30/11/2016: Anontwi has been added to GNU (fsf.org).
01/09/2015: AnonTwi v1.1b released.
20/08/2015: Added support for GNUSocial.
14/05/2015: Added support for New API of Twitter (v1.1).
Anontwi - is a tool for OAuth2 applications (such as: GNUSocial, Twitter...) that provides different
layers of encryption and privacy methods.
 + Twitter PoC: 
$ git clone https://github.com/epsylon/anontwi |
#!/usr/bin/python
# -*- coding: iso-8859-15 -*-
"""
$Id$
Copyright (c) 2012/2015 psy 'epsylon@riseup.net'
anontwi is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 3 of the License.
anontwi is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along
with anontwi; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
###################################################################
# See https://en.wikipedia.org/wiki/HMAC#Implementation
# Example written by: michael@briarproject.org
###################################################################
# Constants for AES256 and HMAC-SHA1
KEY_SIZE = 32
BLOCK_SIZE = 16
MAC_SIZE = 20
from os import urandom
from hashlib import sha1, sha256
from Crypto.Cipher import AES
from base64 import b64encode, b64decode
trans_5C = "".join([chr (x ^ 0x5c) for x in xrange(256)])
trans_36 = "".join([chr (x ^ 0x36) for x in xrange(256)])
def hmac_sha1(key, msg):
if len(key) > 20:
key = sha1(key).digest()
key += chr(0) * (20 - len(key))
o_key_pad = key.translate(trans_5C)
i_key_pad = key.translate(trans_36)
return sha1(o_key_pad + sha1(i_key_pad + msg).digest()).digest()
def derive_keys(key):
h = sha256()
h.update(key)
h.update('cipher')
cipher_key = h.digest()
h = sha256()
h.update(key)
h.update('mac')
mac_key = h.digest()
return (cipher_key, mac_key)
def generate_key():
return b64encode(urandom(KEY_SIZE))
class Cipher(object):
"""
Cipher class
"""
def __init__(self, key="", text=""):
"""
Init
"""
self.block_size = 16
self.mac_size = 20
self.key = self.set_key(key)
self.text = self.set_text(text)
self.mode = AES.MODE_CFB
def set_key(self, key):
"""
Set key
"""
# Base64 decode the key
try:
key = b64decode(key)
except TypeError:
raise ValueError
# The key must be the expected length
if len(key) != KEY_SIZE:
raise ValueError
self.key = key
return self.key
def set_text(self, text):
"""
Set text
"""
self.text = text
return self.text
def encrypt(self):
"""
Encrypt text
"""
# The IV, ciphertext and MAC can't be more than 105 bytes
if BLOCK_SIZE + len(self.text) + MAC_SIZE > 105:
self.text = self.text[:105 - BLOCK_SIZE - MAC_SIZE]
# Derive the cipher and MAC keys
(cipher_key, mac_key) = derive_keys(self.key)
# Generate a random IV
iv = urandom(BLOCK_SIZE)
# Encrypt the plaintext
aes = AES.new(cipher_key, self.mode, iv)
ciphertext = aes.encrypt(self.text)
# Calculate the MAC over the IV and the ciphertext
mac = hmac_sha1(mac_key, iv + ciphertext)
# Base64 encode the IV, ciphertext and MAC
return b64encode(iv + ciphertext + mac)
def decrypt(self):
"""
Decrypt text
"""
# Base64 decode
try:
iv_ciphertext_mac = b64decode(self.text)
except TypeError:
return None
# Separate the IV, ciphertext and MAC
iv = iv_ciphertext_mac[:BLOCK_SIZE]
ciphertext = iv_ciphertext_mac[BLOCK_SIZE:-MAC_SIZE]
mac = iv_ciphertext_mac[-MAC_SIZE:]
# Derive the cipher and MAC keys
(cipher_key, mac_key) = derive_keys(self.key)
# Calculate the expected MAC
expected_mac = hmac_sha1(mac_key, iv + ciphertext)
# Check the MAC
if mac != expected_mac:
return None
# Decrypt the ciphertext
aes = AES.new(cipher_key, self.mode, iv)
return aes.decrypt(ciphertext)
if __name__ == "__main__":
key = generate_key()
print 'Key:', key
# Encrypt and decrypt a short message
text = 'Hello world!'
c = Cipher(key, text)
msg = c.encrypt()
c.set_text(msg)
print '\nCiphertext:', msg
print 'Length:', len(msg)
print 'Plaintext:', c.decrypt()
# Encrypt and decrypt a long message
text = 'Gosh this is a long message, far too long to fit in a tweet I dare say,
especially when you consider the encryption overhead'
c = Cipher(key, text)
msg = c.encrypt()
c.set_text(msg)
print '\nCiphertext:', msg
print 'Length:', len(msg)
print 'Plaintext:', c.decrypt()
# Check that modifying the message invalidates the MAC
text = 'Hello world!'
c = Cipher(key, text)
msg = c.encrypt()
msg = msg[:16] + msg[17] + msg[16] + msg[18:]
c.set_text(msg)
print '\nCiphertext:', msg
print 'Length:', len(msg)
print 'Plaintext:', c.decrypt()
AnonTwi runs on many platforms. It requires Python and the following libraries:
- python-crypto - cryptographic algorithms and protocols for Python
- python-httplib2 - comprehensive HTTP client library written for Python
- python-pycurl - python bindings to libcurl
- python-glade2 - GTK+ bindings: Glade support
On Debian-based systems (ex: Ubuntu), run:
- directly:
sudo apt-get install python-crypto python-httplib2 python-pycurl python-glade2
- using setup-tools (http://pypi.python.org/pypi/setuptools):
easy_install "packages"
On Windows systems, is working (tested!) with:
- python 2.7 - http://www.python.org/getit/
- pycrypto 2.3 - http://www.voidspace.org.uk/downloads/pycrypto-2.3.win32-py2.7.zip
- httplib2 0.7.4 - http://httplib2.googlecode.com/files/httplib2-0.7.4.zip
- pycurl 7.19.5.1 - http://pycurl.sourceforge.net/download/
- pygtk 2.24 - http://www.pygtk.org/downloads.html
- using setup-tools (http://pypi.python.org/pypi/setuptools):
easy_install.exe "packages"
------------------------ "Consumer" keys: ------------------------ + To use OAuth you need this tokens: 'consumer key' and 'consumer secret'.
- 1) Create a third party APP on your profile: + GNU/Social
: - Login to your account - Go to: Settings - Click on: "Register an OAuth client application" - Click on: "Register a new application" */settings/oauthapps/new - Fill form correctly * Icon: You can use AnonTwi website logo * Name: (ex: AnonTwi -IMPORTANT!!) -> You must enter a unique name, no entered by others before. Try for example random strings. Ex: AnonTwi27523561361) * Description: (ex: Anontwi -GNU/Social edition-) * Source URL: (ex: http://anontwi.03c8.net) * Organization: (ex: AnonTwi) * Homepage: (ex: http://anontwi.03c8.net) * Callback URL: (ex: http://anontwi.03c8.net) * Type of Application: Desktop * Default access for this application: Read-Write + Twitter
: - Login to your account - Go to: https://apps.twitter.com/ - Click on: "Create New App" * https://apps.twitter.com/app/new- Fill form correctly * Name: (ex: AnonTwi -IMPORTANT!!) -> You must enter a unique name, no entered by others before. Try for example random strings. Ex: AnonTwi27523561361) * Description: (ex: Anontwi -GNU/Social edition-) * Website: (ex: http://anontwi.03c8.net) * Callback URL: (ex: http://anontwi.03c8.net)
- 2) Get your OAuth settings: Click on the name of your new APP connector (ex: AnoNTwi) + GNU/Social:
+ Twitter:
- Open "config.py" with a text editor, and enter tokens (below!)- Remember: * If you go to use shell mode, you should generate your tokens with command: --tokens * For connect using TOR add: --proxy "http://127.0.0.1:8118" - Run ./anontwi or python anontwi (To use interface: ./anontwi --gtk) --------------------- "Token" keys: --------------------- + To use OAuth you need this tokens: 'token key' and 'token secret'. - Launch: ./anontwi --tokens - Follow the link to read your "PinCode" + GNU/Social:
+ Twitter:
- Enter your PinCode - After a few seconds, you will reviece a response like this: "Generating and signing request for an access token Your Twitter Access Token key: xxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Access Token secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + With these tokens, you can start to launch -AnonTwi- commands like this: ./anontwi [-m 'text' | -r 'ID' | -d @user | -f @nick | -u @nick] [OPTIONS] 'token key' 'token secret' + Remember that you can EXPORT tokens like environment variables to your system, to don't use them every time If you did it, you can start to launch -AnonTwi- commands like this: ./anontwi [-m 'text' | -r 'ID' | -d @user | -f @nick | -u @nick] [OPTIONS]
+ To remember:
- Connections to API are using fake headers automatically
- To launch TOR, add this command: --proxy "http://127.0.0.1:8118"
- Check if you are doing geolocation in your messages (usually is 'off' by default)
- You can generate 'token key' and 'token secret' every time that you need
- View output results with colours using parameter: --rgb (better with obscure backgrounds)
- Use --gen to generate STRONG PIN/keys (ex: --pin '1Geh0RBm9Cfj82NNhuQyIFFHR8F7fI4q7+7d0a3FrAI=')
- Try to add encryption to your life :)
-----------------------------------
Retrieve you API tokens, using TOR:
-----------------------------------
./anontwi --tokens --proxy "http://127.0.0.1:8118"
----------------------------------------------------
Generate PIN key for encrypting/decrypting messages:
----------------------------------------------------
./anontwi --gen
PIN key: K7DccSf3QPVxvbux85Tx/VIMkkDkcK+tFzi45YZ5E+g=
Share this key privately with the recipients of your encrypted messages.
Don't send this key over insecure channels such as email, SMS, IM or Twitter.
Use the sneakernet! ;)
----------------------
Launch GTK+ Interface:
----------------------
Enjoy visual mode experience ;)
./anontwi --gtk
------------------------
Launch an IRC bot slave:
------------------------
Launch it and you will have a bot slave waiting your orders on IRC.
./anontwi --irc='nickname@server:port#channel'
If you don't put a nickname or a channel, AnonTwi will generate randoms for you :)
./anontwi --irc='irc.freenode.net:6667'
------------------------
Short an url, using TOR:
------------------------
./anontwi --short "url" --proxy "http://127.0.0.1:8118"
-----------------------------------
Send a plain-text tweet, using TOR:
-----------------------------------
./anontwi -m "Hello World" --proxy "http://127.0.0.1:8118"
------------------------
Send an encrypted tweet:
------------------------
./anontwi -m "Hello World" --enc --pin "K7DccSf3QPVxvbux85Tx/VIMkkDkcK+tFzi45YZ5E+g="
--------------
Remove a tweet:
---------------
You need the ID of the tweet that you want to remove.
- launch "--tu @your_nick 'num'" to see tweets IDs of your timeline.
./anontwi --rm-m "ID"
------------------
Retweet a message:
------------------
You need the ID of the tweet that you want to RT.
- launch "--tu @nick 'num'" to see tweets IDs of a user.
./anontwi -r "ID"
-------------------------------------------------
Send a plain-text DM (Direct Message), using TOR:
-------------------------------------------------
./anontwi -m "See you later" -d "@nick" --proxy "http://127.0.0.1:8118"
---------------------
Send an encrypted DM:
---------------------
./anontwi -m "See you later" -d "@nick" --enc --pin "K7DccSf3QPVxvbux85Tx/VIMkkDkcK+tFzi45YZ5E+g="
---------------
Remove a DM:
---------------
You need the ID of the DM that you want to remove.
- launch "--td 'num'" to see Direct Messages IDs of your account.
./anontwi --rm-d "ID"
--------------------------------------
Send a media message, using TOR:
--------------------------------------
Twitter will show your media links. For example, if you put a link to an image
./anontwi -m "https://host/path/file.jpg" --proxy "http://127.0.0.1:8118"
----------------------------------------
Send reply in a conversation, using TOR:
----------------------------------------
You need the ID of the message of the conversation.
- launch "--tu @nick 'num'" to see tweets IDs of a user timeline.
- launch "--tf 'num'" to see tweets IDs of your 'home'.
Add names of users that participates on conversation at start of your message.
./anontwi -m "@user1 @user2 text" --reply "ID" --proxy "http://127.0.0.1:8118"
---------------------------------
Send a friend request, using TOR:
---------------------------------
./anontwi -f "@nick" --proxy "http://127.0.0.1:8118"
----------------------------------
Stop to follow a user, using TOR:
----------------------------------
./anontwi -u "@nick" --proxy "http://127.0.0.1:8118"
----------------------------------
Create a favorite, using TOR:
----------------------------------
./anontwi --fav "ID" --proxy "http://127.0.0.1:8118"
----------------------------------
Destroy favorite, using TOR:
----------------------------------
./anontwi --unfav "ID" --proxy "http://127.0.0.1:8118"
------------------------
Block a user, using TOR:
------------------------
./anontwi --block "@nick" --proxy "http://127.0.0.1:8118"
--------------------------
Unblock a user, using TOR:
--------------------------
./anontwi --unblock "@nick" --proxy "http://127.0.0.1:8118"
-----------------------------------------
Show a number of recent tweets of a user:
-----------------------------------------
You can control number of tweets to be reported. For example, 10 most recent tweets is like this:
./anontwi --tu "@nick 10"
-------------------------------------------------------
Show a number of recent tweets of your 'home' timeline:
-------------------------------------------------------
You can control number of tweets to be reported. For example, 10 most recent tweets is like this:
./anontwi --tf "10"
-------------------------------------------------------
Show a number of recent favorites
-------------------------------------------------------
You can control number of tweets to be reported. For example, 10 most recent tweets is like this:
./anontwi --tfav "@nick 10"
----------------------------------
Split a long message into "waves":
----------------------------------
Very usefull if you want to send long messages.
It uses Twitter restrictions as much efficient as possible.
Encryption is allowed :)
./anontwi -m "this is a very long message with more than 140 characters..." --waves
----------------------------------
Send fake geolocation coordenates:
----------------------------------
If you dont put any (--gps), coordenates will be random :)
./anontwi -m "text" --gps "(-43.5209),146.6015"
-------------------------------------------------
Show a number of Direct Messages of your account:
-------------------------------------------------
You can control number of DMs to be reported. For example, 5 most recent DMs is like this:
./anontwi --td "5"
-------------------------------------------
Returns global Trending Topics, using TOR:
-------------------------------------------
./anontwi --tt --proxy "http://127.0.0.1:8118"
-------------------------------------------
Returns last mentions about you, using TOR:
-------------------------------------------
You can control number of tweets to be reported. For example last recent tweet:
./anontwi --me "1" --proxy "http://127.0.0.1:8118"
---------------------------------------------
Decrypt a tweet directly from URL, using TOR:
---------------------------------------------
Remeber, to decrypt, you need the PIN/Key that another user has used to encrypt the message (symmetric keys)
To decrypt you don't need 'token key' and 'token secret' :)
./anontwi --dec "http://twitter.com/encrypted_message_path" --pin "K7DccSf3QPVxvbux85Tx/VIMkkDkcK+tFzi45YZ5E+g="
--proxy "http://127.0.0.1:8118"
----------------------------------------
Decrypt a tweet directly from raw input:
----------------------------------------
Remeber, to decrypt, you need the PIN/Key that another user has used to encrypt the message (symmetric keys)
To decrypt you don't need 'token key' and 'token secret' :)
./anontwi --dec "7asNGpFFDKQl7ku9om9CQfEKDq1ablUW+srgaFiEMa+YK0no8pXsx8pR"
--pin "K7DccSf3QPVxvbux85Tx/VIMkkDkcK+tFzi45YZ5E+g="
----------------------------------------------------------
Save tweets starting from the last (max: 3200), using Tor:
----------------------------------------------------------
You can control number of tweets to be reported. For example last 1000 tweets:
./anontwi --save "1000" --proxy "http://127.0.0.1:8118"
-------------------------------------------------
Save favorites starting from the last, using Tor:
-------------------------------------------------
You can control number of tweets to be reported. For example last 100 tweets:
./anontwi --sfav "@nick 100" --proxy "http://127.0.0.1:8118"
-------------------
Suicide, using TOR:
-------------------
This will try to delete your tweets, your DMs and if is possible, your account.
./anontwi --suicide --proxy "http://127.0.0.1:8118"
AnonTwi is released under the terms of the General Public License v3 and is copyrighted by psy.
psy - GPG Public ID Key: 0xB8AC3776
If you want to contribute to AnonTwi development, reporting a bug,
providing a patch, commenting on the code base or simply need to find help
to run AnonTwi, first refer to:
irc.freenode.net - #AnonTwi
If nobody gets back to you, then drop me an e-mail.
This -framework- is actively looking for new sponsors and funding.
If you or your organization has an interest in keeping AnonTwi, please contact directly.
To make donations use the following hashes:
- Bitcoin: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
- Ecoin: 6enjPY7PZVq9gwXeVCxgJB8frsf4YFNzVp