Hidden chat with Whonix and socat

2018-12-16 09:43:00

Back in 2013 I wrote about using socat with Tor to setup a Hidden Service chat. It was pretty simple to setup and I wanted to see how much harder it would be to do with Whonix , since the Gateway handles Tor and the Workstation should run socat. Ends up it isn’t hard at all.

On the Gateway you need to edit /usr/local/etc/torrc.d/50_user.conf (as root) and add a Hidden Service to it:

HiddenServiceDir /var/lib/tor/hidden-chat/
HiddenServicePort 2330 10.152.152.11:2330

This uses the IP of the Workstation instead of localhost, socat will be running on the Workstation where we’ll need to open up the port so that the Gateway can connect to it when it gets a Hidden Service request.

Restart Tor on the gateway by running sudo systemctl restart tor and make sure that it comes back up and is working. If not, check the syntax of what you added to 50_user.conf and try again.

Get the new .onion service’s hostname from /var/lib/tor/hidden-chat/hostname and write it down. It is also a good idea to back up that directory since it contains the private key for the service and if you lose that you lose the hostname.

On the Workstation you need to open up port 2330 so that the Gateway can connect. You do this by editing /etc/whonix_firewall.d/50_user.conf and adding this:

EXTERNAL_OPEN_PORTS+="2330"

Restart the firewall with the new settings by running sudo whonix_firewall, make sure the Tor browser is still functioning properly.

Now you can run socat as a listener on the Workstation:

socat TCP4-LISTEN:2330,bind=10.152.152.11,reuseaddr STDIO

I used STDIO here intead of READLINE because the Debian version of socat doesn’t support READLINE.

Now you can send the hostname to anyone you want to chat with and wait for them to connect using this on their system:

socat STDIO SOCKS4A:127.0.0.1:ADDRESS.onion:2330,socksport=9050

ADDRESS is the .onion address from your /var/lib/tor/hidden-chat/hostname file. eg. 6z52kb2p4jfaqkj6.onion. Replace STDIO with READLINE if you are running on Debian. And they must already have Tor running on their system – running it from a Whonix Workstation for example.