joininbox icon indicating copy to clipboard operation
joininbox copied to clipboard
verified publisher icon openoms

txCast to broadcast payments at random times over Tor

Open openoms opened this issue 4 years ago • 9 comments

https://twitter.com/6102bitcoin/status/1389332245765369856?s=19

https://github.com/txCastOrg/txCast/

openoms avatar May 04 '21 06:05 openoms

an alternative solution which better suits the joininbox environment is scheduling the torthistx command.

Example of broadcasting a raw transaction with the Blockstream.info API via Tor an hour later: nohup bash -c "sleep $((1*60*60)) ; torthistx RAW_TRANSACTION" &

openoms avatar May 09 '21 22:05 openoms

change circuits

sudo apt-get install python-stem python3-stem

Call tor.newcircuit.py

import sys,os
from stem import Signal
from stem.control import Controller
port = sys.argv[1]
port_int = int(port)
print(port_int)

with Controller.from_port(port = port_int) as controller:
  controller.authenticate()
  controller.signal(Signal.NEWNYM)

tor.newaddress.sh [bitcoin | lnd | cln]

#!/bin/bash

service=${1}
if [ "${service}" = "bitcoin" ]; then
  port=9050
  controlPort=9051
elif [ "${service}" = "lnd" ]; then
  port=9070
  controlPort=9071
elif [ "${service}" = "cln" ]; then
  port=9090
  controlPort=9091
else
  echo "Invalid service ${1}"
fi

oldID=$(curl --connect-timeout 15 --socks5-hostname 127.0.0.1:${port} ifconfig.me 2>/dev/null)

echo "Requesting new identity for ${1}..."
sudo python tor.newcircuit.py ${controlPort}

sleep 5

newID=$(curl --connect-timeout 15 --socks5-hostname 127.0.0.1:${port} ifconfig.me 2>/dev/null)

echo
if [ ${oldID} = ${newID} ]; then
  echo "Fail !!!: Identity for ${service} did not change. Read error message above."
else
  echo "Success !!!"
  echo "${1} --> Old id: " ${oldID} "> New id: " ${newID}
fi

nyxnor avatar Jun 13 '21 12:06 nyxnor

Thanks @nyxnor , this is great. Happy to take it as a PR. The two Tor scripts can be place to scripts/standalone so they don't interfere with the scripts on the raspiblitz.

openoms avatar Jun 13 '21 19:06 openoms

Do it. :100:

ouch, I thouht you wanted to PR, misunderstood. Will work on it (to add time between tx)

nyxnor avatar Jun 13 '21 21:06 nyxnor

@nyxnor just these two simple scripts can be useful, no need to add anything to start.

openoms avatar Jun 13 '21 22:06 openoms

Ok, will do.

Just points for improvements next time, I understand the structure he did that was to be compatible with different implementations, but here are a few points to fit the project

  • This is the script that randomizes sending tx: txCast_stagger.py. It asks for manual input to select mempool or blockstream, this can also be randomized, humans do not have random patterns.
  • The min_delay is 0, that is okay considering that main > setup_tor > configure_tor > renew_tor_ip at every tx, but there is no checking if the ip did change or not, there is exception error handling here, but not sure this is precise enough as checking ip, this check if connection was refused (normally the main cause).
  • Passwords blobs will be removed, as it can be done with AuthenticationCookie in the torrc, meaning no user interaction to type the tor control password.
  • network and rpcport should be automatically from bitcoin.conf.
  • set delay should be configured in txCast.conf (new conf file), tx saved into a specific file, so that all this is done in the background via cronjob?
  • GOOD things: Being done entirely in python, native tor newnym with stem called at each tx, 2 different endpoints and over hs.

nyxnor avatar Jun 13 '21 22:06 nyxnor

I think TxCast is still in the experimental phase, good to keep an eye on it, but for now I'd just extend the torthistx command with the tor circuit renewal on every send.

openoms avatar Jun 13 '21 23:06 openoms

Stem will help a lot doing all of this.... https://stem.torproject.org/tutorials/down_the_rabbit_hole.html

sudo tor-prompt --run '/help'
sudo tor-prompt --run 'SIGNAL NEWNYM'
sudo tor-prompt --interface 9051

One line command to work with the destined control port

sudo -u debian-tor tor-prompt --run 'SIGNAL NEWNYM' -i 9071

If not mentioning the control port, will use default 9051.

nyxnor avatar Jun 15 '21 00:06 nyxnor

With knowledge, rereading this thread makes me feel noob.

There is no need to signal newnym.

There are various ways this can be done. As the tool here is cURL, and we are always reaching the same DestAddr and DestPort basically, we can use a different SOCKSAuth to isolate the requests via the isolation flag IsolateSOCKSAuth.

example:

curl -x socks5h://$RANDOM:[email protected]:9050 https://check.torproject.org/api/ip
## or
curl -U $RANDOM:$RANDOM -x socks5h://127.0.0.1:9050 https://check.torproject.org/api/ip

The random variable is used in place of the user and password, which tor does not validate, just check if it is different then before.

The above only covers stream isolation, not broadcasting at random times.

nyxnor avatar Sep 27 '22 19:09 nyxnor