Unstoppable, Censorship-Resistant P2P Video Calling
GhostBridge is an open-source, serverless communication protocol and application designed to function in hostile network environments. Built with Rust and a native Slint-based UI, it is specifically engineered to bypass Deep Packet Inspection (DPI) and aggressive UDP-blocking firewalls.
In environments where internet freedom is restricted, standard communication tools are often the first to be blocked. GhostBridge treats the internet as a hostile environment, providing:
- Serverless Resilience: No central servers to be seized or blocked.
- Censorship Evasion: Disguises traffic as standard HTTPS/TLS (TCP Port 443) to bypass DPI.
- Privacy by Design: Peer-to-peer encryption with Zero-Knowledge handshakes.
- Auditable Security: Open-source code where every byte can be verified.
For a detailed developer onboarding guide, see .junie/ONBOARDING.md.
- DPI Evasion: Obfuscated libp2p handshakes and custom agent strings to prevent fingerprinting.
- TCP-First Strategy: Prioritizes TLS-wrapped TURN on Port 443 and forces ICE-TCP to bypass UDP blocks.
- Decentralized Discovery: Uses
libp2pwith mDNS and GossipSub for local and wide-area peer discovery without central directories. - Secure Handshake: Implements the Noise Protocol and generates 4-digit Short Authentication Strings (SAS) for manual out-of-band verification.
- Efficient Signaling: Uses compressed SDP (Session Description Protocol) strings to enable easy sharing of connection data over text-based channels.
- Native UI: A minimalist, "WhatsApp-style" reactive interface built with Slint, offering high performance on both desktop and mobile.
GhostBridge is built on a hybrid library/binary architecture:
- The Brain (Rust Core): Handles the complex WebRTC state machine, libp2p signaling, and encryption. It is modular and adheres to strict safety standards.
- The Mask (Slint UI): A native, cross-platform UI that remains responsive and lightweight.
- The Bridge (Signaling): Uses
libp2p-noisefor secure, encrypted tunnels that look like generic TCP noise to observers.
- Rust: Latest stable toolchain.
- System Dependencies:
- Fedora:
sudo dnf install slint-devel openssl-devel - Ubuntu/Debian:
sudo apt install libslint-dev libssl-dev
- Fedora:
- Mobile Development (Optional): Requires the
xtool (cargo install --git https://github.com/rust-mobile/xbuild), Android NDK, and/or Xcode.
Run the provided packaging script to build the native release binary:
./package.shThe artifact will be located at target/release/ghostbridge-core.
Use the mobile_build.sh script or the x tool directly:
# Build Android APK
x build --platform android --arch arm64 --format apk
# Build iOS IPA (MacOS only)
x build --platform ios --arch arm64 --format ipaGhostBridge follows strict coding guidelines to ensure maintainability and security:
- Modular Design: No single source file exceeds 200 lines of code.
- Documented Security: Every function includes documentation explaining its purpose and security implications.
- Verified Logic: High test coverage for ICE configuration, SDP compression, and handshake state transitions.
Status: Active Development — Phases 1–6 Complete
GhostBridge is in active development. Phases 1–6 (Foundation, Discovery, Handshake, WebRTC Engine, DPI Evasion, and Mobile Config) are fully implemented and validated with over 130 tests.
| Component | Status | Reality |
|---|---|---|
| UI Shell | ✅ Done | Functional Slint UI with tabs and call overlay. |
| P2P Discovery | ✅ Done | Real libp2p swarm with mDNS and GossipSub. |
| Handshake | ✅ Done | Secure Noise XX handshake with SAS verification. |
| WebRTC Engine | ✅ Done | Real RTCPeerConnection with media tracks and ICE relay. |
| DPI Evasion | ✅ Done | Port 443 enforcement, TLS validation, and XOR obfuscation. |
| Mobile Config | ✅ Done | Android/iOS permissions, manifests, and CI pipelines. |
| Calling | 🟡 Partial | End-to-end loopback works; WAN requires real TURN server (Phase 7). |
See PROJECT_PLAN.md and .github/development_status.md for more details.
GhostBridge: Building a communication protocol that treats the internet as a hostile environment.
We are building GhostBridge to ensure no one in Iran is left in silence during an internet blackout. Our first major goal is reaching 10 monthly sponsors to fund the development and testing of our first native Android APK.
Why support GhostBridge?
Existing tools fail when the international gateway is cut. GhostBridge is different because it is omnipresent:
- Decentralized Discovery: We use every path possible—mDNS, Subnet Scanning, and IPFS—to find peers on home Wi-Fi without needing a central server.
- Native Performance: We are migrating our GUI to Slint (Rust-native) to ensure a lightweight, "WhatsApp-style" experience that doesn't hang or crash on mobile devices.
- Radical Transparency: To ensure user trust in high-risk zones, we follow a strict 200-line-per-file rule. This makes our codebase the easiest in the world to audit for security backdoors.
What your sponsorship unlocks:
Reaching this goal allows us to dedicate the time needed to:
- Complete the App for Android/IOS and Windows.
- Distribute the App to the world.
- Build a strong community of supporters.
Your support directly funds the code that bypasses the blackout.
GhostBridge is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
We migrated to AGPL-3.0 to ensure that GhostBridge remains a truly open-source and community-driven project. This "Strong Copyleft" license prevents proprietary "hidden production"—where a service provider uses modified versions of the software without sharing those improvements back with the community. Any derivative works or services using this library are required to also be open-source under the same terms.