# LibreAuth C++ Client

Native client setup for self-hosted LibreAuth API 1.3.

## 1. API URL

```cpp
std::string url = "https://YOUR-DOMAIN/api/1.3/";
```

## 2. Ed25519 public key

Copy from `https://YOUR-DOMAIN/health` (`sign_public`) or SDK portal.

Replace `get_public_key_hex()` in auth.cpp:

```cpp
static std::string get_public_key_hex() {
    return "PASTE_128_HEX_HERE";
}
```

## 3. Anti-tamper (server)

Enable in panel: **Require Sign**, **Anti-Tamper**, **Hash Check**, add exe MD5 in Hashes tab.

| Error | Fix |
|-------|-----|
| Hash required | Send `hash=` MD5 of your exe on init |
| Invalid nonce | Enable Anti Replay — client must send nonce each request |
| Session IP mismatch | Disable Bind Session IP or fix proxy/VPN |
| Duplicate request | Don't replay captured requests within 2 seconds |

## 4. Anti-RE / Anti-Inject (client)

Include `hardening.hpp` before auth init:

```cpp
#include "hardening.hpp"

if (!la_guard::RunChecks()) exit(1);
// app.init() ...
// loop: la_guard::RunChecks() + app.check()
```

`hardening.hpp` provides:
- Debugger detection (IsDebuggerPresent, NtQueryInformationProcess)
- Hardware breakpoint scan (DR0–DR3)
- Loaded DLL scan (CE dbk64, x64dbg, Frida, MinHook, ScyllaHide, …)
- Running process scan (cheatengine, ida64, x64dbg, dnspy, ghidra, …)
- Window title scan ("Cheat Engine", "IDA -", "x64dbg", …)
- VM detection (VMware, VirtualBox, Hyper-V, QEMU) — `RunChecks(false)` to skip
- `LastFail()` / `FailName()` — know why check failed
- `ExeMd5Hex()` for hash check · `Hwid()` helper

Full guide: `/docs/?p=hardening`

## 5. Obfuscation

- VMProtect / Themida on release build
- Encrypt strings: URL, ownerid, app name, pubkey
- Rebuild after every change · re-add hash in panel after obfuscate

Docs: `/docs/?p=integrity` · `/docs/?p=signature`