superswan
commented
1 month ago that is a valid concern. however currently clients do not have a unique public key, when implemented this can be mitigated. the plan is to generate key using some unique identifier located on the system. this will prevent them from decrypting commands not destined for their HWID.
Hi, this is a great project! the problem is that all clients share the same Telegram channel, which lets them see each other’s HWIDs and public keys. This means any client can potentially capture that data and send commands to other clients by using the captured HWID along with the key.