"Because privacy shouldn't be your last resort, but your first choice."
LastChance Messenger is a hardened, security-focused P2P communication terminal designed for high-assurance environments. Built using Go (Wails) and React, it provides a deterministic, decentralized messaging experience that prioritizes cryptographic integrity and metadata obfuscation. Unlike traditional messengers, LastChance operates over standard TCP/IP while maintaining a "Red Team" posture against traffic analysis and interception.
We are currently undergoing a major architectural update regarding our build pipeline and UI/UX design.
- Build System Overhaul: Moving to a containerized build environment for consistency.
- Dual-Mode Deployment:
- Standard: Default user directory configuration.
- Portable: User-defined directory for local data storage.
Note: These changes are extensive and will take time to stabilize. Follow our progress in the
crit-tierbranch.
| Category | Implementation |
|---|---|
| Asymmetric E2EE | X25519 (ECDH) key exchange + XChaCha20-Poly1305 AEAD |
| SafeFSOps (Sandbox) | CWE-22 path traversal prevention via centralized resolution layer |
| Stealth Traffic Masking | Customizable headers (e.g., X-DNS-Cookie) to bypass DPI |
| BIP39 Identity | 24-word seed phrase for portable, recoverable identities |
| Hardened Local Storage | 0600 permissions + SQLite WAL mode for identity & messages |
| Layer | Protocol | Purpose |
|---|---|---|
| Outer (Transport) | TLS 1.3 (enforced tls.VersionTLS13) |
Anti-sniffing, local network protection |
| Inner (Payload) | HKDF-SHA256 + X25519 session secret | Post-TLS termination protection |
Every message is padded to the nearest allowed size: 256B, 1KB, 4KB, or 64KB.
- Magic Bytes:
0x4E53("NS"- Naive Secure) - Entropy: Random padding before encryption ensures identical messages produce different ciphertexts.
The codebase has undergone a comprehensive pre-commit security review:
| CWE | Vulnerability | Remediation |
|---|---|---|
| CWE-22 | Path Traversal | SafeFSOps sandbox with mandatory resolution |
| CWE-190 | Integer Overflow | Bounds checking on all size conversions |
| Deprecated Crypto | Weak primitives | Migrated to crypto/ecdh (Go stdlib) for X25519 |
| Resource Leaks | Handles/rows | Strict defer patterns for cleanup |
- Go 1.26+
- Node.js 18+ & NPM
- Wails CLI
go install github.com/wailsapp/wails/v2/cmd/wails@latest
git clone https://github.com/yourorg/lastchance-messenger.git
cd lastchance-messengerCopy .env.example to .env and adjust relay server URLs.
wails buildThe binary will be located in build/bin/.
| Variable | Description | Default |
|---|---|---|
| SERVER_URL Base URL | for message relay server | https://relay.lastchance.example |
| LC_MASK_HEADER_NAME | Custom header for traffic masking | X-DNS-Cookie |
| LC_MASK_HEADER_VALUE | Header value for masking | MySecretToken123 |
We believe in radical transparency for security tools.
Technical API Specifications — Detailed package & encryption logic
Security Audit Report — Full vulnerability log & fixes
-
Private nodes — Released a dedicated repository with a server node in Dockerfile format. Deploy here
-
Availability — Add publicly accessible nodes for communication without private nodes
-
Mesh Networking — Direct peer discovery without relay servers
-
Mobile Clients — React Native port of core logic
-
Post-Quantum Cryptography — Kyber/Dilithium integration
-
Tor/I2P Integration — Optional anonymization network routing## Contact & Connectivity
I prefer decentralized and encrypted communication channels.
- Session ID: 05f08d7242fe9cd621e98ef902cd1a21a8bf10d0c7c946e8c8e469d2396657a637
(Preferred for quick chats)
- Proton Mail:
nabla.shell@proton.me(For long-form inquiries; PGP preferred) - PGP Key: Available in here PGP Fingerprint: 885F 3675 1D87 3F99 55ED 0ABC D1F6 A559 1458 507D
If LastChance helps your OpSec, consider supporting the project. Cryptocurrency Address
If you find LastChance useful, consider supporting its development:
All donations go towards relay nodes and security audits.
LastChance Messenger is released under the GNU Affero General Public License v3. You may copy, distribute, and modify the software as long as your modifications are also made available under the AGPLv3.