Mojic is a sophisticated CLI tool designed to transform readable C source code into an unrecognizable, chaotic stream of emojis. It is not a simple substitution cipher; it is a cryptographic obfuscation tool.
Current Version: v2.1.2
Core Tech: Node.js, AES-256-CTR, Scrypt (Memory-Hard)
Why use Mojic?
- Total Polymorphism: Both keywords and raw data are whitened. Patterns like repeating indentation are effectively scrambled.
- GPU-Resistant: Uses the Scrypt KDF to derive keys, making brute-force attacks computationally expensive on graphics hardware.
- Base-1024 Compression: Reduces the bloat of non-keyword characters.
- Integrity Sealed: HMAC-SHA256 signature ensures files haven’t been tampered with.
How it works
You input C code. Mojic asks for a password. It generates a unique emoji dialect and uses a military-grade keystream (AES-256-CTR) to encrypt your file into a .mojic artifact.
Mojic is distributed via NPM. You can install it globally to use the command line tools.
Global Install
npm install -g mojic
Run via NPX (No Install)
npx mojic --help
Build from Source
git clone https://github.com/notamitgamer/mojic.git
cd mojic
npm install
npm run build-binaries
Encrypts a C source file or an entire directory of files into Mojic format.
Usage
mojic encode [options]
Options
| Flag | Description |
|---|---|
-r, --recursive |
Recursively process all .c files in a directory. |
-f, --flat |
Minify mode. Strips whitespace and newlines before encryption to increase obfuscation density. |
Examples
Encrypt a single file:
$ mojic encode main.c
> Create password for file(s): *****
> Processing: main.c -> main.mojic
> Encrypted.
Batch encrypt a project with flattening:
$ mojic encode ./src -r -f
> Initiating Mojic Encryption v2.1...
> Structural Flattening Enabled
> Scanning directory: ./src
> Processing: utils.c -> utils.mojic
> Processing: main.c -> main.mojic
> Batch encryption complete.
Restores .mojic files back to readable C source code.
Usage
mojic decode [options]
Options
| Flag | Description |
|---|---|
-r, --recursive |
Recursively find and decode all .mojic files. |
Error Handling
Mojic includes strict integrity checks.
WRONG_PASSWORD: The derived key did not match the Auth Check in the Moon Header.FILE_TAMPERED: The HMAC-SHA256 signature at the end of the stream failed. The file has been modified.
The srt command allows you to manage encrypted files without exposing their plaintext contents. This is useful for rotating credentials.
Rotate Password
Changes the password of a file by decrypting the stream into memory and re-encrypting with a new key.
mojic srt --pass secret.mojic
Re-Encrypt (Entropy Shuffle)
Keeps the same password but generates a new salt and AES keystream. This completely changes the visual emoji output, defeating any potential pattern analysis over time.
mojic srt --re secret.mojic
Mojic is built on the updated CipherEngine.js. Here is how it achieves “Polymorphic Chaos”.
1. The Emoji Universe
The engine generates a pool of ~1,100 valid unicode characters (Emoticons, Transport, Symbols). This pool is shuffled using a CSPRNG (AES-256-CTR) seeded by your password.
2. Polymorphic Keywords
Standard C keywords (int, void, if) are not mapped 1:1. The engine calculates a random offset for every occurrence based on the keystream.
3. XOR Whitening
Before any raw data (variable names, strings, whitespace) is encoded, it is XORed with a mask generated from the AES-256-CTR stream. This ensures that repeating patternsโlike 4 spaces of indentationโnever look the same twice.
Input: ” ” (4 spaces)
Stream A: 0x1A 0xB2… -> ๐ฆ ๐
Stream B: 0x4F 0x9C… -> ๐บ ๐ธ
4. Base-1024 Compression
The whitened data is buffered into 5-byte chunks and converted into 4 base-1024 digits (emojis), keeping file sizes manageable.
Mojic files do not look like random noise immediately. They start with a distinct header.
Structure
The header contains the Salt (32 bytes) and an Auth Check (4 bytes). These are encoded using a specific alphabet of moon phases and clocks.
HEADER_ALPHABET = ['๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐', '๐'];
This allows the decode command to verify your password instantly by checking the header, rather than processing the whole file and outputting garbage.
First off, thanks for taking the time to contribute! Use your best judgment, and feel free to propose changes.
Development Workflow
- Fork the repository on GitHub.
- Clone your fork locally:
git clone https://github.com/YOUR_USERNAME/mojic.git - Create a Branch for your feature or bugfix:
git checkout -b feature/amazing-feature - Install Dependencies:
npm install - Test your changes: Run the CLI locally using
npm start -- encode test.c - Commit your changes using imperative mood (e.g., “Add feature”).
- Push and Open a Pull Request.
Mojic Code Style
- Cipher Logic: Changes to
CipherEngine.jsmust ensure backward compatibility. - Streams: Always use
StringDecoderwhen handling text streams to prevent multi-byte emoji corruption.
Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team. All complaints will be reviewed and investigated.
Warning: Please do not open public issues for security vulnerabilities.
Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability within Mojic (e.g., in the CipherEngine logic or the PRNG implementation), please send an e-mail immediately.
Scope
- Supported: Issues regarding key derivation (Scrypt), salt collisions, HMAC integrity failures, or stream buffer overflows.
- Not Supported: Brute-forcing weak passwords (users are responsible for password strength).
Mojic is licensed under the Apache License, Version 2.0.
Apache License 2.0 Summary:
You can do whatever you want with this software, as long as you include the original copyright and license notice in any copy of the software/source. It is provided “as is” without warranty.
Copyright ยฉ 2026 notamitgamer