{"id":31543715,"url":"https://github.com/unboundtechco/dxcore","last_synced_at":"2026-04-13T09:31:56.620Z","repository":{"id":317075931,"uuid":"1063589868","full_name":"UnboundTechCo/DXcore","owner":"UnboundTechCo","description":"DXcore, a proprietary and closed core designed to protect users from censorship and network restrictions, powers advanced VPN capabilities in DefyxVPN, a fully open-source client developed with Flutter.","archived":false,"fork":false,"pushed_at":"2025-09-28T16:36:35.000Z","size":237,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-28T18:22:51.389Z","etag":null,"topics":["cfon","cloudflare","dns","dxcore","gfw","gool","masque","outline","psiphon","serverless","warp","wireguard","xray"],"latest_commit_sha":null,"homepage":"https://github.com/UnboundTechCo/DXcore?tab=readme-ov-file#short-summary","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UnboundTechCo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-24T20:55:19.000Z","updated_at":"2025-09-28T16:31:15.000Z","dependencies_parsed_at":"2025-09-28T18:32:58.936Z","dependency_job_id":null,"html_url":"https://github.com/UnboundTechCo/DXcore","commit_stats":null,"previous_names":["unboundtechco/dxcore"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/UnboundTechCo/DXcore","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnboundTechCo%2FDXcore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnboundTechCo%2FDXcore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnboundTechCo%2FDXcore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnboundTechCo%2FDXcore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UnboundTechCo","download_url":"https://codeload.github.com/UnboundTechCo/DXcore/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnboundTechCo%2FDXcore/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278315190,"owners_count":25966774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cfon","cloudflare","dns","dxcore","gfw","gool","masque","outline","psiphon","serverless","warp","wireguard","xray"],"created_at":"2025-10-04T12:42:06.047Z","updated_at":"2026-04-13T09:31:56.613Z","avatar_url":"https://github.com/UnboundTechCo.png","language":"Go","readme":"# DXcore (Proprietary Core)\n\n## Overview\n\nDXcore, a proprietary and closed core designed to protect users from censorship and network restrictions, powers advanced VPN capabilities in [DefyxVPN](https://github.com/UnboundTechCo/defyxVPN), a fully open-source client developed with Flutter.\n\nThe decision to keep DXcore closed-source is intentional: it implements advanced and customized censorship-circumvention protocols. Public disclosure of these implementations would make it significantly easier for adversarial systems (e.g., GFW) to analyze, fingerprint, and block them, directly endangering users. This is not secrecy for its own sake — it is an operational security measure in an ongoing struggle to ensure safe, reliable, and unrestricted connectivity.\n\n![Cover](.github/images/cover.png)\n\n---\n\n## What is DXcore\n\nDXcore is a set of engines and protocol adaptations developed to withstand:\n\n- **Traffic analysis**\n- **Protocol fingerprinting**\n- **Active probing**\n\nThese components are the result of targeted engineering for use in hostile network environments. Publicly exposing implementation details would rapidly weaken their effectiveness and reduce user safety.\n\n---\n\n## Why DXcore is Closed\n\n- **Operational security over exposure.** Public code would allow hostile actors to reverse-engineer and design precise countermeasures.\n- **Transparency in design, not in sensitive implementation.** We keep designs, API formats, and architectural documentation open while withholding exploitable implementation details.\n- **User protection as the priority.** Closed sourcing DXcore is a risk-mitigation step to protect users in repressive network environments.\n\n---\n\n## Our Commitment to Transparency \u0026 Independent Review\n\nWe balance openness with operational safety through controlled evaluation:\n\n1. **Design transparency.** High-level architecture, APIs, and configuration formats are public.\n2. **Independent audits.** DXcore source is made available to accredited security teams under strict legal and technical controls (NDA, secure review environments).\n3. **Public summaries.** Post-audit, summary reports and remediation statements are published without leaking sensitive implementation details.\n4. **Reproducible builds \u0026 signed binaries.** Wherever possible, reproducible builds and signed releases are provided, so integrity can be verified without exposing internals.\n5. **Responsible disclosure.** We maintain a formal vulnerability reporting process with coordinated timelines to protect users.\n\n---\n\n## Audit Process (Overview)\n\nWhen accredited teams request DXcore access for audit:\n\n1. **Legal \u0026 procedural agreements.** NDA or audit contracts define scope, reporting format, and non-disclosure of exploitation details.\n2. **Controlled access.** Access is provided via private repositories or secure environments, with time limits and monitoring.\n3. **Scope definition.** Focus on cryptographic correctness, protocol implementation, dependency hygiene, and network behavior.\n4. **Reporting \u0026 remediation.** Vulnerabilities are reported privately; fixes are prioritized and coordinated for disclosure.\n5. **Public summary.** Once resolved, a high-level summary of findings and fixes is shared publicly.\n\n---\n\n## Responsible Disclosure\n\nIf you discover a potential vulnerability:\n\n- **Email:** security@defyxvpn.com\n- **Report contents (recommended):** short summary, impact assessment, reproduction steps or limited PoC (please avoid full exploit code), proposed mitigations, and your contact info.\n- **Coordination:** For critical issues, we coordinate disclosure timelines with the reporter to ensure user safety.\n\n---\n\n## FAQ\n\n**Q: Does closed-source mean users cannot trust DXcore?**  \nA: No. Closing the code is not our first choice for transparency, but in censorship-circumvention contexts, open implementations can directly harm users. We offset this by providing open designs, controlled audits, public summaries, and verifiable binaries.\n\n**Q: Can I review DXcore’s real source?**  \nA: Accredited security organizations and teams can request access under NDA and secure review conditions. Public audit summaries are published afterward.\n\n**Q: How does this protect users?**  \nA: By withholding sensitive implementation details, adversaries cannot easily adapt to block or fingerprint the system. This increases the durability of user connections in hostile environments.\n\n---\n\n## DXcore Mock / Stub\n\nTo support developers building with Flutter, we provide a **DXcore Mock** (stub implementation) in this repository.\n\n**Download from the [DXcore Releases page](https://github.com/UnboundTechCo/DXcore/releases).**\n\nThe mock is designed **only** to allow the app to compile and run in development and to enable UI/integration testing without needing the proprietary core.\n\n- The mock calls the same expected DXcore methods.\n- It returns predefined/sample responses.\n- It **does not** contain any real censorship-circumvention logic, traffic-resistance, or sensitive protocol code.\n- It must **not** be used for security or network-behavior testing.\n\nFor proper auditing, testing, or analysis, the real DXcore (available only to accredited auditors under NDA) must be used.\n\n---\n\n## Short Summary\n\nDXcore is closed-source not for secrecy but for **user protection** against censorship systems. Designs and APIs remain open; sensitive code is withheld but made available for independent audits under NDA. Mock/stub implementations are available for developers: [DXcore Releases](https://github.com/UnboundTechCo/DXcore/releases).\n\nContact: **security@defyxvpn.com**\n\n---\n\n## Contact\n\nFor audit requests, security reports, or inquiries about controlled DXcore access:\n\n**security@defyxvpn.com**\n\n---\n\n## Third-Party Licenses\n\nThis project uses the following third-party components:\n\n- [Xray](https://github.com/XTLS/Xray-core): Licensed under terms specified by its authors. Please refer to the official repository for full license details.\n- [Vwarp](https://github.com/voidr3aper-anon/Vwarp): Licensed under terms specified by its authors. Please refer to the official repository for full license details.\n- [Psiphon](https://github.com/Psiphon-Labs/psiphon-tunnel-core): Licensed under terms specified by its authors. Please refer to the official repository for full license details.\n- [Outline](https://github.com/Jigsaw-Code/outline-sdk): Licensed under terms specified by its authors. Please refer to the official repository for full license details.\n\nIf you are a copyright holder and believe your license is not properly attributed, please contact us at **info@defyxvpn.com**.\n\n---\n\n## Legal Notice\n\nDXcore is proprietary. It is withheld from public release to protect users against censorship adversaries. Access for audits is provided under NDA to accredited institutions, with public audit summaries published afterward. The DXcore Mock is safe for development/testing only and not a substitute for the real implementation.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funboundtechco%2Fdxcore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funboundtechco%2Fdxcore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funboundtechco%2Fdxcore/lists"}