TorBox v.0.5.1 released — smashing Bugs

Honestly, TorBox v.0.5.0 was not one of our finest. When I started to fix some known problems and bugs almost a month ago, I found so much more. It was time to go into details and especially to fix to code added with version 0.5.0 – row by row. This version should run more reliable and stable than the versions before. Nevertheless, we also added and updated some of the features. However, once again, it shows also the importance of user feedback. Please report to us your problems and found bugs. We also need to know what you would like to see next and which features you request? With the TorBox GitHub repository, it is straightforward for everyone to report issues or change the code and propose it in a pull request

TorBox Image (about 1 GB): v.0.5.1 (19.07.2022) – SHA-256 values
TorBox Menu only: v.0.5.1 (19.07.2022) – SHA-256 values

Since we had to install additional software packages and update the configuration files, it is necessary to use the new image or reinstall TorBox using one of our installation scripts.

Main Menu TorBox v.0.5.1
Main Menu TorBox v.0.5.1

• • •

Changelog: v.0.5.0 –> v.0.4.0 (19.07.2022)
  • Update: The system is based on Raspberry Pi OS “Bullseye” lite (64 bit) with Linux Kernel 5.15.32 and Tor version 0.4.7.8. This version fixes several bug fixes, including a high severity security issue categorised as a Denial of Service. Everyone running an earlier version should upgrade to this version. Also, congestion control should improve traffic speed and stability on the network once most exit nodes upgrade. You can find more details about it in proposal 324 in the torspec.git repository. All installation scripts are updated to work with Raspberry Pi OS “Bullseye”, Debian 11 and Ubuntu Server 22.04 LTS. Additionally, we also updated TorBox’s internal list of OBFS4 bridges.
  • Update: The installation script for Raspberry Pi OS had to be updated to work with the new Raspberry Pi OS images released in April. Also, starting with this version, TorBox will be only tested on the 64 bit version of the respective OS (Raspberry Pi OS, Debian and Ubuntu).
  • Update: vitor from nyxnor’s onionwash repository
  • Update: the additional network driver so that they work with the new Linux kernel (unfortunately, Fars-Robotics didn’t update their network driver since October 2021).
  • New: webssh replaces shellinabox, which seems it is not maintained anymore. With webssh, users don’t need a ssh client because every web browser can now jump in as a ssh client. A user on a wifi-client can type 192.168.42.1, someone on a cable-client 192.168.43.1. This functionality comes with a certain risk because webssh is not encrypted (this would need a self-signed certificate, which the browser doesn’t support easily). However, this shouldn’t cause any problems because the TorBox AP and its wlan or the connection cable should be controlled by you. By default, webssh cannot be accessed from the Internet. If you seek maximum security, you still can keep using an ssh client and even deactivate the webssh functionality in the Configuration sub-menu (entry 11). 
  • New: There is a new way to pass through captive portals by SPOOFING the MAC address of a device that passed the captive portal successfully. Tests showed that some captive portals could be better overcome with the old method (TUNNELLING), some function better with SPOOFING and some need combined both ways. See here for more information.
  • New: Starting with this version, TorBox randomises the MAC addresses on wlan0, wlan1, eth0 and eth1 by default. You can change that behaviour and set your own MAC address in the Configuration sub-menu (entry 8).
  • Fixed: TorBox will not try to back up the OBFS4 Bridge Relay configuration if there is no such configuration.
  • Fixed: It is impossible to simultaneously run the countermeasure against tightly configured firewalls and Snowflake, Meek and the OBFS4 Bridge Relay. This fix will prevent such a setting.
  • Fixed: A bug broke the functionality on ppp0 and usb0. Also, before executing pon, TorBox will check if pppd is already working and shut it down.
  • Fixed: Due to a little bug in the script, The menu entry, which should only activate OBFS4 bridges, which are ONLINE, fails to activate the OBFS4 mode properly. This bug prevents TorBox from deactivating the OBFS4 lines in the tor configuration file. Both are fixed.
  • Fixed: Onion Service name bug (fixed by nyxnor).
  • Improved: To prevent future bugs in the releases, a shellcheck Github action will be triggered with every pushed commit on the master repository.
  • Improved: Local DNS resolution will be solely resolved through tor. This means that TorBox will not be able to resolve DNS requests from the local terminal if tor is not running. However, some functions, like Snowflake, Meek and time synchronisation, need clearnet DNS resolution to work without a running tor, but in this case, clearnet DNS resolution is explicitly activated for that purpose, and the user is asked or informed beforehand. DNS resolution from clients will always be made through tor, regardless of the settings. With the following commands in the terminal, local clearnet resolution can be set on/off (we will add that later in a “toxic “menu):
# Turn local clearnet DNS resolution on
sudo iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:9053
sudo iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:9053
sudo systemctl restart dnsmasq
# Turn local clearnet DNS resolution off
sudo systemctl stop dnsmasq
sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:9053
sudo iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:9053

  • Improved: The use of Onion Services, sharing folder and TFS. For example, the sharing folder functionality and TFS can use every folder inside /var/www regardless of the name of the Onion Service. This gives the possibility that an Onion domain named x.onion can share the folder /var/www/to_be_shared, and at the same time, TFS can control up- and/or downloads to/from the same folder using the Onion domain y.onion.
  • Improved: TFS can be started multiple times with different Onion domains. The file list is now alphabetically sorted. The message below the top banner can now display multiple lines (separated by a \n). You can go into a sub-folder if you click on them, and if you start an upload in such a sub-folder, the uploaded files are placed there. Selecting multiple files and folders is now supported – they will be downloaded and compressed in a .zip file to the local client.
  • Improved: Resetting Tor and enforcing a change of the permanent entry node in the update and maintenance sub-menu doesn’t deactivate the bridge and bridge relay mode anymore.
  • Improved: Turning systemd-journald.service off by default to further reduce the logs.

Update your TorBox

Six months have passed since the initial release of TorBox v.0.5.0. Version 0.5.1 will probably be released at the end of this year. Nevertheless, it was time to fix some bugs in version v.0.5.0 (especially concerning using OBFS4 bridges). If you re-install TorBox (using the image file or one of the installation scripts), in the case of Raspberry Pi OS, you will find the 64bit version with the Linux kernel 5.15.32 and Tor version 0.4.7.8.

Also new in the update: The MAC addresses of the network interfaces are now randomized. At the same time, a new way of overcoming captive portals is introduced, which is based on manipulating the MAC address of the Raspi network interface that is connected to the Internet (we have already reported on this in the blog here; however, details about the implementation and use can be found here).

TorBox provides two approaches to passing through a captive portal: SPOOFING or TUNNELLING. The new and preferred method is SPOOFING.

Here are the links to the new updated TorBox v.0.5.0 version (Update 001):

TorBox Image (~1 GB) : v.0.5.0 (03.07.2022) – SHA-256 values
TorBox Menu only: v.0.5.0 (03.07.2022) – SHA-256 values

• • •

How to update an old TorBox v.0.5.0 (02.01.2022) installation?

You can perform the following tasks to update an older TorBox v.0.5.0 (02.01.2022) installation. This shouldn’t alter your custom-made configurations – however, I don’t promise anything (if needed, make a backup!).

  1. Please, make sure that TorBox has Internet connectivity.
  2. First, update the TorBox menu in the Update and Maintenance sub-menu (entry 5) to immediately benefit from the bug fixes.
  3. Update the base system, the additional network drivers and the Tor version: Go to the Update and Maintenance sub-menu and use entries 1, 2 and 4.
  4. Press ESC until you have left the Torbox menu and find yourself back at the command line. Here use the following commands:
    sudo apt-get -y install macchanger
    cd; cd torbox; sudo cp etc/rc.local /etc
  5. Reboot TorBox.

• • •

We need your feedback!!

We hope this version pleases you. However, we are dependent on feedback. It is not just about fixing bugs and improving usability but also about supporting additional interfaces and hardware in future releases:

  • What do you like?
  • What should be improved (why and how)?
  • What would you like to see next? Which features do you request?

With the TorBox GitHub repository, it is straightforward for everyone to report issues or change the code and propose it in a pull request. Because we continue to travel around, it sometimes needs more time to address the problems and proposals.

For future versions, it is essential that we know what you need and want to see from the Onion Services implementation. Please feel free to use the discussion forum to tell us your needs.

• • •

Known problems and bugs
  • BUG: The latest official version (4.0.x) of the Python module Django will break the upload functionality. The bug can be fixed with the following command:
    sudo pip3 install Django==3.2.14
    The installation scripts are already fixed. However, the image file is not fixed yet — PENDING! 
  • BUG: The SPOOFING method to pass through captive portal is broken due to a bug. Also the example in the dialog suggests that the elements of the MAC address is seprated by a “-” instead of an “:”, which leads to an error message. You can fix the bug by updating the TorBox menu (update and maintenance sub-menu entry 5). However, the image file is not fixed yet — PENDING! 
  • BUG: Using bridges, following error is appearing: line 118+119: online_check: command not found" (no connection to bridge database). This is because of a change of the path of the torbox library (torbox.lib), which uses a ~ . This wasn’t a good idea – we changed to the absolute path. You can fix the bug by updating the TorBox menu (update and maintenance sub-menu entry 5). However, the image file is not fixed yet — PENDING!