SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
116 Commits 2 Branches 6 Tags
0d029f5d3915c7e6fad8e1b7604317d1e2cdbfc4
Commit Graph

16 Commits

Author SHA1 Message Date
lockbitchat 398d8bc014 Updated application documentation and website homepage to include ASN.1 Validation 2025-08-27 13:25:26 -04:00
lockbitchat 171a7d9dfb Fixed DTLS Race Condition & Memory Safety 
 FIXED HIGH CRITICALITY vulnerabilities (October 2024):
- DTLS ClientHello Race Condition: Added source validation
- Memory Safety Issues: Enhanced secure memory cleanup
- Added DTLS protection constants and validation methods
- Improved memory cleanup with secureWipe and zero-filling
- Integrated DTLS protection in handleSecureAnswer
 2025-08-24 16:30:06 -04:00
lockbitchat 434301fe6f 🐛 Fix PWA install prompt showing after installation 
Fixed critical bug where PWA install message continued showing after app installation

-  Enhanced PWA installation status detection
-  Fixed install prompt logic to hide after installation
-  Improved Service Worker update handling
-  Added proper installation state management
-  Enhanced iOS Safari PWA detection
-  Added installation preferences storage

- Added installationChecked flag for better state management
- Enhanced checkInstallationStatus() method with multiple detection methods
- Improved shouldShowPrompt() logic to prevent showing after installation
- Added periodic installation monitoring for iOS devices
- Enhanced Service Worker activation event handling
- Added PWAUtils.checkInstallationStatus() utility method

- public/src/pwa/install-prompt.js (major refactor)
- public/index.html (PWA logic improvements)
- public/sw.js (Service Worker enhancements)

- PWA install message no longer shows after successful installation
- Only update notifications are shown for installed PWAs
- Proper distinction between install prompts and update notifications

Version: Enhanced Security Edition v4.01.413
 2025-08-23 17:21:32 -04:00
lockbitchat cef5654cf8 Update to pre-release version. Removed logging that was used for debugging. Added typing of files that the user sends with size restrictions. 2025-08-21 17:40:17 -04:00
lockbitchat 94ca53f6ca Improve chat UI for secure channel creation pages 
Fix iOS PWA installation and improve cross-platform compatibility

- Fix manifest.json paths (use relative paths with ./ for iOS)
- Update Apple Touch Icons structure to use organized folders
- Add missing 180x180px icon requirement for iOS
- Fix apple-mobile-web-app meta tags configuration
- Add viewport-fit=cover for iPhone X+ notch support

- Fix missing showInstallButton() method causing TypeError
- Add complete showInstallBanner() and createInstallBanner() methods
- Implement proper hideInstallPrompts() functionality
- Add iOS-specific installation instructions modal
- Fix event handling for install prompt dismissal

- Restructure PWA icons into platform-specific folders:
  - ./logo/pwa/ios/ for Apple Touch Icons
  - ./logo/pwa/android/ for Android launcher icons
  - ./logo/pwa/windows11/ for Microsoft Tiles
- Update manifest.json to reference correct icon paths
- Add browserconfig.xml for Windows 11 tile configuration

- Improve PWA registration script without conflicts
- Add proper error handling for offline functionality
- Integrate with existing PWA modules (install prompt, offline manager)
- Add update notifications for new app versions

- Enhanced detection for iOS Safari vs other browsers
- Improved installation flow for different platforms
- Better user feedback for unsupported installation methods
- Added fallback instructions for manual installation

- Add comprehensive PWA support detection
- Implement proper iOS standalone mode detection
- Add console logging for installation status tracking
- Include developer utilities for PWA management

Tested on: iOS Safari, Chrome, Edge, Firefox
Resolves iOS PWA installation issues and improves overall PWA experience."
 2025-08-19 21:54:17 -04:00
lockbitchat 857d7d74ab Encryption module control system & session timer improvements 
- Added a real verification system for active encryption modules, giving users full control over enabled modules.
- During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions.
- Refactored session timer initialization for proper functionality and accurate countdown.
- Optimized code structure related to session management and module verification.
 2025-08-17 20:38:47 -04:00
lockbitchat 3c25b4565d feat: Add comprehensive PWA support with offline functionality 
- Add manifest.json with full PWA configuration
  - Support for installation on all platforms (iOS, Android, Desktop)
  - Custom app icons (72x72 to 512x512) with maskable support
  - App shortcuts for quick actions (Create/Join Channel)
  - Protocol handlers for web+securebit:// links
  - Share target integration

- Implement enhanced Service Worker (v4.0)
  - Smart caching strategies (cache-first, network-first, stale-while-revalidate)
  - Security-aware caching (excludes sensitive endpoints)
  - Background sync for failed requests
  - Offline fallbacks with custom error handling
  - Response cloning fixes and CORS handling

- Add PWA Install Prompt Manager
  - Cross-platform install detection and prompts
  - iOS Safari specific installation guide
  - Smart dismissal logic with retry mechanisms
  - Install success notifications and user guidance
  - Persistent install preferences with localStorage

- Implement comprehensive Offline Manager
  - IndexedDB for offline data persistence
  - Automatic message queuing and sync when online
  - Session state recovery after connection loss
  - WebRTC reconnection handling
  - Real-time connection status indicators
  - Offline guidance and help system

- Add offline-first features
  - Message queue with priority and retry logic
  - Session data preservation during disconnection
  - Application state recovery
  - Background sync registration
  - Periodic cleanup of old offline data

- Enhanced user experience
  - Connection status notifications
  - Offline mode guidance and help
  - Automatic sync notifications
  - Reconnection progress indicators
  - Platform-specific installation instructions

This implementation ensures SecureBit.chat works seamlessly offline while maintaining security and providing a native app-like experience across all platforms.
 2025-08-17 16:04:45 -04:00
lockbitchat adb1844392 Update session pricing and demo mode 
- Updated demo mode: now includes basic protection features, still stronger than many competing messengers.
- Adjusted pricing for Basic and Premium sessions to better reflect security levels.
- Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
 2025-08-17 02:22:55 -04:00
lockbitchat e4273f5150 Major Security Improvements: 
- Enhanced user fingerprinting with WebGL, Canvas, and Audio fingerprinting
- Hardware binding to prevent F5/Ctrl+F5 abuse
- Persistent storage across browser sessions (localStorage + sessionStorage)
- Global demo session counter with 10 session limit per device
- Multi-tab protection (max 2 tabs simultaneously)
- Anti-reset protection with hardware mismatch detection

Demo Session Protection:
- Advanced fingerprint generation with CPU benchmarking
- Enhanced validation with cryptographic verification
- Automatic cleanup and session completion tracking
- Cooldown periods between sessions (1min + 15min completion)
- Weekly partial reset of global counters

Fixes:
- Fixed SessionTimer console spam after connection disconnect
- Added missing registerEnhancedDemoSessionUsage method
- Corrected method calls from generateUserFingerprint to generateAdvancedUserFingerprint
- Implemented proper event handling for connection state changes

WebRTC Improvements:
- Added peer-disconnect, new-connection, and connection-cleaned events
- Enhanced connection cleanup with proper UI notifications
- Fixed SessionTimer state management during disconnections
- Prevented infinite re-rendering and console logging

Performance Optimizations:
- Auto-save persistent data every 30 seconds
- Periodic cleanup of old session data (every 6 hours)
- Memory management for used preimages (10k limit)
- Tab heartbeat system for multi-tab detection

Testing:
- Demo sessions now properly enforce limits
- P2P anonymity maintained (no server validation)
- Compatible with incognito mode restrictions
- Resistant to common abuse techniques
 2025-08-16 20:58:42 -04:00
lockbitchat 5437bef9c5 feat: Enhanced demo mode security and vulnerability fixes 
- **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting
- **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation
- **Enhanced key reuse protection** - Added cryptographic validation and session isolation
- **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits

- **Secure user fingerprinting** - Browser-based identification without privacy invasion
- **Global session limits** - Maximum 10 concurrent demo sessions across all users
- **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown
- **Session completion tracking** - Prevents rapid reconnection abuse
- **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated

- **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features
- **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics
- **Emergency security disable** - Graceful fallback when advanced features cause issues
- **Vulnerability testing support** - Controlled security layer bypass for penetration testing

- **Cross-session compatibility** - Works seamlessly with both paid and free sessions
- **Real-time UI updates** - Synchronized timer display across all components
- **Session state management** - Automatic cleanup and notification system
- **Payment integration** - Smooth transition between demo and paid sessions

- **Layered security architecture** - 7+ configurable security features with independent controls
- **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding
- **Connection state monitoring** - Enhanced logging for security audit and debugging
- **Fallback mechanisms** - Robust error handling with security-first degradation

- **Structured security logs** - Detailed audit trail for security events
- **Performance monitoring** - Connection state and encryption layer metrics
- **Attack detection logging** - Comprehensive tracking of security violations
- **Development diagnostics** - Enhanced debugging for faster development cycles

- Refactored `PayPerSessionManager` with enhanced security controls
- Added `generateUserFingerprint()` with privacy-preserving identification
- Implemented `checkDemoSessionLimits()` with multi-tier validation
- Enhanced `EnhancedSecureWebRTCManager` with configurable security layers
- Added emergency security disable functionality for testing environments
- Improved session timer with cross-component synchronization

**Breaking Changes:** None - All changes are backward compatible
**Security Impact:** High - Eliminates critical vulnerabilities in free tier
**Testing Impact:** Significantly improved - New debug modes and security layer controls
 2025-08-14 23:34:54 -04:00
lockbitchat 19e3047282 feat: rebrand to SecureBit.chat due to name conflict 
BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat

- Changed project name to avoid confusion with LockBit ransomware group
- Updated all documentation, branding, and references
- Maintained all existing functionality and security features
- Domain migration planned to securebit.chat

Reason: The LockBit name became associated with a notorious ransomware
group, causing conflicts on platforms and potential confusion for users.
SecureBit better reflects our mission of providing secure P2P messaging
while avoiding negative associations.

This change affects:
- README.md and all documentation
- Package.json name field
- Brand assets and logos
- Website references
- Social media handles

Core functionality remains unchanged:
 12-layer military-grade security
 Lightning Network integration
 P2P WebRTC architecture
 Open source MIT license
 2025-08-14 15:54:11 -04:00
lockbitchat 27428cdb0e Update main page after 4.0 release 2025-08-14 04:45:39 -04:00
lockbitchat 79bdcb8c2c 🛡️ MAXIMUM SECURITY P2P CHAT IMPLEMENTATION - STAGE 4 COMPLETE 
🚀 Major Security Enhancements:
Implemented world's most secure P2P WebRTC chat with 12-layer security system:

 Triple Encryption Layer: Standard + Nested AES-GCM + Metadata protection
 Perfect Forward Secrecy (PFS): Automatic key rotation every 5 minutes
 ECDH Key Exchange: P-384 curve with non-extractable keys
 ECDSA Digital Signatures: P-384 with SHA-384 for MITM protection
 Enhanced Replay Protection: Sequence numbers + message IDs + timestamps
 Packet Padding: Hide real message sizes (64-512 bytes random padding)
 Anti-Fingerprinting: Traffic pattern obfuscation and size randomization
 Fake Traffic Generation: Invisible decoy messages for traffic analysis protection
 Message Chunking: Split messages with random delays
 Packet Reordering Protection: Sequence-based packet reassembly
 Rate Limiting: 60 messages/minute, 5 connections/5 minutes
 Enhanced Validation: 64-byte salt, session integrity checks

🔧 Critical Bug Fixes:

 Fixed demo session creation error: Resolved cryptographic validation failures
 Eliminated session replay vulnerability: Implemented proper session expiration and unique session IDs
 Fixed fake traffic visibility bug: Fake messages no longer appear in user chat interface
 Resolved message processing conflicts: Enhanced vs legacy message handling
 Fixed security layer processing: Proper encryption/decryption chain for all security features

🎯 Security Achievements:

Security Level: MAXIMUM (Stage 4)
Active Features: 12/12 security layers
Protection Against: MITM, Replay attacks, Traffic analysis, Fingerprinting, Session hijacking
Encryption Standard: Military-grade (AES-256-GCM + P-384 ECDH/ECDSA)
Key Security: Non-extractable, Perfect Forward Secrecy
Traffic Obfuscation: Complete (fake traffic + padding + chunking)

📊 Technical Specifications:
Security Architecture:
├── Layer 1: Enhanced Authentication (ECDSA P-384)
├── Layer 2: Key Exchange (ECDH P-384, non-extractable)
├── Layer 3: Metadata Protection (AES-256-GCM)
├── Layer 4: Message Encryption (Enhanced with sequence numbers)
├── Layer 5: Nested Encryption (Additional AES-256-GCM layer)
├── Layer 6: Packet Padding (64-512 bytes random)
├── Layer 7: Anti-Fingerprinting (Pattern obfuscation)
├── Layer 8: Packet Reordering Protection
├── Layer 9: Message Chunking (with random delays)
├── Layer 10: Fake Traffic Generation (invisible to users)
├── Layer 11: Rate Limiting (DDoS protection)
└── Layer 12: Perfect Forward Secrecy (automatic key rotation)
🛡️ Security Rating:
MAXIMUM SECURITY - Exceeds government-grade communication standards
This implementation provides security levels comparable to classified military communication systems, making it one of the most secure P2P chat applications ever created.

Files Modified:

EnhancedSecureWebRTCManager.js - Complete security system implementation
EnhancedSecureCryptoUtils.js - Cryptographic utilities and validation
PayPerSessionManager.js - Demo session security fixes

Testing Status:  All security layers verified and operational
Fake Traffic Status:  Invisible to users, working correctly
Demo Sessions:  Creation errors resolved, replay vulnerability patched
 2025-08-14 03:28:23 -04:00
lockbitchat 3893e9f890 Updated all text to English 2025-08-13 22:27:18 -04:00
lockbitchat 563686202f Updated all text to English 2025-08-12 14:02:20 -04:00
aegisinvestment f07e8400cf First commit - all files added 2025-08-11 20:52:14 -04:00