Keyauth changelog keyauth.cc

New

• Added option to extend only users with active subscription of subscription specified
• Affiliate system. Refer someone with your affiliate URL at https://keyauth.cc/app/?page=affiliate and they'll get 2 months free trial and you'll get 2 months added to your subscription if they purchase KeyAuth plan. As a special event for KeyAuth's second birthday on Thanksgiving, you will get 4 months added to your subscription if they purchase before December 1st 2022 at 12:00am EST (New York time)
• You can now use custom expiration time (in days) and custom level for reseller system. Webhook URL should look like this https://keyauth.win/api/reseller/?app=appSecretHere&expiry=1&level=1
• Add or remove web loader buttons with SellerAPI https://docs.keyauth.cc/seller/buttons
• Added SellerAPI logs https://keyauth.cc/app/?page=seller-logs
• You can now specify the ban reason with KeyAuthApp.ban() function. i.e. KeyAuthApp.ban("VMware detected")
• Specific account permissions for manager accounts. Deny or allow access to certain pages while creating manager account https://keyauth.cc/app/?page=manage-accs
• Added ability to subtract time from user's subscription https://docs.keyauth.cc/seller/users#subtract-from-user-subscription
• Added ability for accounts to extend their KeyAuth subscription while subscription still active by purchasing again at https://keyauth.cc/app/?page=upgrade
• Added ability to disable email verification if you find it annoying https://keyauth.cc/app/?page=account-settings
• Several bug fixes

New

• Custom domains for API. Available for developer and seller plans. 100% recommend, this will make sure your users don't get blocked by retarded internet providers. Tutorial:
• Using AJAX requests for dashboard now. So users with thousands of keys, users, etc, won't need to wait long for their page to render anymore.
• Emails are now hashed with SHA1 for boosted security, we can't see your plain-text emails now
• Online user count now counts logged in users only
• Fixed bug where when people pressed reload button on dashboard, it would try to resubmit form
• Fixed bug where messages in chat channels would be deleted if message sent in a different chat channel
• Added limit of 5k keys per day to SellerAPI add key endpoint (many DDoS attacks abused the fact there was no limit before)
• API now checks if file link dead (4xx HTTP code) on download
• Added option to ban user or delete user also when banning or deleting key
• Increased account security, paid accounts now must do email or 2FA verification when logging in from new location
• Added SellerAPI types 'addAccount' and 'deleteAccount' for managing Reseller and Manager accounts
• Added SellerAPI type 'massUserVarDelete' to delete all user variables with name
• Added ability to pause and unpause individual users
• Added new 1.2 API endpoint which has protection against network debuggers https://docs.keyauth.cc/security-practices
• Added option to require minimum username length and added option to block breached passwords (uses HaveIBeenPwned API, doesn't send password to them, only hash prefix. secure)
• Added API type 'fetchOnline' which returns array of usernames currently logged in to your application
• Added option to kill other sessions with same username when user logs in (can be used to prevent people sharing on a website for example where HWID lock can't be applied)

New

• Discord bot update, video on KeyAuth YouTube channel for tutorial
• Changed extend user to number of days or months etc rather than a set date.
• Also changed it such that when extend user it used, if the user already has a subscription with same name, it adds to the expiry to that subscription rather than adding an entirely new subscription to user
• Added set key note to SellerAPI https://docs.keyauth.win/seller/licenses#set-note
• Change dashboard session timeout to 45 minutes from PHP's default 20 minutes. You will get logged out less now.
• Added count user subscriptions to SellerAPI https://docs.keyauth.win/seller/users#count-subscriptions
• Added fetch all chat channels to SellerAPI https://docs.keyauth.win/seller/chats#fetch-all-channels
• Added fetch all chat mutes to SellerAPI https://docs.keyauth.win/seller/chats#fetch-all-mutes
• Added edit chat channel to SellerAPI https://docs.keyauth.win/seller/chats#edit-channel
• Added list all sessions to SellerAPI https://docs.keyauth.win/seller/sessions#list-all-sessions
• Added pause application to SellerAPI https://docs.keyauth.win/seller/settings#pause-app
• Added ability to display ban reason. Use the text {reason} in app settings page on dashboard to display. It's now displayed by default if you didn't change your ban message from the default one.

Fix

A few people have freaked out to us about a BS "bypass" pertaining to the latest c++ examples only, the ones with KeyAuth.hpp are unaffected. The bypass can be mitigated even by using older versions of VMProtect, though TheH3xRayz#2005 contributed code to patch the bypass regardless of what obfuscator you the application developer is using, and regardless of what injector the bad actor attempting to pirate your program is using.

So those just two options to fix this bypass. Obfuscate or use the latest .lib file just committed to https://github.com/KeyAuth/KeyAuth-CPP-Example

Apologies for not address this earlier, I thought it was quite self-explanatory but sadly not to some people 🤦‍♂️ The bypass has nothing to do with KeyAuth, it's modifying the memory of a JSON decoding function from GitHub. this could be done to any unobfuscated program using any type of authentication system.

KeyAuth will never guarantee integrated obfuscation. Even authentication services which cost tens of thousands per month don't accept the responsibility of integrated obfuscation. So you shouldn't expect KeyAuth to.

I've heard that https://github.com/Acrillis/SynapseX/tree/master/Synapse/Src/Exploit/Security provides a lot of mitigation methods against circumvention. Feel free to look at that

I (mak) am not competent in client-side security and don't plan to become competent in it. Companies like VMProtect and Themida have several years of experience and still are at a constant battle with circumvention. KeyAuth ensures your program can't be bypassed with HTTP Debugger, something that is possible with authgg. Past that it is the responsibility of the app developer to seek obfuscation from another company or make their own.

KeyAuth discord bot coming soon. mazk provided me with a great base and so I just need to add a few more commands and it'll be ready. the bigger concern is networking being online to update the files on the Discord bot hosting lmao.

networking said he'd be slightly inactive until 28th of this month. please make suggestions in https://keyuth.win/discord/ I'm less tired this week so I should be able to get a lot of them done over the weekend 💯

Improvement

We're changing DDoS mitigation tomorrow around 3PM EST (New York Time)

There will be a short downtime and SSL certificate change.

If you're having issues connecting to the site using the loader after this is complete, please let us know and we'll contact the DDoS mitigation provider.

coming soon:

Discord bot update, whenever I have the time Eventually I'd like to release a new API version that would be more simple.

New

• Made it so that you can now set a password when you reset password from the seller api. https://keyauth.win/api/seller/?sellerkey=sellerkeyhere&type=resetpw&user=usernamehere&passwd=passwordhere (Credits: MajorHax)

New

• KeyAuth is now hosted solely on https://keyauth.win/
• C++ example, add data
• C++ example, more user data
• C++ example, bug fixes
• Host/Server change

New

• C++ example updated, far easier to add KeyAuth to your program youtu.be/GB4XW_TsHqA (some features missing, I had limited time)
• KeyAuth web loader added (control application from customer panel) youtu.be/9-qgmsUUCK4
• Several SellerAPI endpoints added https://docs.keyauth.com/seller/
• New features added to 1.1 API https://docs.keyauth.com/api/
• GET paramaters added to 1.1 API
• Server-side code cleanup, much easier to work with now
• View, edit, delete chat channels added
• Multiple program hashes supported now
• Request body and content type added to webhook function
• App data added (Number of users, number of online users, number of keys, version, customer panel link)

New

1.1 (unencrypted API endpoint) was not updated, next update will have an endpoint that can be used both encrypted and non-encrypted

• Added ability to edit username of users
• VB example update to core functionality, didn't add all the functions added to the c#, c++, and python examples.
• added add fetch all blacklists to Seller API https://docs.keyauth.com/seller/
• added blacklist check function
• (seller only) chat channels
• now any users still on your account after you reset password will be locked out
• account expiration fixed. it used to start whenever you made your account, not when you purchased KeyAuth. If your expiry in account settings is far sooner than a year from when you purchased, message modmail with your orderid and tell us your account expiry is wrong
• hash check added back, disabled by default
• more user data added (forgot app data, will try to add next update)
• added banned column to users table on dashboard
• more custom API responses settings
• view active users in session tab and kill sessions if you want (log your users out)
• pause button now pauses users's subscriptions so you can unpause them whenever and they will lose no time
• reset password added to SellerAPI https://docs.keyauth.com/seller/
• you can now set session expiry time (how long your users stay logged in)
• added fetch all files, fetch all vars to Seller API https://docs.keyauth.com/seller/
• you can now download files on dashboard
• user variables added
• import keys avaliable to tester users now (used to require developer)
• search bars added to drop down selection menus on dashboard
• added ability extend all users
• changed key level input box on create licenses modal to a drop down menu of your subcriptions, so it's impossible to create key with a level that doesn't correspond to a subscription now
• added verify user to SellerAPI https://docs.keyauth.com/seller/
• delete expired users added to dashboard and SellerAPI https://docs.keyauth.com/seller/
• import users added to users tab on dashboard
• you can now change HWID reset cooldown for customer panel in app settings
• added fetch all subs for app to SellerAPI https://docs.keyauth.com/seller/
• added Question mark tooltips to dashboard to help assist people confused with a feature