---- Arrowchat V1 8 3 Nulled 13 [2025]

| Sub‑Feature | Description | Configurable Options | |------------|-------------|----------------------| | Online/Offline/Idle Status | Real‑time presence tracking via heartbeat pings (every 30 s). | • Idle timeout (default 5 min). | | Custom Status Messages | Users can set a short status (e.g., “Working on project X”). | • Max characters (70). | | In‑App “Do Not Disturb” | Suppresses pop‑ups and sound alerts while still allowing message receipt. | • Auto‑expire after configurable period. | | Last‑Seen Timestamp | Shows last activity time with privacy toggles (visible to all, friends only, or hidden). | • Privacy levels. | | Multi‑Device Sync | Same account can be logged in on desktop, mobile, and tablet; messages are synchronized across all sessions. | • Session limit (max concurrent devices). | | User Blocking / Reporting | Block another user to hide their messages; report abuse with a pre‑filled ticket. | • Block duration (temporary/permanent). | | Role‑Based Visibility | Administrators, moderators, and VIP users can be highlighted with custom badges and colors. | • Badge image URL, CSS class. |

| Risk | Description | Likelihood | |------|-------------|------------| | Hidden back‑door | Malicious code may create an undocumented admin account or remote shell (eval(base64_decode(...)))). | High (observed in many community‑released nulled packs) | | Malware dropper | The package can include a separate PHP file that downloads ransomware or crypto‑miner payloads. | Medium‑High | | Obfuscated code | Use of gzinflate, str_rot13, or preg_replace with the /e/ modifier makes static analysis difficult. | High | | License bypass | License check removal does not guarantee functional stability; missing files may cause runtime errors. | Medium | | No support / updates | New vulnerabilities discovered after 2017 will remain exploitable. | Certain | ---- Arrowchat V1 8 3 Nulled 13

| Sub‑Feature | Description | Configurable Options | |------------|-------------|----------------------| | End‑to‑End Encryption (E2EE) | Optional client‑side encryption using the Signal Protocol for private messages. | • Enable per‑conversation. | | CSRF & XSS Protection | Token‑based request validation; automatic HTML sanitization (HTMLPurifier). | • Allowed HTML tags. | | Rate Limiting | Prevent spamming via per‑IP and per‑user limits on message sends, file uploads, and channel creation. | • Limits (e.g., 10 msg/sec). | | Content Moderation | Integrated profanity filter (language‑aware) and image moderation via third‑party APIs (Microsoft Content Moderator, Google Vision). | • Sensitivity level, whitelist/blacklist. | | Audit Logs | Immutable log of admin actions (room deletions, user bans, config changes). | • Log retention (days). | | GDPR / CCPA Tools | Export of personal data, deletion requests, and consent management UI. | • Data retention policies. | | Secure File Handling | All uploads scanned for malware, stored outside web root, served via signed URLs with expiration. | • Max upload size, allowed extensions. | | Two‑Factor Authentication (2FA) | TOTP (Google Authenticator) and backup codes for admin accounts. | • Enforce 2FA for privileged users. | | Sub‑Feature | Description | Configurable Options |

| Sub‑Feature | Description | Configurable Options | |------------|-------------|----------------------| | Public Channels | Open rooms anyone can join; listed on the “Channels” sidebar with participant count. | • Auto‑archive after inactivity (default 30 days). | | Private Rooms | Invite‑only rooms; join via a unique token or direct invitation. | • Token expiration (e.g., 24 h). | | Password‑Protected Channels | Additional layer of security; password is hashed server‑side. | • Minimum password strength. | | Group Chats | Up to 500 participants per group; admin can promote/demote members. | • Max group size (adjustable). | | Threaded Conversations | Replies can be nested up to 3 levels, enabling mini‑discussions within a channel. | • Thread depth limit. | | Channel Categories | Hierarchical grouping (e.g., “Games → FPS → Counter‑Strike”) for better navigation. | • Unlimited nesting. | | Channel Search & Filters | Full‑text search across channel names, descriptions, and recent messages. | • Indexing frequency. | | Pinned Messages | Administrators can pin up to 5 messages to the top of a channel. | • Pin expiry (optional). | | Channel Announcements | Broadcast‑style messages that appear with a distinct background color. | • Announcement duration (auto‑hide after X seconds). | Google Vision). | • Sensitivity level