← Bali menyang WindowsHelper

Model Keamanan

Carane WindowsHelper nglindhungi PC + telpon, kriptografi apa sing digunakake, lan apa sing ora kita bela kanthi jelas. Dianyari pungkasan: 2026-04-25.

nglaporake kerentanan

Email support@windowshelper.app karo subyek [security]. Aja mbukak masalah GitHub umum - wenehi jendela kanggo ngirim perbaikan sadurunge diungkapake.

Siklus urip kode pasangan

Kode pasangan yaiku rahasia bareng saben operasi crypto liyane asalé saka. Siklus urip lengkap:

[ Phone GENERATES random 8-char code ]
   ↓
[ Phone WRITES code + sessionId to Firestore in pc_connections doc ]
   ↓
[ Phone DISPLAYS code to user on screen ]
   ↓
[ User READS code, types it into companion's input field ]
   ↓
[ Companion QUERIES Firestore for waiting session matching the code ]
   ↓
[ Both sides DERIVE crypto keys from SHA-256(code, sessionId) ]
   ↓
[ Code STAYS in memory on both sides; never written to Firestore by either ]
   ↓
[ Disconnect / re-pair WIPES the code from both sides ]

Kriptografi

AES-256-GCM (rahasia printah + integritas)

Saben printah sing dikirim liwat kabel dienkripsi nganggo AES-256-GCM, mode enkripsi sing diotentikasi.

HMAC-SHA256 (keasliane printah)

Saben printah uga duwe tandha HMAC supaya telpon sing ora ngerti kode pasangan ora bisa nyuntik printah sanajan bisa nulis menyang Firestore.

Model ancaman

AncamanStatusCathetan
Eavesdropper ing jaringan lokalMitigatedCiphertext AES-GCM ora jelas kanggo pengamat MITM.
Eavesdropper ing server FirestoreMitigatedGoogle sees AESGCM:... blobs, not commands.
Penyerang sing bisa nulis menyang Firestore nanging ora ngerti kode kasebutMitigatedverifikasi HMAC gagal; kanca log penolakan + nolak eksekusi.
Attacker sing crack / phished kode pasanganSisaDheweke bisa ngetokake perintah kaya-kaya pangguna. Mitigasi: muter kode saka menu tray.
Muter maneh printah sing direkamSisasentAtMillis is HMAC-bound; companion doesn't yet enforce a freshness window. Future fix adds a TTL.
LAN-mode penyerang ora dikonfirmasiMitigatedWebSocket pasangan jabat tangan validates kode; HMAC + AES gapura saben printah sakteruse.
Telpon kompromi karo kunci pasangan sing dicolongSisaOra bisa dibedakake saka "pangguna dhewe." Mitigasi: watesan tarif (10 cmd / min) + konfirmasi printah ngrusak mbutuhake klik sisih PC.
Salah ngetik printah saka app telponMitigatedDhaptar ijin sisih telpon mblokir prefiks sing ora dingerteni; pamblokiran pamblokiran pra-penerbangan sisih kanca ngarahake layanan sing ora ana.
printah destruktif mbukak sengajaMitigatedCompanion-side modal requires user click to approve Remove-Item, Format-Volume, reg delete, shutdown /r, etc.
Proses PowerShell Hung / runawayMitigatedHard wektu entek 5 menit mateni kabeh wit proses.
Companion .exe tampering antarane download lan mbukakMitigatedSHA-256 published in companion-version.json; users can verify. Authenticode signing landing soon.
Companion kacilakan bocor status sensitifMitigatedLaporan kacilakan + Tulis maneh kesalahan Firestore diresiki %USERPROFILE% / %MACHINE% / %USER%.
Piranti sing dicolong, kunci pasangan Registry tetepSisaPenyerang kanthi akses disk + login bisa maca kode sing tetep. Ndandani mbesuk mbungkus nganggo Windows DPAPI.

Metu saka ruang lingkup

Prakara WindowsHelper kanthi eksplisit ditindakake ora mbela marang:

pambocoran