with your Tor hidden service. The private key and address usually sit in files within the /var/lib/tor/hidden_service/ directory and are named hostname and private_key respectively.

 

For a full list of options and flags, we can run the scallion executable with the --help flag:

$ mono scallion/bin/Debug/scallion.exe --help
Usage: scallion [OPTIONS]+ regex [regex]+
Searches for a tor hidden service address that matches one of the provided regexes.

Options:
  -k, --keysize=VALUE        Specifies keysize for the RSA key
  -n, --nonoptimized         Runs non-optimized kernel
  -l, --listdevices          Lists the devices that can be used.
  -h, -?, --help             Displays command line usage help.
      --gpg                  GPG vanitygen mode.
  -d, --device=VALUE         Specifies the opencl device that should be used.
  -g, --groupsize=VALUE      Specifies the number of threads in a workgroup.
  -w, --worksize=VALUE       Specifies the number of hashes preformed at one
                               time.
  -t, --cputhreads=VALUE     Specifies the number of CPU threads to use when
                               creating work. (EXPERIMENTAL - OpenSSL not
                               thread-safe)
  -p, --save-kernel=VALUE    Saves the generated kernel to this path.
  -o, --output=VALUE         Saves the generated key(s) and address(es) to this
                               path.
      --skip-sha-test        Skip the SHA-1 test at startup.
      --quit-after=VALUE     Quit after this many keys have been found.
      --timestamp=VALUE      Use this value as a timestamp for the RSA key.
  -c, --continue             Continue to search for keys rather than exiting
                               when a key is found.
      --command=VALUE        When a match is found specified external program
                               is called with key passed to stdin.
                               Example: "--command 'tee example.txt'" would
                               save the key to example.txt
                               If the command returns with a non-zero exit code,
                                the program will return the same code.
 

Generate A Vanity .onion Address For Your Tor Hidden Service Using Eschalot

Ever wonder how Tor sites get those custom vanity .onion addresses such as silkroada7bc3kld.onion? These addresses can be generated by hidden service operators for production use, and are just as secure as the automatically generated (and often more cryptic) addresses.

Hidden service .onion addresses are really just the public part of a key pair. Utilizing asymmetric encryption, a hidden service uses the public key (a 16 character string that functions as the actual address prefix) and a private key (a much longer string that is known only to the hidden service) to verify the identity of the service. Anyone connecting to the public key can only do so if the hidden service has access to the private key. Under normal circumstances, only the service operator has access to that private key, so you could trust that the address has not been hijacked.

Keep in mind, while it takes a long time, it is possible for someone to generate the same keypair as another hidden service. While computationally expensive, entities able to throw enough resources at generating an identical address would be able to do so much more quickly than someone acting alone on a sole machine.

 

Generation with Eschalot

Eschalot is one tool that can be used for generation. Eschalot is based off of another tool I previously covered called Shallot. While Shallot only allowed for some basic matching with regular expressions, Eschalot gives the user a bit more control and even supports word lists. Eschalot will not be as fast as a tool like Scallion, but it is (in my opinion) more portable as Scallion seems to have issues running on ARM-based SOCs.

Let’s get started generating custom .onion addresses. I will assume that you have access to a Linux machine and are familiar with the terminal. I will be using Debian, but this guide should be easy to modify for most distributions.

First, install OpenSSL if we don’t have it, then clone Eschalot onto your machine:

$ sudo apt-get install openssl
$ git clone https://github.com/ReclaimYourPrivacy/eschalot.git

Now, we will move to the eschalot directory, and build the eschalot executable:

$ cd eschalot
$ make

We can now make sure everything is working using the builtin testing option:

$ make test
./worgen 8-16 top150adjectives.txt 3-16 top400nouns.txt 3-16 top1000.txt 3-16 > wordlist.txt
Will be producing 8-16 character long word combinations.
Reading 3-16 characters words from top150adjectives.txt.
Reading 3-16 characters words from top400nouns.txt.
Reading 3-16 characters words from top1000.txt.
Loading words from top150adjectives.txt.
Loaded 150 words from top150adjectives.txt.
Loading words from top400nouns.txt.
Loaded 400 words from top400nouns.txt.
Loading words from top1000.txt.
Loaded 974 words from top1000.txt.
Working. 100% complete, 31122412 words (approximately 377Mb) produced.
Final count: 31366539 word combinations.
./eschalot -vct4 -f wordlist.txt >> results.txt
Verbose, continuous, no digits, 4 threads, prefixes 8-16 characters long.
Reading words from wordlist.txt, please wait...
Loaded 31366539 words.
Sorting the word hashes and removing duplicates.
Final word count: 31363570.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Running, collecting performance data...
Found a key for kindland (8) - kindlandudsw7nga.onion
Found a key for loudhour (8) - loudhourvype7cyn.onion
Found a key for cutwaxwin (9) - cutwaxwinstsf6mk.onion
Total hashes: 177519717, running time: 10 seconds, hashes per second: 17751971

When done, simply clean up the test results:

$ make cleantest

 

Now is a good time to use Eschalot to find an address that starts with a word or phrase of our choice. Let’s start Eschalot in verbose mode, with 4 threads, and have it continue to look for addresses even after it has found one. We will look for addresses that start with “apple”. After a little waiting, you should get some similar output with the .onion address (public key) and the private key:

$ ./eschalot -t4 -v -c -p apple
Verbose, continuous, no digits, 4 threads, prefixes 5-5 characters long.
Thread #1 started.
Thread #2 started.
Thread #3 started.
Thread #4 started.
Running, collecting performance data...
Found a key for apple (5) - appleiujtls4awea.onion
----------------------------------------------------------------
appleiujtls3awea.onion
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDQo/ArZ/Em1/1wvTlpVSjV5eTnYelelzJ670kBsO8/Yjvq5GGu
M7LdAUVUBdrF9qO2I24eKNul0sam+jmvov8WvFAk2eSk2p5VefVabxvUvSiOVNwA
cw3XmHlbWPpriOmyFiTOQtzYXHqG4YNPna9VQMR5S+86hy4AEiJoJNEdpQIEAT1u
AwKBgF8uYVx00lZPzAUxAFmrw85H78001d767m+7OLWmj5dDSgC0nbNWHbICwP8y
fczIoQ/DLHGOHK1WtPiUXNw7E/EX3f4DQ3E0zssIRZOBhmy6D3umLUHBILI/6n/F
hzD8U/Zy3W6rgZ35Ib34Mv35Kq/d6DFUD7u6qWv8CrD0gt7zAkEA6ASM6cI/EaT+
iTh+OSt+Pdh6N3Kofe2QGbqb8Y99tsX07nHOzl8EH0kkIxO26RDuWdT5J3wRUCkA
UGyqVrefNwJBAOY0y7qkSTtLE1S/TwhMWc8mEWqewj4FVT+H/sY0hlfZ5VW7xMjf
usKD99eTDLgJ0joqpIOlmmUHAFHKCkdHwAMCQQDVBCQWZJ/qzFqmFvs20erbTzrk
4VNgV6QmOJDidMAxqyjyocUnA1/vASHJcJnunEsdXvpADVKsV3hwO4jSIxqPAkAs
yCr9mXF5c+wWErdlNdYmOTthqIeCxZssr0fRYVadbtfQ9rEHV0UFEdUp50JWAX3s
oy7t+b7kPoTpTteKshyTAkAPzLpDXQPEWKIJL5uqTR1G/iR7FlQ/jaFd44OCNtmz
azXGB3asSbLcmc3z9KnOb5xzeApPW7hIPy/yxYCgEdrE
-----END RSA PRIVATE KEY-----

Additionally, you can use the included worgen utility to generate word lists that can be fed into Eschalot. Below is an example series of commands that will generate 10-character strings by mixing nouns that are 3-10 characters long each, and then run the list through Eschalot. Eschalot comes with several different word lists included what can be used by the worgen utility.

$ ./worgen 10-10 nouns.txt 3-10 nouns.txt 3-10 > wordlist.txt
$ ./eschalot -vct4 -l 10-10 -f wordlist.txt > results.txt

After generating a private key and address, you will want to use them with your Tor hidden service. The private key and address usually sit in files within the /var/lib/tor/hidden_service/ directory and are named hostname and private_key respectively.

 

For a full list of options and flags, we can run the eshalot executable with no arguments:

$ ./eschalot
Version: 1.2.0

usage:
eschalot [-c] [-v] [-t count] ([-n] [-l min-max] -f filename) | (-r regex) | (-p prefix)
-v : verbose mode - print extra information to STDERR
-c : continue searching after the hash is found
-t count : number of threads to spawn default is one)
-l min-max : look for prefixes that are from 'min' to 'max' characters long
-n : Allow digits to be part of the prefix (affects wordlist mode only)
-f filename: name of the text file with a list of prefixes
-p prefix : single prefix to look for (1-16 characters long)
-r regex : search for a POSIX-style regular expression

Examples:
eschalot -cvt4 -l8-12 -f wordlist.txt >> results.txt
eschalot -v -r '^test|^exam'
eschalot -ct5 -p test

base32 alphabet allows letters [a-z] and digits [2-7]
Regex pattern examples:
xxx must contain 'xxx'
^foo must begin with 'foo'
bar$ must end with 'bar'
b[aoeiu]r must have a vowel between 'b' and 'r'
'^ab|^cd' must begin with 'ab' or 'cd'
[a-z]{16} must contain letters only, no digits
^dusk.*dawn$ must begin with 'dusk' and end with 'dawn'
[a-z2-7]{16} any name - will succeed after one iteration

You can also run the worgenexecutable with no arguments for a complete list of options:

$ ./worgen
Version: 1.2.0

usage: worgen min-max filename1 min1-max1 [filename2 min2-max2 [filename3 min3-max3]]
  min-max   : length limits for the output strings
  filename1 : name of the first word list file (required)
  min1-max1 : length limits for the words from the first file
  filename2 : name of the second word list file (optional)
  min2-max2 : length limits for the words from the first file
  filename3 : name of the third word list file (optional)
  min3-max3 : length limits for the words from the first file

  Example: worgen 8-12 wordlist1.txt 5-10 wordlist2.txt 3-5 > results.txt

              Generates word combinations from 8 to 12 characters long
              using 5-10 character long words from 'wordlist1.txt'
              followed by 3-5 character long words from 'wordlist2.txt'.
              Saves the results to 'results.txt'.