KeyAuth C++ Library
This is the source code of the library_x64.lib file from https://github.com/KeyAuth/KeyAuth-CPP-Example
Multi Support : x86/x64
If you are using our example with no significant changes, and you are having problems, please Report Bug here https://keyauth.fdback.io
However, we do NOT provide support for adding KeyAuth to your project. If you can't figure this out you should use Google or YouTube to learn more about the programming language you want to sell a program in.
x86 :
1- Compile libcurl can be downloaded from curl.se and compiled by x86 Native Tools (Visual Studio Tools)
2- Lib Configuration -> General -> C++ Language Standard -> ISO C++17 Standard (/std:c++17)
3- Lib Configuration -> Advanced -> Character Set -> Multi-Byte Character Set
4- Lib Configuration -> Preprocessor definiton for CURL -> CURL_STATICLIB
This section covers a minimal, working integration with the headers in this repo.
- Add the library headers and sources to your project (or build the
.libfrom this repo). - Include
auth.hppin your project file. - Initialize the API once at startup, then call login/license/upgrade as needed.
- Keep your build settings on C++17 and link with the same libraries as this repo.
Minimal example:
#include "auth.hpp"
using namespace KeyAuth;
std::string name = "your_app_name";
std::string ownerid = "your_owner_id";
std::string version = "1.0";
std::string url = "https://keyauth.win/api/1.3/";
std::string path = ""; // optional
api KeyAuthApp(name, ownerid, version, url, path);
int main() {
KeyAuthApp.init();
if (!KeyAuthApp.response.success) {
return 1;
}
KeyAuthApp.license("your_license_key");
if (!KeyAuthApp.response.success) {
return 1;
}
return 0;
}Notes:
- If you are using the KeyAuth examples, keep their integrity/session checks intact.
- Use the same
CURL_STATICLIBdefine as shown above when statically linking. - Rebuild the library after pulling updates to keep everything in sync.
The library ships with security checks enabled by default. You do not need to manually call anything beyond init() and a normal login/license call.
What runs automatically:
- Integrity checks (prologue snapshots, function region validation,
.texthashing, page protections). - Module checks (core module signature verification + RWX section detection).
- Hosts-file checks for API host tampering.
- Timing anomaly checks to detect time tamper.
- Session heartbeat after successful login/license/upgrade/web login.
This SDK includes lightweight, client-side defenses that raise the cost of common bypass techniques while keeping normal integrations simple.
What it protects against:
- Inline patching/NOPs: prologue snapshots and detour heuristics catch modified function entry points.
- Code tamper:
.texthashing and page‑protection checks detect modified code pages. - API redirection: hosts‑file checks flag local DNS overrides of the API host.
- Time spoofing: timing anomaly checks reduce abuse of expired keys by system clock changes.
- Tampered system DLLs: core module signature checks reject patched or unsigned system libraries.
Benefits:
- Fail‑closed behavior: when a check fails, requests are blocked before the API call.
- Low integration cost: no additional calls are required beyond
init()and a normal login/license flow. - Reduced false positives: checks are limited to core modules and conservative tamper signals.
Design notes:
- These are client‑side protections. They complement — not replace — server‑side session validation.
- If you modify or strip checks, you reduce protection. Keep the SDK updated to inherit fixes.
- Optional hardening ideas are listed below for advanced users who accept higher false‑positive risk.
How to keep security enabled:
- Always call
KeyAuthApp.init()once before any other API call. - Do not remove the built-in checks or tamper with the library internals.
- Keep your application linked against the updated library after pulling changes.
How to verify it is running:
- Use the library normally — the checks are automatic.
- If a check fails, the library will fail closed with an error message.
These are intentionally not enabled in the library to avoid false positives, but you can add them if your app needs them.
- PE header erase: wipe PE header pages after load to make casual dumping harder. This is not a check; it simply reduces dump quality.
- Module allowlists: require a strict set of loaded modules; this breaks overlays and many legitimate plugins.
- System module path checks: enforce System32/SysWOW64-only paths; can fail on custom Windows installs.
- Hypervisor detection: block VMs; useful for niche threat models but unfriendly to legit users.
- IAT validation: detect import-table hooks for any imported API; can false-positive in some environments.
If you see security failures, common causes include:
- Modified system DLLs: non‑Microsoft versions or patched DLLs will be rejected.
- Time tampering: manual clock changes or large time skew can trigger timing checks.
- Patched binaries: inline hooks/NOP patches or modified
.textwill fail integrity checks.
This list summarizes all changes made in the overhaul:
- Integrity checks: prologue snapshots, function region validation, detour detection,
.textslice hashing, page protections. - Module trust: Microsoft signature verification for core DLLs, RWX section detection.
- Timing checks: timing anomaly detection to catch clock tamper.
- Import checks: import address validation.
- Network hardening: hosts‑file override detection for API host.
- Session hardening: session heartbeat after successful login/license/upgrade/web login.
- DLL search order: hardened DLL lookup and removed current‑dir hijacking.
- String exposure: request data zeroized after use; sensitive parameters wiped via
ScopeWipe. - Debug logging: minimized request/URL logging to reduce in‑memory exposure.
- Parsing hardening: safer JSON parsing and substring handling to avoid crashes.
- Curl safety: fixed cleanup issues; enforced static libcurl linkage.
- Module path APIs: removed hardcoded System32 paths (uses
GetSystemDirectoryW). - Example/docs: added usage section, security feature docs, and troubleshooting guidance.
Helpful references:
- https://github.com/KeyAuth/KeyAuth-CPP-Example
- https://keyauth.cc/app/
- https://keyauth.cc/app/?page=forms
KeyAuth is a powerful cloud-based authentication system designed to protect your software from piracy and unauthorized access. With KeyAuth, you can implement secure licensing, user management, and subscription systems in minutes. Client SDKs available for C#, C++, Python, Java, JavaScript, VB.NET, PHP, Rust, Go, Lua, Ruby, and Perl. KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions.
Tip
https://vaultcord.com FREE Discord bot to Backup server, members, channels, messages & more. Custom verify page, block alt accounts, VPNs & more.
KeyAuth is licensed under Elastic License 2.0
-
You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.
-
You may not move, change, disable, or circumvent the license key functionality in the software, and you may not remove or obscure any functionality in the software that is protected by the license key.
-
You may not alter, remove, or obscure any licensing, copyright, or other notices of the licensor in the software. Any use of the licensor’s trademarks is subject to applicable law.
Thank you for your compliance, we work hard on the development of KeyAuth and do not appreciate our copyright being infringed.
Optional background check that polls every 45 seconds. Always stop it before exiting.
KeyAuthApp.start_ban_monitor(45, false, [] {
std::cout << "Blacklisted, exiting..." << std::endl;
exit(0);
});
// later, before exit
KeyAuthApp.stop_ban_monitor();
