This TelegramBot
uses state-of-the-art encryption algorithm (ECDSA) and pixel manipulation (steganography) to masque any given <text>
within any given <image>
If you truly have a paranoia about security. A VPN is recommended during /encrypt and /decrypt.
PNGs are recommended better performance.
- Saves
instead of username. unique constraint
prevents duplicacy.- Message is first
is performed. ECDSA
is used, which means less time on computation and powerful encryption.Dynamic URL
: URL changes every6 hours and 5 minutes
, with130 char long
, making it impossible to send through any means other than telegram since URL remains unknown to everyone except telegram.Gunicorn
creates multiple workers hence supporting parallel processing.- Process Management: All processes are cancelled before starting a new one.
are added to delete any process with a timestamp older than 10 minutes. A few coolEaster Eggs
are there as well.
Video Tutorial: LRBY | YouTube
<iframe id="odysee-iframe" style="width:74vw;height:42vw;" src="$/embed/MasquerBot/11376992c29c54efde884284b298a1290ae8d7f8?r=45vpskZGbEGUURSfgbmqd6b53WGvvGuh" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
How this works is, that everyone is given a public key, which is used to lock information, we call it "public key" as it can be publicly distributed.
So to masque a message both sender and receiver must initiate MasquerBot's Service. Each message is masqued only for the receiver, if the receiver changes their key then decryption would be impossible.
- /start: It starts and calls /help and /get_key
- /lbry or /youtube: Return a link of video tutorial.
- /help: Returns the
andAvailable Commands
. - /get_key: Returns your
public key
. - /encrypt: Returns the
encoded image
.- Step 1: Send the
to encrypt. - Step 2: Send the recipient's
public key
(not yours). - Step 3: Send the
(as a document).
- Step 1: Send the
- /decrypt: Returns the
hidden text
.- Step 1: Send the
encoded image
(as a document).
- Step 1: Send the
- /cancel: Cancels any ongoing events.
- /request_new_key: Deletes your account and creates another one. Beware! Once deleted you cant retrieve any text masqued using the previous key.
The following are the bare necessities for this project.
Lets start the standard procedure for python project setup.
- Clone the repository
$ git clone
- Create the virtualenv and activate it
$ cd MasqureBot
$ virtualenv .
$ source ./bin/activate # unix
$ .\Scripts\activate.bat # windows
- Install requirements
$ pip install -r requirements.txt
To run the project locally download and install
Following are the steps to run locally
- copy content of .env.template into .env (one can use dump-env as well)
$ cat .env.template > .env
- Fillup the basic info.
# Flask Variables
# ------------
# SQLAlchemy Variables
# ------------
# Telegram Credentials
# ------------
run the following command
$ ngrok http 8000
This will create a local tunnel with address like
that is your value for domain.
If you use SQLite, that create a file and it does not need any other software.
is the value for
is that case. -
For any other SQL the syntax is
, heredialect
refers to SQL. We have used postgreSQL which usespsycopg2
as default driver which is installed fromrequirements.txt
Run the application!
$ make
$ gunicorn wsgi:application -c
Following are the steps to run on server.
If you can host .env, then the steps are pretty much same as running locally, except for
, it will be provided by hosting provider. -
If you can't host .env like in case of
, then you need to export each variable into hosting providers environment.
Dependency | Usage |
APScheduler | Creates a background scheduler in which changes webhook URL in every 6 hours and 5 minutes |
eciespy | Generates ECDSA key pair and also provides encryption and decryption functionality |
Flask | Flask is a lightweight WSGI web application framework. |
Flask-RESTful | Adds support for quickly building REST APIs. |
Flask-SQLAlchemy | Provides a Object Relation Mapper which is meant to integrate with |
gunicorn | It is a Python WSGI HTTP server. It is a pre-fork worker model, used to create concurrency for resources. |
psycopg2-binary | Driver for postgreSQL used by Flask-SQLAlchemy |
pyTelegramBotAPI | A simple, but extensible Python implementation for the Telegram Bot API. |
python-dotenv | Reads the key-value pair from .env file and adds them to environment variable. |
stegano | A pure Python Steganography module. |