Skip to content

Releases: PIXELQUADRO07/CoreShell

release v2.2.2

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 09 Jun 09:22

New features:
Dual terminal session
Widgets for monitoring hardware specs of the machine connected
updated support for tailscale machines

release v2.2.1

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 02 Jun 09:25
7b9d85f

Implemented Features

  1. Real Interactive Terminal

    Switching to ChannelShell: The terminal now supports interactive TTY sessions.

    ANSI Support: Color and control codes are processed for clean display.

    Command Snippet: Added a quick access bar with commands like htop, ls -la, docker ps, etc.
  2. Professional SFTP

    Real Uploads/Downloads: Integrated Android File Picker to securely upload files from your device and download files from your server.

    Stream-based Transfer: Files are transferred via real streams, no longer simulated.
  3. Biometric Security (Lockdown Mode)

    BiometricPrompt: Upon startup, the app requires fingerprint or facial recognition authentication (if available).

    Integral Protection: The interface remains locked until the identity is verified.
  4. User Experience "Cyberpunk"

    Glitch Effect: Transitions between screens now include a slight "glitch" distortion consistent with the app's aesthetics.

    Optimized Dashboard: Improved system monitor display.
    Major Changes

    MainActivity.kt: Biometric security management and glitch transitions.

    SshClientHelper.kt: Logical core for interactive shell and SFTP stream.

    SshViewModel.kt: Session orchestration and file URI management.

    CyberComponents.kt: New GlitchTransition `component.```

release v2.2

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 29 May 14:26
7b9d85f

new release, fixed some bugs and added real sfpt support

release v2.01

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 25 May 21:34

🔮 CoreShell v2.1 — Stability & Security Release

Production-Ready SSH Client with Enterprise-Grade Encryption

Release
Security
SSH
Status

From Simulation to Production: The Netrunner's Arsenal Reaches Enterprise Grade


🎯 What's New in v2.1

🔴 Critical Upgrades

✅ Real SSH Connection

BEFORE: ❌ Simulated connections with hardcoded delays
AFTER:  ✅ Live SSH sessions via JSch with real I/O
  • connectToServer() establishes genuine SSH channels
  • Streams live server output directly to terminal
  • Commands execute on actual remote shell
  • Real stdin/stdout/stderr bidirectional communication

🔐 End-to-End Encryption (AES-256-GCM)

BEFORE: ❌ Plaintext passwords & keys in database
AFTER:  ✅ Military-grade encryption at rest
  • All credentials encrypted with Android Keystore-backed AES-256-GCM
  • IV prepended and stored with ciphertext in Base64
  • Decryption happens only at connection time
  • Zero cleartext exposure in database or logs

🎭 Terminal State Immutability Fixed

BEFORE: ❌ Mutable state → missed UI updates
AFTER:  ✅ Immutable values → reliable recomposition
  • SshSessionState transitioned to val fields
  • Copy-on-write updates via copy() lambda
  • Compose recomposition triggers on every change
  • Terminal UI now responds smoothly to all updates

🟡 Major Improvements

Feature Improvement Impact
📊 Live Telemetry Real top & free commands (10s refresh) CPU/RAM gauges show actual server metrics
🏠 Widget Data Queries actual database instead of static list Home screen shows your real servers
🔑 SSH Crypto JSch 0.2.20 with modern algorithms ssh-ed25519, ecdsa-sha2-nistp256, curve25519-sha256 support
🪟 Windows Fix Disabled GSSAPI fallback No more infinite hangs on Windows Kerberos
🔓 Key Storage RSA-2048 & Ed25519 encryption before DB Private keys secured with AES-256-GCM
📐 Key Extraction Proper ASN.1 parsing Robust Ed25519 public key handling
📱 App Identity com.tuonome.coreshell Professional package namespace
🗄️ Database API Sync query method added Widget provider support
✅ Test Coverage SecurityUtils unit tests Encryption/decryption validation

🏗️ Technical Architecture

Cryptography Pipeline

┌──────────────────────────────────────┐
│  User Input (Password / Private Key) │
└────────────────────┬─────────────────┘
                     │
                     ▼
        ┌────────────────────────┐
        │  SecurityUtils.encrypt() │
        │  • Generate random IV   │
        │  • AES-256-GCM cipher   │
        │  • Android Keystore     │
        └────────────┬────────────┘
                     │
                     ▼
        ┌────────────────────────┐
        │  [IV + Ciphertext]     │
        │  Base64 encode         │
        └────────────┬────────────┘
                     │
                     ▼
        ┌────────────────────────┐
        │  Room Database         │
        │  Encrypted Storage     │
        └────────────────────────┘

SSH Session Lifecycle

User Input → connectToServer()
    │
    ├─→ Initialize JSch Session
    ├─→ Configure Algorithms (modern kex/cipher)
    ├─→ Disable GSSAPI (Windows compatibility)
    ├─→ Password/Key Authentication
    ├─→ Open Shell Channel
    ├─→ Stream I/O (stdin/stdout/stderr)
    └─→ Update SessionState via StateFlow

📊 Performance & Reliability

Telemetry Updates

  • Frequency: Every 10 seconds
  • Commands: top -bn1, free -m
  • Parsing: Regex extraction with fallback
  • Resilience: Graceful degradation on incompatible systems

Database Queries

// Widget provider - synchronous query
getAllProfilesSync(): List<ServerProfile>

// UI layer - Flow-based reactive
getAllProfiles(): Flow<List<ServerProfile>>

⚠️ Migration Guide

Before Updating

  1. Export your server profiles (recommended)
  2. Note any saved SSH keys for re-entry
  3. Backup your CoreShell database:
    adb backup -f coreshell_backup.ab com.tuonome.coreshell

After Updating

Item Action Notes
Saved Servers ⚠️ Re-enter all credentials Plaintext → AES-256-GCM format change
SSH Keys ✅ Preserved (encrypted) Existing keys migrated automatically
Database Schema ✅ No changes Backward compatible
Settings ✅ Preserved Preferences remain intact

🔒 Security Enhancements Summary

v2.0                          v2.1
─────────────────────────────────────────
Simulated SSH      →    Real Live Sessions
Plaintext Storage  →    AES-256-GCM Encrypted
Random Telemetry   →    Live Server Metrics
Basic Auth         →    Modern Cryptography
                        (ed25519, ecdsa, curve25519)
GSSAPI Hangs       →    Properly Disabled
Fragile Key Parsing →   ASN.1 Standards

📥 Installation & Compatibility

Minimum Requirements

  • Android: 7.0+ (API 24)
  • Storage: 50 MB free space
  • Network: Active connection for SSH

Tested Environments

✅ OpenSSH 7.x–9.x (Linux)
✅ OpenSSH for Windows (via Tailscale)
✅ MagicDNS (Tailscale)
✅ Modern key algorithms (ed25519, ecdsa-sha2-nistp256)
✅ Backward compatibility with older servers
✅ Windows environments without Kerberos

Quick Install

# Download app-release.apk and install
adb install app-release.apk

# Or build from source
git clone https://github.com/PIXELQUADRO07/CoreShell.git
cd CoreShell
./gradlew assembleRelease
adb install app/build/outputs/apk/release/app-release.apk

🧪 Testing & Validation

Unit Tests Added:

  • AES-256-GCM encryption/decryption round-trips
  • Empty string edge cases
  • IV prepending and extraction
  • Base64 encoding/decoding

Integration Testing:

  • Real SSH connections to multiple server types
  • Credential encryption/decryption cycles
  • Terminal state mutations and UI updates
  • Widget provider database queries

🚀 What's Next (v2.2+)

  • Multi-session concurrent connections
  • SSH port forwarding & tunneling
  • Custom terminal color themes
  • Hardware security key support
  • Cloud-based profile sync
  • SSH certificate authentication
  • Performance optimizations

📝 Known Limitations & Workarounds

Issue Workaround Status
Windows servers without top/free Telemetry falls back gracefully ✅ Handled
First-time server setup required Re-enter credentials once ⚠️ Expected
Keystore unavailable after restore Re-add affected servers ⚠️ One-time

💬 Feedback & Support

Found an issue? Open an Issue
Have suggestions? Start a Discussion
Security concerns? Please report privately to the maintainer


📋 Detailed Changelog

🔴 Critical Fixes

  • Real SSH connection via JSch (no more simulation)
  • Passwords & private keys encrypted at rest (AES-256-GCM)
  • Terminal state immutability fixed (reactive UI updates)

🟡 Improvements

  • Real server telemetry (CPU/RAM gauges)
  • Widget reads actual server profiles
  • Updated JSch to 0.2.20 (modern algorithms)
  • Disabled GSSAPI authentication (Windows fix)
  • SSH key encryption before storage
  • Improved Ed25519 public key extraction (ASN.1)
  • Updated applicationId
  • Added synchronous DAO methods
  • Added SecurityUtils unit tests

📦 Dependencies Updated

com.github.mwiede:jsch → 0.2.20 (from unmaintained original)

⚡ CoreShell v2.1: Enterprise Security. Netrunner Aesthetics. Raw Performance.

📥 Download Latest📖 Full Documentation🐛 Report Issues

Built with ❤️ by @PIXELQUADRO07

"In the darkness of the network, CoreShell is your light."

release v2.0

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 21 May 21:04

CoreShell - Secure Cybernetic Terminal Deck

CoreShell is an SSH client and server node manager for Android, designed with a retro-futuristic Cyberpunk aesthetic. It offers an advanced interface for managing remote infrastructure, with integrated support for Tailscale and a real-time telemetry dashboard.

App Header

🚀 Main Features

  • Server Profiles Manager: Configure and save your SSH nodes with custom parameters (Host, Port, Username).
  • Tailscale Integration: Automatic detection and optimized support for Tailscale networks (MagicDNS and IP 100.xxx).
  • Cyberpunk Aesthetics: Responsive UI interface with CRT scanline effects, neon animations, and monospaced fonts.
  • Advanced Terminal: Interactive shell with quick shortcuts for common commands ('ls', 'htop', 'neofetch', etc.).
  • SFTP File Explorer: Navigate, download, edit, and delete files on the remote server via a built-in graphical interface.
  • Key Manager (RSA Keyring): Generate and manage RSA-2048 key pairs for secure passwordless authentication.
  • Telemetry Monitoring: Real-time visualization of CPU, RAM, temperature, and network traffic using oscilloscope graphs.
  • Monitor Widget: Widget for the Home Screen that shows the status of your favorite servers at a glance.

🛠️ Technologies Used

  • Kotlin & Jetpack Compose: Modern, declarative UI.
  • Room Database: Secure local persistence for profiles and keys.
  • Coroutines & Flow: Asynchronous session and telemetry management.
  • Material 3: UI components with "Cyber-Theme" customizations.
  • Retrofit & Moshi: Ready for external API integrations.

📱 Installation and Build

Requirements

  • Android 7.0 (API 24) or higher.
  • Android Studio Ladybug (or newer versions).
  • Gradle 9.3.1.

Build from Terminal

To generate the release APK:
"'bash
./gradlew assemblyRelease
"'
The APK will be generated in: 'app/build/outputs/apk/release/app-release.apk'

🔒 Security

CoreShell supports password and RSA key authentication. Private keys are stored locally in the app's encrypted database. It is recommended to use Tailscale for an additional layer of network security.

📝 Notes on the Current Version

  • The current version uses a simulation engine for SSH/SFTP sessions and telemetry.
  • Integration with real SSH libraries (such as JSch) is expected in future iterations.

Developed for the underground netrunner community.

v1.1.1

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 17 May 10:07

CoreShell v1.1 — Bug Fix Release

What's fixed

🔴 Critical — SSH connection

Fixed infinite loading on connect
The app would hang indefinitely with no error message when connecting to modern SSH servers (including Windows OpenSSH via Tailscale). Three separate issues caused this:

  • GSSAPIAuthentication was not disabled. On Windows without Kerberos configured, JSch silently attempted GSSAPI auth and stalled waiting for a response that never came.
  • Session.connect() was called without an explicit timeout argument. The session-level timeout only applies to read operations, not to the TCP handshake and key exchange — the connection could block for minutes.
  • The supported algorithm lists (server_host_key, kex) did not include modern algorithms used by current OpenSSH builds (ssh-ed25519, curve25519-sha256, ecdh-sha2-nistp256), causing negotiation to fail silently on some servers.

Fixed terminal freezing on command output
executeCommand() used a simple while (!channel.isClosed) delay(50) loop. When a command produced more output than the internal buffer could hold, the channel never closed — the terminal froze indefinitely. Output is now read continuously from both stdout and stderr streams while the channel is open.


🟡 Important — File manager & data

Fixed back navigation skipping two levels
navigateBack() called removeLast() twice on the path stack — once to remove the current path, then again to get the previous one, which discarded it. Navigation now uses last() (peek) after removing the current entry, so each back press correctly goes up exactly one directory level.

Fixed file manager loading before SSH is ready
FileManagerViewModel called loadDirectory("~") in its init block. Since the ViewModel is created when the user navigates to the tab, SFTP was opened before the SSH session was established, causing an immediate error. Directory loading now starts only after connectedServer becomes non-null.

Fixed crash when keystore is unavailable
decryptServer() propagated a raw SecurityException if the Android Keystore was inaccessible (e.g. after app reinstall or backup restore). The app would crash silently when loading the saved servers list. The exception is now caught and the encrypted record is returned as-is, so the app stays functional — the user just needs to re-enter the password for that server.


🟢 Minor — Reliability & diagnostics

Fixed SFTP channel race condition
getSftpChannel() accessed and assigned sftpChannel outside the mutex, making it possible for two coroutines to open duplicate channels concurrently. The check and assignment are now inside mutex.withLock.

Added full JSch debug logging
JSch internal logging is now routed to Android Logcat under the JSch tag. Filter by JSch or SSH_LOG in Logcat to see the full key exchange, authentication, and channel lifecycle — makes diagnosing connection issues significantly easier.

Added modern kex and cipher algorithm lists
Explicitly configured kex, cipher.s2c, cipher.c2s, mac.s2c, mac.c2s to prefer modern algorithms and maintain compatibility with both current and older OpenSSH servers.


Upgrade notes

No database migration required. Saved servers are preserved.
If a saved server fails to decrypt after updating, delete and re-add it — this is a one-time issue for installations affected by bug #8.

CoreShell v1.1.0

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 13 May 18:11

New release with updated UI, improved build stability, and better SSH/SFTP management.

v1.0.0

Choose a tag to compare

@PIXELQUADRO07 PIXELQUADRO07 released this 05 May 21:21

CoreShell v1.0.0

CoreShell is a lightweight Android SSH manager that allows secure remote server access, file transfer via SFTP, and command execution directly from your mobile device.

This is the first stable release (v1.0.0) of the project.


🚀 Features (v1.0.0)

  • 🔐 SSH connection support (password & private key authentication)
  • 📡 Remote command execution
  • 🖥️ Interactive shell session support
  • 📁 SFTP file manager:
    • Upload files
    • Download files
    • Rename files
    • Delete files
    • Create directories
  • 📊 Basic server information retrieval
  • ⚡ Fully asynchronous operations using Kotlin Coroutines

🧱 Tech Stack

  • Kotlin
  • Android SDK
  • JSch (SSH / SFTP)
  • Kotlin Coroutines
  • Gradle Kotlin DSL

📦 Installation

Option 1 — Build from source

git clone https://github.com/PIXELQUADRO07/CoreShell.git
cd CoreShell
./gradlew assembleDebug