The Quantum Socket Toolkit allows two system behind NAT/Firewall to establish a TCP/TLS connection with each other.
The qsocket library locally derives a universally unique identifier (UUID) and connects two devices through the Quantum Socket Relay Network (QSRN) regardless and independent of the network layers, local IP Address or geographical location. The entire qsocket project is ported from the original gsocket toolkit of THC.
But Why?
So why did you reinvent the wheel? Simply because we wanted our own wheel :) Due to several design choices of THC and the nature of the project we were not comfortable using the GSRN for our own business. So we decided to create our own version to our own liking. We also wanted to modernize the project by porting it to Go/Rust, add new features, more platform support, and scalability.
The Quantum Socket Toolkit comes with a set of tools:
- qs-netcat - Netcat on steroids. Turn netcat into an TLS encrypted reverse backdoor via TOR (optional) with a true PTY/interactive command shell (
qs-netcat -s MySecret -i), integrated file-transfer, redirect traffic or give somebody temporary shell access. - qs-mic - Access (record audio) the microphone devices of a remote system. (
qs-mic -s MySecret -d 10) - qs-lite - Lightweight version of qs-netcat utility written in pure Rust (no external dependency).
- …many more examples and tools.
Supported Platforms
QSocket toolkit supports 12 platforms on 11 architecture, check Supported Platforms below for detailed table.
Supported Platforms
| Tool | Linux | Windows | Darwin | FreeBSD | OpenBSD | NetBSD | Android | IOS | Solaris | Illumos | Dragonfly | AIX |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| qsocket | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| qs-netcat | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| qs-lite | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| qs-mic | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| ~qs-cam~ | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 |
Crypto / Security Mumble Jumble
- The connections are end-2-end encrypted. This means from User-2-User (and not just to the Relay Network). The Relay Network relays only (encrypted) data to and from the Users.
- The QSocket uses SRP for ensuring perfect forward secrecy. This means that the session keys are always different, and recorded session traffic cannot be decrypted by the third parties even if the user secret is known.
- The session key is 256 bit and ephemeral. It is freshly generated for every session and generated randomly (and is not based on the password).
- A brute force attack against weak secrets requires a new TCP connection for every guess. But QSRN contains a strong load balancer which is limiting the consecutive connection attempts.
- Do not use stupid passwords like ‘password123’. Malice might pick the same (stupid) password by chance and connect. If in doubt use qs-netcat -g to generate a strong one. Alice’s and Bob’s password should at least be strong enough so that Malice can not guess it by chance while Alice is waiting for Bob to connect.
- If Alice shares the same password with Bob and Charlie and either one of them connects then Alice can not tell if it is Bob or Charlie who connected.
- Assume Alice shares the same password with Bob and Malice. When Alice stops listening for a connection then Malice could start to listen for the connection instead. Bob (when opening a new connection) can not tell if he is connecting to Alice or to Malice.
- We did not invent SRP. It’s a well-known protocol, and it is well-analyzed and trusted by the community.
If gs-netcat is a germanic battle axe… than qs-netcat is a turkish döner knife ᕕ(⌐■_■)ᕗ ♪♬