Zero-knowledge encryption. No phone number. Works offline.
Your messages belong to you β and only you.
iOS 17+ MIT License Open Source App Store
OSHI is a zero-knowledge encrypted messenger designed for people who refuse to compromise on privacy. Unlike mainstream messengers that require your phone number, harvest metadata, and depend on centralized servers, OSHI takes a fundamentally different approach:
- No phone number, no email β create an account with nothing but a username
- End-to-end encrypted by default β every message, every call, every time
- Works offline β communicate directly over Bluetooth and WiFi mesh networks
- Zero metadata β we cannot see who talks to whom, when, or how often
- Open source β every line of cryptographic code is auditable right here
OSHI is built for journalists, activists, security professionals, and anyone living in or traveling to regions where private communication is a matter of safety β not convenience.
OSHI implements the Signal Protocol (Double Ratchet) with modern cryptographic primitives:
| Component | Algorithm |
|---|---|
| Key Exchange | X25519 (Curve25519 ECDH) |
| Message Encryption | AES-256-GCM |
| Ratchet Protocol | Double Ratchet (Signal Protocol) |
| Key Derivation | HKDF-SHA256 |
Every message generates new encryption keys through the ratchet mechanism, providing forward secrecy and break-in recovery. Even if a key is compromised, past and future messages remain protected.
OSHI creates direct peer-to-peer connections between devices using Bluetooth LE and WiFi Direct β no internet required.
- Range: ~100 meters between devices
- Automatic peer discovery: devices find each other without manual configuration
- Multi-hop relay: messages can route through intermediate peers
- Zero server dependency: local messages never touch a server
Perfect for concerts, protests, disaster zones, remote areas, or any situation where internet access is unavailable or compromised.
OSHI introduces military-grade steganography β the ability to hide secret messages inside ordinary-looking content. This is a first for any mainstream messenger.
Hide encrypted messages inside normal photographs. The embedded data is statistically undetectable, even under forensic analysis. Recipients extract the hidden message; everyone else sees a regular photo.
Embed secret messages using zero-width Unicode characters within ordinary text. The message looks completely normal to anyone reading it β the hidden payload is invisible to the human eye.
OSHI implements six distinct families of network covert channels for censorship bypass in hostile network environments:
- Timing-based channels
- Protocol header manipulation
- DNS covert channels
- HTTP field encoding
- Packet size modulation
- Traffic pattern mimicry
These channels allow OSHI to function even when deep packet inspection (DPI) is actively blocking encrypted messenger traffic.
Build automation on top of OSHI with a Telegram-like Bot API. Create bots that can:
- Send messages to groups and channels
- Respond to commands
- Run on schedules (cron-style)
- Moderate content
- Integrate with external services via webhooks
A complete Python SDK is included in the sdk/ directory. See the Bot SDK section below for a quick start.
OSHI integrates Apple Intelligence for on-device natural language processing on iOS 26+:
- Smart text corrections β grammar and style suggestions without sending text to the cloud
- Translation β 16+ languages, processed entirely on-device
- Contextual suggestions β intelligent replies powered by on-device NLP
- Zero cloud dependency β all AI processing happens on your device's Neural Engine
Your conversations are never analyzed by external servers. Intelligence stays local.
Real-time voice calls with full end-to-end encryption:
- CallKit integration β native iOS call UI and experience
- Voice effects β optional voice modification for identity protection
- Works over mesh or internet β adaptive routing
- China-compliant β compatible with MIIT regulations for users in mainland China
When direct communication isn't possible, OSHI falls back to decentralized infrastructure:
- IPFS β messages stored on a decentralized network, no single point of failure
- Tor routing β optional onion routing for maximum anonymity
- 30-day ephemeral storage β messages automatically expire from IPFS nodes
- Censorship-resistant β no central server to block or seize
Control the lifecycle of every message you send:
- View-once β message is destroyed after a single viewing
- Auto-delete timers β set messages to disappear after minutes, hours, or days
- Screenshot blocking β prevents screen capture on the recipient's device
- No forensic traces β securely wiped from device storage
How OSHI compares to other messaging platforms:
| Feature | OSHI | Signal | Telegram | Session | |
|---|---|---|---|---|---|
| No Phone Required | β | β | β | β | β |
| Works Offline | β | β | β | β | β |
| Steganography | β | β | β | β | β |
| Bot API | β | β | β | β | β |
| AI Offline | β | β | β | β | β |
| Covert Channels | β | β | β | β | β |
| Open Source | β | β | β | β | |
| E2E Encryption | β | β | β | β | |
| Mesh Network | β | β | β | β | β |
| Zero Metadata | β | β | β | β |
OSHI is built as a native iOS application in Swift, with a decentralized backend architecture. For the complete technical deep-dive, see Architecture.md.
OSHI/
βββ src/ # Core Swift source files
β βββ DoubleRatchet.swift # Signal Protocol implementation
β βββ MeshNetworkManager.swift # Bluetooth/WiFi P2P mesh
β βββ SteganographyManager.swift # HUGO image steganography
β βββ TextSteganography.swift # Zero-width Unicode encoding
β βββ NetworkSteganography.swift # Network covert channels
β βββ CovertChannelManager.swift # 6-family covert channel engine
β βββ BotManager.swift # Bot API server-side logic
β βββ NLPManager.swift # Apple Intelligence / NLP
β βββ VoiceCallManager.swift # E2E encrypted calls + CallKit
β βββ ChinaRegionDetector.swift # MIIT compliance detection
βββ sdk/ # Python Bot SDK
β βββ oshi_bot.py # Bot SDK client library
β βββ examples/ # Example bot implementations
βββ docs/ # Technical documentation
β βββ encryption.md # Cryptographic protocol details
β βββ protocol.md # Communication protocol spec
βββ assets/ # Logo, screenshots, media
βββ Architecture.md # System architecture overview
βββ Security.md # Security model & bug bounty
βββ LICENSE # MIT License
The OSHI Bot SDK lets you build bots in Python that interact with OSHI groups and channels β similar to Telegram's Bot API.
# Download the SDK
curl -O https://raw.githubusercontent.com/Lastoneparis/OSHI/main/sdk/oshi_bot.pyOr clone the repository:
git clone https://github.com/Lastoneparis/OSHI.git
cd OSHI/sdkfrom oshi_bot import OshiBot # Initialize with your bot token (created in the OSHI app) bot = OshiBot(token="YOUR_BOT_TOKEN") # Send a message to a group bot.send("GROUP_ID", "Hello from my OSHI bot!")
- Open the OSHI app
- Navigate to Portal > Bots > Create
- Copy the bot token
- Assign the bot to a group
- Use the SDK to send messages
- Webhook bots β respond to incoming messages in real time
- Scheduled bots β send messages on a cron schedule
- Moderator bots β automate group moderation
- Integration bots β bridge OSHI with external services
Full API documentation: https://oshi-messenger.com/bot-api
OSHI's security model is designed around a single principle: we cannot read your messages, even if compelled by law. We have zero access to plaintext content, encryption keys, or social graphs.
Key properties:
- Zero knowledge β the server never sees plaintext or keys
- Forward secrecy β compromising a key does not expose past messages
- Break-in recovery β the ratchet automatically heals after a compromise
- No metadata β we do not log who communicates with whom
- Open source β audit the cryptographic implementation yourself
For the full security model, threat analysis, and cryptographic specifications, see:
- Security.md β Security model and responsible disclosure
- docs/encryption.md β Cryptographic protocol details
- docs/protocol.md β Communication protocol specification
Available on iPhone and iPad running iOS 17+
https://oshi-messenger.com
We welcome contributions from the community! OSHI is open source under the MIT License, and we believe privacy tools are strongest when built in the open.
Ways to contribute:
- Report bugs β open an issue
- Suggest features β start a discussion
- Submit code β fork the repo and open a pull request
- Audit security β review the cryptographic implementation and report findings
- Translate β help bring OSHI to more languages
Please read the code of conduct before contributing. All contributions are subject to the MIT License.
We take security seriously. If you discover a vulnerability in OSHI, we want to hear about it.
| Severity | Reward |
|---|---|
| Critical (RCE, key extraction, E2E bypass) | Up to 5,000γγ« |
| High (authentication bypass, data leak) | Up to 2,500γγ« |
| Medium (XSS, CSRF, information disclosure) | Up to 1,000γγ« |
| Low (minor issues, best practice violations) | Up to 250γγ« |
Contact: hugomoriceau@icloud.com
Please practice responsible disclosure. Give us 90 days to address the issue before public disclosure. See Security.md for full details.
OSHI is released under the MIT License .
MIT License
Copyright (c) 2026 OSHI
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
- Apple CryptoKit β Cryptographic primitives
- Signal Protocol β Double Ratchet inspiration
- IPFS β Decentralized content storage
- Tor Project β Onion routing
- Pinata β IPFS pinning infrastructure
Made with care in Switzerland π¨π
Privacy is not a luxury β it's a fundamental right.