Carane WindowsHelper nglindhungi PC + telpon, kriptografi apa sing digunakake, lan apa sing ora kita bela kanthi jelas. Dianyari pungkasan: 2026-04-25.
Email support@windowshelper.app karo subyek [security]. Aja mbukak masalah GitHub umum - wenehi jendela kanggo ngirim perbaikan sadurunge diungkapake.
Kode pasangan yaiku rahasia bareng saben operasi crypto liyane asalé saka. Siklus urip lengkap:
[ Phone GENERATES random 8-char code ] ↓ [ Phone WRITES code + sessionId to Firestore in pc_connections doc ] ↓ [ Phone DISPLAYS code to user on screen ] ↓ [ User READS code, types it into companion's input field ] ↓ [ Companion QUERIES Firestore for waiting session matching the code ] ↓ [ Both sides DERIVE crypto keys from SHA-256(code, sessionId) ] ↓ [ Code STAYS in memory on both sides; never written to Firestore by either ] ↓ [ Disconnect / re-pair WIPES the code from both sides ]
pairingCode; sawise dipasangake, kode tetep ing memori istimewa.Saben printah sing dikirim liwat kabel dienkripsi nganggo AES-256-GCM, mode enkripsi sing diotentikasi.
SHA-256("WH_SECURE_{code}_{sessionId}_CMD_KEY").Random.secure() ing telpon utawa RandomNumberGenerator ing pendamping.AESGCM:<nonce_b64>:<ciphertext_b64>:<tag_b64>Saben printah uga duwe tandha HMAC supaya telpon sing ora ngerti kode pasangan ora bisa nyuntik printah sanajan bisa nulis menyang Firestore.
SHA-256("WH_SECURE_{code}_{sessionId}_HMAC_KEY"). Kapisah saka kunci enkripsi.HMAC-SHA256(hmacKey, commandId | ciphertext | sentAtMillis). Pipa kasebut minangka karakter pipa harfiah, dudu pembatas - telung senar sing disambungake.| Ancaman | Status | Cathetan |
|---|---|---|
| Eavesdropper ing jaringan lokal | Mitigated | Ciphertext AES-GCM ora jelas kanggo pengamat MITM. |
| Eavesdropper ing server Firestore | Mitigated | Google sees AESGCM:... blobs, not commands. |
| Penyerang sing bisa nulis menyang Firestore nanging ora ngerti kode kasebut | Mitigated | verifikasi HMAC gagal; kanca log penolakan + nolak eksekusi. |
| Attacker sing crack / phished kode pasangan | Sisa | Dheweke bisa ngetokake perintah kaya-kaya pangguna. Mitigasi: muter kode saka menu tray. |
| Muter maneh printah sing direkam | Sisa | sentAtMillis is HMAC-bound; companion doesn't yet enforce a freshness window. Future fix adds a TTL. |
| LAN-mode penyerang ora dikonfirmasi | Mitigated | WebSocket pasangan jabat tangan validates kode; HMAC + AES gapura saben printah sakteruse. |
| Telpon kompromi karo kunci pasangan sing dicolong | Sisa | Ora bisa dibedakake saka "pangguna dhewe." Mitigasi: watesan tarif (10 cmd / min) + konfirmasi printah ngrusak mbutuhake klik sisih PC. |
| Salah ngetik printah saka app telpon | Mitigated | Dhaptar ijin sisih telpon mblokir prefiks sing ora dingerteni; pamblokiran pamblokiran pra-penerbangan sisih kanca ngarahake layanan sing ora ana. |
| printah destruktif mbukak sengaja | Mitigated | Companion-side modal requires user click to approve Remove-Item, Format-Volume, reg delete, shutdown /r, etc. |
| Proses PowerShell Hung / runaway | Mitigated | Hard wektu entek 5 menit mateni kabeh wit proses. |
| Companion .exe tampering antarane download lan mbukak | Mitigated | SHA-256 published in companion-version.json; users can verify. Authenticode signing landing soon. |
| Companion kacilakan bocor status sensitif | Mitigated | Laporan kacilakan + Tulis maneh kesalahan Firestore diresiki %USERPROFILE% / %MACHINE% / %USER%. |
| Piranti sing dicolong, kunci pasangan Registry tetep | Sisa | Penyerang kanthi akses disk + login bisa maca kode sing tetep. Ndandani mbesuk mbungkus nganggo Windows DPAPI. |
Prakara WindowsHelper kanthi eksplisit ditindakake ora mbela marang:
[security].