Tor.exe console client for Windows XP

[artenox]

Quote

What about Vista and Open VPN?

In Vista, it depends on 32 or 64 bit (64 bit systems require signed drivers) and whether there is an extended kernel.
On vanilla 32 bit Vista the situation is like this (openvpn):
2.3.18 - doesn't work
2.4.6 - works
2.4.9 - doesn't work (if you take out TAP driver 602 with 7zip from build 2.4.6 and replace existing driver, it works)
TAP driver provides a virtual network adapter.

Quote

It would be great to see a combination of both

If openssl 1.1.1 is there, then 1.0.2 is not needed.
The only inconvenience of openvpn 2.5.4-xp is that you have to add some parameters to all ovpn configs. But the speed is higher than 10 mbps and new ciphers.

Quote

Where can I find the official Tor Console?

Look up https://web.archive.org/ page https://www.torproject.org/download/tor where XP/Vista is still mentioned (I think 2020-2021). Windows Expert Bundle. If the web archive didn't save the zip file, you can download it from here https://archive.torproject.org/tor-package-archive/torbrowser/ (tor-win32-0.4.X.X.zip)

Quote

How can I configure the console to use it as a proxy?

Specify socks5 proxy 127.0.0.1:9050 in your browser.

Quote

Problem bootstrapping. Stuck at 5%

Looks like Tor is blocked in your country.

Quote

I can create GUI if you provide me documentation

The torrc file from my archive has the most popular options (in my opinion). You can google them. Well, and I can make a description of them.

Quote

I have not tried shadowsocks. I will now

shadowsocks is usually used if your ISP blocks certain sites. Are there any in your country? The anonymity of shadowsocks is not good. It is better to use a VPN.

[dmiranda]

13 hours ago, artenox said:

shadowsocks is usually used if your ISP blocks certain sites. Are there any in your country? The anonymity of shadowsocks is not good. It is better to use a VPN.

No problem like that in my place, even though a common user -perhaps even an ISP- can't really know if certain sites are blocked. I just don't care for anyone but the site I am browsing to know I am there, and I don't even want some sites to know -therefore the use of tor and such.  

However, ISPs -and many sites (see pm, for example)- can also detect the use of tor, and either block it or (potentially) log it and report it to either governmental or non-gov agencies, or to particular individuals in the national or international arena. And since not so many ppl use tor, once an ISP wants to do it (or is forced by agencies or individuals with the muscle to do so), they can see you are running tor, like a bright needle in the  dark. Then the rest is just waiting until they find out where you are. Running behind something like shadowsocks may make that harder than it is today.

In my case, I do not care about the instances when the previous paragraph becomes a reality. But it will sure take them a while, and more than a sorry a**, to know I'm just human. I don't know (or really care) if my mother would approve of my browsing behavior. I do care that petty hackers, clumsy censors, or my ISP know what I'm about. Just coz, sometimes research, and fun.

Nuff said.

 

Edited August 4, 2022 by dmiranda

[artenox]

I understand. You can use i2p-outproxy in i2pd instead of Tor. This is quite rare tool, also anonymous (anonymity level is configurable) and works on XP. You won't get banned on websites (non-Tor IP) and the ISPs don't know much about i2p. Unfortunately, the speed is not good. i2p is quite a slow network.

Instructions:
Clarification: a. Create the missing folders, b. Replace USER with your Windows username c. Turn on the display of hidden files, if necessary d. Turn on the display of file extensions

1. Unzip i2pd.exe from i2pd_2.42.1_winxp_mingw.zip (or newer) to C:\Program Files\i2pd\i2pd.exe. The other files in the archive are not needed.
2. Create file C:\Documents and Settings\USER\Application Data\i2pd\i2pd.conf with this content:

log=stdout
loglevel=none
daemon=false
service=false
close=minimize
nat=true
ipv4=true
ipv6=false
notransit=false
floodfill=false
ssu=true

[http]
enabled=true
address=127.0.0.1
port=7070
auth=false

[httpproxy]
enabled=true
address=127.0.0.1
port=4444
addresshelper=true
inbound.length=1
inbound.quantity=5
outbound.length=1
outbound.quantity=5
outproxy=exit.stormycloud.i2p

[socksproxy]
enabled=true
address=127.0.0.1
port=4447
inbound.length=1
inbound.quantity=5
outbound.length=1
outbound.quantity=5
outproxy.enabled=false
outproxy=127.0.0.1
outproxyport=9050

[sam]
enabled=true

[bob]
enabled=false

[i2cp]
enabled=false

[i2pcontrol]
enabled=false

[upnp]
enabled=false
name=I2Pd

[ntcp2]
enabled=true
published=true

[nettime]
enabled=true
ntpservers=0.pool.ntp.org,1.pool.ntp.org
ntpsyncinterval=72

3. Run C:\Program Files\i2pd\i2pd.exe (you can create a shortcut).
4. Wait 15 minutes (this time is needed to establish a reliable connection to the network)
5. In your browser set the HTTP proxy 127.0.0.1, port 4444. And also HTTPS (or SSL) proxy 127.0.0.1, port 4444
6. Open http://exit.stormycloud.i2p in your browser. Select reg.i2p, then "Addresshelper: Go to site", then "Continue" (If necessary, you can repeat it for http://stormycloud.i2p). This is adding a DNS entry to your i2p router.
7. You can surf anonymously enough* through i2p-outproxy
8. To shutdown i2pd, click the i2pd context menu in the tray and select "Graceful shutdown". It may take up to 10 minutes to shutdown.
9. Statistics: "Show app" or "Open console" items.

It is actually possible to trace your IP, but difficult (no one will do it). If you set inbound.length and outbound.length to 2 or 3 you will become truly anonymous, but the speed will decrease even more. These numbers indicate the number of intermediate nodes (e.g. Tor has 3). The intermediate nodes in i2p change every 10 minutes.
You can replace outproxy=exit.stormycloud.i2p with outproxy=purokishi.i2p or outproxy=acetone.i2p:8888 But purokishi has some censorship, and acetone has Tor IP at the exit. Only edit i2pd.conf when i2pd.exe is not running. Don't overload i2p-outproxy with heavy traffic.

[dmiranda]

On 8/4/2022 at 11:48 AM, artenox said:

Unfortunately, the speed is not good. i2p is quite a slow network.

Yup, I have used it in the past to join services available just to a few people (for example, a building consortium, a snooker pool club forum). I know even of people that use it to share blueprints for industrial design, since they have zero trust on govs or Fb-Am-Ap-GG-MS cloud services. Silly them, he, they fear those giant, east indian company like oligopolies and spyware champions may steal their work.

But i2p is indeed too slow, and i have preferred not to use the outproxy, just in case. It is another language :P.

I will try your settings.  Since I have only used i2pd to access specific safe places, I didn't explore it much, using the standard settings in purple/i2pd. Truly thanks.

Reciprocating, and hoping to learn from someone who knows more than me, these are my about:config settings for tor-i2p in sp52. Cheers.

// CUSTOM - TORI2P indications
user_pref("general.useragent.compatMode.firefox", true); // default, false TOR-I2P
user_pref("general.useragent.compatMode.gecko", true); // default, false TOR-I2P
user_pref("general.useragent.compatMode.version", "xx"); //set, add to random agent profile, 52.0 TOR-I2P
user_pref("general.useragent.override", "xx"); // add, add to random agent profile  - for TOR-I2P change to "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"
user_pref("general.useragent.override.facebook.com", "xx) Gecko/20100101 Firefox/78.0"; // add in SSS, for TOR-I2P all to ""
user_pref("general.useragent.override.fbcdn.net", "xx) Gecko/20100101 Firefox/78.0"; // add in SSS, for TOR-I2P all to ""
user_pref("general.useragent.override.web.whatsapp.com","xx"; // for mypal
//For useragent.override whatsapp and ggvids "xx" reset if failing), for TOR-I2P all to ""

// TOR-I2P Core
user_pref("network.dns.blockDotOnion", true); // default, false with TOR
user_pref("javascript.enabled", true); // default, false I2P
user_pref("network.proxy.socks_remote_dns", true); // set, false I2P
user_pref("privacy.resistFingerprinting", false); // add, true TOR-I2P
user_pref("browser.eme.ui.enabled", true); // default, false TOR-I2P DRM
user_pref("canvas.poisondata", true); // set VAI-SEC, false I2P-TOR, no Mypal
user_pref("layout.css.visited_links_enabled", true); // default, false TOR-I2P
user_pref("dom.workers.enabled", true); // default for pinnotes (false TOR-I2P) - *-*
user_pref("media.eme.apiVisible", true); // default, false TOR-I2P DRM, add Mypal
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", true); // default, false TOR-I2P
user_pref("security.ssl3.dhe_rsa_camellia_256_sha", true); // default, false TOR-I2P
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true); // default, false TOR-I2P
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // set, false TOR-I2P
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", true); // default, false TOR-I2P
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha, true); // default, false TOR-I2P
user_pref("security.ssl3.rsa_aes_128_sha, true); // set, false TOR-I2P
user_pref("security.ssl3.rsa_aes_256_gcm_sha384, true); //set, false TOR-I2P
user_pref("security.ssl3.rsa_aes_256_sha, true); // set, false TOR-I2P
user_pref("security.ssl3.rsa_aes_256_sha256, true); // set, false TOR-I2P
user_pref("security.ssl3.rsa_camellia_128_sha", true); // set, false TOR-I2P
user_pref("security.ssl3.rsa_camellia_256_sha", true); // set, false TOR-I2P
 

Edited August 7, 2022 by dmiranda

[dmiranda]

9 hours ago, artenox said:

i2pd_2.42.1_winxp_mingw.zip

I have been using version 2.41. Upon updating to 2.42.1, i get "The procedure entry point CancelIoEx could not be located in the dynamic link library KERNEL32.dll". As previous bugs with xp, I hope it will be iron out soon.  My mistake: I downloaded wrong 7z file. 2.42.1 works fine.

Now back to 2.41, running your i2pd.conf settings I get "error while parsing config file: unrecognised option 'cpuext.log'" when running i2pd, crashing silently before starting the browser. 

My mistake again. I pasted your settings directly under the standard i2pd.conf, whose last heading is [cpuext], so the program checks your settings against it and crashes. One first  solution is to overwrite with your settings. Thanks!

Edited August 4, 2022 by dmiranda

[artenox]

The Internet via i2p-outproxy (with *bound.length=1) feels faster than accessing internal http://*.i2p sites. And it seems to me that the incoming speed depends on the outgoing speed. Which would be a problem on asymmetric devices like ADSL and 3G modems. For example, I have an incoming speed on the browser side of 45 kbytes/s (modem side after i2p is 65 kbytes/s), i.e. overhead x1.5. Outgoing parasitic i2p traffic is 18 kbytes/s (modem maximum is 50 kbytes/s). But if I open second stream through proxy, all figures are doubled. I would be interested to know your i2p speed and your type of internet connection. I think that disabling nat, turning on upnp and using an external ip address (able to accept incoming connections) should improve the situation. kbyte≠kbit.
As for the browser, there are some parameters that make sense to set as in Tor browser. For example, proxy, js, referer, agent, override, onion, accept, ipv6, language, http3.

By the way, I found out what the last official build of tor.exe is running on XP. It's 0.4.4.6 (12 Nov 2020).
0.4.5.6 (15 Feb 2021) the next build doesn't work.
In fact, there is also version 0.4.4.9 (14 Jun 2021), but it exists only as source code. It contains some backports from new versions (fixes from ddos attacks, vulnerabilities). Tor has several branches developing in parallel, which is confusing. In addition, they don't immediately add new versions of tor.exe to the Tor browser.

Edited August 6, 2022 by artenox

[dmiranda]

Hi again.  Quite good speeds on ADSL): Received: xx MiB (46.44 KiB/s) Sent: xx MiB (13.19 KiB/s). As per "the incoming speed depends on the outgoing speed", yup, probably, it goes with the spirit of the project (back then, anyway). 

Two more questions, if I may: how do you open a second stream (for the same browser?) to increase transit speed?

Second: the folder for certificates it seems, I am not using it with these new settings and version.  Is that so? needs to be there. Which are the certs that HAVE to be there?

Edited August 11, 2022 by dmiranda

[DrunkenTanker]

You files does not work for me.

[Greenpeace]

Good day, @artenox!
Thank you for your work, everything works great!
Is it possible to build a more current version of Tor for Windows XP?

[Zorba the Geek]

The releases page for Tor.exe at https://github.com/artenax/tor-xp/releases redirects to https://github.com/artenax/tor/releases which only includes releases for Vista and Windows 7.

[dmiranda]

To clarify, . As noted by @genieautravailyou can find the latest available xp buils in https://github.com/artenax/tor/releases/tag/0.4.7.8, towards the end of the assets menu. 

If you need obfs4proxy "The last official working obfs4proxy.exe for XP was version 0.0.7 from Tor Browser 8.5.5. I built obfs4proxy.exe version 0.0.11 working on XP. But 0.0.11 doesn't work with the new tor.exe. However, it works with tor 0.4.3.6 and 0.4.4.6."  I put https://github.com/artenax/tor/releases/download/0.4.7.8/obfs4proxy-0.0.11-x86-xp.exe and https://archive.torproject.org/tor-package-archive/torbrowser/10.0.11/tor-win32-0.4.4.6.zip in the same folder, with the torrc file, and all seems to work well. Still not the latest tor, but functional.

 

Edited February 24 by dmiranda

[genieautravail]

On 2/22/2024 at 6:35 PM, Zorba the Geek said:

The releases page for Tor.exe at https://github.com/artenax/tor-xp/releases redirects to https://github.com/artenax/tor/releases which only includes releases for Vista and Windows 7.

 

On 2/23/2024 at 12:26 PM, dmiranda said:

To clarify, you can find the latest available xp buils in https://github.com/artenax/tor/releases/tag/0.4.7.8 

Find the text "obfs4proxy: The last official working obfs4proxy.exe for XP was version 0.0.7 from Tor Browser 8.5.5. I built obfs4proxy.exe version 0.0.11 working on XP. But 0.0.11 doesn't work with the new tor.exe. However, it works with tor 0.4.3.6 and 0.4.4.6."  I put https://github.com/artenax/tor/releases/download/0.4.7.8/obfs4proxy-0.0.11-x86-xp.exe and https://archive.torproject.org/tor-package-archive/torbrowser/10.0.11/tor-win32-0.4.4.6.zip in the same folder, with the torrc file, and all seems to work well. Still not the latest tor, but functional.

You are wrong...

Go to https://github.com/artenax/tor/releases

On the page, for Tor 0.4.7.8 only the firsts 12 assets are displayed.

Below the last asset displayed, If you click on "Show all 14 assets", you will see download links for the last two assets.

One of them is tor-0.4.7.8-x86-xp.zip

https://github.com/artenax/tor/releases/download/0.4.7.8/tor-0.4.7.8-x86-xp.zip

Regards

 

 

[dmiranda]

Yup, you are right, @genieautravail, I misread the comment about obfs4proxy working only in older versions of Tor. I will edit my comment accordingly. Thank you!

[Dr. Drill]

I did it: "Tor 0.4.7.11" + "obfs4proxy 0.0.14" + "OpenSSL 1.1.1w" works fine on WinXP Pro SP3.

1) Download archive Tor 0.4.7.11:
https://archive.torproject.org/tor-package-archive/torbrowser/11.5.8/tor-win32-0.4.7.11.zip

Extract exe+dll files to "C:\TOR", geoip* files to "C:\TOR\Data".

Add to file "torrc" strings:

DataDirectory Data
GeoIPFile Data\geoip
GeoIPv6File Data\geoip6

2) Download dll from "One-Core-API" v.3.05 (direct links):
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/kernelbase.dll
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/nsi.dll
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/ntext.dll
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/psapi.dll
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/iphlpapi.dll
https://github.com/Skulltrail192/One-Core-API-Binaries/raw/master/Packages/x86/Base Installer/iphlpapibase.dll

After download copy dll to "C:\TOR" and rename kernelbase.dll to kernel33.dll.

3) For bridges:
3.1) download archive:
https://archive.torproject.org/tor-package-archive/torbrowser/12.0.7/tor-expert-bundle-12.0.7-windows-i686.tar.gz
Extract only one file "obfs4proxy.exe" (v.0.0.14) to "C:\TOR".

3.2) add to file "torrc" strings:
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec obfs4proxy.exe
UseBridges 1
# for example, default bridge meek azure
Bridge meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com

4) Use any hex-editor (WinHEX, HIEW, etc) and replace all strings "kernel32.dll" to "kernel33.dll" in files:
tor.exe
tor-gencert.exe
obfs4proxy.exe
libwinpthread-1.dll

Also change header in file "obfs4proxy.exe":
"Required OS version" from 6.01 to  4.01
"Subsystem version" from 6.01 to  4.01
 
5) Download latest XP-compatible version OpenSSL 1.1.1w, extract and replace files in "C:\TOR":
https://rwijnsma.home.xs4all.nl/files/openssl/openssl-1.1.1w-win32-xpmod-sse.7z

For run:
tor.exe -f torrc
 

Edited March 18 by Dr. Drill

[dmiranda]

13 hours ago, Dr. Drill said:

I did it: "Tor 0.4.7.11" + "obfs4proxy 0.0.14" + "OpenSSL 1.1.1w" works fine on WinXP Pro SP3.

I will give it a try soon and report back. Thanks for sharing. SEE BELOW

Hi @Dr. Drill. Following your instructions (but using HxD32) I was able to run tor, but couldn't find a way to change the headers for obfs4proxy so it can run in XP (neither with HxD32, nor with wxmedit and other freeware hex editors). It's probably my very very limited experience doing such things. I even tried with patchPE32!

So I couldn't really test bridges. I would welcome any tips on how to change obfs4proxy headers without having to buy WinHEX or HIEW. Again, probably a newbie thing.

I wonder how to test snowflake, as well. 

Anyway, there is then another way to run (the latest version,now, of) Tor in XP. Thanks! 

Edited March 19 by dmiranda