Summary: #

The presentations for the Hackers on Planet Earth conference from July just got released, one of the talks is from a legendary hacking group that talks about its new encrypted peer-to-peer network “Veilid”, written in Rust.

Who is the Cult of the Dead Cow(cDc)? #

The Cult of the Dead Cow (cDc), is a legendary hacking group celebrating 40 years as a hacker group this year! Being active since 1984. Responsible for not only being the longest still-running hacker group in history, having coined the word “hacktivism”, and published countless security full disclosers and security tools.

At this year’s Hackers on Planet Earth conference in New York, the cult of the dead cow held a wutang-themed presentation about its newest project “Veilid”(pronounced Vay-Lid).

How does Veilid work? #

Veilid is a privacy-friendly peer-to-peer network that allows anyone to talk to anyone encrypted through the Veilid network without trust centralized parties. A framework for building private and end-to-end encrypted applications.

Think of it like a love child between BitTorrent, IPFS, and Tor. With the DHT(distributed hash table) tracker from Bittorrent, shared decentralized storage from IPFS, and the networking routing layer from Tor. Will Veilid replace Tor hidden services(.onion sites)? We will hopefully find out in a not-so-distant future.

Secure decentralized peer-to-peer network without a Blockchain, web3 product, or token. Anyone can use Veilid, all you need is to run a node.

Note:
IPFS provides good decentralized storage, but you have to trust centralized proxies that may or may not be a privacy risk. File uploaded to IPFS are not stored forever, this has been solved by “pinning” files once they have been uploaded to IPFS.

Part of the source code for Veilid is based on safe network by maidsafe.
https://github.com/maidsafe-archive/get_if_addrs/blob/master/src/sockaddr.rs
https://gitlab.com/veilid/veilid/-/blob/9fb54947e219d53e06b6f7da8411c8e02929d1cf/veilid-tools/src/network_interfaces/sockaddr_tools.rs

Rust #

“You gotta be able to think like an attacker, security is first, so we wrote it in Rust” - Christien “Dildog” Rioux, hacker and maintainer.

Source: HOPE XV Conference

The source code for Veilid is written in Rust, with a Tokio network stack. The framework comes packed with a networking, cryptography, an api wrapper and a lot more to explore.

Are you writing an application and want the user to talk directly to another user securely? Why not use Veilid.

Veilid was previously presented at a virtual Rust meetup, the talk has been published on the official Rust YouTube channel. Link: https://www.youtube.com/watch?v=h288gZTjJOM

Cryptography Protocol: #

Veilid comes with a modern Diffie Hellman key exchange, followed by a chacha20 block cipher to encrypt the data. Followed upp with the sha3 contestant’s Blake2’s older brother, the fast Blake3. Which is used for the message digests. Finally, password’s are stored encrypted using the GPU-intesive Argon2.

Nothing lasts forever. The authors of Veilid, know that cryptography changes over time and is built in a way so that it can be swapped out in the future. The current setup allows for a performant and secure.

Crates #

• veilid-core This is the main framework crate we want to focus on.

Code sample from GitLab:

use std::sync::Arc;
use veilid_core::VeilidUpdate::{AppMessage, Network};
use veilid_core::{VeilidConfigBlockStore, VeilidConfigInner, VeilidConfigProtectedStore, VeilidConfigTableStore, VeilidUpdate};

#[tokio::main]
async fn main() {
    let update_callback = Arc::new(move |update: VeilidUpdate| {
        match update {
            AppMessage(msg) => {
                println!("Message: {}", String::from_utf8_lossy(msg.message().into()));
            }
            Network(msg) => {
                println!(
                    "Network: Peers {:}, bytes/sec [{} up] [{} down]",
                    msg.peers.iter().count(),
                    msg.bps_up,
                    msg.bps_down
                )
            }
            _ => {
                println!("{:?}", update)
            }
        }
    });

    let config = VeilidConfigInner {
        program_name: "Example Veilid".into(),
        namespace: "veilid-example".into(),
        protected_store: VeilidConfigProtectedStore {
            // avoid prompting for password, don't do this in production
            always_use_insecure_storage: true,
            directory: "./.veilid/block_store".into(),
            ..Default::default()
        },
        block_store: VeilidConfigBlockStore {
            directory: "./.veilid/block_store".into(),
            ..Default::default()
        },
        table_store: VeilidConfigTableStore {
            directory: "./.veilid/table_store".into(),
            ..Default::default()
        },
        ..Default::default()
    };

    let veilid = veilid_core::api_startup_config(update_callback, config)
        .await
        .unwrap();

    println!(
        "Node ID: {}",
        veilid.config().unwrap().get_veilid_state().config.network.routing_table.node_id
    );

    veilid.attach().await.unwrap();

    // Until CTRL+C is pressed, keep running
    tokio::signal::ctrl_c().await.unwrap();

    veilid.shutdown().await;
}

Read documentation: https://docs.rs/crate/veilid-core/latest

• More veilid crates

RPC with Cap’n Proto #

Cap’n Proto is a fast zero-copy serialization and deserialization data library. Described by the official rust crate as a type system for distributed systems. Created by Kenton Varda, who previously created protobuf(Protocol Buffers) at Google.

Originally written in C++, there is also an official Rust Crate for it, developed by David Renshaw. At the time of writing this, the capnpc crate has over 3.5 million downloads.

Read more here about Cap’n Proto:
Cap’n Proto Rust repository
Cap’n Proto.org
Cap’n Proto for Rust

What has been built with Veilid? #

Keep in mind that Veilid is a very new project, here are some projects that have been built with Veilid:

• Distrans, send and receive files anonymously over veilid
• VLDPipe, Create or Recieve TCP network services over veilid
  This is a really cool tool, that allows you to forward TCP services from one host to another privately, if you have a web application on localhost:8080 and want to show your friend without having to open up ports and configure your firewall, this is the tool for you. Very similar to socat.
• Openminded.org’s PySoft

Is it really Private? #

Source: veilid.com

How does a communication channel between a User(sender) and the receiver work? #

The Sender generates a “safety route” for the sender’s privacy and the receiver publishes a “private route”. Those routes gets baked in together and give the network of nodes the final “Compiled Route”. Using this compiled route is where the messages are passed between the sender and receiver using the Veilid network. Like a private temporary tunnel, allowing only the sender and receiver to read the messages.

This results in no node being able to trust each other, to build the data route for the communication.

Check out the Veilid Developer docs.

External links: #

https://en.wikipedia.org/wiki/Cult_of_the_Dead_Cow
https://cultdeadcow.com/tools/veilid.html
Cult of the dead cow book | How the Original Hacking Supergroup Might Just Save the World
Veilid Gitlab, source code
Veilid Core source code
Recent HOPE talk | HOPE XV (2024): The Fundamentals of Veilid: cDc Breaks the Internet, and You Can Too!
Veilil first presented at Defcon
Kenton Varda
Chat with Veilid contributors on Discord
Tor Rendezvous Specification - Version 3