Show HN: ShareNova – 基于魔术字节扫描的零知识文件传输
2 分•作者: HatemDabet•大约 3 小时前
Hi HN,
我是一名 IT 支持领域的软件工程师。我经常需要在机器之间安全地传输大型日志文件和系统镜像。现有的工具要么有大小限制,要么需要账户,要么缺乏真正的加密。所以我开发了 ShareNova。
工作原理:
实时传输:通过服务器中继的 WebSocket 流传输,分块处理,并使用位域跟踪,以便在断开连接后自动恢复。无需账户。
延迟存储:当接收方离线时,文件会在客户端进行分块和加密,使用 AES-256-GCM(PBKDF2 密钥派生,20 万次迭代)进行加密,然后上传。服务器只存储密文。密钥永远不会离开浏览器。
魔术字节文件扫描器:每个延迟文件都会在服务器端进行扫描,通过读取前 16 个字节并与已知签名进行比较。检测伪装的可执行文件(.jpg 中的 MZ 标头)、双重扩展名以及包含危险文件的归档文件。结果将作为安全徽章显示给接收方。
浏览器内预览:图像、视频、音频、PDF 和代码文件可以在下载前预览,且不会破坏安全模型。
技术栈是 Node.js + Express + ws,单服务器,核心传输逻辑没有外部依赖。
试用:<a href="https://sharenova.io" rel="nofollow">https://sharenova.io</a>
我很乐意收到关于架构和扫描方法的反馈。
查看原文
Hi HN,<p>I'm a software engineer in IT support. I constantly need to transfer large log files and system images securely between machines. Existing tools either had size limits, required accounts, or lacked real encryption. So I built ShareNova.<p>How it works:<p>Live transfer: Server-relayed WebSocket streaming, chunked with bitfield tracking for automatic resume on disconnect. No account required.<p>Deferred storage: When the receiver is offline, files are chunked and encrypted client-side using AES-256-GCM (PBKDF2 key derivation, 200K iterations) before upload. The server only stores ciphertext. Keys never leave the browser.<p>Magic-byte file scanner: Every deferred file is scanned server-side by reading the first 16 bytes and comparing against known signatures. Detects disguised executables (MZ header in a .jpg), double extensions, and archives containing dangerous files. Results are shown as safety badges to the receiver.<p>In-browser preview: Images, video, audio, PDF, and code files can be previewed before download without breaking the security model.<p>The stack is Node.js + Express + ws, single-server, no external dependencies for the core transfer logic.<p>Try it: <a href="https://sharenova.io" rel="nofollow">https://sharenova.io</a><p>I'd love feedback on the architecture and the scanning approach.