/MasquerBot

A TelegramBot for true paranoids.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

MasquerBot

https://t.me/MasquerBot

Made with Python Stars Forks Open Issues Open Source Love Built with Love

This TelegramBot uses state-of-the-art encryption algorithm (ECDSA) and pixel manipulation (steganography) to masque any given <text> within any given <image>.

  • If you truly have a paranoia about security. A VPN is recommended during /encrypt and /decrypt.

  • PNGs are recommended better performance.


Video Tutorial: LRBY | YouTube

<iframe id="odysee-iframe" style="width:74vw;height:42vw;" src="https://odysee.com/$/embed/MasquerBot/11376992c29c54efde884284b298a1290ae8d7f8?r=45vpskZGbEGUURSfgbmqd6b53WGvvGuh" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>



💼About

📈Workflow

How this works is, everyone is given a public key, that public key is used to lock information, we call it public key as it can be publicly distributed.

So to masque a message both sender and receiver must initiate MasquerBot's Service. Each message is masqued only for receiver, if receiver changes xer key then decryption would be impossible.


🖥Available Commands:

  • /start: It starts and calls /help and /get_key
  • /lbry or /youtube: Return a link of video tutorial.
  • /help: Returns the Workflow and Available Commands .
  • /get_key: Returns your public key.
  • /encrypt: Returns the encoded image.
    • Step 1: Send the message to encrypt.
    • Step 2: Send the recipient's public key (not yours).
    • Step 3: Send the image (as document).
  • /decrypt: Returns the hidden text.
    • Step 1: Send the encoded image (as document).
  • /cancel: Cancels any ongoing events.
  • /request_new_key: Deletes your account and creates another one. Beware! Once deleted you cant retrieve any text masqued using previous key.

⚡Features:

  • Saves Hashes instead of username.
  • unique contraint prevents duplicacy.
  • Message is first encrypted then steganography is performed.
  • ECDSA is used. which means less time on computation and powerful encryption.
  • Dynamic URL: URL changes every 6 hours and 5 minutes, with 130 char long, therefore making it impossible to send through any means other than telegram since URL remains unknown to everyone except telegram.
  • Gunicorn creates multiple workers hence supporting parallel processing.
  • Process Management: All process are cancelled before starting a new one. Triggers are added to delete any process with timestamp older than 10 minutes.
  • Few cool Easter Eggs are there as well.

⚙Development

💾Setup

The following are the bare necessities for this project.

Lets start the standard procedure for python project setup.

  • Clone the repository
$ git clone https://github.com/ra101/MasqureBot.git
  • Create the virtualenv and activate it
$ cd MasqureBot
$ virtualenv .
$ source ./bin/activate # unix
$ .\Scripts\activate.bat  # windows
  • Install requirements
$ pip install -r requirements.txt

💻Run on localhost

To run the project locally download and install

Following are the steps to run locally

  • copy content of .env.template into .env (one can use dump-env as well)
$ cat .env.template > .env
  • Fillup the basic info.
DOMAIN_NAME=


# Flask Variables
# ------------
FLASK_DEBUG=True
FLASK_ENV=development
FLASK_SECRET_KEY=my_precious


# SQLAlchemy Variables
# ------------
DATABASE_URL=
SQLALCHEMY_TRACK_MODIFICATIONS=True


# Telegram Credentials
# ------------
TELEGRAM_BOT_TOKKEN=<your_bot_token>

  • For DOMAIN_NAME

    • run the following command

      $ ngrok http 8000

    • This will create a local tunnel with address like https://<nonce>.ngrok.io that is your value for domain.

  • For DATABASE_URL

    • If you use SQLite, that create a file and it does not need any other software. sqlite:///foo.db

      is the value for DATABASE_URL is that case.

    • For any other SQL the syntax is dialect+driver://username:password@host:port/database , here dialect refers to SQL. We have used postgreSQL which uses psycopg2 as default driver which is installed from requirements.txt

  • Run the application!

$ make

or

$ gunicorn wsgi:application -c scheduler.py

☁Run on Server

Following are the steps to run on server.

  • If you can host .env, then the steps are pretty much same as running locally, except for DOMAIN_NAME , it will be provided by hosting provider.

  • If you can't host .env like in case of heroku, then you need to export each variable into hosting providers environment.



📃Breakdown of requirements.txt

Dependency Usage
APScheduler Creates a background scheduler in scheduler.py which changes webhook URL in every 6 hours and 5 minutes
eciespy Generates ECDSA key pair and also provides encryption and decryption functionality
Flask Flask is a lightweight WSGI web application framework.
Flask-RESTful Adds support for quickly building REST APIs.
Flask-SQLAlchemy Provides a Object Relation Mapper which is meant to integrate with
gunicorn It is a Python WSGI HTTP server. It is a pre-fork worker model, used to create concurrency for resources.
psycopg2-binary Driver for postgreSQL used by Flask-SQLAlchemy
pyTelegramBotAPI A simple, but extensible Python implementation for the Telegram Bot API.
python-dotenv Reads the key-value pair from .env file and adds them to environment variable.
stegano A pure Python Steganography module.



🎁Donations


🌟Credit/Acknowledgment

Contributors


📜License

License


🤙Contact Me

Protonmail Telegram