SafeNova

<img src="./pics/intro.png" style="display: block; margin: 0 auto; max-width:80%; max-height:80%; border-radius:8px; margin-bottom:16px">

Try it online: https://safenova.dosx.su/

<a id="what-it-is"></a>

❔ What it is

SafeNova is a single-page web app that lets you create encrypted containers — isolated vaults where you can organize files in a folder structure, much like a regular desktop file manager. Everything is encrypted client-side before being written to storage. Nothing ever leaves your device.

Key properties:

• Zero-knowledge — the app never sees your password or plaintext data
• Offline-first — works entirely without network access
• No installation — start the local server and you're running (or use online)

---

📚 Table of Contents

• ❔ What it is
• 🚀 Getting started
  • Option A — Use online version
  • Option B — Local server
• 📋 Requirements
• ⚙️ Features
• ⚔️ SafeNova vs. the Competition
• 📁 Project structure
• 🔒 How containers work
• 📄 The .safenova Container Format
  • Archive sections
  • Design properties
• 🔐 Encryption
  • Session token security
  • Current tab session
  • Stay signed in
  • Three-source key wrapping
  • Session payload format
  • Remaining trade-off
• 🔏 Content Security Policy
  • Meta tag
  • Server-level headers
• 🛡️ Cross-Tab Session Protection
• 🛑 Duress Password
  • How it works
  • Why this design
  • Technical details
• 🔬 SafeNova Proactive Anti-Tamper
  • Startup sequence
    • Why native restoration matters
  • Real-time watchdog
  • Watchdog resilience
  • Intentionally excluded from checks
  • Network request interception
  • DOM exfiltration defense
  • Threat response
  • Design philosophy
    • Hook opacity
• 🔍 Container Integrity Scanner
  • Phase 1 — VFS structural checks
  • Phase 2 — Database-level checks
• ⚡ Performance
  • Adaptive concurrency
  • Bulk upload
  • ZIP export
  • Password change
  • Container export
  • Drag-and-drop performance
• 📱 Mobile Touch Support
  • Long-press to drag
  • Multi-file drag
  • Context menu
  • Paste at finger position
  • Overscroll
• �️ Security Audit Changelog
• �🛠️ Contribute
• 💬 Community
• 🤝 Thanks to all contributors

---

<a id="getting-started"></a>

🚀 Getting started

<a id="getting-started-online"></a>

Option A — Use online version

SafeNova is hosted on: https://safenova.dosx.su/

<a id="getting-started-local"></a>

Option B — Local server

A zero-dependency PowerShell server is included:

.\\.server.ps1

Or right-click the file → Run with PowerShell. It starts an HTTP server on port 7777 (or the next free port) and opens the app in your default browser.

No external installs needed — it uses the Windows built-in HttpListener.

---

<a id="requirements"></a>

📋 Requirements

• A modern browser: Chrome 90+, Firefox 90+, Safari 15+, or Edge 90+
• Web Crypto API must be available — this requires either HTTPS or localhost
• No plugins, no extensions, no backend

---

<a id="features"></a>

⚙️ Features

• Multiple containers — each with its own password and independent storage limit (8 GB per container)
• Virtual filesystem — nested folders, drag-to-reorder icons, customizable folder colors
• File operations — upload (drag & drop or browse; folder upload with 4× parallel encryption), download, copy, cut, paste, rename, delete
• Built-in viewers — text editor, image viewer, audio/video player, PDF viewer
• Hardware key support — optionally use a WebAuthn passkey to strengthen the container salt
• Session memory — optionally remember your session per tab (ephemeral, recommended) or persistently until manually signed out, using AES-GCM-encrypted session tokens; persistent sessions survive browser restarts
• Cross-tab session protection — a container can only be actively open in one browser tab at a time; a lightweight lock protocol detects conflicts and offers instant session takeover
• Container import / export — portable .safenova container files; import reads the archive via streaming File.slice() without loading the full file into memory, making multi-gigabyte imports possible; export streams data chunk-by-chunk requiring no single contiguous allocation regardless of container size
• Export password guard — configurable setting (on by default) to require password confirmation before exporting; when disabled, the container key is taken directly from the active session if one is open; if no session is present, a pre-generated encrypted export cache stored in IDB is used — the cache payload is deflate-compressed before encryption, reducing its IDB footprint significantly for containers with many files; the compressed bytes are then wrapped with a per-container HKDF-SHA-256 derived key (AES-256-GCM), making the cache browser-independent; if the cache is absent or stale (file count or sizes changed), the context menu shows a red dot and falls back to a password prompt — after a successful password-prompted export the cache is rebuilt automatically so subsequent exports require no password; the cache is invalidated on password change or settings re-enable
• Quick export button — dedicated Export button in the desktop toolbar provides one-click passwordless export when the export password guard is disabled
• Sort & arrange — sort icons by name, date, size, or type; drag to custom positions
• Secure container deletion — before permanent erasure, every encrypted blob is cryptographically pre-shredded: inline files have random bytes XOR-flipped (position and delta are unknown and unlogged); large chunked files have their AES-GCM IV zeroed, making decryption unconditionally impossible and the operation maximally fast; heavy internal blobs (deferred workspace data, export cache, audit log) are explicitly nullified before the record is deleted so that the browser immediately releases persistent storage and the freed space is reflected without waiting for lazy garbage collection
• Duress password — optional panic password that, when entered anywhere (unlock, change password, export), looks exactly like an incorrect password but silently destroys all encrypted data in the background; see Duress Password below
• SafeNova Proactive — runtime protection module that loads first in <head>, captures all security-critical native function references at startup (including String.prototype.toLowerCase, String.prototype.indexOf, and String.prototype.slice for tamper-proof string operations), validates every capture is truly native (pre-capture tampering guard), hooks outbound network APIs (fetch, XHR, sendBeacon, WebSocket, window.open, EventSource, Worker/SharedWorker — including data: and same-origin blob: workers) and DOM exfiltration vectors (setAttribute, innerHTML/outerHTML, insertAdjacentHTML, document.write, Location navigation, form submit, resource property setters) to block external requests, silently removes dynamically injected external scripts via MutationObserver, blocks eval and new Function() constructors, guards string callbacks in setTimeout/setInterval, and runs a quadruple-redundant watchdog with timer-ID protection and a dead man's switch heartbeat — if the watchdog is killed, the app auto-locks all containers
• Container integrity scanner — 28 automated checks (21 VFS structural + 7 database-level) with one-click auto-repair, Deep Clean (flattens over-nested folder trees, repairs all metadata), and a backup prompt before any destructive operation; includes file decryption verification that detects corrupted or unreadable blobs (including those silently destroyed by the duress trigger)
• Settings — three tabs: personalization, statistics, activity logs
• Keyboard shortcuts — Delete, F2, Ctrl+A, Ctrl+C/X/V, Ctrl+S (save in editor), Escape, End (lock container — only when focus is not in a text field)
• Incognito / private-mode detection — on first visit the app detects if the browser is in private/incognito mode (Chrome, Firefox, Safari) using engine-fingerprint-based checks (no UA sniffing). If detected, a one-time warning explains that Indexed