Discovery: Google Messages writes ALL RCS messages to content://mms/
as MMS records. Message body in content://mms/{id}/part (ct=text/plain).
RCS metadata (group name, SIP URI) protobuf-encoded in tr_id field.
Sender addresses in content://mms/{id}/addr.
Tested on Pixel 10 Pro Fold, Android 16, Feb 2026 patch — works at
UID 2000 with zero exploits, zero root, zero Shizuku.
New methods:
- read_rcs_via_mms(): extract RCS+MMS with body, addresses, metadata
- read_rcs_only(): filter to RCS messages only (proto: in tr_id)
- read_rcs_threads(): unique conversation threads with latest message
- backup_rcs_to_xml(): full SMS+MMS+RCS backup in SMS Backup & Restore XML
Fixed _content_query() Windows quoting (single quotes for sort/where).
New routes: /rcs-via-mms, /rcs-only, /rcs-threads, /backup-rcs-xml
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- bugle_db uses SQLCipher/Android encrypted SQLite, not plaintext
- Root extraction now pulls shared_prefs/ and files/ for key material
- Archon relay prefers decrypted JSON dump from app context over raw DB copy
- Updated module docstrings, web UI descriptions, and user manual
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed from web.routes.auth_routes to web.auth — the decorator
lives in web/auth.py, not web/routes/auth_routes.py. Flask app
now starts cleanly with all 45 blueprints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add WiFi Audit, API Fuzzer, Cloud Scanner, Threat Intel, Log Correlator,
Steganography, Anti-Forensics, BLE Scanner, Forensics, RFID/NFC, Malware
Sandbox, Password Toolkit, Web Scanner, Report Engine, Net Mapper, and
C2 Framework. Each module includes CLI interface, Flask routes, and web
UI template. Also includes Go DNS server source + binary, IP Capture
service, SYN Flood, Gone Fishing mail server, and hack hijack modules
from v2.0 work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix Hal chat: add Chat/Agent mode toggle so users can switch between
direct LLM streaming (Chat) and tool-using Agent mode
- Fix Agent system: graceful degradation when model can't follow
structured THOUGHT/ACTION/PARAMS format (falls back to direct answer
after 2 parse failures instead of looping 20 times)
- Fix frozen build: remove llama_cpp from PyInstaller excludes list
so LLM works in compiled exe
- Add system tray icon: autarch.ico (from icon.svg) used for exe icons,
installer shortcuts, and runtime tray icon
- Update tray.py to load .ico file with fallback to programmatic generation
- Add inline critical CSS for FOUC prevention
- Bump version to 1.5.1
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Inlines dark theme colors, sidebar layout, and flex container styles
directly in <head> so they apply immediately. Prevents FOUC when the
external stylesheet is delayed by self-signed cert negotiation or
slow network.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sidebar button at bottom re-scans modules/ directory on click
- POST /api/modules/reload endpoint returns updated counts and module list
- Button shows success/failure feedback, auto-reloads category pages
- Enables hot-dropping new modules without restarting the server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Threat Monitor: 7-tab monitoring page (live, connections, network intel,
threats, packet capture, DDoS mitigation, counter-attack) with real-time
SSE streaming and optimized data collection (heartbeat, cached subprocess
calls, bulk process name cache)
- Drill-down popups: Every live monitor stat is clickable, opening a popup
with detailed data (connections list with per-connection detail view,
GeoIP lookup, process kill, bandwidth, ARP spoof, port scan, DDoS status)
- Hal agent mode: Chat routes rewritten to use Agent system with
create_module tool, SSE streaming of thought/action/result steps
- Windows defense module with full security audit
- LLM trainer module and routes
- Defense landing page with platform-specific sub-pages
- Clean up stale files (get-pip.py, download.png, custom_adultsites.json)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full security platform with web dashboard, 16 Flask blueprints, 26 modules,
autonomous AI agent, WebUSB hardware support, and Archon Android companion app.
Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit
integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
