Skip to content

Instantly share code, notes, and snippets.

@DonnchaC
Last active December 16, 2015 14:49
Show Gist options
  • Save DonnchaC/5451637 to your computer and use it in GitHub Desktop.
Save DonnchaC/5451637 to your computer and use it in GitHub Desktop.
This is a simple Python port of the Tor's code for generating hidden service descriptor id's. Haven't tested this snippet so there might be a syntax error or something
#!/usr/bin/env python
from time import time
from base64 import b32encode, b32decode, b16decode
from hashlib import sha1
from struct import pack, unpack
# When provided with a Tor hidden service 'service_id', this script should output
# the desc_id's which clients would request at the current time .
# Based on rend_compute_v2_desc_id() from rendcommon.c in Tor source code.
def compute_desc_ids(service_id_base32, max_replicas, time = int(time()), descriptor_cookie = ""):
desc_ids = []
for replica in range(0, max_replicas):
desc_ids.append(rend_compute_v2_desc_id(service_id_base32, replica, time, descriptor_cookie))
return desc_ids
# Returns base_32 encode desc_id - descriptor-id = H(permanent-id | H(time-period | descriptor-cookie | replica))
def rend_compute_v2_desc_id(service_id_base32, replica, time, descriptor_cookie):#
service_id = b32decode(service_id_base32, 1)
time_period = get_time_period(time, 0, service_id)
secret_id_part = get_secret_id_part_bytes(time_period, descriptor_cookie, replica)
desc_id = rend_get_descriptor_id_bytes(service_id, secret_id_part)
return b32encode(desc_id).lower()
# Calculates time period - time-period = (current-time + permanent-id-byte * 86400 / 256) / 86400
def get_time_period(time, deviation, service_id):
REND_TIME_PERIOD_V2_DESC_VALIDITY = 24 * 60 * 60
return int(((time + ((unpack('B', service_id[0])[0] * REND_TIME_PERIOD_V2_DESC_VALIDITY) ) / 256) ) / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation)
# Calculate secret_id_part - secret-id-part = H(time-period | descriptor-cookie | replica)
def get_secret_id_part_bytes(time_period, descriptor_cookie, replica):
secret_id_part = sha1()
secret_id_part.update(pack('>I', time_period)[:4]);
if descriptor_cookie:
secret_id_part.update(descriptor_cookie)
secret_id_part.update('{0:02X}'.format(replica).decode('hex'))
return secret_id_part.digest()
def rend_get_descriptor_id_bytes(service_id, secret_id_part):
descriptor_id = sha1()
descriptor_id.update(service_id)
descriptor_id.update(secret_id_part)
return descriptor_id.digest()
def main():
REPLICAS = 2
onion_address = "idnxcnkne4qt76tg.onion"
service_id, tld = onion_address.split(".")
if tld == 'onion' and len(service_id) == 16 and service_id.isalnum():
desc_ids = compute_desc_ids(service_id, REPLICAS)
print desc_ids
main()
@DonnchaC
Copy link
Author

The OR identity_digest is just the base32 encoding of the SHA1 hash of the OR public identity key. Same hash as the OR fingerprint, just base32 encoded rather than the base16 encoding of the fingerprint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment