Feature Request: TOR Integration

[ghost]

Self - explanatory. Default(or enforced) option to use local Orbot proxy.

Excellent project. Thanks :) !

[jonathancross]

Have you tried using the app VPN mode in Orbot?

[ghost]

@jonathancross yes and I did for other apps as well but android VPN mode seems unreliable:

https://tor.stackexchange.com/questions/13946/orbot-apps-vpn-mode-vs-tor-everything-on-rooted-device-which-is-better

Some Bitcoin wallets route through the exposed proxy without root requirements. See Electrum (the user has to write the local proxy url, 127.0.0.1:9050):

Or Mycelium (more clicky/user friendly):

[amicrod]

your looking for https://github.com/guardianproject/netcipher

[m2049r]

thanks @amicrod but i am not sure we are. the node communication is done entirely by the monero core code. not android code. so (i think) we cannot use this or any other android library to change that unless we also change the core comm code of monero.

[jonathancross]

Real Tor / Orbot support from the app would be great.

@m2049r I may be misunderstanding here, but the idea is to have an option to route traffic over Tor rather than clearnet. The actual communication with the node would be the same as today except that the user might have the option to connect to a .onion hidden service. I've never implemented something like this, but it seems the actual node communication should not have to change. Here are some java examples showing what Mycelium does.

[Onefox]

Would love to be able to connect to a onion node

[ghost]

@amicrod exactly that, thanks. 🙋

[m2049r]

the node communication is done through monero core code. I don't think it's possible to use netcipher or the mycelium examples to route that traffic through TOR.

Question: How do you connect to TOR on the commandline or official GUI clients?

[ghost]

@m2049r I've never coded an app like that, but as client I use the torify command whenever I want to curl something. like just prepending it as torify wget http://...

[ghost]

for example a use case I was testing and worked was to start the Orbot app and then in the Termux command line as test I was able to issue a torify command and it went successfully throught the Orbot tor proxy without the android native VPN.

[m2049r]

my understanding was the running orbot in vpn mode would enable monerujo to also go through tor - is this not true?

[amicrod]

FWIW if you have a ROMd phone you can tell orbot to vpn-wrap xmrwallet.. it connects to onions just fine.

EDIT - don't even need ROOT if you have a current android phone. VPN and orbot work out of the box.

[ghost]

@m2049r vpn mode works but crashes constantly. When vpn crash occurs the app will go clearnet without notice to the user. It's not reliable.

[m2049r]

@jmliz if you use an .onion address it cannot go clearnet as onions addresses are not on the clearnet. or am i missing something?

[SamsungGalaxyPlayer]

@m2049r I'm running Orbot in VPN mode with Monerujo set as a tor-enabled app. I'm unable to connect to any .onion node listed on the MoneroWorld page.

[ghost]

@m2049r @SamsungGalaxyPlayer but even in the case it worked wouldn't that mean that when VPN crashes the wallet would start leaking clearnet DNS queries for the non-existing .onion domain? Anyone listening would know you're using monero and which particular server you're looking for.

[amicrod]

I have been doing some testing on this and it seems that the VPN code is not very great and there can often be race conditions when changing networks where monerjo is running and orbot has not completed its setup. The problem here I see is as stated above the client will still be sending out DNS requests. This will signal that the user is likely using monero and tor on their phone.

Question: How do you connect to TOR on the commandline or official GUI clients?

To run a full node or monero-gui in linux over Tor firewall rules must be applied, torify might do this too but it has always been sub par to firewall rules. This is what orbot does. I believe orlib/orbot apply direct iptables. The netcipher library released by guardianproject is intended to be a safe guard for leaky applications in that they wont connect with out security confirmation from netcipher.

Perhaps its best to wait for korvi, but probably not. I imagine that korvi and the likes will be focusing on the p2p-code of monerod and expecting monero-gui users to be running it on the same machine. Even if we get a good implimentation of korvi for the android the result will likely be the same in that the application connections should be modified to go through netcipher and choose between i2p or tor connections. Until then there will always be a risk of improper configurations and race conditions. I believe this to be high risk issue.

Probably not an easy task if this is fork of monero-gui code base, perhaps we can get someone from @guardianproject to chime in..

[m2049r]

yes, it's not even a fork of monero-gui code base - it is libwallet for monero-gui (which is built in monero-core) which is the wallet API. it may be a good idea to built tor/kovri into that codebase so all users of of wallets anywhere (android, linux, mac, windows, ios) get the same security features. no idea how feasable this is.

[amicrod]

Since this is seeming to be quite the challenge I will add a 0.5xmr bounty(or btc equiv). If someone matches me I will add another 0.5xmr. Good luck 👍

[leafcutterant]

Orbot's app VPN is not really reliable. As one of the links above tell, it's not guaranteed that the app you try to run through tor will really run though tor.

I find this to be an important feature. Kovri starts to look like the empty hope promised for the future but never coming.

[Engelberg]

xmr.to runs an onion node: http://xmrto2bturnore26.onion/ so it would be nice if monujo's integrated use of xmr.to would use the onion node if Orbot is running.

[m2049r]

good idea @Engelberg - could you make this it's own issue I can work on?

[kykeon]

Ok. Wouldn't it perhaps be easier to talk with the simplewallet developers and add a --socks-proxy argument?

Then "Use Tor" in monerujo becomes a matter of passing =127.0.0.1:whateverportorbotusesrthesedays.

[m2049r]

add a --socks-proxy argument

I think that's the way to go.

[jonathancross]

FYI: If anyone here wants to securely connect to a remote node they own today, I wrote up a quick guide here. Also works over Tor through Orbot.

[SamsungGalaxyPlayer]

Wallet SOCKS support was merged into monero master a short while ago.

[jonathancross]

I can confirm that the current release of Monerujo (v1.12.11) is capable of using a remote Tor hidden service!

• Remote service is setup as described here: https://web.getmonero.org/resources/user-guides/tor_wallet.html
• Orbot was used with App VPN setup for Moneurjo.

Note: The connection seems extremely finicky. I was on high-speed WiFi, yet it took 20 minutes of waiting / flipping back and forth to Orbot, turning orbot off and on, refreshing the connection, etc. before Monerujo recognized the connection as valid. Monerujo kept saying: "Node invalid! Try another." -- which I ignored and kept tapping on the wallet until it worked.

Once the node was accepted as valid, I was able to open the wallet and download blocks very slowly -- about 1000 per minute on average.

[leafcutterant]

@jonathancross Could you share the remote onion nodes that worked for you? I tried this, but got "Cannot resolve host" and "connection error"while testing or trying to add a node.

[jonathancross]

@leafcutterant I imagine it should be the same for all RPC servers setup as described, but sure I can share the info if you can ping me on Riot/matrix: @jonf3n:matrix.org

Alternatively, you can post a pgp key w/ email address.

Note: I'll be traveling until Wednesday, expect delays.

[cm157]

Again, monerujo has never worked with Orbot. Any claims contrary to this are a lie. You can't use remote onion nodes with monerujo and Orbot. It's stupid.

[cm157]

The easiest way to integrate Orbot support using the teams small NetCipher library... this will help 1) detect if Orbot is installed 2) request to start and 3) find out what SOCKS/HTTP port the proxy is available at. https://github.com/guardianproject/netcipher The OrbotHelper class in particular makes this easy: https://github.com/guardianproject/NetCipher/blob/master/libnetcipher/src/info/guardianproject/netcipher/proxy/OrbotHelper.java

Also this tool which directly integrates Tor

https://topl-android.matthewnelson.io/