AryaTOR is a popular software that many people use for different purposes: anonymisation, .onion site access, changing IPs - anything goes. Today, I'm not going to show you anything that changes the world of privacy-related apps.
I'll just show a simple Tor control panel that works as a ZeroPhone app. You can just select "Tor control" in the apps and get a menu to turn Tor on or off, see your external IP and request a new one, as well as see some stats and check your connectivity. Here, you can read the app's code.
It's a simple but powerful demo of what ZeroPhone is capable of - something no usual phone can do. This app took 2 hours to write - including all the package installs, finding the right settings and Googling. Think about it - 2 hours of work for adding a Tor control panel to ZeroPhone UI.
Currently, the Tor daemon I'm running is just a proxy, not proxying anything unless you want it to. You connect the ZeroPhone to the local network, set up ZeroPhone as a SOCKS proxy for your browser - and browse Internet through Tor. The "be a wireless AP and serve all traffic through Tor" part is not implemented - I'll need to add a simple "Wireless AP" menu first, and that alone requires a day or two's worth of tinkering. After that, it's just iptables/torrc work to make it a secure transparent proxy.
I could publish my /etc/tor/torrc file, but I haven't checked it for security - I have taken most of it from the manuals/tutorials on the Web and I'm afraid people would rely on it. Instead, what I'll want to do is - during the v1.0 development, write a torrc file and have it checked by many people to see if there aren't any unsafe settings, then release it with the ZeroPhone. However, if there's as much as one person asking for it in the comments, I'll put it on GitHub and link here.
Oh, and by the way - if you understand Python, go read the code. Email/comment under this article if there's anything with the UI libraries I'm using, something bad about my Tor helper library I wrote, or, maybe, my coding style. I could use a code review, even though I had lots of practice. Also comment/email if you want some features added to the Tor app, or UI tweaked.
That's all for now on software - I'll go work on the next apps on the list!
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
Had a quick skim over main.py, the only small comment I have is that I don't see any use of "global main_menu, callback" in init_app()
I haven't quite got my head around your "monkey patching" in tor.py yet, but the hard coded 9050 might be limiting later on (should be able to use Controller.get_ports ?)
Great work :)
Are you sure? yes | no
Thank you for your review!
Unused variables - well spotted! I'm very disappointed this is not a SyntaxError for Python - I think it should be, it can introduce subtle bugs.
The monkey patching is IIRC because of the fact that socket.socket function isn't fully prepared to deal with proxies, and socket.getaddrinfo isn't prepared to deal with ".onion" addresses. Now that you say about this, I think I have some useless statements there (the proxy-ing using requests built-in facilities), I'll try removing them and see if it works.
A hard-coded port number is limiting, yes. There's also the fact that Tor config (at least the options I use) needs to know the ZeroPhone's current IP on the local network, so I think there needs to be a way to insert those values in config on the fly (there might be a "serve on certain interface" option, but I'm not a fan of it - you don't want to expose your tor proxy on every network you connect to). I'll yet see about all it, of course - could be a separate discussion on, say, Tor forums or /r/onions, to ensure the tradeoff between usability and security is a good one.
Are you sure? yes | no
The more I see of this the more I like it; seeing it up and running is fantastic!
Well done mate!
Are you sure? yes | no