Anti-Tamper
Server-side protection against replay, session hijack, and client tampering.
Protection Layers
| Feature | Description |
|---|---|
| Ed25519 signing | Client verifies response authenticity |
| AES encryption | Encrypted wire body with enckey |
| Anti-Tamper | Master switch — IP bind, replay block, HWID session |
| Hash Check | Exe MD5 must match whitelist |
| Nonce Chain | One-time nonce per request |
| Token File Check | Validate token + thash on init (C++) |
Panel Settings
App → Settings → Access Controls:
- Anti-Tamper — on by default
- Hash Check + add hashes in Hashes tab
- Nonce Chain — enable only if client sends nonce (LibreAuth SDK supports this)
- Bind Session IP — disable if users change IP often
C++ Client
- Send
hash=MD5 of exe on init - Use correct Ed25519 public key
- Obfuscate strings in binary
- Call
check()periodically
Common Errors
| Message | Fix |
|---|---|
| Hash required | Send hash on init; add MD5 in panel |
| Invalid nonce | Disable Nonce Chain or update client SDK |
| Session IP mismatch | Disable Bind Session IP |
| Duplicate request | Don't replay captured requests within 2s |
| HWID session mismatch | Send same hwid on all requests |
INFO
Full hardening guide: Hardening Guide (RE · Inject · Panel lockdown) · Signing: Response Signing