subgraph / Orchid

Other
221 stars 87 forks source link

Cannot build circuits because we don't have enough directory information #33

Open suntzu93 opened 7 years ago

suntzu93 commented 7 years ago

Hi All, I start Orchid 1.0.0 and Orchid 1.2.1 but i got a message : May 09, 2017 2:44:09 PM com.subgraph.orchid.TorClient start INFO: Starting Orchid (version: 1.0.0) May 09, 2017 2:44:09 PM com.subgraph.orchid.directory.DirectoryImpl loadFromStore INFO: Loading cached network information from disk May 09, 2017 2:44:09 PM com.subgraph.orchid.directory.DirectoryImpl loadFromStore INFO: Loading certificates May 09, 2017 2:44:09 PM com.subgraph.orchid.circuits.CircuitCreationTask checkCircuitsForCreation INFO: Cannot build circuits because we don't have enough directory information

If you have any suggest for me in this issue ,Please, let me know ! Many thanks !

ochando commented 7 years ago

Same problem for me. Comparing the server list on Orchid/src/com/subgraph/orchid/directory/TrustedAuthorities.java, and my cached-microdesc-consensus used by the binary tor on my OS, almost all the IPs are different: dir-source dannenberg 0232AF901C31A04EE9848595AF9BB7620D4C5B2E dannenberg.torauth.de 193.23.244.244 80 443 contact Andreas Lehner vote-digest 2D2BF5A1678938916E627FF4512160AB943BEC52

dir-source tor26 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 86.59.21.38 86.59.21.38 80 443 contact Peter Palfrader vote-digest F9959F7D0C188E24DD233167CD45D07D8AEC68C9

dir-source longclaw 23D15D965BC35114467363C165C4F724B64B4F66 199.254.238.53 199.254.238.53 80 443 contact Riseup Networks <collective at riseup dot net> - 1nNzekuHGGzBYRzyjfjFEfeisNvxkn4RT vote-digest B65FA18F0984F6155216494CA2FDF8AE34229946

dir-source maatuska 49015F787433103580E3B66A1707A00E60F2D15B 171.25.193.9 171.25.193.9 443 80 contact 4096R/1E8BF34923291265 Linus Nordberg <linus@nordberg.se> vote-digest 988FAC20BBF2C1472F5BEBE627D4A1E07A1C8D8A

dir-source moria1 D586D18309DED4CD6D57C18FDB97EFA96D330566 128.31.0.34 128.31.0.34 9131 9101 contact 1024D/28988BF5 arma mit edu vote-digest 1E1CBC1E219EAE59876B270E91D4E4E8293B6CD6

dir-source dizum E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212 194.109.206.212 80 443 contact 1024R/8D56913D Alex de Joode <adejoode@sabotage.org> vote-digest E2E20692EBACD7E4DB3CA26959F299392845A3C0

dir-source gabelmoo ED03BB616EB2F60BEC80151114BB25CEF515B226 131.188.40.189 131.188.40.189 80 443 contact 4096R/261C5FBE77285F88FB0C343266C8C2D7C5AA446D Sebastian Hahn <tor@sebastianhahn.net> - 12NbRAjAG5U3LLWETSF7fSTcdaz32Mu5CN vote-digest 4F1DF4E39B68AEE7B90F7BE9EDFC9D5A9E31609A

dir-source Faravahar EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 154.35.175.225 154.35.175.225 80 443 contact 0x0B47D56D Sina Rabbani (inf0) <sina redteam net> vote-digest 1B3D633796E9631D303CB75BC8BCAF5C66C5DEE1

I guess that's the problem. Because using the tor bin on my OS, all requests are torified correctly.

Subgraph should provide an easiest way to change this list instead of a hardcoded one.

nikiwaibel commented 7 years ago

I guess it is also hardcoded in the official tor client. Buy there it is updated regularly...

nomadgy commented 7 years ago

Does anyone know of an updated orchid lib that works on samsung s6. I read a post that say that samsung removed some of the cipher libs. I was wondering if anyone managed to find a solution to this problem.

munsuri commented 7 years ago

Are you sure those info/warning's are stopping the lib from working? I get the following as well

2017-05-29 16:10:29 .TorClient start [INFO] Starting Orchid (version: 1.0.0) 2017-05-29 16:10:29 .DirectoryImpl loadFromStore [INFO] Loading cached network information from disk 2017-05-29 16:10:29 .DirectoryImpl loadFromStore [INFO] Loading certificates 2017-05-29 16:10:29 .CircuitCreationTask checkCircuitsForCreation [INFO] Cannot build circuits because we don't have enough directory information Waiting for Tor readiness... 2017-05-29 16:10:29 .DirectoryImpl loadFromStore [INFO] Loading consensus 2017-05-29 16:10:29 .DirectoryImpl addConsensusDocument [WARNING] Unable to verify signatures on consensus document, discarding... 2017-05-29 16:10:29 .DirectoryImpl loadFromStore [INFO] Loading microdescriptor cache 2017-05-29 16:10:29 .DirectoryImpl loadFromStore [INFO] loading state file 2017-05-29 16:10:29 .DirectoryDownloadTask needConsensusDownload [INFO] Downloading consensus because we have no consensus document 2017-05-29 16:10:42 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:42 .ConsensusDocumentImpl verifySignatures [INFO] Certificates need to be retrieved to verify consensus 2017-05-29 16:10:49 .CircuitCreationTask checkCircuitsForCreation [INFO] Cannot build circuits because we don't have enough directory information 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx 2017-05-29 16:10:52 .ConsensusDocumentImpl verifySingleAuthority [WARNING] Consensus signed by unrecognized directory authority: xxxxxxxxxxxxxxx

That ends up downloading the latest consensus files, which contain the most recent authority servers (https://atlas.torproject.org/#search/flag:authority)

Besides, the HTTP/S requests that I'm doing appear to go through Tor (IP check)

nomadgy commented 7 years ago

Hi munsuri. thank you for replying to me. The orchid library is the best one i have ever seen. Onionkit and orbot is no match for it. I have abondoned my current project because I got no reply earlier and used onionkit instead. I am guve up on irc and looking at alternative ways to post messages online. Its not ideal but I would still prefer the orchid lib.

I wrote an android app that uses the orchid-0.9.1.jar library. I was trying to write a irc chat app that runs over the tor network for freespeech movement in my country because people in my country are being attacked for expressing their opinon openly. It was working initially but when I updated my phone it broke my app (app freezes at connecting to tor).

Having realized this I assumed that it will also affect other versions of android. Someone on the forum mentioned in an issue that it has something to do with ciphers being removed. So I tried to download the orchid source and replace the current crypto lib with spongy castle but realized its a lot of work. I have basically given up on the orchid lib. If you can send me a sample project with (libs included) that works on the samsung s6 with the updates then I would be happy and i can test and verify it works on the samsung s6. You would make my day. Thanks.

nikiwaibel commented 7 years ago

@nomadgy i do 100% agree with you! onionkit+orbot is not what i want either. we need a standalone java lib that creates proper tor circuits. anywhere within java, including android.

nomadgy commented 7 years ago

nikiwaibel, thank you. i am glad to know i am not the only one who support the orchid lib want it to be the best. onionkut does not offer a raw socket connect like orchid does. That is what impresses me about orchid lib. Its simple implementation. I just wish someone can figure out how to fix it on android. I am glad to test it out on my samsung s6.

munsuri commented 7 years ago

What about orchid 1.0.0? It is the one bitcoinj was using till this commit so you can check whether it works for you or not. But I don't know if this project has official support for Android. The authors of this project don't seem to be very active so you would have to try. Another alternative that says it supports Android (and that it is working for me on desktop) is silvertunnel-ng. You can find the 0.0.5 in maven repos. Good luck :)

nomadgy commented 7 years ago

I tried that too as a last resort. The same problem. Can put up a sample project somewhere I can download that I can test. I tried looking at silver tunnel but it is confusing. Too many dep libraries. I am using eclipse as my ide. Maybe you can send me a sample project with silvertunnel that actually works. I still prefer orchid because it is simple and only one jar.

nomadgy commented 7 years ago

I wonder why the tor project developers could not take over the orchid project and develop it. They should ensure that libs like orchid is maintained and supported in order to promote freedom of speech. That's the whole point of tor. They should take the lead since they built the network.

frypatch commented 7 years ago

I'm going to look into forking and developing features for orchid. I've already addressed the issues mentioned here and re-wrote the api to act like a traditional http client in a private project.

nomadgy commented 7 years ago

hi geo-gs, thank you very much. you are a life saver. I am glad to get orchid working. I hope the socket interface is still available. I need that feature to tunnel an irc socket connection through tor. let me know when an update is available. thanks.

nomadgy commented 7 years ago

hi geo-gs, You said that the issue was addressed. If you have a fix for the current orchid lib then can you direct me to it. I am talking about the crypto lib problem.

I saw the following code in your project (TorClientFactory.java). Is this code block a built in feature. Is this the fix to the crypto problem?

        if(TorCryptography.hasRestrictedCryptography()){
            TorCryptography.removeCryptographyRestrictions();
        }

I also noticed you are creating a proxy to the torclient. I will assume that is to be used for your http stuff.

public static Proxy getProxy(){
    return new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(PROXY_HOST, PROXY_PORT));
}

In all, your project is good work.

frypatch commented 7 years ago

@nomadgy I remember having a fix for fixing the not enough directory information bug but didn't publish it anywhere, but it sounds like this is not your problem.

The TorCryptography.removeCryptographyRestrictions() was developed with computers in mind, not phones, so I don't know how it will react on a phone. That being said, the idea behind this function was to easily enable the unlimited strength ciphers in oracle java 7 or 8 via reflection so that the user didn't need to install additional jar files.

However, if the ciphers don't exist at all then this won't work. I'd be surprised if they don't exist though because I think they are needed for https requests too.

According to the source post I was following when implementing this (http://stackoverflow.com/a/22492582) an alternative would be to fork the project, bypass the JCE API, and include/use our own unlimited strength ciphers.

nomadgy commented 7 years ago

hi geo-gs,

I tried something similiar before and it did not work but I will take another look at your link. If I bypass the jce api then is the spongy castle crypto lib compatibale? Will give it a try and see if it works. Thanks.

felunka commented 7 years ago

Hi everyone! I know this is quite old but hey, I will give it a shot. Is there any fix by now? If not, what is the best alternative library?

frypatch commented 7 years ago

@felunka Try my fork: https://github.com/geo-gs/Orchid

Here are relevant commits: https://github.com/geo-gs/Orchid/commit/a95b3c808c5e2ccaf10b3205c0b9138bac3946a8 https://github.com/geo-gs/Orchid/commit/a0c0179595a1f52d4dc0dc9ea879b22ea16b481c

SaadArdati commented 7 years ago

Sorry to bother you @geo-gs but I'm still getting the same issue even with your latest commits on your fork. Is there a way to resolve this?

osadchi commented 6 years ago

I'm using the JDK 1.8.0. I've tried to setup the v1.0.0 from the official web site and updated by bitcoinj the v1.2.1, both stops on 10% and says

mhatta commented 6 years ago

Hi everyone, I think I could fix several issues including this one, and now Orchid can build circuits again (as of today).

Try my fork: https://github.com/geo-gs/Orchid

Pre-built JAR is also available: Orchid-v1.0.0.jar

jpelzer commented 6 years ago

@mhatta says it right, but the link is https://github.com/mhatta/Orchid Confirmed working for me today, 2018-04-11.

mhatta commented 6 years ago

Oops, thanks @jpelzer! Yes, my repo is https://github.com/mhatta/Orchid. Glad it works for you.

AdvancedDataResearch commented 6 years ago

Hi everyone, I don't know if this thread is still "alive" since its a bit old now, so ill just try.

I've been trying to get a working tor connection with the Orchid lib, and It doesn't seem to be working. tried the Forks from @geo-gs and @mhatta (v1.0.2 seems to have the latest "auth_dirs") and it just gets stuck on (left it running for 2 hours): CircuitCreationTask - Cannot build circuits because we don't have enough directory information

My network is not blocking tor (tried with the official tor browser and that connects within a couple of seconds) Is there a way to get it working or should I be looking into another library, Orchid seems to be well made so I would prefer to get this one working ;) Since @jpelzer confirmed that it was working on 2018-04-11 and I cant get it to work on 2018-09-09 I'm hoping I just made a mistake.

mhatta commented 6 years ago

@AdvancedDataResearch Yes, I could reproduce your problem. Seems Orchid cannot build circuits again, possibly since the new stable release Tor 0.3.3.6 in May (and fully propagated recently)? I couldn't figure out why yet, but I will look into it. Help appreciated.

AdvancedDataResearch commented 6 years ago

@mhatta great thanks! I'll also try to pinpoint where it "breaks"

mhatta commented 6 years ago

@AdvancedDataResearch Seems finally I fixed Orchid again. Please try v1.0.3.

SaadArdati commented 6 years ago

@mhatta it's not working for me still. (i had to port my whole project to jdk 11 to get orchid to load at all)

DirectoryDownloadTask - Failed to download current consensus document: Failed to open directory circuit

https://hasteb.in/efaduyen.css

This error keeps repeating forever.

Also I'm getting this in the console, does this mean i can't access the web with it? only local sites? How do i fix that?

Starting ChromeDriver 2.44.609538 (b655c5a60b0b544917107a59d4153d4bf78e1b90) on port 37837 Only local connections are allowed. Nov 23, 2018 9:04:39 AM org.openqa.selenium.remote.ProtocolHandshake createSession INFO: Detected dialect: OSS

mhatta commented 6 years ago

@Demoniaque Thanks for testing. Could you try https://github.com/mhatta/Orchid/releases/download/v1.0.3/Orchid-v1.0.3-test.jar ? I tested it with Debian's OpenJDK 10 and 11. I guess it also works with OpenJDK 8 if rebuilt with it.

SaadArdati commented 6 years ago

@mhatta that seems to be working, The tests I got from stackoverflow are returning positive, however there's a lot of console nag. In case its of any importance, here's my log followed by the tests:

console: https://hasteb.in/pigozuga.xml tests: https://hasteb.in/yabapowi.cs

Seems positive so far :)

mhatta commented 6 years ago

Okay, I released v1.0.4.

SaadArdati commented 6 years ago

@mhatta Another crash; https://hasteb.in/alazimaf.sql

Not sure why this is happening, I accidentally ran a loop that made new tor clients like 11 times simultaneously and stopped it, now it doesn't want to start with just one of them at all.

mhatta commented 6 years ago

@Demoniaque Is that reproducible? I removed some ciphers from 1.0.5. Does 1.0.4 crash too?

SaadArdati commented 6 years ago

@mhatta https://hasteb.in/udecicah.sql 1.0.4 does not crash but cannot build circuits anymore. I'm not sure what's going on, maybe my state files are fucked up now or something? Is there a way to completely reset tor after .stop()ing it?

EDIT: it finished with: 2018-12-03 20:10:04,069 WARN - DirectoryDownloadTask - Failed to download current consensus document: I/O exception processing directory request

mhatta commented 6 years ago

@Demoniaque I'm not sure what's happening, maybe it's worth removing ~/.orchid and try again.

SaadArdati commented 6 years ago

@mhatta I deleted my .orchid folder and tried with both 1.0.4 and 1.0.5. I waited more than 5 minutes on 1.0.5 and then it worked finally. I'm not sure why it's so slow but it was definitely failing before deleted ./orchid. https://hasteb.in/lubajenu.sql

I guess it works now? Check the log and tell me if something stands out to you, just in case. but it seems to be working now.

In my opinion, TorClient should automatically remove ./orchid when .stop() is called, but i don't know enough about it to have a say in it.

I'll update this thread with any more problems.

mhatta commented 6 years ago

@Demoniaque Seems the response of Dir Auth servers is widely different. Some servers respond fast, others not (or just choked). Can you try removing ~/.orchid and set USE_COMPRESSION = true in src/main/java/com/demo/ApplicationProperties.java and rebuild? Orchid will download microdesc, etc. in the compressed format.

SaadArdati commented 5 years ago

@mhatta https://hasteb.in/foneyeyu.cs using version 1.0.6 and after deleting .orchid

mhatta commented 5 years ago

Is this reproducible? What's your platform? Java version?