Use a tool to brute force .onions
f3yniw7vmrsvjzbm.onion is a pretty ugly name, right? If it's not good enough for Facebook (facebookcorewwwi.onion), it's not good enough for us.
The .onion name is a hash of a random public key, and we're going to use a tool to generate a lot of them and find one we like. More detail about how this works.
There are several tools built for this purpose. If you're on Windows, you can try Scallion. On Mac OS X or Linux, Eschalot should work. Skip to manage a server anonymously if you need to set up a server first.
Mac
This assumes you have make and gcc installed already. If you have Xcode you should be good. If not, try brew install gcc make
.
brew install openssl wget https://github.com/ReclaimYourPrivacy/eschalot/archive/master.zip unzip master.zip cd eschalot-master echo "CFLAGS += -L/usr/local/opt/openssl/lib" >> Makefile echo "CFLAGS += -I/usr/local/opt/openssl/include" >> Makefile make make test
Debian or Ubuntu
apt-get update apt-get install make gcc openssl unzip libssl-dev wget https://github.com/ReclaimYourPrivacy/eschalot/archive/master.zip unzip master.zip cd eschalot-master make make test
Is it working?
If that all works you'll start to see output along these lines:
Found a key for sadpaper (8) - sadpaperp23s5tey.onion Found a key for oldsmoke (8) - oldsmoke3kn6rky7.onion Found a key for bentrest (8) - bentrestmpz4psyf.onion Total hashes: 143760995, running time: 10 seconds, hashes per second: 14376099 Found a key for slowview (8) - slowviewryzixyji.onion
Now you'll have some options that are slightly more memorable. If you want to use one of these you'll find the key-pairs in results.txt
.
How to get what you really want
The two simplest ways to use Eschalot are to specify either a prefix or a regex, e.g. to find a name starting "anblog":
./eschalot -vct4 -p anblog
or to find a name starting that either starts with "tony" or ends with "eats":
./eschalot -vct4 -r "^tony|eats$"
The arguments here are specifying verbose mode, continuous (i.e. not stopping when we find a match), and running in parallel on 4 threads (you should adjust this to match the number of CPU cores you have).
Note that these examples find results pretty quickly since only 4 letters have to match; the longer you make your search pattern, the longer it'll probably take. Up to 6 characters should be quick enough for the workshop (within a few minutes). 8 characters is feasible later (expect results within a day).
Another option is to use ./worgen
to generate word lists to use as acceptable prefixes (see usage instructions), and specify the resulting file as input to Eschalot using -f
.
Type ./eschalot
or ./worgen
without arguments for usage information.
Using your name
Replace the private key in /usr/local/etc/tor/hidden_http_service/private_key
(or wherever you specified the HiddenServiceDir
to be in your torrc
) with the Eschalot-generated one (including its header and footer). Restart your Tor. It should update /usr/local/etc/tor/hidden_http_service/hostname
, and you should find your fancy new .onion is alive.
Next
Anonoblog | Robin Doherty | robindoherty.com | @rdoh | rdoherty@gmail.com | PGP