IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2023/04/18
dr|z3d "Garcia allegedly told an undercover agent that he would be comfortable torturing victims and taking trophies such as fingers or ears, that he owned an AR-15 rifle, and that he accepted an envelope with $2,500 in cash as a down payment for killing the fictional client's abusive husband."
obscuratus dr|z3d: A user in #i2p and #i2p-chat (<xeiaso_>) has been cross posting an allegation of an I2P de-anonymization bug.
obscuratus I'm not sure there's any merit to it, but I hate to leave allegation hanging out there.
dr|z3d obscuratus: yeah, RN informed me. I've passed the link over to orignal
dr|z3d Smells like prime bullshit to me.
dr|z3d Of all the places to post a possible bug, an image board isn't one of them. Unless you're trying to impress your teenage buddies.
obscuratus I don't see the de-anonymization. If target=<us> and tunnelid=null, all your doing is saying "Yes, I am the I2P router at this address".
obscuratus That's not de-anonymization. everyone already knows this.
obscuratus If the target was a lease-set, that would be another story.
dr|z3d It's a lot of noise and not much else afaict.
dr|z3d That and a less than stellar grasp of the router internals.
dr|z3d there's even some commented text further down..
dr|z3d // ok, they want us to send it remotely, but that'd bust our anonymity,
dr|z3d // so we send it out a tunnel first
dr|z3d // TODO use the OCMOSJ cache to pick OB tunnel we are already using?
dr|z3d are you working on anything code-wise, obscuratus?
obscuratus dr|z3d: Errr, so, as it turns out, I'd already been looking at this snippet of code. Back on Feb. 8, when we were having all kinds of "attacks", I added some debugging at that spot in InboundMessageDistributor.java.
obscuratus I'd back-burnered it. I thought we addressed the issues I was looking at.
dr|z3d anything useful in the debug logs?
obscuratus But, I added some debugging around that spot, and I'm going back and looking at some of the result I'm seeing now if I activate that debugging.
obscuratus There's a surprising amount of traffic that goes through that spot.
obscuratus Most of it is target: Null and Tunnelid" Null
dr|z3d interesting. either malformed packets, perhaps, or something more sinister.
dr|z3d could be a half-baked, buggy implementation.
obscuratus It's hard to follow the flow. When the message is distrubited, it goes to another thread. There's always a torrent of garlic messages, and you have a break that makes it difficult to associate the message with this section of code.
RN so, your'e saying, it is obscure?
obscuratus So much was going on back in February, I'm trying to remember what I was even looking at then.
RN Σ:Đ
dr|z3d don't encourage her :)
RN
obscuratus It's a mystery.
dr|z3d her as in female gender.
dr|z3d aka "her" :)
obscuratus But I have my opinions.
obscuratus It's a tricky section of code. You receive a garlic message from who-knows-where, and have some structure for how to pass it through.
dr|z3d sure, there's probably a certain amount of intention in the obscurity of the message path.
obscuratus So, I guess the allegation is: Can someone directly send you a garlic message through the mentions portion of code, and then be received as a destination that is supposed to be obfuscated.
obscuratus So they send a messsage directly, but disguise it as addressed to a tunnel destination.
obscuratus I don't think we work that way. But that seems to be the allegation.
obscuratus dr|z3d: xeiaso__ is asking for voice.
dr|z3d voice him up :)
xeiaso__ thanks
xeiaso__ It's the other way round. Sent to a destination, but the if statement compares it to the router.
xeiaso__ And target and tunnel both being null is normal
obscuratus OK, should be easier. Audit the code to make sure "target" can't be a destination. I *THINK* target can only be a router distination.
xeiaso__ "target" is whatever the person crafting the packet wants it to be
obscuratus So, router destination is different from a tunnel destination.
obscuratus I hope. :)
xeiaso__ target could be *anything*
obscuratus xeiaso__: I think the two are inherently different, but we should audit the code to make sure.
xeiaso__ the two are both hashes
obscuratus I don't think you can pass target as a tunnel destination and mean anything.
xeiaso__ 32 bytes
xeiaso__ Target doesn't need to be passed anywhere. Just compared to the router hash.
obscuratus xeiaso__: Just because they're the same size doesn't mean they're handled the same.
obscuratus xeiaso__: OK, so you send a message to the router hash, and it replies that: "Yes I'm that router hash". That doesn't leak anything that's not already known.
xeiaso__ No, you sent a message to a destination and you hear back.
obscuratus Then tunnel_id wouldn't be null.
xeiaso__ tunnel id is read from a packet
obscuratus OK, so you send a message down my anonymized IRC tunnel, with my router as the destination, and we would acknowledge?
obscuratus In this case, neither tunnel_id is null, nor the destination.
xeiaso__ The IBGW of your tunnel normally decides to sent it with target == null and tunnel == null
xeiaso__ But it can do whatever the hell it wants
xeiaso__ It can sent the packet down the tunnel with target == <your router> and tunnel == null
xeiaso__ So pretty much, yes.
obscuratus xeiaso__: OK, helpfull. So the scenario is we receive a message down a tunnel associated with us (such as our IRC tunnel). We get confused and acknowledge that we are actually the router at the end of this tunnel, which is suppoese to be hidden.
xeiaso__ dr|z3d: Someone asked this #i2p:
xeiaso__ >does anyone known if there will be an 2.2.1+ update soon for i2p+? My router accidentally updated to 2.2.1. In the meantime, would it not be a bad idea to go back since this update doesn't have that many crucial fixes in my case at least?
dr|z3d xeiaso__: they can just pull the latest update.zip manually, copy to their app dir and all will be good. there's no imminent 2.2.1+
obscuratus I *think* the tunnel variable is the inbound tunnel, so it wouldn't be null.
xeiaso__ Look on line 52. "tunnel" is a TunnelId.
obscuratus xeiaso__: Anyhow, thanks, that was specific, and we can audit for that scenario.
obscuratus xeiaso__: That has to be the inbound tunnel. We don't even know the outbound tunnel until we decrypt the message, which we haven't done yet.
dr|z3d xeiaso__: alternatively, depending on when they updated to the vanilla i2p, they might just be able to check for updates on /configupdate and find a new I2P+ update
dr|z3d they could also hop in here for help :)
RN I've been encouraging them to drop in here... they got scared away before becaus they didn't have voice, and they're kinda new to irc
xeiaso__ Yes, this is at the end of an inbound tunnel.
dr|z3d you can voice them when they come in, RN. you have the power :)
RN that was the plan
dr|z3d well, if they're using I2P+ and having issues updating, they should be hanging out here. tickle them this way. :)
dr|z3d the update to canon when I didn't want to in I2P+ should be fixed in the latest builds, btw.
obscuratus xeiaso__: So, you're speculating that you can craft a malevolent router (not at all impossible) that will target a tunnel, such as an IRC tunnel, and run messages down it with random specific router destinations, and see if one hits?
xeiaso__ And you can try as many times as you want.
obscuratus OK, we can audit the Inbound Message Distrubitor, and see if that's possible.
dr|z3d have they registered to nickserv, RN?
obscuratus But, at first glance, that's not the section of code highlighted by lambdaplusjs. Neither tunnel_id or target is NULL in this scenario.
xeiaso__ 39096?
xeiaso__ The only Java I2P code highlighted contains "_context.routerHash().equals(target)".
xeiaso__ In any scenario, the IBGW chooses the delivery instructions.
RN yeah, they just haven't joined here
obscuratus xeiaso__: You only get to "_context.routerHash().equals(target)" if target=NULL and tunnel=NULL, right?
xeiaso__ What prevents them not both being null?
dr|z3d you should probably register your nick, too, xeiaso__
dr|z3d Blinded message
xeiaso__ I thought I already did that.
dr|z3d apparently not, at least not on that nick. try removing the __
dr|z3d also see /msg nickserv help group
obscuratus xeiaso: OK, so we receive a stray message down our IRC tunnel, with the intent of tricking us to divulge that we are router <Us>. We'll need to look at that.
obscuratus But, I'm not seeing it right off.
xeiaso If the router isn't <us>, our stray message doesn't make it to the destination.
xeiaso But if it is <us>, then the destination gets out message.
obscuratus But it's coming down a tunnel, so tunnel!=NULL
xeiaso Wrong. The tunnel variable is a TunnelId and may be null.
obscuratus And if it only makes sense if target==<us>.
xeiaso It only reaches the destination if target==<us>
obscuratus HHmmm, so we receive a message down our IRC tunnel, but the IBMD sees it a tunnel==NULL?
obscuratus Remember, tunnel is the source tunnel, we don't even know the dest tunnel (if there is one) yet.
xeiaso What do you mean by source tunnel?
obscuratus Such as an IRC tunnel.
xeiaso Right, so an IRC tunnel that belongs to an IRC destination.
obscuratus destination is the wrong term, because it actually inbound. But I think we're talking about the same thing.
obscuratus From the perspective of the attacker, yes, it's a destination.
xeiaso inbound tunnel to our destination
xeiaso destination being an addressable thing
obscuratus Yes, and supposedly anonymous
xeiaso hopefully anonymous :^)
obscuratus I don't think we receive a message down a tunnel without the IMDB tunnel being "NOT NULL".
xeiaso Not normally. But not necessarily.
RN IMDB? or IBGW?
obscuratus Argh, I mean Inbount Message Distrubutor.
obscuratus xeiaso: I think it is necessarily, be we can check that assumption/assertion.
xeiaso Tunnels, both inbound and outbound, use the same delivery instruction format.
obscuratus Can a message come down a tunnel to the IBMD with tunnel still being NULL? I assume no, but that's auditable.
xeiaso It's just by convention the IBGW only sends LOCAL delivery type
obscuratus And just to clarify, I do see a lot of messages with target==NULL and tunnel==NULL
xeiaso Yes that's normal.
obscuratus xeiaso: You seem like you've poked around this stuff considerably. :)
xeiaso Not a lot. Just enough to follow along the flow of some packets.
obscuratus please feel free to comment there.
obscuratus xeiaso: The number of people who can follow packets are quite rare. Good Job. :)
xeiaso My day job is at a packet handling company after all :)
obscuratus I/We will have to try to figure out how a packet can come down a tunnel, and have the variable "tunnel" == NULL in the IBMD.
xeiaso Line 376 uses the target and tunnel id from a garlic clove.
xeiaso That is 100% under the control of an adversary
obscuratus ? distribute(data, instructions.getRouter(), instructions.getTunnelId());
xeiaso That's it.
xeiaso Has anyone notified orignal about this?
dr|z3d he's been informed of your image board post. which, while we're on the subject, is just about the worst place to post if you want to be taken seriously.
xeiaso Well, I found it at least.
xeiaso and what do you mean by "your"?
dr|z3d your image board post. presumably that was you posting to the tor image board?
xeiaso No. I came across it and brought it up here.
dr|z3d oh, sorry, I thought you were the poster.
dr|z3d anyways, a belated welcome to the channel, and indeed the network if you're new here :)
xeiaso Here's a thought experiment: Mallory sends a letter that starts with "Dear Alice" to P.O. box X. Mallory receives no reply. She repeats the process but starts the letter with "Dear Bob". Still no reply. But when she starts the letter with "Dear Carol" she gets a reply in the mail that says "Dear Mallory, thank you for your letter. Signed P.O. box X". Mallory concludes that Carol is the one behind P.O. box X. How
xeiaso does Mallory know this?
eyedeekay I'm still not convinced of the basic thing, that carol will reply at all
RN Carol is on spring break holiday. Good luck getting a reply.
obscuratus Hhhmm, are all the paste bins down?
eyedeekay Mine is, cake should be up though
dr|z3d yeah, cake's good.
dr|z3d welcome back, eyedeekay
dr|z3d cake's also good if you want to add some free syntax highlighting, assuming you have a file that qualifies for the treatment
eyedeekay Thanks doc
dr|z3d I got an idea for you I've been thinking about for a while, eyedeekay
dr|z3d A console-wide api for UI form elements.. radios, checkboxes and dropdowns etc.
dr|z3d snark ui options are more or less workable, but the console is an absolute nuisance to add any ui stuff to when it comes to form elements.
dr|z3d one might argue that the ui is already fairly well provisioned, UI-wise, but I'd counter and say that there are plenty of options that would work nicely in the UI in advanced mode on the /configadvanced page, for example.
eyedeekay dr|zed that's an interesting take but is there any extant system for this we could use/adapt? Or is our system too intractable to do that and we must ryo?
eyedeekay 10,99eyedeekay:99,99 dr|zed that's an interesting take but is there any extant system for this we could use/adapt? Or is our system too intractable to do that and we must ryo?
dr|z3d good question, eyedeekay
dr|z3d something like formio.net/index.html perhaps?
eyedeekay Yeah exactly something like that
eyedeekay Probably a non-zero migration effort, but maybe with payoffs in the end
dr|z3d yeah, we'd probably want to use it for new stuff initially to reduce the workload, and then migrate existing stuff over time, no?
dr|z3d wouldn't want to tackle all the existing stuff in one go. that would be work++
dr|z3d anyways, good documentation, seems reasonably well maintained.
eyedeekay Maybe, but I am thinking about what I want from a move like that and what I want, and what I want is to make working on extant apps easier, so maybe we pick one and migrate it as an experiment
dr|z3d sure, sounds like a good starting point. maybe susimail is a good candidate.
dr|z3d not too much going on in the UI there, and you're already looking at it.
dr|z3d or we could just choose a single page in the console and tackle that.
eyedeekay Fringe benefits to such a migration, too, there are a lot of checks in susimail that might become clearer if the UI were done differently
dr|z3d no doubt. susimail could do with some abstraction, it's super old and hasn't been touched much in the last 15y.
dr|z3d that monolithic WebMail.java I'm thinking of specifically. would be handy to pull some of that out into jsps.
eyedeekay Yeah to say the least, been picking it(WebMail.java) apart over here and I basically don't think I can do anything well until I can turn that unto jsp
dr|z3d might be handy to start with i2p+'s mods, dunno. see if that's a better starting point.
dr|z3d things like being able to see the mail headers without viewing the page source never hurt :)
dr|z3d there's another thing you might want to do, easy win. do a global search and replace for trailing spaces :)
dr|z3d guaranteed not to break anything, I did that on the i2p+ codebase a long time ago.
end50 Hey, I finally have voice! That's nice.
end50 I got here from the I2P+ main menu, in fact I'm pretty new to I2P itself.
dr|z3d welcome, welcome. for extra points, you may wish to register your nick via /msg nickserv register choose_a_password fake@mail.com
dr|z3d new is good. we were all new once :)
end50 Oh, I might as well get an i2p email address then.
dr|z3d you can supply a fake address, it's only used for password recovery (if a correct one is supplied).
dr|z3d that said, no harm in getting yourself an @mail.i2p address.
dr|z3d which can also be addressed as @i2pmail.org for clearnet communication.
dr|z3d was it you who RN mentioned having an issue with i2p+ updates?
end50 That's cool. I use keepassXC so I do not actually need any recovery, but since I find I2P to be very cool I plan on getting an address.
end50 And no, it wasn't me.
end50 By the way, since I'm new, I wanted to ask is there anything I should know about I2P that I'm not aware of already? Any tips and/or tricks that may be useful to me?
dr|z3d I was going to say, some people forget to enable the update checker for i2p+ on /configupdate
end50 Already done so not an issue.
dr|z3d well, we don't know what you're aware of, so hard to say :)
end50 In fact, barely anything
dr|z3d if you like the rolling-release type approach, the /dev/ url is recommended.
end50 I'm fine with stable.
end50 I do plan on browsing I2P a lot more and learning how it works and stuff, been a good while since I have been this interested in something.
dr|z3d the stable url will occasionally update with point releases if there's bug fixes or shiney new stuff that's tried and tested. not often, but sometimes.
end50 Got it.
dr|z3d well, if you haven't already had a good look around /help/ you should probably do that.
end50 Took me long enough to realize it was there, lol
dr|z3d another thing you might not have noticed is the sortable tables in various places. if you hover over the table column headings, you'll be able to tell if the table is sortable.
dr|z3d collapsible sidepanel sections you've probably already worked out.
end50 I'll see, there are a lot of things to check out in the menu so it's a tad bit overwhelming
end50 I believe that's a good thing, though.
end50 I like overly-configurable things.
dr|z3d sure, takes some time to get a hang of things. don't forget tooltips, plenty of those around to help you navigate :)
end50 I am looking at the postman.i2p registration page but one of the rules say, "Delete your account, when you're done testing or finished playing around". What if I want to have the email indefinitely as a personal one?
end50 It's a bit vague. Confusing.
dr|z3d hq.postman.i2p ?
end50 Yup.
dr|z3d no need to delete your account, it's probably suggesting you do that _if_ you just want to test things out.
dr|z3d otherwise, your account will remain active while you use it. I think there's something like a once in 90 days requirement.
end50 That's understandable.
RN yes dr|z3d I did a while back... turned off auto...
RN also another user yestarday was asking about it
dr|z3d ok, RN, thanks, hopefully you resolved the issue for them.
RN yeah, they grabbed the updater file from skank
dr|z3d ok, great, thanks.
RN but then never took up on the invite to join here
RN [thumbs-up]
dr|z3d RN: if they register their nick before joining the channel, I'll auto-voice them when they join, if you want to relay that.
dr|z3d anyone with an i2pforum acct running I2P+ who wants to contribute to this thread, feel free. i2pforum.i2p/viewtopic.php?p=2721&sid=13a7f77d5698165ae77a4b3637ca5a1b#p2721
RN yep, they had a reg'd nick... just haven't seen them today