<p align="center">
<img src="assets/deadrop-logo.png" width="220" alt="deadrop logo" />
</p>
<h1 align="center">deadrop</h1>
<p align="center">
<b>Zeroβknowledge file drops that selfβdestruct.</b><br/>
One command. One link. Gone. Like it never happened.
</p>
<p align="center">
<a href="https://crates.io/crates/deadrop"><img src="https://img.shields.io/crates/v/deadrop.svg?style=flat-square&color=00ff88" alt="crates.io" /></a>
<a href="https://github.com/Karmanya03/Deadrop/releases"><img src="https://img.shields.io/github/v/release/Karmanya03/Deadrop?style=flat-square&color=00ff88" alt="release" /></a>
<a href="https://github.com/Karmanya03/Deadrop/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-00ff88?style=flat-square" alt="license" /></a>
<img src="https://img.shields.io/badge/encryption-XChaCha20--Poly1305-00ff88?style=flat-square" alt="encryption" />
<img src="https://img.shields.io/badge/written_in-Rust_π¦-00ff88?style=flat-square" alt="rust" />
</p>
<p align="center">
<img src="https://img.shields.io/badge/server_knows-nothing_π€·-ff4444?style=flat-square" alt="zero knowledge" />
<img src="https://img.shields.io/badge/after_download-π₯_self_destructs-ff4444?style=flat-square" alt="self destruct" />
<img src="https://img.shields.io/badge/dependencies-just_the_binary-blueviolet?style=flat-square" alt="single binary" />
</p>
---
## What is this?
Remember in spy movies when someone leaves a briefcase under a park bench, and someone else picks it up later? That's a **dead drop**.
This is that, but for files. And the briefcase is encrypted with military-grade cryptography. And the park bench self-destructs after pickup. And nobody β not even the bench β knows what's inside.
```
βββββββββββ βββββββββββ
β You β β Friend β
ββββββ¬βββββ ββββββ¬βββββ
β β
β ded ./secret-plans.pdf β
β βββββββββββββββββββββββ β
β β
ββββββ΄ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π Your Machine ββ
β ββββββββββββ ββββββββββββββββ ββββββββββββββββ ββ
β β Encrypt βββββΊβ Ciphertext βββββΊβ HTTPS Server β ββ
β β (WASM) β β (on disk) β β (Axum+TLS) β ββ
β ββββββββββββ ββββββββββββββββ ββββββββ¬ββββββββ ββ
β π Key goes in URL #fragment β ββ
βββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββ
β β β
β π² Sends link via Signal / QR scan β β
β β β β β β β β β β β β β β β β β β ββΊβ β
β β β
β βββββββ΄ββββββββ β
β β Opens URL βββββ
β β in browser β
β βββββββ¬ββββββββ
β β
β βββββββββββββββ΄ββββββββββββββ
β β π¦ Browser fetches blob β
β β π Extracts #key β
β β β‘ WASM decrypts locally β
β β πΎ File downloads β
β βββββββββββββββ¬ββββββββββββββ
β β
ββββββ΄βββββββββββββββββββββββββββββββ β
β π₯ Self-destruct triggered β β
β π₯ Drop marked as burned β β
β π Server shuts down β β
βββββββββββββββββββββββββββββββββββββ β
β β
βΌ βΌ
What file? There was no file. Got it. Thanks. π
```
## Features
### Core
| π **Endβtoβend encrypted** | XChaCha20βPoly1305. The server never sees the key. Ever. |
| π **Key in URL fragment** | The `#key` part never hits server logs, proxies, or HTTP headers |
| π **HTTPS by default** | Autoβgenerated selfβsigned TLS cert β encrypted on the wire, zero config |
| π₯ **Selfβdestruct** | Expire by time, by download count, or both |
| π± **Works on phones** | Receiver only needs a browser. No app. No account. No signup. |
| π **Send folders** | Directories autoβpack to `.tar.gz` before encryption |
| βΎοΈ **Unlimited file size** | Streams from disk β your 50GB file won't eat your RAM |
| π **Optional password** | Argon2id key derivation (64MB memoryβhard, GPUβresistant) |
| π¦ **Single binary** | No runtime, no Docker, no config files. Just one executable. |
| π² **QR code** | Because typing URLs is for people who still use fax machines |
| π₯ **Receive mode** | `ded receive` β phoneβtoβPC uploads with browser encryption |
### Security Hardening
| π» **Fragment autoβclear** | `#key` is stripped from the URL bar and browser history the instant the page loads |
| π **IP pinning** | Download is locked to the first IP that connects β anyone else gets HTTP 403 |
| π‘ **Security headers** | CSP, `X-Frame-Options: DENY`, `no-referrer`, `no-cache`, antiβclickjack |
| β± **Rate limiting** | 2 req/sec per IP with burst of 5 β stops bruteβforce ID enumeration |
| π― **16βchar drop IDs** | ~2βΆβ΄ possible IDs β statistically impossible to guess |
| π **Constantβtime 404s** | Random delay on not-found responses prevents timingβbased ID enumeration |
| π₯ **Burn page** | Late visitors see "π₯ This drop was already downloaded and destroyed" instead of a generic 404 |
| β° **Autoβexpire page** | If the tab stays open past expiry, the key is nuked from JS memory and the UI selfβdestructs |
| π§ **Memory locking** | `mlock()` on Unix prevents the encryption key from being swapped to disk |
| π **Zeroβwrite deletion** | Encrypted temp files are overwritten with zeros before `rm` β no forensic recovery |
| π§Ή **Key zeroization** | Encryption key is wiped from RAM (via `zeroize`) on drop, both serverβside and inβbrowser |
## Installation
### π One-line install (Linux/macOS)
```bash
> Detects your OS & architecture automatically, downloads the right binary, and adds it to your PATH.
### Download a binary
Grab the latest release for your platform from [**Releases**](https://github.com/Karmanya03/Deadrop/releases).
| **Windows** | [`ded-windows-x86_64.exe`](https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-windows-x86_64.exe) | x86_64 |
| **Linux** | [`ded-linux-x86_64`](https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-linux-x86_64) | x86_64 (musl, static) |
| **Linux** | [`ded-linux-aarch64`](https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-linux-aarch64) | ARM64 (Raspberry Pi, etc.) |
| **macOS** | [`ded-macos-x86_64`](https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-macos-x86_64) | Intel |
| **macOS** | [`ded-macos-aarch64`](https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-macos-aarch64) | Apple Silicon (M1/M2/M3/M4) |
**Quick install (Linux/macOS):**
```bash
# Linux x86_64
curl -L https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-linux-x86_64 -o ded && chmod +x ded && sudo mv ded /usr/local/bin/
# macOS Apple Silicon
curl -L https://github.com/Karmanya03/Deadrop/releases/latest/download/ded-macos-aarch64 -o ded && chmod +x ded && sudo mv ded /usr/local/bin/
```
### Via cargo
```bash
cargo install deadrop
```
### Build from source
```bash
git clone https://github.com/Karmanya03/Deadrop.git
cd Deadrop
cargo build --release
# Binary at: target/release/ded
```
### π One-line update (Linux/macOS)
```bash
> Same as install β it overwrites the old binary with the latest release. Your PATH stays intact.
### π One-line uninstall (Linux/macOS)
```bash
rm -f ~/.local/bin/ded && echo "deadrop removed β "
```
> If you installed to `/usr/local/bin/` instead:
```bash
sudo rm -f /usr/local/bin/ded && echo "deadrop removed β "
```
### π Uninstall (cargo)
```bash
cargo uninstall deadrop
```
## Usage
### Send mode (default)
```bash
# Send a file
ded ./secret.pdf
# Send a folder
ded ./tax-returns-2025/
# That's it. That's the tool.
```
### Receive mode
```bash
# Receive a file from phone β PC
ded receive
# Receive to a specific directory
ded receive -o ~/Downloads/
# Custom port
ded receive -p 9090
```
Opens a browser upload page on your LAN. Scan the QR from your phone, pick a file, and it's encrypted in-browser β sent to your PC β decrypted β saved. One upload, then the server self-destructs.
### The spicy options
```bash
# Self-destruct after 1 download, expire in 10 minutes
ded ./evidence.zip -n 1 -e 10m
# Password-protected (because you're paranoid, and that's ok)
ded ./passwords.csv --pw "correct-horse-battery-staple"
# Custom port
ded ./file.txt -p 4200
# No QR code (you hate fun)
ded ./file.txt --no-qr
# Go full Mission Impossible
ded ./plans.pdf -n 1 -e 30s --pw "this-message-will-self-destruct"
```
### What you see
```
βββββββ ββββββββ ββββββ βββββββ βββββββ βββββββ βββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββ βββββββββ βββββββββββ ββββββββββββββ βββββββββββ
βββ βββββββββ βββββββββββ ββββββββββββββ ββββββββββ
βββββββββββββββββββ ββββββββββββββ βββββββββββββββ
βββββββ βββββββββββ ββββββββββ βββ βββ βββββββ βββ
β‘ zero-knowledge encrypted file sharing β‘
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β URL https://192.168.1.42:8080/d/a3f9c1b2#xK9m β
β β
β ββ File secret.pdf β
β ββ Size 4.2 MB β
β ββ Expires 10m β
β ββ Downloads 1 β
β ββ Crypto XChaCha20-Poly1305 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Self-signed TLS β browser will show a warning (safe to proceed)
βββββββ ββββββ βββββββ <- QR code appears here
β βββ β βββ ββ β βββ β scan with phone
...
```
### What the receiver sees
A clean, dark download page in their browser. Click **"Download & Decrypt"** β file decrypts locally in their browser via WebAssembly β downloads to their device. The server never touches the plaintext.
## Flags Cheat Sheet
### Send mode
| `--port` | `-p` | `8080` | Port to listen on |
| `--expire` | `-e` | `1h` | Autoβexpire (`30s`, `10m`, `1h`, `7d`) |
| `--downloads` | `-n` | `1` | Max downloads before selfβdestruct (0 = β) |
| `--pw` | β | None | Require password (Argon2id derived) |
| `--bind` | `-b` | `0.0.0.0` | Bind address |
| `--no-qr` | β | `false` | Hide QR code |
### Receive mode
| `--port` | `-p` | `8080` | Port to listen on |
| `--output` | `-o` | `.` | Directory to save received files |
| `--bind` | `-b` | `0.0.0.0` | Bind address |
| `--no-qr` | β | `false` | Hide QR code |
## How It Works
### Send flow
```
ββββββββββββ ββββββββββββββββββββββ ββββββββββββ
β Sender β β Server (your PC) β β Receiver β
βββββββ¬βββββ βββββββββββ¬βββββββββββ βββββββ¬βββββ
β β β
β 1. Generate random β β
β 256-bit key β β
β β β
β 2. Encrypt file β β
β XChaCha20-Poly1305 β β
β β β
β 3. Store ciphertext βββΊβ β
β β β
β 4. Key β URL #fragment β β
β (never sent to β β
β server over HTTP) β β
β β β
β 5. Share link β β β β βββ β β β β β β β β β β ββΊβ
β (Signal, QR, etc.) β β
β β β
β ββββ 6. Open link βββββββββββ
β β β
β ββββ 7. Serve encrypted βββΊβ
β β blob (HTTPS) β
β β β
β β 8. Browser extracts β
β β #key (never sent) β
β β β
β β 9. WASM decrypts β
β β locally in browser β
β β β
β β 10. File downloads β
β β to device β
β β β
β βββββββββββββββββββββββββββββββββββββββββββ β
β β π₯ Self-destruct β π₯ Burned β π Off β β
β βββββββββββββββββββββββββββββββββββββββββββ β
βΌ βΌ
```
### Receive flow
```
ββββββββββββ ββββββββββββββββββββββ ββββββββββββ
β Receiver β β Server (your PC) β β Phone β
β (PC) β β β β (sender) β
βββββββ¬βββββ βββββββββββ¬βββββββββββ βββββββ¬βββββ
β β β
β ded receive β β
β ββββββββββββ β β
β β β
β 1. Generate key βββββββΊβ β
β 2. Key β QR code β β
β β β
β ββββ 3. Scan QR, open ββββββ
β β upload page β
β β β
β β 4. Pick file β
β β 5. WASM encrypts β
β β in-browser β
β β β
β ββββ 6. Upload ciphertext ββ
β β β
β 7. Server decrypts ββββ β
β 8. Saves to disk β β
β β β
β ββββββββββββββββββββββββββββββββββββββββ β
β β β
Saved β π₯ Self-destruct β π Off β β
β ββββββββββββββββββββββββββββββββββββββββ β
βΌ βΌ
```
**The critical insight**: the `#fragment` in a URL is **never sent to the server**. Not in HTTP requests, not in logs, not in referrer headers. The server literally cannot learn the key even if it tried.
## Security Architecture
### Defense in Depth
```
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Layer 7 β Self-destruct One download β burn β server off β
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 6 β Browser Fragment auto-clear + auto-expire β
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 5 β Anti-forensics mlock() + zeroize + zero-write β
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 4 β Access control IP pinning + rate limit + 64-bit IDβ
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 3 β Network HTTPS (TLS 1.3) + security headers β
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 2 β Zero-knowledge Key in URL #fragment only β
β βββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Layer 1 β Encryption XChaCha20-Poly1305 (256-bit, AEAD) β
ββββββββββββ§βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
### Threat Model
#### β
Protected against
| Server operator learning file contents | Zeroβknowledge β key never reaches server |
| Manβinβtheβmiddle reading the key | Key lives in `#fragment`, never transmitted over HTTP |
| Network eavesdropping | HTTPS with autoβgenerated TLS cert (rustls) |
| Server logs leaking the key | Fragments aren't logged by any HTTP server or proxy |
| Brute force on encryption | XChaCha20-Poly1305 with 256βbit keys |
| GPU attacks on passwords | Argon2id with 64MB memory cost |
| Drop ID enumeration | 16βchar IDs (~2βΆβ΄) + rate limiting + constantβtime 404s |
| URL bar shoulder surfing | Fragment stripped from URL bar on page load |
| Browser history forensics | `history.replaceState()` removes the `#key` |
| Key persisting in RAM | `zeroize` on Rust side, `key = null` on JS side |
| Key swapped to disk (Unix) | `mlock()` pins key memory pages |
| Encrypted file recovery | Zeroβoverwrite before deletion |
| Clickjacking / iframe embedding | `X-Frame-Options: DENY` + `frame-ancestors 'none'` |
| XSS injection | Content Security Policy β scripts only from `'self'` |
| Stale tab leaking key | Autoβexpire nukes key from memory when drop expires |
| Late visitor confusion | Burn page β "already downloaded and destroyed" |
#### β NOT protected against
- Someone who has the full URL with the `#key` (that IS the key)
- Malware on sender/receiver device (keyloggers, screen capture)
- Your friend screenshotting the file and posting it on Twitter
- Rubber hose cryptanalysis (look it up, it's not pretty)
- Time travelers
## Technical Details
| Encryption | XChaCha20βPoly1305 | 256βbit, extended nonce, AEAD. Used by WireGuard, Cloudflare, etc. |
| KDF | Argon2id | Memoryβhard, GPUβresistant. Winner of the Password Hashing Competition |
| TLS | rustls + rcgen | Autoβgenerated selfβsigned cert per session. No OpenSSL dependency. |
| Chunk size | 64KB | Balances streaming performance vs. auth tag overhead |
| Server | Axum (Rust) | Async, zero-copy, no garbage collector |
| Rate limiter | tower_governor | Token bucket per IP β prevents brute force |
| Browser crypto | WebAssembly | Same Rust code compiled to WASM, runs in-browser at near-native speed |
| Nonce derivation | base XOR chunk_index | Per-chunk unique nonces without storing them |
| Binary embedding | rust-embed | HTML, CSS, JS, WASM all baked into the single binary |
| Memory safety | mlock + zeroize | Key never hits swap, wiped from RAM on drop |
## Memory Usage
| 1 MB | ~5 MB | ~5 MB |
| 100 MB | ~5 MB | ~200 MB |
| 1 GB | ~5 MB | ~2 GB (desktop) |
| 10 GB | ~5 MB | Desktop only (streaming) |
The server uses constant memory regardless of file size. It streams encrypted chunks from disk.
## FAQ
**Q: Is this legal?**
A: It's a file sharing tool with encryption. Like Signal, or HTTPS, or putting a letter in an envelope. What you put inside is your business.
**Q: Can I use this at work?**
A: Your IT department will either love you or fire you. No in-between.
**Q: Why not just use Google Drive?**
A: Google Drive knows your files. Deadrop doesn't. That's the whole point.
**Q: What happens if I lose the URL?**
A: The file is gone. That's... the feature. It's a dead drop, not Google Photos.
**Q: Can the server operator see my files?**
A: No. The encryption key is in the URL fragment which never reaches the server. The server only holds meaningless encrypted bytes.
**Q: What if someone else tries to download with the link?**
A: They can't. The download is IP-pinned to the first device that connects. A second IP gets blocked with HTTP 403.
**Q: What if I visit a dead link?**
A: If the file was already downloaded, you'll see a burn page: "π₯ This drop was already downloaded and destroyed." If it expired, you get a standard not-found message.
**Q: Why does the browser show a certificate warning?**
A: Deadrop auto-generates a self-signed TLS certificate for HTTPS. It's fully encrypted β your browser just doesn't recognize the cert authority. Click "Proceed" / "Advanced β Continue" and you're good.
**Q: Why Rust?**
A: Because we wanted the binary to be fast, safe, and have zero dependencies. Also because we enjoy fighting the borrow checker on Friday nights.
## Contributing
PRs welcome. Here's what's on the radar:
- [x] ~~Builtβin HTTPS (rustls + autoβgenerated certs)~~
- [x] ~~`ded receive` mode (pull instead of push)~~
- [ ] Receiverβside streaming decryption for huge files on mobile
- [ ] Clipboard mode (`echo "secret" | ded -`)
- [ ] Tor hidden service mode
- [ ] Multiβfile drops
- [ ] Web UI drag-and-drop improvements
## License
MIT β do whatever you want. Just don't blame us if your dead drop gets intercepted by actual spies.
---
<p align="center">
<sub>Built with π¦ and paranoia.</sub>
</p>