From c1d158913ef299650f824c17a36ebff707108923 Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Mon, 30 Jan 2023 13:06:58 -0500 Subject: [PATCH 01/37] improve README --- README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1e4e1ff..6dadfab 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # KeyAuth-Python-Example -KeyAuth Python Example For The https://keyauth.cc Authentication system. +KeyAuth Python example for the https://keyauth.cc authentication system. ## **Bugs** @@ -51,7 +51,7 @@ Nutika: ## **`KeyAuthApp` instance definition** -Visit and select your application, then click on the **Python** tab +Visit https://keyauth.cc/app/ and select your application, then click on the **Python** tab It'll provide you with the code which you should replace with in the `main.py` file. @@ -206,7 +206,7 @@ print(data) ## **Application Logs** -Can be used to log data. Good for anti-debug alerts and maybe error debugging. If you set Discord webhook in the app settings of the Dashboard, it will send log messages to your Discord webhook rather than store them on site. It's recommended that you set Discord webhook, as logs on site may be deleted after a couple months of their creation. +Can be used to log data. Good for anti-debug alerts and maybe error debugging. If you set Discord webhook in the app settings of the Dashboard, it will send log messages to your Discord webhook rather than store them on site. It's recommended that you set Discord webhook, as logs on site are deleted 1 month after being sent. You can use the log function before login & after login. @@ -229,6 +229,9 @@ keyauthapp.ban() Tutorial video https://www.youtube.com/watch?v=ENRaNPPYJbc +> **Note** +> Read documentation for KeyAuth webhooks here https://docs.keyauth.cc/website/dashboard/webhooks + Send HTTP requests to URLs securely without leaking the URL in your application. You should definitely use if you want to send requests to SellerAPI from your application, otherwise if you don't use you'll be leaking your seller key to everyone. And then someone can mess up your application. 1st example is how to send request with no POST data. just a GET request to the URL. `7kR0UedlVI` is the webhook ID, `https://keyauth.win/api/seller/?sellerkey=sellerkeyhere&type=black` is what you should put as the webhook endpoint on the dashboard. This is the part you don't want users to see. And then you have `&ip=1.1.1.1&hwid=abc` in your program code which will be added to the webhook endpoint on the keyauth server and then the request will be sent. @@ -250,6 +253,9 @@ data = keyauthapp.webhook("7kR0UedlVI", "", "{\"content\": \"webhook message her ## **Download file** +> **Note** +> Read documentation for KeyAuth files here https://docs.keyauth.cc/website/dashboard/files + Keep files secure by providing KeyAuth your file download link on the KeyAuth dashboard. Make sure this is a direct download link (as soon as you go to the link, it starts downloading without you clicking anything). The KeyAuth download function provides the bytes, and then you get to decide what to do with those. This example shows how to write it to a file named `text.txt` in the same folder as the program, though you could execute with RunPE or whatever you want. `385624` is the file ID you get from the dashboard after adding file. From c52378707b672134c56841d30b0013f015a84b4d Mon Sep 17 00:00:00 2001 From: Shxde <112267394+Shxde1@users.noreply.github.com> Date: Sat, 4 Feb 2023 13:11:10 -0500 Subject: [PATCH 02/37] Update keyauth.py --- keyauth.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/keyauth.py b/keyauth.py index c11205d..f0a2d67 100644 --- a/keyauth.py +++ b/keyauth.py @@ -499,6 +499,28 @@ def checkinit(self): time.sleep(2) os._exit(1) + def changeUsername(self, username): + self.checkinit() + init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { + "type": binascii.hexlify("changeUsername".encode()), + "newUsername": username, + "sessionid": binascii.hexlify(self.sessionid.encode()), + "name": binascii.hexlify(self.name.encode()), + "ownerid": binascii.hexlify(self.ownerid.encode()), + "init_iv": init_iv + } + + response = self.__do_request(post_data) + response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) + + if json["success"]: + print("successfully Changed Username") + else: + print(json["message"]) + os._exit(1) + def __do_request(self, post_data): try: rq_out = s.post( From 6660c121feb81ac311202ced537598a999f65a72 Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Fri, 17 Feb 2023 16:11:52 -0500 Subject: [PATCH 03/37] Add Snyk.io GitHub Action --- .github/workflows/snyk-infrastructure.yml | 54 +++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/snyk-infrastructure.yml diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml new file mode 100644 index 0000000..dcd0cef --- /dev/null +++ b/.github/workflows/snyk-infrastructure.yml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which checks out your Infrastructure as Code Configuration files, +# such as Kubernetes, Helm & Terraform and scans them for any security issues. +# The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Infrastructure as Code + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '15 3 * * 5' + +permissions: + contents: read + +jobs: + snyk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run Snyk to check configuration files for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4 + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + # Add the path to the configuration file that you would like to test. + # For example `deployment.yaml` for a Kubernetes deployment manifest + # or `main.tf` for a Terraform configuration file + file: your-file-to-test.yaml + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif From 209c98c4051abca83bdf5cc399ead8bb2fbff72d Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Fri, 17 Feb 2023 16:12:15 -0500 Subject: [PATCH 04/37] Added GitHub Action to wrong repository --- .github/workflows/snyk-infrastructure.yml | 54 ----------------------- 1 file changed, 54 deletions(-) delete mode 100644 .github/workflows/snyk-infrastructure.yml diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml deleted file mode 100644 index dcd0cef..0000000 --- a/.github/workflows/snyk-infrastructure.yml +++ /dev/null @@ -1,54 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# A sample workflow which checks out your Infrastructure as Code Configuration files, -# such as Kubernetes, Helm & Terraform and scans them for any security issues. -# The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Infrastructure as Code - -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '15 3 * * 5' - -permissions: - contents: read - -jobs: - snyk: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Run Snyk to check configuration files for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4 - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # Add the path to the configuration file that you would like to test. - # For example `deployment.yaml` for a Kubernetes deployment manifest - # or `main.tf` for a Terraform configuration file - file: your-file-to-test.yaml - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif From fc936f071e620aca944dce1e4a844e9967d88d6b Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:56:02 -0500 Subject: [PATCH 05/37] Update Discord --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6dadfab..7294d87 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ KeyAuth Python example for the https://keyauth.cc authentication system. ## **Bugs** -If the default example not added to your software isn't functioning how it should, please join the Discord server https://discord.gg/keyauth and submit the issue in the `#bugs` channel. +If the default example not added to your software isn't functioning how it should, please join the Discord server https://discord.gg/HjfhCe4eE2 and submit the issue in the `#bugs` channel. However, we do **NOT** provide support for adding KeyAuth to your project. If you can't figure this out you should use Google or YouTube to learn more about the programming language you want to sell a program in. @@ -27,7 +27,7 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do ## **What is KeyAuth?** -KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://discord.gg/keyauth if you have questions or suggestions. +KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://discord.gg/HjfhCe4eE2 if you have questions or suggestions. ## **Customer connection issues?** From 280696a31a26f5b23fe19ee3a87dacb24eabc48a Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Wed, 22 Feb 2023 23:50:32 -0500 Subject: [PATCH 06/37] Update Discord --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7294d87..6dadfab 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ KeyAuth Python example for the https://keyauth.cc authentication system. ## **Bugs** -If the default example not added to your software isn't functioning how it should, please join the Discord server https://discord.gg/HjfhCe4eE2 and submit the issue in the `#bugs` channel. +If the default example not added to your software isn't functioning how it should, please join the Discord server https://discord.gg/keyauth and submit the issue in the `#bugs` channel. However, we do **NOT** provide support for adding KeyAuth to your project. If you can't figure this out you should use Google or YouTube to learn more about the programming language you want to sell a program in. @@ -27,7 +27,7 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do ## **What is KeyAuth?** -KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://discord.gg/HjfhCe4eE2 if you have questions or suggestions. +KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://discord.gg/keyauth if you have questions or suggestions. ## **Customer connection issues?** From a4bbd3d8352896e1a33bc3d5af453a6279baee7a Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Sun, 19 Mar 2023 18:42:55 -0400 Subject: [PATCH 07/37] Add PR Workflow --- .github/workflows/pr_notification.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/workflows/pr_notification.yml diff --git a/.github/workflows/pr_notification.yml b/.github/workflows/pr_notification.yml new file mode 100644 index 0000000..de44c8b --- /dev/null +++ b/.github/workflows/pr_notification.yml @@ -0,0 +1,12 @@ +name: Pull Request Notification + +on: + pull_request_target: + types: + - opened + +jobs: + notify: + uses: KeyAuth/.github/.github/workflows/pr_notification_global.yml@main + secrets: + DISCORD_PR: ${{ secrets.DISCORD_PR }} From b6514b3998d4b1f31089eebed7563524b7465867 Mon Sep 17 00:00:00 2001 From: William Nelson Date: Tue, 4 Apr 2023 12:57:06 -0400 Subject: [PATCH 08/37] Add disclaimer about user var/normal var misunderstanding --- keyauth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/keyauth.py b/keyauth.py index f0a2d67..8d8a6e7 100644 --- a/keyauth.py +++ b/keyauth.py @@ -264,6 +264,7 @@ def getvar(self, var_name): if json["success"]: return json["response"] else: + print(f"NOTE: This is commonly misunderstood. This is for user variables, not the normal variables.\nUse keyauthapp.var(\"{var_name}\") for normal variables"); print(json["message"]) time.sleep(5) os._exit(1) From 9756f09caa9f4ffdc44b7ec216ce4a55dd79867d Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Fri, 7 Apr 2023 08:00:56 -0700 Subject: [PATCH 09/37] Sleep on error of functions --- keyauth.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/keyauth.py b/keyauth.py index 8d8a6e7..af4fa4b 100644 --- a/keyauth.py +++ b/keyauth.py @@ -31,7 +31,7 @@ s.get('https://google.com') except requests.exceptions.RequestException as e: print(e) - time.sleep(3) + time.sleep(5) os._exit(1) @@ -87,6 +87,7 @@ def init(self): print("New Version Available") download_link = json["download"] os.system(f"start {download_link}") + time.sleep(3) os._exit(1) else: print("Invalid Version, Contact owner to add download link to latest app version") @@ -94,6 +95,7 @@ def init(self): if not json["success"]: print(json["message"]) + time.sleep(3) os._exit(1) self.sessionid = json["sessionid"] @@ -128,6 +130,7 @@ def register(self, user, password, license, hwid=None): self.__load_user_data(json["info"]) else: print(json["message"]) + time.sleep(5) os._exit(1) def upgrade(self, user, license): @@ -157,6 +160,7 @@ def upgrade(self, user, license): os._exit(1) else: print(json["message"]) + time.sleep(5) os._exit(1) def login(self, user, password, hwid=None): @@ -188,6 +192,7 @@ def login(self, user, password, hwid=None): print("successfully logged in") else: print(json["message"]) + time.sleep(5) os._exit(1) def license(self, key, hwid=None): @@ -217,6 +222,7 @@ def license(self, key, hwid=None): print("successfully logged into license") else: print(json["message"]) + time.sleep(5) os._exit(1) def var(self, name): @@ -610,6 +616,7 @@ def encrypt(message, enc_key, iv): return encryption.encrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() except: print("Invalid Application Information. Long text is secret short text is ownerid. Name is supposed to be app name not username") + time.sleep(5) os._exit(1) @staticmethod @@ -622,4 +629,5 @@ def decrypt(message, enc_key, iv): return encryption.decrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() except: print("Invalid Application Information. Long text is secret short text is ownerid. Name is supposed to be app name not username") + time.sleep(5) os._exit(1) From c450f41312a236ec7692e02c16b82ff0e2237727 Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Tue, 6 Jun 2023 02:47:18 -0700 Subject: [PATCH 10/37] Update keyauth.py --- keyauth.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/keyauth.py b/keyauth.py index af4fa4b..ce2b3c6 100644 --- a/keyauth.py +++ b/keyauth.py @@ -77,6 +77,7 @@ def init(self): if response == "KeyAuth_Invalid": print("The application doesn't exist") + time.sleep(5) os._exit(1) response = encryption.decrypt(response, self.secret, init_iv) @@ -91,6 +92,7 @@ def init(self): os._exit(1) else: print("Invalid Version, Contact owner to add download link to latest app version") + time.sleep(5) os._exit(1) if not json["success"]: @@ -526,6 +528,7 @@ def changeUsername(self, username): print("successfully Changed Username") else: print(json["message"]) + time.sleep(5) os._exit(1) def __do_request(self, post_data): From 704727df90b794c10510b7abe0366c5568717785 Mon Sep 17 00:00:00 2001 From: William Nelson Date: Wed, 7 Jun 2023 11:30:26 -0400 Subject: [PATCH 11/37] Improve instructions, fix empty HWID error --- keyauth.py | 56 ++++++++++++++++++++++++++++-------------------------- main.py | 37 ++++++++++++++++++++---------------- 2 files changed, 50 insertions(+), 43 deletions(-) diff --git a/keyauth.py b/keyauth.py index ce2b3c6..76efe65 100644 --- a/keyauth.py +++ b/keyauth.py @@ -31,7 +31,7 @@ s.get('https://google.com') except requests.exceptions.RequestException as e: print(e) - time.sleep(5) + time.sleep(3) os._exit(1) @@ -57,7 +57,7 @@ def init(self): if self.sessionid != "": print("You've already initialized!") - time.sleep(2) + time.sleep(3) os._exit(1) init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() @@ -77,7 +77,7 @@ def init(self): if response == "KeyAuth_Invalid": print("The application doesn't exist") - time.sleep(5) + time.sleep(3) os._exit(1) response = encryption.decrypt(response, self.secret, init_iv) @@ -92,7 +92,7 @@ def init(self): os._exit(1) else: print("Invalid Version, Contact owner to add download link to latest app version") - time.sleep(5) + time.sleep(3) os._exit(1) if not json["success"]: @@ -132,7 +132,7 @@ def register(self, user, password, license, hwid=None): self.__load_user_data(json["info"]) else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def upgrade(self, user, license): @@ -156,13 +156,13 @@ def upgrade(self, user, license): json = jsond.loads(response) if json["success"]: - print("successfully upgraded user") - print("please restart program and login") - time.sleep(2) + print("Successfully upgraded user") + print("Please restart program and login") + time.sleep(3) os._exit(1) else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def login(self, user, password, hwid=None): @@ -191,10 +191,10 @@ def login(self, user, password, hwid=None): if json["success"]: self.__load_user_data(json["info"]) - print("successfully logged in") + print("Successfully logged in") else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def license(self, key, hwid=None): @@ -221,10 +221,10 @@ def license(self, key, hwid=None): if json["success"]: self.__load_user_data(json["info"]) - print("successfully logged into license") + print("Successfully logged in with license") else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def var(self, name): @@ -250,7 +250,7 @@ def var(self, name): return json["message"] else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def getvar(self, var_name): @@ -274,7 +274,7 @@ def getvar(self, var_name): else: print(f"NOTE: This is commonly misunderstood. This is for user variables, not the normal variables.\nUse keyauthapp.var(\"{var_name}\") for normal variables"); print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def setvar(self, var_name, var_data): @@ -297,7 +297,7 @@ def setvar(self, var_name, var_data): return True else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def ban(self): @@ -318,7 +318,7 @@ def ban(self): return True else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def file(self, fileid): @@ -342,7 +342,7 @@ def file(self, fileid): if not json["success"]: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) return binascii.unhexlify(json["contents"]) @@ -371,7 +371,7 @@ def webhook(self, webid, param, body = "", conttype = ""): return json["message"] else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def check(self): @@ -505,7 +505,7 @@ def chatSend(self, message, channel): def checkinit(self): if not self.initialized: print("Initialize first, in order to use the functions") - time.sleep(2) + time.sleep(3) os._exit(1) def changeUsername(self, username): @@ -525,10 +525,10 @@ def changeUsername(self, username): json = jsond.loads(response) if json["success"]: - print("successfully Changed Username") + print("Successfully changed username") else: print(json["message"]) - time.sleep(5) + time.sleep(3) os._exit(1) def __do_request(self, post_data): @@ -560,7 +560,7 @@ def __load_app_data(self, data): def __load_user_data(self, data): self.user_data.username = data["username"] self.user_data.ip = data["ip"] - self.user_data.hwid = data["hwid"] + self.user_data.hwid = data["hwid"] or "N/A" self.user_data.expires = data["subscriptions"][0]["expiry"] self.user_data.createdate = data["createdate"] self.user_data.lastlogin = data["lastlogin"] @@ -618,8 +618,9 @@ def encrypt(message, enc_key, iv): return encryption.encrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() except: - print("Invalid Application Information. Long text is secret short text is ownerid. Name is supposed to be app name not username") - time.sleep(5) + print("Encryption error. Make sure your app details are correct, see response below") + print("Response: " + message) + time.sleep(3) os._exit(1) @staticmethod @@ -631,6 +632,7 @@ def decrypt(message, enc_key, iv): return encryption.decrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() except: - print("Invalid Application Information. Long text is secret short text is ownerid. Name is supposed to be app name not username") - time.sleep(5) + print("Encryption error. Make sure your app details are correct, see response below") + print("Response: " + message) + time.sleep(3) os._exit(1) diff --git a/main.py b/main.py index 8415db7..c18561e 100644 --- a/main.py +++ b/main.py @@ -1,3 +1,12 @@ +''' +KeyAuth.cc Python Example + +Go to https://keyauth.cc/app/ and click the Python tab. Copy that code and replace the existing keyauthapp instance in this file. + +If you get an error saying it can't find module KeyAuth, try following this https://github.com/KeyAuth/KeyAuth-Python-Example#how-to-compile + +If that doesn't work for you, you can paste the contents of KeyAuth.py ABOVE this comment and then remove the "from keyauth import api" and that should work too. +''' from keyauth import api import sys @@ -13,18 +22,15 @@ # watch setup video if you need help https://www.youtube.com/watch?v=L2eAQOmuUiA -if sys.version_info.minor < 10: # Python version check (Bypass Patch) - print("[Security] - Python 3.10 or higher is recommended. The bypass will not work on 3.10+") - print("You are using Python {}.{}".format(sys.version_info.major, sys.version_info.minor)) - -if platform.system() == 'Windows': - os.system('cls & title Python Example') # clear console, change title -elif platform.system() == 'Linux': - os.system('clear') # clear console - sys.stdout.write("\x1b]0;Python Example\x07") # change title -elif platform.system() == 'Darwin': - os.system("clear && printf '\e[3J'") # clear console - os.system('''echo - n - e "\033]0;Python Example\007"''') # change title +def clear(): + if platform.system() == 'Windows': + os.system('cls & title Python Example') # clear console, change title + elif platform.system() == 'Linux': + os.system('clear') # clear console + sys.stdout.write("\x1b]0;Python Example\x07") # change title + elif platform.system() == 'Darwin': + os.system("clear && printf '\e[3J'") # clear console + os.system('''echo - n - e "\033]0;Python Example\007"''') # change title print("Initializing") @@ -56,7 +62,6 @@ def getchecksum(): print(f"Current Session Validation Status: {keyauthapp.check()}") print(f"Blacklisted? : {keyauthapp.checkblacklist()}") # check if blacklisted, you can edit this and make it exit the program if blacklisted - def answer(): try: print(""" @@ -83,9 +88,9 @@ def answer(): key = input('Enter your license: ') keyauthapp.license(key) else: - print("\nNot Valid Option") - time.sleep(1) - os.system('cls') + print("\nInvalid option") + sleep(1) + clear() answer() except KeyboardInterrupt: os._exit(1) From e9f728cbd01685150071141bf18c87ccc31ff047 Mon Sep 17 00:00:00 2001 From: William Nelson Date: Thu, 22 Jun 2023 10:35:26 -0400 Subject: [PATCH 12/37] Improve security and performance, bug fixes --- keyauth.py | 374 ++++++++++++++++++----------------------------- main.py | 84 +---------- requirements.txt | 1 - 3 files changed, 146 insertions(+), 313 deletions(-) diff --git a/keyauth.py b/keyauth.py index 76efe65..b07853c 100644 --- a/keyauth.py +++ b/keyauth.py @@ -5,41 +5,37 @@ from uuid import uuid4 # gen random guid import platform # check platform import subprocess # needed for mac device +import hmac # signature checksum +import hashlib # signature checksum try: if os.name == 'nt': import win32security # get sid (WIN only) import requests # https requests - from Crypto.Cipher import AES - from Crypto.Hash import SHA256 - from Crypto.Util.Padding import pad, unpad except ModuleNotFoundError: print("Exception when importing modules") print("Installing necessary modules....") if os.path.isfile("requirements.txt"): os.system("pip install -r requirements.txt") else: - os.system("pip install pywin32") - os.system("pip install pycryptodome") + if os.name == 'nt': + os.system("pip install pywin32") os.system("pip install requests") print("Modules installed!") time.sleep(1.5) os._exit(1) -try: # Connection check - s = requests.Session() # Session - s.get('https://google.com') -except requests.exceptions.RequestException as e: - print(e) - time.sleep(3) - os._exit(1) - class api: name = ownerid = secret = version = hash_to_check = "" def __init__(self, name, ownerid, secret, version, hash_to_check): + if len(ownerid) != 10 and len(secret) != 64: + print("Go to Manage Applications on dashboard, copy python code, and replace code in main.py with that") + time.sleep(3) + os._exit(1) + self.name = name self.ownerid = ownerid @@ -54,23 +50,22 @@ def __init__(self, name, ownerid, secret, version, hash_to_check): initialized = False def init(self): - if self.sessionid != "": print("You've already initialized!") time.sleep(3) os._exit(1) - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() - - self.enckey = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + sent_key = str(uuid4())[:16] + + self.enckey = sent_key + "-" + self.secret + post_data = { - "type": binascii.hexlify("init".encode()), - "ver": encryption.encrypt(self.version, self.secret, init_iv), + "type": "init", + "ver": self.version, "hash": self.hash_to_check, - "enckey": encryption.encrypt(self.enckey, self.secret, init_iv), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "enckey": sent_key, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) @@ -80,7 +75,6 @@ def init(self): time.sleep(3) os._exit(1) - response = encryption.decrypt(response, self.secret, init_iv) json = jsond.loads(response) if json["message"] == "invalidver": @@ -109,26 +103,23 @@ def register(self, user, password, license, hwid=None): if hwid is None: hwid = others.get_hwid() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() - post_data = { - "type": binascii.hexlify("register".encode()), - "username": encryption.encrypt(user, self.enckey, init_iv), - "pass": encryption.encrypt(password, self.enckey, init_iv), - "key": encryption.encrypt(license, self.enckey, init_iv), - "hwid": encryption.encrypt(hwid, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "register", + "username": user, + "pass": password, + "key": license, + "hwid": hwid, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) if json["success"]: - print("successfully registered") + print("Successfully registered") self.__load_user_data(json["info"]) else: print(json["message"]) @@ -137,22 +128,18 @@ def register(self, user, password, license, hwid=None): def upgrade(self, user, license): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("upgrade".encode()), - "username": encryption.encrypt(user, self.enckey, init_iv), - "key": encryption.encrypt(license, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "upgrade", + "username": user, + "key": license, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) - json = jsond.loads(response) if json["success"]: @@ -170,23 +157,18 @@ def login(self, user, password, hwid=None): if hwid is None: hwid = others.get_hwid() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() - post_data = { - "type": binascii.hexlify("login".encode()), - "username": encryption.encrypt(user, self.enckey, init_iv), - "pass": encryption.encrypt(password, self.enckey, init_iv), - "hwid": encryption.encrypt(hwid, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "login", + "username": user, + "pass": password, + "hwid": hwid, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) - json = jsond.loads(response) if json["success"]: @@ -202,20 +184,16 @@ def license(self, key, hwid=None): if hwid is None: hwid = others.get_hwid() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() - post_data = { - "type": binascii.hexlify("license".encode()), - "key": encryption.encrypt(key, self.enckey, init_iv), - "hwid": encryption.encrypt(hwid, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "license", + "key": key, + "hwid": hwid, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) @@ -229,21 +207,17 @@ def license(self, key, hwid=None): def var(self, name): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("var".encode()), - "varid": encryption.encrypt(name, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "var", + "varid": name, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) - json = jsond.loads(response) if json["success"]: @@ -255,18 +229,16 @@ def var(self, name): def getvar(self, var_name): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("getvar".encode()), - "var": encryption.encrypt(var_name, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "getvar", + "var": var_name, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) if json["success"]: @@ -279,18 +251,17 @@ def getvar(self, var_name): def setvar(self, var_name, var_data): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { - "type": binascii.hexlify("setvar".encode()), - "var": encryption.encrypt(var_name, self.enckey, init_iv), - "data": encryption.encrypt(var_data, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "setvar", + "var": var_name, + "data": var_data, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) if json["success"]: @@ -302,16 +273,15 @@ def setvar(self, var_name, var_data): def ban(self): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { - "type": binascii.hexlify("ban".encode()), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "ban", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) if json["success"]: @@ -323,21 +293,17 @@ def ban(self): def file(self, fileid): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("file".encode()), - "fileid": encryption.encrypt(fileid, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "file", + "fileid": fileid, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) - json = jsond.loads(response) if not json["success"]: @@ -348,23 +314,20 @@ def file(self, fileid): def webhook(self, webid, param, body = "", conttype = ""): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("webhook".encode()), - "webid": encryption.encrypt(webid, self.enckey, init_iv), - "params": encryption.encrypt(param, self.enckey, init_iv), - "body": encryption.encrypt(body, self.enckey, init_iv), - "conttype": encryption.encrypt(conttype, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "webhook", + "webid": webid, + "params": param, + "body": body, + "conttype": conttype, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) if json["success"]: @@ -376,17 +339,15 @@ def webhook(self, webid, param, body = "", conttype = ""): def check(self): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { - "type": binascii.hexlify("check".encode()), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "check", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) if json["success"]: return True @@ -396,18 +357,16 @@ def check(self): def checkblacklist(self): self.checkinit() hwid = others.get_hwid() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { - "type": binascii.hexlify("checkblacklist".encode()), - "hwid": encryption.encrypt(hwid, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "checkblacklist", + "hwid": hwid, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) if json["success"]: return True @@ -416,40 +375,35 @@ def checkblacklist(self): def log(self, message): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("log".encode()), - "pcuser": encryption.encrypt(os.getenv('username'), self.enckey, init_iv), - "message": encryption.encrypt(message, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "log", + "pcuser": os.getenv('username'), + "message": message, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } self.__do_request(post_data) def fetchOnline(self): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("fetchOnline".encode()), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "fetchOnline", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) if json["success"]: if len(json["users"]) == 0: - return None # THIS IS ISSUE ON KEYAUTH SERVER SIDE 6.8.2022, so it will return none if it is not an array. + return None else: return json["users"] else: @@ -457,19 +411,16 @@ def fetchOnline(self): def chatGet(self, channel): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("chatget".encode()), - "channel": encryption.encrypt(channel, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "chatget", + "channel": channel, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) @@ -480,20 +431,17 @@ def chatGet(self, channel): def chatSend(self, message, channel): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() post_data = { - "type": binascii.hexlify("chatsend".encode()), - "message": encryption.encrypt(message, self.enckey, init_iv), - "channel": encryption.encrypt(channel, self.enckey, init_iv), - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "type": "chatsend", + "message": message, + "channel": channel, + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) json = jsond.loads(response) @@ -510,18 +458,17 @@ def checkinit(self): def changeUsername(self, username): self.checkinit() - init_iv = SHA256.new(str(uuid4())[:8].encode()).hexdigest() + post_data = { - "type": binascii.hexlify("changeUsername".encode()), + "type": "changeUsername", "newUsername": username, - "sessionid": binascii.hexlify(self.sessionid.encode()), - "name": binascii.hexlify(self.name.encode()), - "ownerid": binascii.hexlify(self.ownerid.encode()), - "init_iv": init_iv + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid } response = self.__do_request(post_data) - response = encryption.decrypt(response, self.enckey, init_iv) + json = jsond.loads(response) if json["success"]: @@ -533,16 +480,28 @@ def changeUsername(self, username): def __do_request(self, post_data): try: - rq_out = s.post( - "https://keyauth.win/api/1.0/", data=post_data, timeout=30 + response = requests.post( + "https://keyauth.win/api/1.2/", data=post_data, timeout=10 ) - return rq_out.text + + key = self.secret if post_data["type"] == "init" else self.enckey + + client_computed = hmac.new(key.encode('utf-8'), response.text.encode('utf-8'), hashlib.sha256).hexdigest() + + signature = response.headers["signature"] + + if not hmac.compare_digest(client_computed, signature): + print("Signature checksum failed. Request was tampered with or session ended most likely.") + print("Response: " + response.text) + time.sleep(3) + os._exit(1) + + return response.text except requests.exceptions.Timeout: - print("Request timed out") + print("Request timed out. Server is probably down/slow at the moment") class application_data_class: numUsers = numKeys = app_ver = customer_panel = onlineUsers = "" - # region user_data class user_data_class: username = ip = hwid = expires = createdate = lastlogin = subscription = subscriptions = "" @@ -585,54 +544,3 @@ def get_hwid(): serial = output.decode().split('=', 1)[1].replace(' ', '') hwid = serial[1:-2] return hwid - - - -class encryption: - @staticmethod - def encrypt_string(plain_text, key, iv): - plain_text = pad(plain_text, 16) - - aes_instance = AES.new(key, AES.MODE_CBC, iv) - - raw_out = aes_instance.encrypt(plain_text) - - return binascii.hexlify(raw_out) - - @staticmethod - def decrypt_string(cipher_text, key, iv): - cipher_text = binascii.unhexlify(cipher_text) - - aes_instance = AES.new(key, AES.MODE_CBC, iv) - - cipher_text = aes_instance.decrypt(cipher_text) - - return unpad(cipher_text, 16) - - @staticmethod - def encrypt(message, enc_key, iv): - try: - _key = SHA256.new(enc_key.encode()).hexdigest()[:32] - - _iv = SHA256.new(iv.encode()).hexdigest()[:16] - - return encryption.encrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() - except: - print("Encryption error. Make sure your app details are correct, see response below") - print("Response: " + message) - time.sleep(3) - os._exit(1) - - @staticmethod - def decrypt(message, enc_key, iv): - try: - _key = SHA256.new(enc_key.encode()).hexdigest()[:32] - - _iv = SHA256.new(iv.encode()).hexdigest()[:16] - - return encryption.decrypt_string(message.encode(), _key.encode(), _iv.encode()).decode() - except: - print("Encryption error. Make sure your app details are correct, see response below") - print("Response: " + message) - time.sleep(3) - os._exit(1) diff --git a/main.py b/main.py index c18561e..811b1bc 100644 --- a/main.py +++ b/main.py @@ -6,6 +6,8 @@ If you get an error saying it can't find module KeyAuth, try following this https://github.com/KeyAuth/KeyAuth-Python-Example#how-to-compile If that doesn't work for you, you can paste the contents of KeyAuth.py ABOVE this comment and then remove the "from keyauth import api" and that should work too. + +READ HERE TO LEARN ABOUT KEYAUTH FUNCTIONS https://github.com/KeyAuth/KeyAuth-Python-Example#keyauthapp-instance-definition ''' from keyauth import api @@ -59,13 +61,10 @@ def getchecksum(): Application Version: {keyauthapp.app_data.app_ver} Customer panel link: {keyauthapp.app_data.customer_panel} """) -print(f"Current Session Validation Status: {keyauthapp.check()}") -print(f"Blacklisted? : {keyauthapp.checkblacklist()}") # check if blacklisted, you can edit this and make it exit the program if blacklisted def answer(): try: - print(""" -1.Login + print("""1.Login 2.Register 3.Upgrade 4.License Key Only @@ -98,65 +97,6 @@ def answer(): answer() -# region Extra Functions - -# * Download Files form the server to your computer using the download function in the api class -# bytes = keyauthapp.file("FILEID") -# f = open("example.exe", "wb") -# f.write(bytes) -# f.close() - - -# * Set up user variable -# keyauthapp.setvar("varName", "varValue") - -# * Get user variable and print it -# data = keyauthapp.getvar("varName") -# print(data) - -# * Get normal variable and print it -# data = keyauthapp.var("varName") -# print(data) - -# * Log message to the server and then to your webhook what is set on app settings -# keyauthapp.log("Message") - -# * Get if the user pc have been blacklisted -# print(f"Blacklisted? : {keyauthapp.checkblacklist()}") - -# * See if the current session is validated -# print(f"Session Validated?: {keyauthapp.check()}") - - -# * example to send normal request with no POST data -# data = keyauthapp.webhook("WebhookID", "?type=resetuser&user=username") - -# * example to send form data -# data = keyauthapp.webhook("WebhookID", "", "type=init&name=test&ownerid=j9Gj0FTemM", "application/x-www-form-urlencoded") - -# * example to send JSON -# data = keyauthapp.webhook("WebhookID", "", "{\"content\": \"webhook message here\",\"embeds\": null}", "application/json") - -# * Get chat messages -# messages = keyauthapp.chatGet("CHANNEL") - -# Messages = "" -# for i in range(len(messages)): -# Messages += datetime.utcfromtimestamp(int(messages[i]["timestamp"])).strftime('%Y-%m-%d %H:%M:%S') + " - " + messages[i]["author"] + ": " + messages[i]["message"] + "\n" - -# print("\n\n" + Messages) - -# * Send chat message -# keyauthapp.chatSend("MESSAGE", "CHANNEL") - -# * Add Application Information to Title -# os.system(f"cls & title KeyAuth Python Example - Total Users: {keyauthapp.app_data.numUsers} - Online Users: {keyauthapp.app_data.onlineUsers} - Total Keys: {keyauthapp.app_data.numKeys}") - -# * Auto-Login Example (THIS IS JUST AN EXAMPLE --> YOU WILL HAVE TO EDIT THE CODE PROBABLY) -# 1. Checking and Reading JSON - -#### Note: Remove the ''' on line 151 and 226 - '''try: if os.path.isfile('auth.json'): #Checking if the auth file exist if jsond.load(open("auth.json"))["authusername"] == "": #Checks if the authusername is empty or not @@ -234,14 +174,11 @@ def answer(): print(e) os._exit(1)''' -# endregion - print("\nUser data: ") print("Username: " + keyauthapp.user_data.username) print("IP address: " + keyauthapp.user_data.ip) print("Hardware-Id: " + keyauthapp.user_data.hwid) -# print("Subcription: " + keyauthapp.user_data.subscription) ## Print Subscription "ONE" name subs = keyauthapp.user_data.subscriptions # Get all Subscription names, expiry, and timeleft for i in range(len(subs)): @@ -252,20 +189,9 @@ def answer(): print(f"[{i + 1} / {len(subs)}] | Subscription: {sub} - Expiry: {expiry} - Timeleft: {timeleft}") -onlineUsers = keyauthapp.fetchOnline() -OU = "" # KEEP THIS EMPTY FOR NOW, THIS WILL BE USED TO CREATE ONLINE USER STRING. -if onlineUsers is None: - OU = "No online users" -else: - for i in range(len(onlineUsers)): - OU += onlineUsers[i]["credential"] + " " - -print("\n" + OU + "\n") - print("Created at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.createdate)).strftime('%Y-%m-%d %H:%M:%S')) print("Last login at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.lastlogin)).strftime('%Y-%m-%d %H:%M:%S')) print("Expires at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.expires)).strftime('%Y-%m-%d %H:%M:%S')) -print(f"Current Session Validation Status: {keyauthapp.check()}") -print("Exiting in 10 secs....") -sleep(10) +print("\nExiting in five seconds..") +sleep(5) os._exit(1) diff --git a/requirements.txt b/requirements.txt index 0b0eaf5..e2c27ec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ requests -pycryptodome pywin32 From ff42c0459572876c2e12d43778e7d31686affa5b Mon Sep 17 00:00:00 2001 From: William Nelson Date: Tue, 4 Jul 2023 10:48:53 -0400 Subject: [PATCH 13/37] Add fetchStats() function, fix session not found --- README.md | 1 + keyauth.py | 21 ++++++++++++++++++++- main.py | 15 +++------------ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 6dadfab..aeffad4 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ You don't need to add any code to initalize. KeyAuth will initalize when the ins ## **Display application information** ```py +keyauthapp.fetchStats() print(f""" App data: Number of users: {keyauthapp.app_data.numUsers} diff --git a/keyauth.py b/keyauth.py index b07853c..1e13667 100644 --- a/keyauth.py +++ b/keyauth.py @@ -96,7 +96,9 @@ def init(self): self.sessionid = json["sessionid"] self.initialized = True - self.__load_app_data(json["appinfo"]) + + if json["newSession"]: + time.sleep(0.1) def register(self, user, password, license, hwid=None): self.checkinit() @@ -408,7 +410,24 @@ def fetchOnline(self): return json["users"] else: return None + + def fetchStats(self): + self.checkinit() + post_data = { + "type": "fetchStats", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid + } + + response = self.__do_request(post_data) + + json = jsond.loads(response) + + if json["success"]: + self.__load_app_data(json["appinfo"]) + def chatGet(self, channel): self.checkinit() diff --git a/main.py b/main.py index 811b1bc..06e7fac 100644 --- a/main.py +++ b/main.py @@ -46,22 +46,13 @@ def getchecksum(): keyauthapp = api( - name = "", #App name (Manage Applications --> Application name) - ownerid = "", #Owner ID (Account-Settings --> OwnerID) - secret = "", #App secret(Manage Applications --> App credentials code) + name = "", + ownerid = "", + secret = "", version = "1.0", hash_to_check = getchecksum() ) -print(f""" -App data: -Number of users: {keyauthapp.app_data.numUsers} -Number of online users: {keyauthapp.app_data.onlineUsers} -Number of keys: {keyauthapp.app_data.numKeys} -Application Version: {keyauthapp.app_data.app_ver} -Customer panel link: {keyauthapp.app_data.customer_panel} -""") - def answer(): try: print("""1.Login From 968ad2aa10478eba0be967def2dda3e29416de48 Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Sun, 16 Jul 2023 22:56:34 -0700 Subject: [PATCH 14/37] Add logout() function --- keyauth.py | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/keyauth.py b/keyauth.py index 1e13667..fe97d25 100644 --- a/keyauth.py +++ b/keyauth.py @@ -495,7 +495,30 @@ def changeUsername(self, username): else: print(json["message"]) time.sleep(3) - os._exit(1) + os._exit(1) + + def logout(self): + self.checkinit() + + post_data = { + "type": "logout", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid + } + + response = self.__do_request(post_data) + + json = jsond.loads(response) + + if json["success"]: + print("Successfully logged out") + time.sleep(3) + os._exit(1) + else: + print(json["message"]) + time.sleep(3) + os._exit(1) def __do_request(self, post_data): try: From d86712f049e0ec813e36596dc9bd986b0a7df4b9 Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Tue, 18 Jul 2023 10:38:00 -0400 Subject: [PATCH 15/37] Remove Discord --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index aeffad4..a65ae0c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ KeyAuth Python example for the https://keyauth.cc authentication system. ## **Bugs** -If the default example not added to your software isn't functioning how it should, please join the Discord server https://discord.gg/keyauth and submit the issue in the `#bugs` channel. +If the default example not added to your software isn't functioning how it should, please report a bug here https://keyauth.cc/app/?page=forms However, we do **NOT** provide support for adding KeyAuth to your project. If you can't figure this out you should use Google or YouTube to learn more about the programming language you want to sell a program in. @@ -27,7 +27,7 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do ## **What is KeyAuth?** -KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://discord.gg/keyauth if you have questions or suggestions. +KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. ## **Customer connection issues?** From abe2c105eecfc762099179f7aa52013045a2adeb Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Wed, 19 Jul 2023 22:43:40 -0400 Subject: [PATCH 16/37] Update Java link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a65ae0c..0f7b9a3 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do ## **What is KeyAuth?** -KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/SprayDown/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. +KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/KeyAuth-Archive/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. ## **Customer connection issues?** From bc33e4ded2c775c69b10feb1a2088a3db2fa1a25 Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Fri, 28 Jul 2023 05:10:21 -0700 Subject: [PATCH 17/37] Fix log() function from erroring with signature check --- keyauth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/keyauth.py b/keyauth.py index fe97d25..6a292db 100644 --- a/keyauth.py +++ b/keyauth.py @@ -527,6 +527,7 @@ def __do_request(self, post_data): ) key = self.secret if post_data["type"] == "init" else self.enckey + if post_data["type"] == "log": return response.text client_computed = hmac.new(key.encode('utf-8'), response.text.encode('utf-8'), hashlib.sha256).hexdigest() From eca4723e76faca86de12e7117f3379326d63142f Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Wed, 2 Aug 2023 09:08:14 -0700 Subject: [PATCH 18/37] Update README to add logout func --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 0f7b9a3..5f9e24d 100644 --- a/README.md +++ b/README.md @@ -226,6 +226,15 @@ Function only works after login. keyauthapp.ban() ``` +## **Logout session** + +Logout the users session and close the application. + +This only works if the user is authenticated (logged in) +```py +keyauthapp.logout() +``` + ## **Server-sided webhooks** Tutorial video https://www.youtube.com/watch?v=ENRaNPPYJbc From 3948cfd541f52c76053195243c6034a78efb4726 Mon Sep 17 00:00:00 2001 From: api <110469682+apilol@users.noreply.github.com> Date: Wed, 16 Aug 2023 14:58:22 -0700 Subject: [PATCH 19/37] Update to support in-app custom responses & show how to support wmic as a get_hwid option --- keyauth.py | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/keyauth.py b/keyauth.py index 6a292db..2434bcb 100644 --- a/keyauth.py +++ b/keyauth.py @@ -121,7 +121,7 @@ def register(self, user, password, license, hwid=None): json = jsond.loads(response) if json["success"]: - print("Successfully registered") + print(json["message"]) self.__load_user_data(json["info"]) else: print(json["message"]) @@ -145,7 +145,7 @@ def upgrade(self, user, license): json = jsond.loads(response) if json["success"]: - print("Successfully upgraded user") + print(json["message"]) print("Please restart program and login") time.sleep(3) os._exit(1) @@ -175,7 +175,7 @@ def login(self, user, password, hwid=None): if json["success"]: self.__load_user_data(json["info"]) - print("Successfully logged in") + print(json["message"]) else: print(json["message"]) time.sleep(3) @@ -201,7 +201,7 @@ def license(self, key, hwid=None): if json["success"]: self.__load_user_data(json["info"]) - print("Successfully logged in with license") + print(json["message"]) else: print(json["message"]) time.sleep(3) @@ -582,6 +582,21 @@ def get_hwid(): sid = win32security.LookupAccountName(None, winuser)[0] # You can also use WMIC (better than SID, some users had problems with WMIC) hwid = win32security.ConvertSidToStringSid(sid) return hwid + ''' + cmd = subprocess.Popen( + "wmic useraccount where name='%username%' get sid", + stdout=subprocess.PIPE, + shell=True, + ) + + (suppost_sid, error) = cmd.communicate() + + suppost_sid = suppost_sid.split(b"\n")[1].strip() + + return suppost_sid.decode() + + ^^ HOW TO DO IT USING WMIC + ''' elif platform.system() == 'Darwin': output = subprocess.Popen("ioreg -l | grep IOPlatformSerialNumber", stdout=subprocess.PIPE, shell=True).communicate()[0] serial = output.decode().split('=', 1)[1].replace(' ', '') From f600402834817afa6759ea24a921c6d6b0a7aad3 Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Mon, 21 Aug 2023 13:53:15 -0400 Subject: [PATCH 20/37] Link to VaultCord.com Looking for a Discord bot made by the KeyAuth & RestoreCord founder that you can use to backup your Discord members, server settings, and messages? Go to https://vaultcord.com --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5f9e24d..8c37d06 100644 --- a/README.md +++ b/README.md @@ -301,3 +301,5 @@ Example on how to send chat message. * Send chat message keyauthapp.chatSend("MESSAGE", "CHANNEL") ``` + +Looking for a Discord bot made by the KeyAuth & RestoreCord founder that you can use to backup your Discord members, server settings, and messages? Go to https://vaultcord.com From 3f43a4a539b47e906f584e60576aab8c2a54cf25 Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Wed, 15 Nov 2023 18:45:05 -0500 Subject: [PATCH 21/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c37d06..9492941 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# KeyAuth-Python-Example +# KeyAuth-Python-Example : Please star 🌟 KeyAuth Python example for the https://keyauth.cc authentication system. ## **Bugs** From 1c7aea60a3f758bb341adfb43f911ef43de6334f Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Thu, 7 Dec 2023 14:18:10 -0500 Subject: [PATCH 22/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9492941..ce6a0f9 100644 --- a/README.md +++ b/README.md @@ -240,7 +240,7 @@ keyauthapp.logout() Tutorial video https://www.youtube.com/watch?v=ENRaNPPYJbc > **Note** -> Read documentation for KeyAuth webhooks here https://docs.keyauth.cc/website/dashboard/webhooks +> Read documentation for KeyAuth webhooks here https://docs.keyauth.cc/website/dashboard/webhooks](https://docs.keyauth.cc/website/dashboard/webhooks](https://keyauth.readme.io/reference/webhooks-1 Send HTTP requests to URLs securely without leaking the URL in your application. You should definitely use if you want to send requests to SellerAPI from your application, otherwise if you don't use you'll be leaking your seller key to everyone. And then someone can mess up your application. From 4c45951d98fcd37693b179c7e88f6bc243c8f0d3 Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Thu, 7 Dec 2023 14:21:54 -0500 Subject: [PATCH 23/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce6a0f9..9c8ce81 100644 --- a/README.md +++ b/README.md @@ -240,7 +240,7 @@ keyauthapp.logout() Tutorial video https://www.youtube.com/watch?v=ENRaNPPYJbc > **Note** -> Read documentation for KeyAuth webhooks here https://docs.keyauth.cc/website/dashboard/webhooks](https://docs.keyauth.cc/website/dashboard/webhooks](https://keyauth.readme.io/reference/webhooks-1 +> Read documentation for KeyAuth webhooks here https://keyauth.readme.io/reference/webhooks-1 Send HTTP requests to URLs securely without leaking the URL in your application. You should definitely use if you want to send requests to SellerAPI from your application, otherwise if you don't use you'll be leaking your seller key to everyone. And then someone can mess up your application. From a98c943f3a50b7d9595c15846f765b54c53d8cf9 Mon Sep 17 00:00:00 2001 From: Shxde <112267394+Shxde1@users.noreply.github.com> Date: Sun, 25 Feb 2024 15:08:21 -0500 Subject: [PATCH 24/37] Debug logs update --- keyauth.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/keyauth.py b/keyauth.py index 2434bcb..3987731 100644 --- a/keyauth.py +++ b/keyauth.py @@ -532,6 +532,20 @@ def __do_request(self, post_data): client_computed = hmac.new(key.encode('utf-8'), response.text.encode('utf-8'), hashlib.sha256).hexdigest() signature = response.headers["signature"] + + if not os.path.exists("C:\\ProgramData\\KeyAuth"): + os.makedirs("C:\\ProgramData\\KeyAuth") + os.makedirs("C:\\ProgramData\\KeyAuth\\Debug") + + exe_name = os.path.basename(__file__) + if not os.path.exists(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}"): + os.makedirs(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}") + + with open(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}\\log.txt", "a") as log_file: + if len(response.text) <= 200: + tampered = not hmac.compare_digest(client_computed, signature) + execution_time = time.strftime("%I:%M %p | %m/%d/%Y") + log_file.write(f"\n{execution_time} | {post_data['type']} \nResponse: {response.text}\n Was response tampered with? {tampered}\n") if not hmac.compare_digest(client_computed, signature): print("Signature checksum failed. Request was tampered with or session ended most likely.") @@ -602,3 +616,4 @@ def get_hwid(): serial = output.decode().split('=', 1)[1].replace(' ', '') hwid = serial[1:-2] return hwid + From 36499e3a571e83f4e7f03a186df803d44a0c8edd Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Thu, 15 Aug 2024 17:05:47 -0400 Subject: [PATCH 25/37] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9c8ce81..b70c708 100644 --- a/README.md +++ b/README.md @@ -57,10 +57,10 @@ It'll provide you with the code which you should replace with in the `main.py` f ```PY keyauthapp = api( - name = "example", #App name (Manage Applications --> Application name) - ownerid = "JjPMBVlIOd", #Owner ID (Account-Settings --> OwnerID) - secret = "db40d586f4b189e04e5c18c3c94b7e72221be3f6551995adc05236948d1762bc", #App secret(Manage Applications --> App credentials code) - version = "1.0", + name = "", #App name (Manage Applications --> Application name) + ownerid = "", #Owner ID (Account-Settings --> OwnerID) + secret = "", #App secret(Manage Applications --> App credentials code) + version = "", hash_to_check = getchecksum() ) ``` From de203125baafca3052a49560452753ab4295a678 Mon Sep 17 00:00:00 2001 From: William Nelson Date: Sat, 12 Oct 2024 01:04:22 -0400 Subject: [PATCH 26/37] Security update --- keyauth.py | 48 ++++++++++++++++++++++-------------------------- main.py | 7 +++---- requirements.txt | 1 + 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/keyauth.py b/keyauth.py index 3987731..045bcf1 100644 --- a/keyauth.py +++ b/keyauth.py @@ -2,11 +2,10 @@ import json as jsond # json import time # sleep before exit import binascii # hex encoding -from uuid import uuid4 # gen random guid import platform # check platform import subprocess # needed for mac device -import hmac # signature checksum -import hashlib # signature checksum +from datetime import datetime +from discord_interactions import verify_key # used for signature verification try: if os.name == 'nt': @@ -28,11 +27,11 @@ class api: - name = ownerid = secret = version = hash_to_check = "" + name = ownerid = version = hash_to_check = "" - def __init__(self, name, ownerid, secret, version, hash_to_check): - if len(ownerid) != 10 and len(secret) != 64: - print("Go to Manage Applications on dashboard, copy python code, and replace code in main.py with that") + def __init__(self, name, ownerid, version, hash_to_check): + if len(ownerid) != 10: + print("Visit https://keyauth.cc/app/, copy Pthon code, and replace code in main.py with that") time.sleep(3) os._exit(1) @@ -40,8 +39,6 @@ def __init__(self, name, ownerid, secret, version, hash_to_check): self.ownerid = ownerid - self.secret = secret - self.version = version self.hash_to_check = hash_to_check self.init() @@ -54,16 +51,11 @@ def init(self): print("You've already initialized!") time.sleep(3) os._exit(1) - - sent_key = str(uuid4())[:16] - - self.enckey = sent_key + "-" + self.secret post_data = { "type": "init", "ver": self.version, "hash": self.hash_to_check, - "enckey": sent_key, "name": self.name, "ownerid": self.ownerid } @@ -96,9 +88,6 @@ def init(self): self.sessionid = json["sessionid"] self.initialized = True - - if json["newSession"]: - time.sleep(0.1) def register(self, user, password, license, hwid=None): self.checkinit() @@ -523,15 +512,23 @@ def logout(self): def __do_request(self, post_data): try: response = requests.post( - "https://keyauth.win/api/1.2/", data=post_data, timeout=10 + "https://keyauth.win/api/1.3/", data=post_data, timeout=10 ) - key = self.secret if post_data["type"] == "init" else self.enckey - if post_data["type"] == "log": return response.text - - client_computed = hmac.new(key.encode('utf-8'), response.text.encode('utf-8'), hashlib.sha256).hexdigest() + if post_data["type"] == "log" or post_data["type"] == "file": return response.text - signature = response.headers["signature"] + signature = response.headers["x-signature-ed25519"] + timestamp = response.headers["x-signature-timestamp"] + + unix_timestamp = int(timestamp) + # Get the current time + current_time = datetime.now().timestamp() + + # Check if the timestamp is older than 15 seconds + if current_time - unix_timestamp > 15: + print("Timestamp OLD") + time.sleep(3) + os._exit(1) if not os.path.exists("C:\\ProgramData\\KeyAuth"): os.makedirs("C:\\ProgramData\\KeyAuth") @@ -543,11 +540,10 @@ def __do_request(self, post_data): with open(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}\\log.txt", "a") as log_file: if len(response.text) <= 200: - tampered = not hmac.compare_digest(client_computed, signature) execution_time = time.strftime("%I:%M %p | %m/%d/%Y") - log_file.write(f"\n{execution_time} | {post_data['type']} \nResponse: {response.text}\n Was response tampered with? {tampered}\n") + log_file.write(f"\n{execution_time} | {post_data['type']} \nResponse: {response.text}") - if not hmac.compare_digest(client_computed, signature): + if not verify_key(response.text.encode('utf-8'), signature, timestamp, '5586b4bc69c7a4b487e4563a4cd96afd39140f919bd31cea7d1c6a1e8439422b'): print("Signature checksum failed. Request was tampered with or session ended most likely.") print("Response: " + response.text) time.sleep(3) diff --git a/main.py b/main.py index 06e7fac..8aaded8 100644 --- a/main.py +++ b/main.py @@ -46,10 +46,9 @@ def getchecksum(): keyauthapp = api( - name = "", - ownerid = "", - secret = "", - version = "1.0", + name = "", # Application Name + ownerid = "", # Owner ID + version = "1.0", # Application Version hash_to_check = getchecksum() ) diff --git a/requirements.txt b/requirements.txt index e2c27ec..1778876 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ requests pywin32 +discord-interactions From c975c47c3aba0042da657cd49353e05be24963db Mon Sep 17 00:00:00 2001 From: William Nelson Date: Sat, 12 Oct 2024 16:32:57 -0400 Subject: [PATCH 27/37] Security Update - by VaultCord.com --- keyauth.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/keyauth.py b/keyauth.py index 045bcf1..78e872d 100644 --- a/keyauth.py +++ b/keyauth.py @@ -524,8 +524,8 @@ def __do_request(self, post_data): # Get the current time current_time = datetime.now().timestamp() - # Check if the timestamp is older than 15 seconds - if current_time - unix_timestamp > 15: + # Check if the timestamp is older than 20 seconds + if current_time - unix_timestamp > 20: print("Timestamp OLD") time.sleep(3) os._exit(1) From f738bfd59aeb60aa7be1ffe9e8b53cf362d61868 Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Thu, 17 Oct 2024 12:30:51 -0400 Subject: [PATCH 28/37] Update README.md --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b70c708..721a437 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # KeyAuth-Python-Example : Please star 🌟 -KeyAuth Python example for the https://keyauth.cc authentication system. + +KeyAuth Python example SDK for https://keyauth.cc license key API auth. ## **Bugs** -If the default example not added to your software isn't functioning how it should, please report a bug here https://keyauth.cc/app/?page=forms +If you are using our example with no significant changes, and you are having problems, please Report Bug here https://keyauth.cc/app/?page=forms However, we do **NOT** provide support for adding KeyAuth to your project. If you can't figure this out you should use Google or YouTube to learn more about the programming language you want to sell a program in. @@ -29,6 +30,9 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/KeyAuth-Archive/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. +> [!TIP] +> https://vaultcord.com FREE Discord bot to Backup server, members, channels, messages & more. Custom verify page, block alt accounts, VPNs & more. + ## **Customer connection issues?** This is common amongst all authentication systems. Program obfuscation causes false positives in virus scanners, and with the scale of KeyAuth this is perceived as a malicious domain. So, `keyauth.com` and `keyauth.win` have been blocked by many internet providers. for dashbord, reseller panel, customer panel, use `keyauth.cc` @@ -122,7 +126,7 @@ keyauthapp.register(user, password, license) Used so the user can add extra time to their account by claiming new key. -> **Warning** +> [!Warning] > No password is needed to upgrade account. So, unlike login, register, and license functions - you should **not** log user in after successful upgrade. ```py From 79031786c1ed29277bcbd2ce1944cd787a4bfffb Mon Sep 17 00:00:00 2001 From: William Nelson <83034852+wnelson03@users.noreply.github.com> Date: Thu, 17 Oct 2024 13:00:52 -0400 Subject: [PATCH 29/37] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 721a437..8a3cc9f 100644 --- a/README.md +++ b/README.md @@ -243,7 +243,7 @@ keyauthapp.logout() Tutorial video https://www.youtube.com/watch?v=ENRaNPPYJbc -> **Note** +> [!NOTE] > Read documentation for KeyAuth webhooks here https://keyauth.readme.io/reference/webhooks-1 Send HTTP requests to URLs securely without leaking the URL in your application. You should definitely use if you want to send requests to SellerAPI from your application, otherwise if you don't use you'll be leaking your seller key to everyone. And then someone can mess up your application. @@ -267,7 +267,7 @@ data = keyauthapp.webhook("7kR0UedlVI", "", "{\"content\": \"webhook message her ## **Download file** -> **Note** +> [!NOTE] > Read documentation for KeyAuth files here https://docs.keyauth.cc/website/dashboard/files Keep files secure by providing KeyAuth your file download link on the KeyAuth dashboard. Make sure this is a direct download link (as soon as you go to the link, it starts downloading without you clicking anything). The KeyAuth download function provides the bytes, and then you get to decide what to do with those. This example shows how to write it to a file named `text.txt` in the same folder as the program, though you could execute with RunPE or whatever you want. From 11cc4cf10ef4e6614180328951c174f93e709904 Mon Sep 17 00:00:00 2001 From: William Nelson Date: Tue, 22 Oct 2024 16:27:04 -0400 Subject: [PATCH 30/37] Fix timestamp check --- keyauth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyauth.py b/keyauth.py index 78e872d..b11b4cd 100644 --- a/keyauth.py +++ b/keyauth.py @@ -522,7 +522,7 @@ def __do_request(self, post_data): unix_timestamp = int(timestamp) # Get the current time - current_time = datetime.now().timestamp() + current_time = int(datetime.utcnow().timestamp()) # Check if the timestamp is older than 20 seconds if current_time - unix_timestamp > 20: From 1b89725436ddef4dd986662739f8c24388f5b8d9 Mon Sep 17 00:00:00 2001 From: It's Networking Date: Fri, 15 Nov 2024 15:05:11 -0500 Subject: [PATCH 31/37] Fix for TIMESTAMP OLD error some users would receive --- keyauth.py | 57 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/keyauth.py b/keyauth.py index b11b4cd..0b66678 100644 --- a/keyauth.py +++ b/keyauth.py @@ -4,7 +4,7 @@ import binascii # hex encoding import platform # check platform import subprocess # needed for mac device -from datetime import datetime +from datetime import datetime, timedelta from discord_interactions import verify_key # used for signature verification try: @@ -512,44 +512,54 @@ def logout(self): def __do_request(self, post_data): try: response = requests.post( - "https://keyauth.win/api/1.3/", data=post_data, timeout=10 + "https://keyauth.win/api/1.3/", data=post_data, timeout=10 ) - - if post_data["type"] == "log" or post_data["type"] == "file": return response.text - - signature = response.headers["x-signature-ed25519"] - timestamp = response.headers["x-signature-timestamp"] - - unix_timestamp = int(timestamp) - # Get the current time - current_time = int(datetime.utcnow().timestamp()) - - # Check if the timestamp is older than 20 seconds - if current_time - unix_timestamp > 20: - print("Timestamp OLD") + + if post_data["type"] == "log" or post_data["type"] == "file": + return response.text + + # Get the signature and timestamp from the headers + signature = response.headers.get("x-signature-ed25519") + timestamp = response.headers.get("x-signature-timestamp") + + if not signature or not timestamp: + print("Missing headers for signature verification.") + time.sleep(3) + os._exit(1) + + server_time = datetime.utcfromtimestamp(int(timestamp)) + current_time = datetime.utcnow() + + buffer_seconds = 5 + time_difference = current_time - server_time + + if time_difference > timedelta(seconds=20 + buffer_seconds): + print("Timestamp is too old (exceeded 20 seconds + buffer).") time.sleep(3) os._exit(1) + # Proceed with creating debug folders and logging if not os.path.exists("C:\\ProgramData\\KeyAuth"): - os.makedirs("C:\\ProgramData\\KeyAuth") os.makedirs("C:\\ProgramData\\KeyAuth\\Debug") exe_name = os.path.basename(__file__) - if not os.path.exists(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}"): - os.makedirs(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}") + log_dir = f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}" + if not os.path.exists(log_dir): + os.makedirs(log_dir) - with open(f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}\\log.txt", "a") as log_file: + with open(f"{log_dir}\\log.txt", "a") as log_file: if len(response.text) <= 200: execution_time = time.strftime("%I:%M %p | %m/%d/%Y") log_file.write(f"\n{execution_time} | {post_data['type']} \nResponse: {response.text}") - + if not verify_key(response.text.encode('utf-8'), signature, timestamp, '5586b4bc69c7a4b487e4563a4cd96afd39140f919bd31cea7d1c6a1e8439422b'): print("Signature checksum failed. Request was tampered with or session ended most likely.") print("Response: " + response.text) time.sleep(3) - os._exit(1) - + os._exit(1) + return response.text + except requests.exceptions.Timeout: print("Request timed out. Server is probably down/slow at the moment") @@ -611,5 +621,4 @@ def get_hwid(): output = subprocess.Popen("ioreg -l | grep IOPlatformSerialNumber", stdout=subprocess.PIPE, shell=True).communicate()[0] serial = output.decode().split('=', 1)[1].replace(' ', '') hwid = serial[1:-2] - return hwid - + return hwid \ No newline at end of file From 40a896a6beb4da2f8c7c655d7faef71064a8be12 Mon Sep 17 00:00:00 2001 From: CodeGraph <87975966+Coolbossco@users.noreply.github.com> Date: Mon, 18 Nov 2024 10:18:05 -0500 Subject: [PATCH 32/37] Fixed .utcfromtimestamp() deprecation error --- main.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/main.py b/main.py index 8aaded8..02d918c 100644 --- a/main.py +++ b/main.py @@ -17,7 +17,7 @@ import os import hashlib from time import sleep -from datetime import datetime +from datetime import datetime, UTC # import json as jsond # ^^ only for auto login/json writing/reading @@ -173,15 +173,15 @@ def answer(): subs = keyauthapp.user_data.subscriptions # Get all Subscription names, expiry, and timeleft for i in range(len(subs)): sub = subs[i]["subscription"] # Subscription from every Sub - expiry = datetime.utcfromtimestamp(int(subs[i]["expiry"])).strftime( + expiry = datetime.fromtimestamp(int(subs[i]["expiry"]), UTC).strftime( '%Y-%m-%d %H:%M:%S') # Expiry date from every Sub timeleft = subs[i]["timeleft"] # Timeleft from every Sub print(f"[{i + 1} / {len(subs)}] | Subscription: {sub} - Expiry: {expiry} - Timeleft: {timeleft}") -print("Created at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.createdate)).strftime('%Y-%m-%d %H:%M:%S')) -print("Last login at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.lastlogin)).strftime('%Y-%m-%d %H:%M:%S')) -print("Expires at: " + datetime.utcfromtimestamp(int(keyauthapp.user_data.expires)).strftime('%Y-%m-%d %H:%M:%S')) +print("Created at: " + datetime.fromtimestamp(int(keyauthapp.user_data.createdate), UTC).strftime('%Y-%m-%d %H:%M:%S')) +print("Last login at: " + datetime.fromtimestamp(int(keyauthapp.user_data.lastlogin), UTC).strftime('%Y-%m-%d %H:%M:%S')) +print("Expires at: " + datetime.fromtimestamp(int(keyauthapp.user_data.expires), UTC).strftime('%Y-%m-%d %H:%M:%S')) print("\nExiting in five seconds..") sleep(5) os._exit(1) From ec1d376907baf4692ce9c7c78a70aebeb76a56b2 Mon Sep 17 00:00:00 2001 From: CodeGraph <87975966+Coolbossco@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:05:08 -0500 Subject: [PATCH 33/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8a3cc9f..68dce63 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ For API, `keyauth.cc` will not work because I purposefully blocked it on there s You can either use Pyinstaller or Nuitka. Links: -- Nutika: https://nuitka.net/ +- Nuitka: https://nuitka.net/ - Pyinstaller: https://pyinstaller.org/ Pyinstaller: From a39741cc811bf0a1a1b14c547c4a9a14be0c9013 Mon Sep 17 00:00:00 2001 From: It's Networking Date: Thu, 19 Dec 2024 11:08:23 -0500 Subject: [PATCH 34/37] Two Factor Authentication Added --- keyauth.py | 123 ++++++++++++++++++++++++++++++++++++++++++----------- main.py | 44 +++++++++++++++---- 2 files changed, 132 insertions(+), 35 deletions(-) diff --git a/keyauth.py b/keyauth.py index 0b66678..4eb9558 100644 --- a/keyauth.py +++ b/keyauth.py @@ -4,8 +4,11 @@ import binascii # hex encoding import platform # check platform import subprocess # needed for mac device -from datetime import datetime, timedelta +import qrcode +from datetime import datetime, timezone, timedelta from discord_interactions import verify_key # used for signature verification +from PIL import Image + try: if os.name == 'nt': @@ -143,7 +146,7 @@ def upgrade(self, user, license): time.sleep(3) os._exit(1) - def login(self, user, password, hwid=None): + def login(self, user, password, code=None, hwid=None): self.checkinit() if hwid is None: hwid = others.get_hwid() @@ -155,8 +158,11 @@ def login(self, user, password, hwid=None): "hwid": hwid, "sessionid": self.sessionid, "name": self.name, - "ownerid": self.ownerid + "ownerid": self.ownerid, } + + if code is not None: + post_data["code"] = code response = self.__do_request(post_data) @@ -170,7 +176,7 @@ def login(self, user, password, hwid=None): time.sleep(3) os._exit(1) - def license(self, key, hwid=None): + def license(self, key, code=None, hwid=None): self.checkinit() if hwid is None: hwid = others.get_hwid() @@ -183,6 +189,9 @@ def license(self, key, hwid=None): "name": self.name, "ownerid": self.ownerid } + + if code is not None: + post_data["code"] = code response = self.__do_request(post_data) @@ -507,15 +516,87 @@ def logout(self): else: print(json["message"]) time.sleep(3) - os._exit(1) + os._exit(1) + + def enable2fa(self, code=None): + self.checkinit() + + post_data = { + "type": "2faenable", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid, + "code": code + } + + response = self.__do_request(post_data) + + json = jsond.loads(response) + + if json["success"]: + if code is None: + # First request: Display the 2FA secret code + print(f"Your 2FA secret code is: {json['2fa']['secret_code']}") + qr_code = json['2fa']['QRCode'] + self.display_qr_code(qr_code) + code_input = input("Enter the 6 digit 2fa code to enable 2fa: ") + self.enable2fa(code_input); + else: + # Second request: Confirm successful 2FA activation + print("2FA has been successfully enabled!") + time.sleep(3) + else: + print(f"Error: {json['message']}") + time.sleep(3) + os._exit(1) + + def disable2fa(self, code=None): + self.checkinit() + + code = input("Enter the 6 digit 2fa code to disable 2fa: ") + + post_data = { + "type": "2fadisable", + "sessionid": self.sessionid, + "name": self.name, + "ownerid": self.ownerid, + "code": code + } + + response = self.__do_request(post_data) + + json = jsond.loads(response) + + print(json['message']) + time.sleep(3) + + + def display_qr_code(self, qr_code_url): + # Generate QR code image + qr = qrcode.QRCode( + version=1, + error_correction=qrcode.constants.ERROR_CORRECT_L, + box_size=10, + border=4, + ) + + # Add the QR code URL data + qr.add_data(qr_code_url) + qr.make(fit=True) + + # Create an image from the QR code + img = qr.make_image(fill='black', back_color='white') + + # Display the QR code image + img.show() def __do_request(self, post_data): try: response = requests.post( - "https://keyauth.win/api/1.3/", data=post_data, timeout=10 + "https://keyauth.win/api/1.3/", data=post_data, timeout=10 ) - if post_data["type"] == "log" or post_data["type"] == "file": + if post_data["type"] == "log" or post_data["type"] == "file" or post_data["type"] == "2faenable" or post_data["type"] == "2fadisable": return response.text # Get the signature and timestamp from the headers @@ -527,8 +608,12 @@ def __do_request(self, post_data): time.sleep(3) os._exit(1) - server_time = datetime.utcfromtimestamp(int(timestamp)) - current_time = datetime.utcnow() + server_time = datetime.fromtimestamp(int(timestamp), timezone.utc) + current_time = datetime.now(timezone.utc) + + #print(f"Server Timestamp (UTC seconds): {timestamp}") + #print(f"Server Time (UTC seconds): {server_time.timestamp()}") + #print(f"Current Time (UTC seconds): {current_time.timestamp()}") buffer_seconds = 5 time_difference = current_time - server_time @@ -538,31 +623,17 @@ def __do_request(self, post_data): time.sleep(3) os._exit(1) - # Proceed with creating debug folders and logging - if not os.path.exists("C:\\ProgramData\\KeyAuth"): - os.makedirs("C:\\ProgramData\\KeyAuth\\Debug") - - exe_name = os.path.basename(__file__) - log_dir = f"C:\\ProgramData\\KeyAuth\\Debug\\{exe_name}" - if not os.path.exists(log_dir): - os.makedirs(log_dir) - - with open(f"{log_dir}\\log.txt", "a") as log_file: - if len(response.text) <= 200: - execution_time = time.strftime("%I:%M %p | %m/%d/%Y") - log_file.write(f"\n{execution_time} | {post_data['type']} \nResponse: {response.text}") - if not verify_key(response.text.encode('utf-8'), signature, timestamp, '5586b4bc69c7a4b487e4563a4cd96afd39140f919bd31cea7d1c6a1e8439422b'): print("Signature checksum failed. Request was tampered with or session ended most likely.") - print("Response: " + response.text) time.sleep(3) os._exit(1) return response.text - except requests.exceptions.Timeout: + except requests.exceptions.Timeout: print("Request timed out. Server is probably down/slow at the moment") - + + class application_data_class: numUsers = numKeys = app_ver = customer_panel = onlineUsers = "" diff --git a/main.py b/main.py index 02d918c..6fc86d7 100644 --- a/main.py +++ b/main.py @@ -28,11 +28,12 @@ def clear(): if platform.system() == 'Windows': os.system('cls & title Python Example') # clear console, change title elif platform.system() == 'Linux': - os.system('clear') # clear console - sys.stdout.write("\x1b]0;Python Example\x07") # change title + os.system('clear') # Clear the terminal + sys.stdout.write("\033]0;Python Example\007") # Set terminal title + sys.stdout.flush() elif platform.system() == 'Darwin': - os.system("clear && printf '\e[3J'") # clear console - os.system('''echo - n - e "\033]0;Python Example\007"''') # change title + os.system("clear && printf '\033[3J'") # Clear terminal and scrollback + os.system('echo -n -e "\033]0;Python Example\007"') # Set terminal title print("Initializing") @@ -46,9 +47,9 @@ def getchecksum(): keyauthapp = api( - name = "", # Application Name - ownerid = "", # Owner ID - version = "1.0", # Application Version + name = "", # App name + ownerid = "", # Account ID + version = "", # Application version. Used for automatic downloads see video here https://www.youtube.com/watch?v=kW195PLCBKs hash_to_check = getchecksum() ) @@ -63,7 +64,8 @@ def answer(): if ans == "1": user = input('Provide username: ') password = input('Provide password: ') - keyauthapp.login(user, password) + code = input('Enter 2fa code: (not using 2fa? Just press enter)') + keyauthapp.login(user, password, code) elif ans == "2": user = input('Provide username: ') password = input('Provide password: ') @@ -75,7 +77,8 @@ def answer(): keyauthapp.upgrade(user, license) elif ans == "4": key = input('Enter your license: ') - keyauthapp.license(key) + code = input('Enter 2fa code: (not using 2fa? Just press enter)') + keyauthapp.license(key, code) else: print("\nInvalid option") sleep(1) @@ -164,7 +167,16 @@ def answer(): print(e) os._exit(1)''' +keyauthapp.fetchStats() +# Display Application Data +print("\nApplication data: ") +print("App Version: " + keyauthapp.app_data.app_ver) +print("Customer Panel Link: " + keyauthapp.app_data.customer_panel) +print("Number of Keys: " + keyauthapp.app_data.numKeys) +print("Number of Users: " + keyauthapp.app_data.numUsers) +print("Online Users: " + keyauthapp.app_data.onlineUsers) +# Display User Data print("\nUser data: ") print("Username: " + keyauthapp.user_data.username) print("IP address: " + keyauthapp.user_data.ip) @@ -182,6 +194,20 @@ def answer(): print("Created at: " + datetime.fromtimestamp(int(keyauthapp.user_data.createdate), UTC).strftime('%Y-%m-%d %H:%M:%S')) print("Last login at: " + datetime.fromtimestamp(int(keyauthapp.user_data.lastlogin), UTC).strftime('%Y-%m-%d %H:%M:%S')) print("Expires at: " + datetime.fromtimestamp(int(keyauthapp.user_data.expires), UTC).strftime('%Y-%m-%d %H:%M:%S')) + +# Two Factor Authentication +print("\nTwo Factor Authentication:") +print("1. Enable 2FA") +print("2. Disable 2FA") + +tfaans = input("Select Option: ") +if tfaans == "1": + keyauthapp.enable2fa() # You only need to call this once as it's called in the API file. +elif tfaans == "2": + keyauthapp.disable2fa() # You only need to call this once as it's called in the API file, and should ideally only need to be called once anyways. +else: + print("\nInvalid Option") + print("\nExiting in five seconds..") sleep(5) os._exit(1) From 0383ac005370aeee0fa86e85981b85df7f81ad50 Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Fri, 20 Dec 2024 17:20:55 -0500 Subject: [PATCH 35/37] Update README.md --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 68dce63..1ee9dc3 100644 --- a/README.md +++ b/README.md @@ -230,6 +230,22 @@ Function only works after login. keyauthapp.ban() ``` +## **Enable Two Factor Authentication (2fa)** + +Enable two factor authentication (2fa) on a client account. + +```py +keyauthapp.enable2fa() +``` + +## **Disable Two Factor Authentication (2fa)** + +Disable two factor authentication (2fa) on a client account. + +```py +keyauthapp.disable2fa() +``` + ## **Logout session** Logout the users session and close the application. From 12a6657b304dd5177e02aeff66a984adbf4e012a Mon Sep 17 00:00:00 2001 From: u8ej1337 Date: Sun, 12 Jan 2025 09:06:46 -0500 Subject: [PATCH 36/37] you forgot to add requirements for the qrcode stuff. --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index 1778876..b57953d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ requests pywin32 discord-interactions +qrcode +pillow From fd663900d7c7aa637ecc4df6652d927c1d300a86 Mon Sep 17 00:00:00 2001 From: It's Networking <87145183+Its-Networking@users.noreply.github.com> Date: Sat, 13 Dec 2025 17:03:22 -0500 Subject: [PATCH 37/37] Revise KeyAuth description for clarity and impact --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1ee9dc3..82cdd14 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Thank you for your compliance, we work hard on the development of KeyAuth and do ## **What is KeyAuth?** -KeyAuth is an Open source authentication system with cloud hosting plans as well. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/KeyAuth-Archive/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. +KeyAuth is a powerful cloud-based authentication system designed to protect your software from piracy and unauthorized access. With KeyAuth, you can implement secure licensing, user management, and subscription systems in minutes. Client SDKs available for [C#](https://github.com/KeyAuth/KeyAuth-CSHARP-Example), [C++](https://github.com/KeyAuth/KeyAuth-CPP-Example), [Python](https://github.com/KeyAuth/KeyAuth-Python-Example), [Java](https://github.com/KeyAuth-Archive/KeyAuth-JAVA-api), [JavaScript](https://github.com/mazkdevf/KeyAuth-JS-Example), [VB.NET](https://github.com/KeyAuth/KeyAuth-VB-Example), [PHP](https://github.com/KeyAuth/KeyAuth-PHP-Example), [Rust](https://github.com/KeyAuth/KeyAuth-Rust-Example), [Go](https://github.com/mazkdevf/KeyAuth-Go-Example), [Lua](https://github.com/mazkdevf/KeyAuth-Lua-Examples), [Ruby](https://github.com/mazkdevf/KeyAuth-Ruby-Example), and [Perl](https://github.com/mazkdevf/KeyAuth-Perl-Example). KeyAuth has several unique features such as memory streaming, webhook function where you can send requests to API without leaking the API, discord webhook notifications, ban the user securely through the application at your discretion. Feel free to join https://t.me/keyauth if you have questions or suggestions. > [!TIP] > https://vaultcord.com FREE Discord bot to Backup server, members, channels, messages & more. Custom verify page, block alt accounts, VPNs & more.