Brute forcing your very own vanity onion address at ~11,646MH/s

tesla-v100

User privacy has become a hot topic. I will be publishing stories and VLOGs shortly on how to protect yourself against invasive tracking practices. In the meantime, follow me here and on YouTube to be notified when they come out.

The main idea behind user privacy is that users should not be tracked without explicit (and intelligible) consent. For example, internet service providers (or ISPs) shouldn’t monitor which websites we are visiting but it’s totally fine for them to measure how much bandwidth we are using if their pricing model is based on bandwidth usage. Get the idea?

On the other side of the services we use are service providers such as Facebook and Slack. Most service providers don’t require privacy to operate, but how about WikiLeaks? The service providers that require privacy use Tor onion services (formally know as hidden services, a.k.a. the dark web) to host services privately. Dr. Mike Pound of Computerphile (one of my favorite YouTube channels) does a great job at explaining how onion services work. Unlike normal service providers that use DNS to route requests to servers by translating domain names to IPs, onion services use onion addresses to achieve the same privately by concealing the IPs of servers using onion routing. For example, the submission service of WikiLeaks is hosted on wlupld3ptjvsgwqw.onion. This makes it very hard for anyone to know where the servers are located granting service providers privacy and, in the case of WikiLeaks, a great level of immunity against being taken down.

Know your way around Tor, skip to the guide.

The DNA of onion addresses

Onion addresses such as wlupld3ptjvsgwqw.onion are generated using public-key cryptography also know as asymmetric cryptography. Put simply, a keypair is generated when a Tor onion service is configured. The private key is used by the network to make sure an onion service is authorized to run behind a given onion address. Described in all their mathematical beauty in the official specs of Tor, onion addresses are created as follows.

If you decide to run a onion service Tor generates an ​RSA-1024 keypair. The .onion name is computed as follows: first the ​SHA1 hash of the ​DER-encoded ​ASN.1 public key is calculated. Afterwards the first half of the hash is encoded to ​Base32 and the suffix ".onion" is added. Therefore .onion names can only contain the digits 2–7 and the letters a-z and are exactly 16 characters long.

Why are vanity onion addresses enviable?

Because brands are stories and stories are passed along using words and images that are relatable. Also, because users have to audit the onion addresses they visit to make sure they are not being phished.

Which of the following onion addresses is the most relatable? Which one is easier to audit?

http://cc53tkyseqnn3sjx.onion vs http://sunknudsenq6j34p.onion

http://sunknudsenq6j34p.onion right?

How to get your very own vanity onion address?

The DNA of onion addresses makes it impossible to derive a private key from an onion address. As a result, in order to get your very own vanity onion address (and its associated private key), you have to use brute force. Put simply, you have to create a huge number of totally random onion addresses until you create one that you like.

Say you want an onion address that starts with (is prefixed by) "wl" (referring to wlupld3ptjvsgwqw.onion here), according to Scallion, the tool we will be using, it will take 512 2^(5*2–1) attempts. But how about an onion address that is prefixed by "wlchat"? 536,870,912 2^(5*6–1) attempts are required. That’s over 536 million attempts and that number grows exponentially as characters are added to the prefix. Thankfully, computers are excellent at math so plowing through attempts at great speeds is possible. As a matter of fact, today’s computers are equipped with a piece of hardware that is especially efficient at math: the GPU (or graphics processing unit).

To put things into perspective, on my mid-2015 MacBook Pro here’s how fast I can run attempts. Results are expressed in MH/s (1 MH/s is 1,000,000 attempts per second).

Specs: 2.5 GHz Intel Core i7, Intel Iris Pro 1536 MB, AMD Radeon R9 M370X 2048 MB

  • 2.5 GHz Intel Core i7 ~21MH/s*
  • Intel Iris Pro 1536 MB ~134MH/s*
  • AMD Radeon R9 M370X 2048 MB ~485MH/s*

*The above speeds decrease as hardware is throttled to prevent overheating.

At 485MH/s, I can generate onion addresses with a "wlchat" prefix almost instantly 536,870,912 / 485,000,000 = ~1.1 seconds.

Now, what if we want to create an onion address with a "sunknudsen" prefix? That’s a whole different story as 562,949,953,421,312 2^(5*10–1) attempts are required. Not a typo. That’s over 562,949 billion attempts! At 485MH/s, it would take around 13.5 days of brute forcing to create one onion address and a MacBook Pro would probably crash or burn before the end of the process.

So what are our options, if any, to speed things up and not destroy our personal computers? See that NVIDIA card in the cover pic? That’s a NVIDIA Tesla V100 Data Center GPU. It’s currently the world’s fastest GPU designed for data scientists, researchers, and engineers working on things such as artificial intelligence (AI). It’s speed when running attempts is an astounding~11,646MH/s which is 24X faster than my MacBook Pro’s AMD Radeon R9 M370X 2048 MB. At this speed, an onion address prefixed by "sunknudsen" can be created in ~13.4 hours. We’re on to something but that GPU costs over 20K USD.

Thankfully, Amazon Web Services (AWS) offers the NVIDIA Tesla V100 Data Center GPU on EC2 p3.2xlarge instances for as little as $3.06 USD per hour. They are also offered on EC2 p3.2xlarge spot instances for as little as $1.01 USD per hour. Now we’re talking! If you have never heard about spot instances, Amazon has more infrastructure than it needs at any given time in order to support growth. Instead of keeping that infrastructure sleeping, they offer it at discount. The downside of spot instances is that Amazon can terminate your instance when ever they want so you have to make sure you extract your onion addresses continuously. DON’T FORGET TO TERMINATE YOUR P3.2XLARGE INSTANCES WHEN YOU ARE DONE AS THEY ARE VERY EXPENSIVE!

Now that we know how to plow through attempts at record breaking speeds thanks to AWS EC2 p3.2xlarge instances, it’s tutorial time!

Guide

This guide is designed for people who know their way around MacOS, AWS and Linux. If you don’t, there are tons of tutorials on YouTube that can help you get up to speed.

Part 1: playing around with Scallion on your Mac

Step 1: install Homebrew.

/usr/bin/ruby -e "\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Step 2: install Mono

brew install mono

Step 3: install Scallion

git clone https://github.com/lachesis/scallion.git
cd scallion
msbuild scallion.sln

Step 4: see which devices can be used

mono /path/to/scallion/bin/Debug/scallion.exe -l

Step 5: create onion addresses (the onion addresses and their associated private keys will be saved to ~/Desktop/keys) 🎉

mono /path/to/scallion/bin/Debug/scallion.exe -c -d 0 -o ~/Desktop/keys wlchat

Note: on my Macbook Pro, I used -d 2 to use my AMD Radeon R9 M370X 2048 MB.

Bonus step: create onion addresses using multiple prefixes and/or regular expressions (the following snippet will create onion addresses that start by either "wl" or "wlchat" followed by a digit for readability)

mono /path/to/scallion/bin/Debug/scallion.exe -c -d 2 -o ~/Desktop/keys wl[234567] wlchat[234567]

Now that you know your way around Scallion, time to speed things up!

Part 2: running Scallion on a NVIDIA Tesla V100 Data Center GPU

The following steps are for the Debian GNU/Linux 9 (Stretch) AWS Marketplace AMI (Debian 9.9). Somehow, it’s currently not possible to select marketplace AMIs when creating spot instances so if you plan on running Scallion on a spot instance (much cheaper), you must first launch a standard instance to set things up.

Step 1: launch a Debian GNU/Linux 9 (Stretch) AWS Marketplace AMI t2-micro standard instance and ssh in as admin

choose-ami

Step 2: enable contrib and non-free repositories

sudo sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list

Step 3: install dependencies (don’t worry about the xbuild warnings)

sudo apt update
sudo apt install git libssl1.0-dev mono-devel nvidia-opencl-dev nvidia-opencl-icd -y
cd ~
git clone https://github.com/lachesis/scallion.git
cd scallion
xbuild scallion.sln /p:TargetFrameworkVersion="v4.5"

Step 4: create image of your standard instance

create-image

Step 5: terminate standard instance once image has been created

Step 6: create ssh-only security group

create-security-group

Step 7: launch a p3.2xlarge instance or spot-instance using the image created during step 4 and ssh in as admin (screen capture is for spot instance)

request-spot-instance

Step 8: create onion addresses (the onion addresses and their associated private keys will be saved to ~/keys) 🎉

mono /home/admin/scallion/scallion/bin/Debug/scallion.exe -c -d 0 -o ~/keys wlchat

DON’T FORGET TO TERMINATE YOUR P3.2XLARGE INSTANCES WHEN YOU ARE DONE AS THEY ARE VERY EXPENSIVE!

Hope you enjoyed this first guide.

Contributors:Sun KnudsenSun Knudsen

Wish to contribute? Please submit an issue or a pull request.
This website is not tracking you. PGP public key fingerprint: C4FB DDC1 6A26 2672 920D  0A0F C132 3A37 7DE1 4C8B