Month: June 2021

We are very dependent on your feedback! In this release, we have made an effort to implement more of your requests and, again, to improve the usability of TorBox based on your feedback. In this journey to the TorBox v.0.4.1, nyxnor has been a huge support, rewriting the OBFS4 bridge support of TorBox, which is now easier than ever to use. We also implemented experimentally “Shellinabox“, which gives clients to access the TorBox menu through a web browser so that the installation of a SSH client would not anymore be necessary. You can try it out by using https://192.168.42.1:9000 on a WiFi client and https://192.168.43.1:9000 on a cable client. Unfortunately, with the self-signed certificate for its secure connections, browsers will show a warning message during the first connection, which has to be ignored. We are eager to hear your feedback on “Shellinabox”. Do you know better alternatives? Let us know!

With the TorBox GitHub repository, it is straightforward for everyone to report issues or to change the code and to propose it in a pull request. Because we continue to travel around, it sometimes needs a little more time to address the issues and proposals. This is especially true for the TorBox website:

Over the following weeks, we will update the TorBox website to reflect all the changes introduced with TorBox v.0.4.1. Until then, some information could be outdated and refer to the older version.

TorBox Image (about 940 MB): v.0.4.1 (13.06.2021) – SHA-256 values
TorBox Menu only: v.0.4.1 (13.06.2021) – SHA-256 values

Since we had to install additional software packages and update the configuration files, we recommend using the new image rather than updating an existing system. However, we have added a short guide at the end of this post for those who absolutely must update from the previous version (not older!).

Changelog: v.0.4.0 (10.04.2021) –> v.0.4.1 (13.06.2021)

• Update: The system is based on Raspberry Pi OS “Buster” Lite with a Linux Kernel 5.10.17 and Tor version
• 0.4.5.8.
• Update: Internal list of bridges updated.
• New: Installed with one of the installation scripts and using the option “–select-tor” makes it possible to chose the to be installed tor version.
• New: The installed tor version can be updated or changed with entry 4 in the Update and Reset sub-menu, where “DEFAULT” installs the latest stable version and “EXPERT” gives access to a variety of TorBox versions, including the -rc and -alpha versions.
• New: A new script was added to the torbox folder but not yet included in the TorBox menu, which should automatically react to log-related events. The idea behind it is that, with the next version, TorBox can automatically handle a disconnection from a WiFi network or the tor network. For example, if the tor log file indicates that the entry guard is failing, TorBox should choose a new entry guard in the background. If successfully tested, the necessary rules will follow later and are expected to be integrated into the Countermeasure sub-menu.

• Fixed: Using entry 10 in the Configuration sub-menu to enable the SSH access to TorBox from the Internet was not permanent when chosen so, but was permanent when chosen temporary (mentioned by bhafer, see details in issue #46).
• Fixed: SOCKS v5 port for destination address stream isolation was falsely set on port 9051 used for the Tor Control Port. The port is now changed to 9052.
• Fixed: The Tor Control Port (9051) is now accessible from clients (mentioned by bhafer, see details in issue #46).
• Fixed: OBFS4 bridges with IPv6 addresses are now handled correctly (see details in issue #55).
• Fixed: After the installation, the go source package wasn’t removed from the home directory.
• Fixed: All known problems and bugs listed in the Blog entry to TorBox v.0.4.0.
• Improved: The use and handling of OBFS4 bridges are now more intuitive and in line with the use of the Meek-Azure and Snowflake bridges. There is no need anymore to activate OBFS4 bridge functionality in two steps. Also, the explanation about the functionality of bridges, pluggable transports and their use was completely rewritten. This amazing work was done by nyxnor – thank you very much!

• Improved: If one of the pluggable transports (OBFS4, MEEK, SNOWFLAKE) will be activated, another already running pluggable transport will be automatically deactivated.
• Improved: When installed from the image file, with the first start of the TorBox menu, the SSH server keys will be replaced by new ones. (mentioned by rsaxvc, see details in issue #40).
• Improved: All installation script can be run several times, for example, if the first installation attempt was not successful or when the system has to be reinstalled.
• Improved: The support for Ubuntu 20.04 /  21.04 and Debian 10/11 systems.
• Improved: Clean up the code of the TorBox Wireless Manager.
• Improved: We removed the first blank line to use the maximum available space for the entries in all menus. Also, the sub-menu to set up an OBFS4 relay server on the TorBox looks now more similar than the Countermeasure sub-menu.
• Improved: Restarting tor is now accessible from the Main menu.
• Improved: The slack space of the TorBox image is now overwritten by zeros (with the program zerorfree). This probably is why the compressed image of TorBox v.0.4.1 is almost 220 MB smaller than the image of TorBox v.0.4.0 (thanks goes to rsaxvc for the suggestion, see details in issue #39).
• Experimental: “Shellinabox” added to the TorBox and setup on port 9000. With “Shellinabox”, users can access the TorBox main menu through a web browser using https://192.168.42.1:9000 on a WiFi client and https://192.168.43.1:9000 on a cable client. Unfortunately, with the self-signed certificate for its secure connections, browsers will show a warning message during the first connection, which has to be ignored. To use a secure connection between the web browser and Shellinabox, the user must accept this certificate. We are eager to hear your feedback on “Shellinabox”. Do you know better alternatives? Let us know!

How to update from TorBox v.0.4.0 (10.04.2021)?

To update a TorBox v.0.4.0 (10.04.2021) installation, you can perform the following tasks. This deletes all your custom made configuration but not alter your bridge relay keys. Nevertheless, we recommend, if possible, using the new image.

1. Please, make sure that TorBox has Internet connectivity.
2. Update the system: Go to the Update and Reset sub-menu, update the base system, the TorBox menu (entry 1 and 5) and after that, update to the newest version of tor (entry 4).
3. To ensure that all necessary packages are installed, execute the following commands (please, make sure that you copy the entire line!):

sudo apt-get -y install hostapd isc-dhcp-server obfs4proxy usbmuxd dnsmasq dnsutils tcpdump iftop vnstat links2 debian-goodies apt-transport-https dirmngr python3-pip python3-pil imagemagick tesseract-ocr ntpdate screen nyx git openvpn ppp tor-geoipdb build-essential shellinabox

4. Replace the changed configuration files:

# Backup in case
sudo cp /etc/tor/torrc /etc/tor/torrc.bak
# ATTENTION: This will overwrite your modifications as well as the configuration for the OBFS4 bridge relay
# If you run a bridge relay use "backup/restore the Bridge Relay configuration"
sudo cp etc/tor/torrc /etc/tor/
sudo cp etc/motd /etc/
sudo cp etc/hostapd/hostapd.conf /etc/hostapd/
sudo cp etc/default/shellinabox /etc/default/shellinabox
sudo mv /etc/shellinabox/options-enabled/00+Black\ on\ White.css /etc/shellinabox/options-enabled/00_Black\ on\ White.css
sudo mv /etc/shellinabox/options-enabled/00_White\ On\ Black.css /etc/shellinabox/options-enabled/00+White\ On\ Black.css
sudo systemctl restart shellinabox.service
sudo cp torbox/etc/hostname /etc/
sudo cp torbox/etc/hosts /etc/

The commands above should work. Alternatively, you could also go to the Update and Reset sub-menu and reset the entire TorBox configuration from there (entry 8).

5. Reboot TorBox.

Known problems and bugs

• BUG: Using the installation scripts with the option –select-torbox or using the EXPERT option in changing/updating tor with the Update and Reset sub-menu doesn’t show all relevant recent tor versions. You can fix these bug by updating the TorBox menu (update and reset sub-menu entry 5). BUG FIXED✔︎
  .

• LOOK&FEEL: Tor displays the following warning: “You have a ControlPort set to accept connections from a non-local address. This means that programs not running on your computer can reconfigure your Tor. That’s pretty bad, since the controller protocol isn’t encrypted! Maybe you should just listen on 127.0.0.1 and use a tool like stunnel or ssh to encrypt remote connections to your control port.” This warning is generated because the Tor Control Port (9051) is now accessible from clients (see details in issue #46). However, if you control the clients and/or if you change the password of the Tor Control Port (entry 3 in the Configuration sub-menu), it doesn’t constitute a security risk. If this is not acceptable, the following entries can be removed from /etc/tor/torrc:
  ControlPort 192.168.42.1:9051
ControlPort 192.168.43.1:9051
  Don’t remove ControlPort 9051!! Our plan for TorBox v.0.4.2 is to disable the accessibility of the Tor Control Port from clients again as default but to integrate into the Configuration sub-menu an option to enable/disable the accessibility.

Your feedback is welcome!!

We hope this version pleases you. However, we are dependent on feedback. It is not just about fixing bugs and improving usability, but also about supporting additional interfaces and hardware in future releases:

• What do you like?
• What should be improved (why and how)?
• What would you like to see next? Which features do you request?