[guardian-dev] Hi, i' new

Hans-Christoph Steiner hans at guardianproject.info
Mon Nov 14 08:25:54 EST 2016 

I forgot to mention, Orbot is set to use `CookieAuthentication`, so even
if your app connects to the TCP socket, it shouldn't be able to do
anything. If you have root, then of course you can get that cookie and
use it.

.hc

Hans-Christoph Steiner:
> 
> Hmm, this sounds like a bug report then :-/  Apps should not be able to
> use the control port, as far as I know.  I don't think its possible to
> allow apps to use the Tor control port in a secure way, unless there is
> some kind of query-only "guest" mode.
> 
> Orbot should really use ControlSocket to use a UNIX domain socket on the
> filesystem so it can be protected by file permissions.
> 
> .hc
> 
> arrase:
>> NetCipher looks good, but, is there a method to find the orbot control port?
>>
>> I was reading the library and i cannot see a method to connect to the
>> daemon and i would like to manage my own hidden service.
>>
>> I don't understad why orbot uses a random port every run for control port,
>> do not adds an extra securety layer, is only tedious
>>
>> now i'm parsing proc file to catch the port number
>>
>> 2016-11-14 12:54 GMT+01:00 Hans-Christoph Steiner <hans at guardianproject.info
>>> :
>>
>>>
>>> Hi, welcome!
>>>
>>> If you want to add Tor support to apps, you'll definitely be interested
>>> in our NetCipher library, which is where we do all our Tor integration
>>> work:
>>>
>>> https://github.com/guardianproject/netcipher
>>>
>>> .hc
>>>
>>> arrase:
>>>> Hi, I'm interested in developing applications under Tor and I've known
>>> your
>>>> project, I find it interesting.
>>>>
>>>> Here is my github:
>>>>
>>>> https://github.com/arrase
>>>>
>>>> I am currently interested in writing something like TorChat or Ricochet
>>> for
>>>> android
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>>
>>>
>>> --
>>> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
>>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

More information about the guardian-dev mailing list