Microsoft CNG/CryptoAPI Tor Protocol Implementation PoC

ID N0WHERE:171939
Type n0where
Reporter N0where
Modified 2017-08-06T19:49:10


mini-tor is a proof-of-concept utility for accessing internet content and hidden service content (.onion) via tor routers. this utility is aiming for as smallest size as possible (currently ~47kb, compressed with kkrunchy ~20kb), which is achieved by using Microsoft CryptoAPI/CNG instead of embedding OpenSSL.


accessing internet content via mini-tor:

> mini-tor.exe ""

accessing hidden service content via mini-tor:

> mini-tor.exe "http://duskgytldkxiuqc6.onion/fedpapers/federndx.htm"

it can even access https content:

> mini-tor.exe ""
> mini-tor.exe "https://www.facebookcorewwwi.onion/"

add -v, -vv or -vvv for verbosity:

> mini-tor.exe -v "http://duskgytldkxiuqc6.onion/fedpapers/federndx.htm"
> mini-tor.exe -vv ""
> mini-tor.exe -vvv "https://www.facebookcorewwwi.onion/"

you can disable logging by commenting out #define MINI_LOG_ENABLED in mini/logger.h . this will also result in fairly reduced size of the executable.


  • mini-tor supports both TAP & NTOR handshake.
    • TAP uses ordinary DH with 1024 bit exponent.
    • NTOR is newer type of handshake and uses curve25519.
    • you can control which handshake is used by default by changing preferred_handshake_type in mini/tor/common.h
  • mini-tor can use either CryptoAPI or newer CNG api.
    • configurable via mini/crypto/common.h .
    • note that curve25519 is supported by CNG only on win10+.
    • there is a _ curve25519-donna _ implementation included. you can enable it by setting MINI_CRYPTO_CURVE25519_NAMESPACE to ext to get it running on older systems.
    • note that cng::dh<> will work only on win8.1+, because of usage BCRYPT_KDF_RAW_SECRET for fetching shared secret.
    • you can use capi::dh<> by setting MINI_CRYPTO_DH_NAMESPACE to capi .
    • anything else should run fine on win7+ (anything older is not yet supported).
  • mini-tor creates TLS connections via SCHANNEL (look at mini/net/ssl_socket.cpp & mini/net/detail/ssl_context.cpp ).
  • mini-tor does not use default CRT or STL, everything is implemented from scratch.
  • older version of mini-tor based purely on CryptoAPI can be found in git tag ms_crypto_api (unmaintained).


compile mini-tor using Visual Studio 2017. solution file is included. no other dependencies are required.

Microsoft CNG/CryptoAPI Tor Protocol Implementation PoC