You might have encountered websites with a pretty onion address that contains a human-readable prefix. I will show you how to get a custom onion address, using your GPU!

Whats an onion address?

An onion address can only be reached through Tor. It’s like a domain name but which ends with onion. Each onion address is a hash of the corresponding public key. This means that each onion address or “domain” can be verified. When you connect to a website using an onion address, it can be verified because the server holds the private key. You cannot host an onion address without having the matching private key. Because it’s just a hash, it looks like random gibberish because it is!

How to get a custom onion address

Because an onion address is a hash of random cryptographic keys, the hash also looks like random gibberish. However, there’s a chance that the random gibberish will look like some piece of text you want. If you generate enough keys and hashes, you will eventually get a text you want, by chance. The more keys you generate, the higher the chance you will get a nice hash.

The old method of generating a lot of those random hashes and finding a match by chance, was to use your CPU. This will get you a few million hashes per second, which sounds fast but is actually really slow. Nowadays, you can use your GPU which can generate a few billion hashes per second.

Facebook has a really nice onion address: facebookcorewwwi.onion which they were lucky to get by chance. While you could easily generate an address that starts with “facebook” by yourself, it is very unlikely that you could find the exact facebook onion address. They supposedly spent around 100.000 USD in electricity and over one week to find it[2]. I did however not find any first party or reputable sources that verify those claims.

The software

You might have found guides yourself, but those are usually outdated with software that only leverages your CPU but not GPU. According to those old guides, finding 8 characters like “facebook” would take supposedly 10 days[2], but using a more modern method that leverages GPU power, it took me a few seconds to find a “facebook” prefixed onion domain.

The software you should use, is called scallion, which you can find on GitHub (link below) which also provides binary releases. It runs on Windows, Linux and Mac, however on Linux and Mac you need to install the mono runtime and call scallion.exe with mono. [3]

Using scallion

Once downloaded and unzipped, on Mac and Linux, once you installed the mono runtime, you simply call it with:

mono scallion.exe

On Windows you call it in the CMD with scallion.exe or in PowerShell with:

.\scallion.exe

For simplicity, I will refer to it in the rest of this article simply as scallion.exe and you can adapt the commands accordingly.

The first thing you will have to do is list your GPUs with:

scallion.exe -l

This will return a list of devices as numbers starting from zero. If you only have one GPU it will just return zero. You can then run scallion using your device of choice, in our example device zero will be used to find an onion address that starts with “test”, which should only take seconds to find multiple ones:

scallion.exe -d 0 test

Once finished, you will get one or more findings listed, together with their private keys. Pick the onion address you like, together with the matching private key.

Using the onion address

Now on your machine running Tor, you will create a directory for the onion service, for example /var/lib/tor/onion_service_test/ with restricted permissions (chmod 700) and inside that directory you will create a file named private_key with restricted permissions (chmod 400) and inside that file you will copy-paste the RSA private key for the matching, chosen onion address.

If doing this on a Debian based system like Ubuntu, make sure the directory and the private_key file are both owned by debian-tor.

You will then edit the Tor configuration (usually /etc/tor/torrc) and add the following lines:

HiddenServiceDir /var/lib/tor/onion_service_test/
HiddenServicePort 80 127.0.0.1:80

And then restart Tor with systemctl restart tor or service restart tor and you should then see the file /var/lib/tor/onion_service_test/hostname appear with the chosen onion address!

If you now try to access your onion address (might take a few minutes until it’s up and running) with Tor browser, you should see the local web server’s default website. To get a custom website, you just have to configure a website (add one) with nginx, apache or lighttpd or your chosen software as you usually would, but specifying the onion address as server name (domain name)! Easy!

And this is how to get a custom onion address. I hope I helped you out!

Statistics

I tried to generate an onion address with 9 characters, which takes a lot longer than one with 8 characters. On my first try it took 46 minutes to find a matching hash, on my second try it took 3h and 25 minutes. While 7 characters or fewer takes seconds or split seconds for me. I suggest you to stick to a maximum of 8 characters which during my testing usually took a few minutes.

External Links