From 8fda365c3fa5ce9cf9427517ab7c6194badb54a7 Mon Sep 17 00:00:00 2001
From: Besettos <gromexc@outlook.com>
Date: Mon, 24 Nov 2025 17:49:53 +0100
Subject: [PATCH 1/2] Added hooking detection in auth.cpp for the req ( Request
 ) function

---
 Security.hpp | 19 +++++++++++++++++++
 auth.cpp     | 21 +++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/Security.hpp b/Security.hpp
index 958c0d7..ba4ee21 100644
--- a/Security.hpp
+++ b/Security.hpp
@@ -5,6 +5,25 @@
 #include <aclapi.h>
 #include <bcrypt.h>
 
+
+auto is_hooked = [](void* fn) -> bool {
+    if (!fn) return true;
+
+
+    BYTE bytes[5];
+    memcpy(bytes, fn, 5);
+
+
+    if (bytes[0] == 0xE9 || bytes[0] == 0xE8)
+        return true;
+
+    if (bytes[0] == 0xFF && bytes[1] == 0x25)
+        return true;
+
+    return false;
+    };
+
+
 // code submitted in pull request from https://github.com/sbtoonz, authored by KeePassXC https://github.com/keepassxreboot/keepassxc/blob/dab7047113c4ad4ffead944d5c4ebfb648c1d0b0/src/core/Bootstrap.cpp#L121
 inline bool LockMemAccess()
 {
diff --git a/auth.cpp b/auth.cpp
index 90fd644..796800f 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -1694,6 +1694,27 @@ std::string KeyAuth::api::req(const std::string& data, const std::string& url) {
     signature.clear();
     signatureTimestamp.clear();
 
+
+    if (is_hooked((void*)&curl_easy_perform))
+    {
+        error("Hook detected in curl_easy_perform");
+    }
+
+    if (is_hooked((void*)&curl_easy_init))
+    {
+        error("Hook detected in curl_easy_init");
+    }
+
+    if (is_hooked((void*)&curl_easy_setopt))
+    {
+        error("Hook detected in curl_easy_setopt");
+    }
+
+    if (is_hooked((void*)&curl_easy_cleanup))
+    {
+        error("Hook detected in curl_easy_cleanup");
+    }
+
     CURL* curl = curl_easy_init();
     if (!curl) {
         error(XorStr("CURL Initialization Failed!"));

From fdb4ed8ed828fd3f984207a52dcf5eebe4154aab Mon Sep 17 00:00:00 2001
From: Dispaer <gromexc@outlook.com>
Date: Mon, 24 Nov 2025 19:26:55 +0100
Subject: [PATCH 2/2] Xor string encryption on The Hook detection error message

---
 auth.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/auth.cpp b/auth.cpp
index 796800f..0de052a 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -1695,24 +1695,25 @@ std::string KeyAuth::api::req(const std::string& data, const std::string& url) {
     signatureTimestamp.clear();
 
 
+
     if (is_hooked((void*)&curl_easy_perform))
     {
-        error("Hook detected in curl_easy_perform");
+        error(XorStr("Hook detected in curl_easy_perform"));
     }
 
     if (is_hooked((void*)&curl_easy_init))
     {
-        error("Hook detected in curl_easy_init");
+        error(XorStr("Hook detected in curl_easy_init"));
     }
 
     if (is_hooked((void*)&curl_easy_setopt))
     {
-        error("Hook detected in curl_easy_setopt");
+        error(XorStr("Hook detected in curl_easy_setopt"));
     }
 
     if (is_hooked((void*)&curl_easy_cleanup))
     {
-        error("Hook detected in curl_easy_cleanup");
+        error(XorStr("Hook detected in curl_easy_cleanup"));
     }
 
     CURL* curl = curl_easy_init();