MasquerBot

https://t.me/MasquerBot

This TelegramBot uses state-of-the-art encryption algorithm (ECDSA) and pixel manipulation (steganography) to masque any given <text> within any given <image>.

• If you truly have a paranoia about security. A VPN is recommended during /encrypt and /decrypt.

• PNGs are recommended better performance.

Video Tutorial: LRBY | YouTube

<iframe id="odysee-iframe" style="width:74vw;height:42vw;" src="https://odysee.com/$/embed/MasquerBot/11376992c29c54efde884284b298a1290ae8d7f8?r=45vpskZGbEGUURSfgbmqd6b53WGvvGuh" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

💼About

📈Workflow

How this works is, everyone is given a public key, that public key is used to lock information, we call it public key as it can be publicly distributed.

So to masque a message both sender and receiver must initiate MasquerBot's Service. Each message is masqued only for receiver, if receiver changes xer key then decryption would be impossible.

🖥Available Commands:

• /start: It starts and calls /help and /get_key
• /lbry or /youtube: Return a link of video tutorial.
• /help: Returns the Workflow and Available Commands .
• /get_key: Returns your public key.
• /encrypt: Returns the encoded image.
  • Step 1: Send the message to encrypt.
  • Step 2: Send the recipient's public key (not yours).
  • Step 3: Send the image (as document).
• /decrypt: Returns the hidden text.
  • Step 1: Send the encoded image (as document).
• /cancel: Cancels any ongoing events.
• /request_new_key: Deletes your account and creates another one. Beware! Once deleted you cant retrieve any text masqued using previous key.

⚡Features:

• Saves Hashes instead of username.
• unique contraint prevents duplicacy.
• Message is first encrypted then steganography is performed.
• ECDSA is used. which means less time on computation and powerful encryption.
• Dynamic URL: URL changes every 6 hours and 5 minutes, with 130 char long, therefore making it impossible to send through any means other than telegram since URL remains unknown to everyone except telegram.
• Gunicorn creates multiple workers hence supporting parallel processing.
• Process Management: All process are cancelled before starting a new one. Triggers are added to delete any process with timestamp older than 10 minutes.
• Few cool Easter Eggs are there as well.

⚙Development

💾Setup

The following are the bare necessities for this project.

• Python3
• TelegramBot with its API key

Lets start the standard procedure for python project setup.

• Clone the repository

$ git clone https://github.com/ra101/MasqureBot.git

• Create the virtualenv and activate it

$ cd MasqureBot
$ virtualenv .
$ source ./bin/activate # unix
$ .\Scripts\activate.bat  # windows

• Install requirements

$ pip install -r requirements.txt

💻Run on localhost

To run the project locally download and install

• ngrok

Following are the steps to run locally

• copy content of .env.template into .env (one can use dump-env as well)

$ cat .env.template > .env

• Fillup the basic info.

DOMAIN_NAME=


# Flask Variables
# ------------
FLASK_DEBUG=True
FLASK_ENV=development
FLASK_SECRET_KEY=my_precious


# SQLAlchemy Variables
# ------------
DATABASE_URL=
SQLALCHEMY_TRACK_MODIFICATIONS=True


# Telegram Credentials
# ------------
TELEGRAM_BOT_TOKKEN=<your_bot_token>

• For DOMAIN_NAME

  • run the following command

    $ ngrok http 8000

  • This will create a local tunnel with address like https://<nonce>.ngrok.io that is your value for domain.

• For DATABASE_URL

  • If you use SQLite, that create a file and it does not need any other software. sqlite:///foo.db

    is the value for DATABASE_URL is that case.

  • For any other SQL the syntax is dialect+driver://username:password@host:port/database , here dialect refers to SQL. We have used postgreSQL which uses psycopg2 as default driver which is installed from requirements.txt

• Run the application!

$ make

or

$ gunicorn wsgi:application -c scheduler.py

☁Run on Server

Following are the steps to run on server.

• If you can host .env, then the steps are pretty much same as running locally, except for DOMAIN_NAME , it will be provided by hosting provider.

• If you can't host .env like in case of heroku, then you need to export each variable into hosting providers environment.

📃Breakdown of requirements.txt

Dependency	Usage
APScheduler	Creates a background scheduler in scheduler.py which changes webhook URL in every 6 hours and 5 minutes
eciespy	Generates ECDSA key pair and also provides encryption and decryption functionality
Flask	Flask is a lightweight WSGI web application framework.
Flask-RESTful	Adds support for quickly building REST APIs.
Flask-SQLAlchemy	Provides a Object Relation Mapper which is meant to integrate with
gunicorn	It is a Python WSGI HTTP server. It is a pre-fork worker model, used to create concurrency for resources.
psycopg2-binary	Driver for postgreSQL used by Flask-SQLAlchemy
pyTelegramBotAPI	A simple, but extensible Python implementation for the Telegram Bot API.
python-dotenv	Reads the key-value pair from .env file and adds them to environment variable.
stegano	A pure Python Steganography module.

🎁Donations

🌟Credit/Acknowledgment

📜License

🤙Contact Me