2

🔐 AES-256-GCM Secure Encryptor v4

Enter a password
0 / 256 chars
Result will appear here.
⚡ Ready — v4: PBKDF2-1.6M · AES-256-GCM² · HMAC-SHA256 · 18 anti-debug layers · Full DOM wipe

⚠️ Do not translate, modify or re-encode the encrypted content. Any alteration permanently corrupts it. The password is never stored and cannot be recovered. Loss of password = permanent data loss.

🛡 SECURITY FEATURES v4

1. Dual AES-256-GCM + HMAC-SHA256

Two fully independent AES-256-GCM layers: inner key from PBKDF2-1M, outer key from PBKDF2-600K (1.6M total — 3.2× more brute-force resistant than v1). HMAC-SHA256 over inner ciphertext detects any single-bit tampering before decryption.

2. Full DOM Wipe on Unlock

document.open/write/close completely replaces the locker page on unlock. The encrypted payload, anti-debug code and all key material vanish from DOM and source inspector. Only the decrypted content remains.

3. Key Material + IV + Salt Zeroing

After each operation all raw key bytes, IVs and salts are overwritten with zeros in memory. No extractable key exists beyond the operation window.

4. Password: 1–256 Characters

Any length accepted. 32+ chars with mixed case, numbers and symbols strongly recommended.

5. Maximum Code Obfuscation

  • All string literals XOR-encoded at runtime via char-code arrays
  • String splitting with sSplit() — no literal crypto API names in output
  • All variable names randomized (10–14 char tokens)
  • 12-state switch dispatcher with randomized state values
  • 36 dead-code blocks (plain [] arrays — immune to decrypt regex)
  • Chunk reassembly via new Uint8Array([...]) exclusively for real data

6. 18-Layer Anti-Debug / Anti-Tamper

  • Debugger timing trap (120ms threshold, 350ms interval)
  • DevTools viewport size monitor (continuous, 700ms)
  • All console.* methods sealed (log, warn, error, info, debug, table, dir, trace, group, groupEnd)
  • Function.prototype.toString locked (non-writable, non-configurable)
  • Function.prototype.call integrity check
  • navigator.webdriver blocked
  • PhantomJS / Nightmare / Puppeteer / Selenium detection
  • eval native-code integrity check
  • toString length trap on 5 native functions
  • crypto.subtle frozen at boot
  • Continuous automation re-check (2s)
  • Proxy trap on window property access (__* and $cdc_ keys)
  • Performance timing jitter detection (80× ratio threshold)
  • document.write native-code integrity check
  • Object.defineProperty native-code integrity check
  • Shadow DOM / MutationObserver injection detection
  • Worker-based anti-debug heartbeat (separate thread)
  • Continuous re-arm: all layers re-validated every 1.5s

⚠ Best Practices

Use 32+ chars, mixed case, numbers, symbols. One encrypted file = one password. Never share both together. Password never stored anywhere.

✏️ Last Updated:
✅ Success!

Comments

Post a Comment