Skip to content

v8.0: Multi-Client P2P Terminal Sharing with End-to-End Encryption

Choose a tag to compare

View all tags
@TaklaXBR TaklaXBR released this 01 Jan 19:07
· 44 commits to main since this release
v8.0
ea3e3be
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Major Features

Multi-Client P2P Terminal Sharing

ZAI Shell v8.0 includes a peer-to-peer terminal sharing system that enables collaboration between multiple users. The architecture supports one host and multiple helper clients, communicating over TCP sockets with optional end-to-end encryption.

Key Capabilities:

  • Multi-client support: One host can handle multiple concurrent helper connections
  • Real-time communication: Message broadcasting, command sharing, and file transfers
  • User management: Automatic name conflict resolution and user tracking
  • Session handling: Connection monitoring with reconnection support

End-to-End Encryption (E2E)

Optional encryption support for P2P communication.

Security Features:

  • AES-256 encryption using Fernet
  • Password-based key derivation: PBKDF2 with 100,000 iterations and SHA-256
  • Encrypted file transfers: File contents are encrypted during transmission
  • Encrypted messaging: Chat messages and shared commands are encrypted

Natural Language P2P Control

Gemini integration allows basic natural language commands for P2P operations, reducing the need to remember specific command syntax.

Examples:

  • "Show me the logs" → Displays terminal logs
  • "Send report.pdf to Alice" → Sends a file to a specific user
  • "Tell everyone the server is ready" → Broadcasts a message
  • "Run dir command on Bob's machine" → Sends a command request
  • "Accept the incoming file" → Accepts a pending file transfer

File Transfer System

Chunked file transfer with integrity verification.

Features:

  • Large file support: Up to 100MB per file (64KB chunks)
  • MD5 checksum verification for integrity validation
  • Progress tracking during transfer
  • Targeted delivery to specific users or all participants
  • Automatic filename conflict handling

Security Framework Improvements

Additional validation and filtering mechanisms to reduce unsafe operations.

Security Enhancements:

  • Expanded blocked command list (PowerShell, Windows, Unix variants)
  • Regex-based detection of potentially dangerous command patterns
  • Unicode normalization to prevent hidden character abuse
  • Path traversal protection (.., UNC paths, system directories)
  • Reserved filename blocking (CON, NUL, COM1, etc.)
  • Username sanitization for P2P sessions

Complete Feature List

P2P Session Management

share start [port]              # Start hosting session (default: 5757)
share connect IP:PORT           # Connect to a session
share encrypt [password]        # Enable encryption before connecting
share name <newname>            # Set or change display name
share end                       # End session

Communication & Collaboration

share message <text>            # Broadcast message
share chat                      # Show chat history
share send <command>            # Send command request (helper → host)
share approve / reject          # Host approves or rejects commands

File Operations

share file <path> [user]        # Send file to a user or all
share accept [path]             # Accept incoming file
share deny                      # Reject incoming file

Information & Status

share status                    # Show connection status
share list / users              # List connected users
share logs                      # Show activity logs

Global Access via ngrok

For connections outside the local network:

  1. Host runs: ngrok tcp 5757
  2. Host shares the ngrok address
  3. Helpers connect using share connect <ngrok-address>

Security Architecture

Encryption Implementation

  • Algorithm: AES-256 (Fernet)
  • Key derivation: PBKDF2-HMAC-SHA256 (100,000 iterations)
  • Salt: zaishell_p2p_salt_v8
  • Encoding: Base64

Validation Pipeline

  1. Unicode normalization
  2. Regex-based command inspection
  3. Path validation
  4. Username sanitization
  5. File checksum verification

Restricted Operations

  • Destructive system commands
  • Privilege escalation attempts
  • Remote code execution patterns
  • Path traversal exploits
  • Reserved device names

Use Cases

Remote Collaboration

  • Shared terminal sessions
  • Command approval workflow
  • Secure file sharing

Educational Use

  • Instructor-led terminal demonstrations
  • Controlled command execution
  • Safer learning environment

DevOps & System Administration

  • Troubleshooting sessions
  • Log inspection
  • File exchange between team members

Technical Support

  • Remote terminal assistance
  • Command guidance without screen sharing
  • Secure data transfer

Technical Details

Architecture

  • Protocol: TCP sockets with JSON messages
  • Threading: Daemon threads for async I/O
  • Client management: Thread-safe structures
  • Message framing: Newline-delimited JSON

Performance

  • File transfer: Network-limited (64KB chunks)
  • Concurrent clients: Tested with multiple connections
  • Latency: Low latency on local networks
  • Memory usage: ~10MB base + ~2MB per client

Dependencies

  • cryptography (optional)
  • Standard library modules
  • colorama

Installation & Setup

Requirements

pip install cryptography

Quick Start – Host

python zaishell.py
> share encrypt mypassword
> share start
# Share 192.168.1.22:5757 with helpers

Quick Start – Helper

python zaishell.py
> share encrypt mypassword
> share connect 192.168.1.22:5757
Assets 2
Loading