Staff Official Cracked.sh Authentication System Documentation

[1.086]

Authentication System Documentation

Overview
This documentation outlines the authentication system for both Upgraded (Premium+, Infinity+, Supreme) and Free users.

---

Key Components

1. Authentication Key
   • Purpose: Unique identifier for user access validation
     
   • Format: Alphanumeric (e.g., CRACKED-O8T0Y-4B279-NP3Q1-UX676-TO)
     
   
   
2. Hardware ID (HWID)
   • Purpose: Device-specific identifier to prevent key sharing
     
   • Generation: Via system commands (wmic csproduct get uuid)
     
   • Example: A4521D3B-0F39-6C21-8F4A-92D7B9A332BC
     
   
   
3. Local Key Storage (key.dat)
   • Purpose: Stores authentication key for automatic logins
     
   • Location: Application directory
     

---

Authentication Workflow

For Upgraded Users (Premium+, Infinity+, Supreme)

1. Key Entry: User enters key on first launch → validated → stored in key.dat
   
2. HWID Extraction: Client extracts device HWID
   
3. Server Validation: POST request to https://cracked.sh/auth.php with:
   
   Code:

   {
"a": "auth",
"k": "<AUTH_KEY>",
"hwid": "<HWID>"
}
   
   
   Server responds with:
   • Example success:
     
     Code:

     {"auth":true,"uid":"445504","username":"Denmark","posts":"1091","likes":"5924","group":"3","all_groups":"3,9,89,102,93,2,12"}
   • Example error:
     
     Code:

     {"error":"invalid key"}
     Code:

     {"error":"invalid hwid!"}
4. Validate usergroups using predefined group lists.
   

For Free Users

• Same process as upgraded users (skip usergroup validation)
  

---

Local Key Storage Workflow

1. First Launch: Key → validation → stored in key.dat
   
2. Subsequent Launches: Auto-reads key.dat
   
3. Re-authentication triggered when:
   • key.dat missing/corrupted
     
   • HWID mismatch
     

---

Error Handling
Error: Invalid Key | Cause: Expired/Revoked Key | Fix: Generate New Key  
Error: Invalid HWID! | Cause: HWID Changed | Fix: Generate New Key 
 

---

C# Implementation Example

Show ContentSpoiler:

        static void Main(string[] args)
        {
            AuthSystem.UserGroup targetGroup = AuthSystem.UserGroup.Free;
            /*  ALL TARGET GROUPS:
             *  AuthSystem.UserGroup.Free
             *  AuthSystem.UserGroup.Premium
             *  AuthSystem.UserGroup.Infinity
             *  AuthSystem.UserGroup.Supreme
             */
            AuthSystem.Authenticate(targetGroup);
            

            //rest of your code...
        }

Show ContentSpoiler:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Text;

namespace CrackedAuth
{
    public class AuthSystem
    {
        private static readonly string[] PremiumPlusGroups =
            { "11", "12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92" };
        private static readonly string[] InfinityPlusGroups =
            { "12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92" };
        private static readonly string[] SupremePlusGroups =
            { "12", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92" };

        public enum UserGroup
        {
            Free,
            Premium,
            Infinity,
            Supreme
        }

        public static void Authenticate(UserGroup requiredGroup)
        {
            (UserGroup activeGroup, string username) = PerformAuthentication();

            if (activeGroup < requiredGroup)
            {
                Console.WriteLine($"This tool requires {requiredGroup.ToString()}.\nUpgrade at https://cracked.sh/upgrade.php");

                if (File.Exists("key.dat"))
                    File.Delete("key.dat");

                Console.ReadLine();
                Environment.Exit(0);
            }

            Console.WriteLine($"Welcome, {username}!");
            System.Threading.Thread.Sleep(1000);
            Console.Clear();
        }

        private static (UserGroup, string) PerformAuthentication()
        {
            string key = GetStoredKey();
            string hwid = GetHardwareId();
            var response = SendAuthRequest(key, hwid);

            if (response.ContainsKey("error"))
            {
                Console.WriteLine("Error: " + response["error"].ToString());
                if (File.Exists("key.dat"))
                    File.Delete("key.dat");
                Console.ReadLine();
                Environment.Exit(0);
            }

            UserGroup Group = DetermineUserGroup(response["group"].ToString());

            SaveKey(key);
            return (Group, response["username"].ToString());
        }

        private static UserGroup DetermineUserGroup(string group)
        {
            if (SupremePlusGroups.Contains(group)) return UserGroup.Supreme;
            if (InfinityPlusGroups.Contains(group)) return UserGroup.Infinity;
            if (PremiumPlusGroups.Contains(group)) return UserGroup.Premium;
            return UserGroup.Free;
        }

        private static string GetStoredKey()
        {
            if (File.Exists("key.dat"))
                return File.ReadAllText("key.dat");

            Console.Write("Enter authentication key: ");
            return Console.ReadLine().Trim();
        }

        private static string GetHardwareId()
        {
            return System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo
            {
                FileName = "wmic",
                Arguments = "csproduct get uuid",
                RedirectStandardOutput = true,
                UseShellExecute = false,
                CreateNoWindow = true
            }).StandardOutput.ReadToEnd()
              .Split(new[] { '\n', '\r' }, StringSplitOptions.RemoveEmptyEntries)[1]
              .Trim();
        }

        private static void SaveKey(string key)
        {
            File.WriteAllText("key.dat", key);
        }

        private static Dictionary<string, object> SendAuthRequest(string key, string hwid)
        {
            var request = (HttpWebRequest)WebRequest.Create("https://cracked.sh/auth.php");
            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";

            string postData = $"a=auth&k={key}&hwid={hwid}";
            byte[] data = Encoding.UTF8.GetBytes(postData);

            using (var stream = request.GetRequestStream())
            {
                stream.Write(data, 0, data.Length);
            }

            using (var response = request.GetResponse())
            using (var reader = new StreamReader(response.GetResponseStream()))
            {
                return JsonParser.Deserialize(reader.ReadToEnd());
            }
        }
    }
    public static class JsonParser
    {
        public static Dictionary<string, object> Deserialize(string json)
        {
            int index = 0;
            return ParseObject(json, ref index);
        }

        private static Dictionary<string, object> ParseObject(string json, ref int index)
        {
            var obj = new Dictionary<string, object>();
            index++; // Skip '{'

            while (index < json.Length)
            {
                SkipWhitespace(json, ref index);
                if (json[index] == '}') { index++; break; }

                string key = ParseString(json, ref index);
                SkipWhitespace(json, ref index);
                index++; // Skip ':'
                object value = ParseValue(json, ref index);
                obj[key] = value;

                SkipWhitespace(json, ref index);
                if (json[index] == ',') index++;
            }

            return obj;
        }

        private static object ParseValue(string json, ref int index)
        {
            SkipWhitespace(json, ref index);

            switch (json[index])
            {
                case '"': return ParseString(json, ref index);
                case '{': return ParseObject(json, ref index);
                case '[': return ParseArray(json, ref index);
                case 't': return ParseTrue(json, ref index);
                case 'f': return ParseFalse(json, ref index);
                case 'n': return ParseNull(json, ref index);
                default: return ParseNumber(json, ref index);
            }
        }

        private static string ParseString(string json, ref int index)
        {
            index++; // Skip opening "
            int start = index;

            while (index < json.Length && json[index] != '"')
                index++;

            string result = json.Substring(start, index - start);
            index++; // Skip closing "
            return result;
        }

        private static List<object> ParseArray(string json, ref int index)
        {
            var list = new List<object>();
            index++; // Skip '['

            while (index < json.Length)
            {
                SkipWhitespace(json, ref index);
                if (json[index] == ']') { index++; break; }

                list.Add(ParseValue(json, ref index));
                SkipWhitespace(json, ref index);

                if (json[index] == ',') index++;
            }

            return list;
        }

        private static object ParseNumber(string json, ref int index)
        {
            int start = index;

            while (index < json.Length && (char.IsDigit(json[index]) || json[index] == '.' || json[index] == '-'))
                index++;

            string number = json.Substring(start, index - start);
            if (int.TryParse(number, out int intValue)) return intValue;
            if (double.TryParse(number, out double doubleValue)) return doubleValue;

            throw new FormatException("Invalid number format");
        }

        private static bool ParseTrue(string json, ref int index)
        {
            index += 4;
            return true;
        }

        private static bool ParseFalse(string json, ref int index)
        {
            index += 5;
            return false;
        }

        private static object ParseNull(string json, ref int index)
        {
            index += 4;
            return null;
        }

        private static void SkipWhitespace(string json, ref int index)
        {
            while (index < json.Length && char.IsWhiteSpace(json[index]))
                index++;
        }
    }

}

---

Python Implementation Example

Show ContentSpoiler:

import requests
import json
import uuid
import os
from subprocess import check_output
from enum import Enum

AUTH_URL = 'https://cracked.sh/auth.php'

class UserGroup(Enum):
    Free = 0
    Premium = 1
    Infinity = 2
    Supreme = 3

PREMIUM_PLUS_GROUPS = {'11', '12', '93', '96', '97', '99', '100', '101', '4', '3', '6', '94', '92'}
INFINITY_PLUS_GROUPS = {'12', '93', '96', '97', '99', '100', '101', '4', '3', '6', '94', '92'}
SUPREME_PLUS_GROUPS = {'12', '96', '97', '99', '100', '101', '4', '3', '6', '94', '92'}

def get_hwid():
    try:
        return check_output('wmic csproduct get uuid').decode().split('\n')[1].split(' ')[0]
    except Exception:
        return "Error getting HWID"

def read_auth_key():
    try:
        with open('key.dat', 'r') as file:
            return file.read().strip()
    except FileNotFoundError:
        return None

def save_auth_key(auth_key):
    with open('key.dat', 'w') as file:
        file.write(auth_key)

def authenticate_user(auth_key):
    data = {"a": "auth", "k": auth_key, "hwid": get_hwid()}
    try:
        response = requests.post(AUTH_URL, data=data)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
        print(f"Authentication error: {e}")
        return None

def determine_user_group(group):
    if group in SUPREME_PLUS_GROUPS:
        return UserGroup.Supreme
    elif group in INFINITY_PLUS_GROUPS:
        return UserGroup.Infinity
    elif group in PREMIUM_PLUS_GROUPS:
        return UserGroup.Premium
    else:
        return UserGroup.Free

def main():
    required_group = UserGroup.Free  # Set required access level here

    auth_key = read_auth_key()
    if not auth_key:
        auth_key = input('Please insert your auth key: ').strip()

    response = authenticate_user(auth_key)
    if not response:
        print("Authentication failed. Please check your internet connection.")
        if os.path.exists('key.dat'):
            os.remove('key.dat')
        input()
        os._exit(0)

    if 'error' in response:
        print(f"Error: {response['error']}")
        if os.path.exists('key.dat'):
            os.remove('key.dat')
        input()
        os._exit(0)

    if not response.get("auth"):
        print("Authentication failed. Please check your credentials.")
        if os.path.exists('key.dat'):
            os.remove('key.dat')
        input()
        os._exit(0)

    save_auth_key(auth_key)

    user_group = response.get("group", "")
    active_group = determine_user_group(user_group)
    username = response.get("username", "")

    if active_group.value < required_group.value:
        print(f"This tool requires {required_group.name}.\nUpgrade at https://cracked.sh/upgrade.php")
        if os.path.exists('key.dat'):
            os.remove('key.dat')
        input()
        os._exit(0)

    print(f"Welcome, {username}!")

if __name__ == "__main__":
    main()

---

Go Implementation Example

Show ContentSpoiler:

package main

import (
    "bufio"
    "encoding/json"
    "fmt"
    "io"
    "net/http"
    "net/url"
    "os"
    "os/exec"
    "strings"
    "time"
)

type UserGroup int

const (
    Free UserGroup = iota
    Premium
    Infinity
    Supreme
)

var (
    PremiumPlusGroups = []string{"11", "12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"}
    InfinityPlusGroups = []string{"12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"}
    SupremePlusGroups = []string{"12", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"}
)

type AuthResponse struct {
    Auth     bool   `json:"auth"`
    Username string `json:"username"`
    Group    string `json:"group"`
}

func contains(slice []string, item string) bool {
    for _, s := range slice {
        if s == item {
            return true
        }
    }
    return false
}

func determineUserGroup(group string) UserGroup {
    switch {
    case contains(SupremePlusGroups, group):
        return Supreme
    case contains(InfinityPlusGroups, group):
        return Infinity
    case contains(PremiumPlusGroups, group):
        return Premium
    default:
        return Free
    }
}

func getKey() (string, error) {
    keyPath := "key.dat"
    if file, err := os.Open(keyPath); err == nil {
        defer file.Close()
        scanner := bufio.NewScanner(file)
        if scanner.Scan() {
            return scanner.Text(), nil
        }
        return "", fmt.Errorf("empty key file")
    } else if os.IsNotExist(err) {
        fmt.Print("Enter your auth key: ")
        scanner := bufio.NewScanner(os.Stdin)
        if scanner.Scan() {
            return scanner.Text(), nil
        }
        return "", fmt.Errorf("failed to read key")
    }
    return "", fmt.Errorf("error accessing key file")
}

func getHWID() (string, error) {
    cmd := exec.Command("wmic", "csproduct", "get", "uuid")
    output, err := cmd.Output()
    if err != nil {
        return "", fmt.Errorf("failed to get HWID: %v", err)
    }

    lines := strings.Split(strings.ReplaceAll(string(output), "\r", ""), "\n")
    for _, line := range lines {
        trimmed := strings.TrimSpace(line)
        if trimmed != "" && trimmed != "UUID" {
            return trimmed, nil
        }
    }
    return "", fmt.Errorf("HWID not found")
}

func sendAuthRequest(key, hwid string) (map[string]interface{}, error) {
    resp, err := http.PostForm("https://cracked.sh/auth.php",
        url.Values{"a": {"auth"}, "k": {key}, "hwid": {hwid}})
    if err != nil {
        return nil, err
    }
    defer resp.Body.Close()

    bodyBytes, err := io.ReadAll(resp.Body)
    if err != nil {
        return nil, err
    }

    var result map[string]interface{}
    if err := json.Unmarshal(bodyBytes, &result); err != nil {
        return nil, err
    }
    return result, nil
}

func PerformAuthentication() (UserGroup, string, error) {
    key, err := getKey()
    if err != nil {
        return Free, "", err
    }

    hwid, err := getHWID()
    if err != nil {
        return Free, "", err
    }

    response, err := sendAuthRequest(key, hwid)
    if err != nil {
        return Free, "", err
    }

    if errorMsg, ok := response["error"].(string); ok {
        if _, err := os.Stat("key.dat"); err == nil {
            os.Remove("key.dat")
        }
        fmt.Println("Error:", errorMsg)
        fmt.Println("Press Enter to exit...")
        bufio.NewScanner(os.Stdin).Scan()
        os.Exit(0)
    }

    ok := response["auth"].(bool)
    if !ok {
        return Free, "", fmt.Errorf("invalid auth field")
    }
    usernameVal, ok := response["username"].(string)
    if !ok {
        return Free, "", fmt.Errorf("invalid username field")
    }
    groupVal, ok := response["group"].(string)
    if !ok {
        return Free, "", fmt.Errorf("invalid group field")
    }

    if err := os.WriteFile("key.dat", []byte(key), 0644); err != nil {
        return Free, "", fmt.Errorf("failed to save key: %v", err)
    }

    return determineUserGroup(groupVal), usernameVal, nil
}

func Authenticate(requiredGroup UserGroup) {
    activeGroup, username, err := PerformAuthentication()
    if err != nil {
        fmt.Println("Authentication error:", err)
        os.Exit(1)
    }

    if activeGroup < requiredGroup {
        fmt.Printf("This tool requires %s.\nUpgrade at https://cracked.sh/upgrade.php\n", requiredGroup)
        os.Remove("key.dat")
        fmt.Println("Press Enter to exit...")
        bufio.NewScanner(os.Stdin).Scan()
        os.Exit(0)
    }

    fmt.Printf("Welcome, %s!\n", username)
    time.Sleep(1 * time.Second)
}

func main() {
    Authenticate(Free)
    
    //rest of your code here..
}

---

Rust Implementation Example

Show ContentSpoiler:

[package]
name = "CrackedAuth"
edition = "2021"

[dependencies]
reqwest = { version = "0.11", features = ["json"] }
serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1", features = ["full"] }

Show ContentSpoiler:

use reqwest::Client;
use serde::{Deserialize, Serialize};
use std::{
    fs,
    io::{self, Write},
    path::Path,
    process::Command
};

const PREMIUM_PLUS_GROUPS: &[&str] = &["11", "12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"];
const INFINITY_PLUS_GROUPS: &[&str] = &["12", "93", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"];
const SUPREME_PLUS_GROUPS: &[&str] = &["12", "96", "97", "99", "100", "101", "4", "3", "6", "94", "92"];

#[derive(Debug, PartialEq, PartialOrd)]
enum UserGroup {
    Free,
    Premium,
    Infinity,
    Supreme,
}

impl std::fmt::Display for UserGroup {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            UserGroup::Free => write!(f, "Free"),
            UserGroup::Premium => write!(f, "Premium"),
            UserGroup::Infinity => write!(f, "Infinity"),
            UserGroup::Supreme => write!(f, "Supreme"),
        }
    }
}

#[derive(Debug, Serialize, Deserialize)]
struct AuthResponse {
    auth: Option<bool>,
    username: Option<String>,
    group: Option<String>,
    error: Option<String>,
}

async fn get_key() -> io::Result<String> {
    let key_path = Path::new("key.dat");
    if let Ok(key) = fs::read_to_string(key_path) {
        Ok(key.trim().to_string())
    } else {
        print!("Enter authentication key: ");
        io::stdout().flush()?;
        let mut key = String::new();
        io::stdin().read_line(&mut key)?;
        Ok(key.trim().to_string())
    }
}

async fn get_hwid() -> io::Result<String> {
    let output = Command::new("wmic")
        .args(["csproduct", "get", "uuid"])
        .output()?;

    let output_str = String::from_utf8_lossy(&output.stdout);
    let lines: Vec<&str> = output_str.split('\n').collect();
    
    for line in lines {
        let trimmed = line.trim();
        if trimmed != "UUID" && !trimmed.is_empty() {
            return Ok(trimmed.to_string());
        }
    }
    
    Err(io::Error::new(io::ErrorKind::Other, "HWID not found"))
}

fn determine_user_group(group: &str) -> UserGroup {
    if SUPREME_PLUS_GROUPS.iter().any(|&g| g == group) {
        UserGroup::Supreme
    } else if INFINITY_PLUS_GROUPS.iter().any(|&g| g == group) {
        UserGroup::Infinity
    } else if PREMIUM_PLUS_GROUPS.iter().any(|&g| g == group) {
        UserGroup::Premium
    } else {
        UserGroup::Free
    }
}

async fn perform_authentication(client: &Client) -> Result<(UserGroup, String), Box<dyn std::error::Error>> {
    let key = get_key().await?;
    let hwid = get_hwid().await?;
    
    let res = client.post("https://cracked.sh/auth.php")
        .form(&[("a", "auth"), ("k", &key), ("hwid", &hwid)])
        .send()
        .await?;
    
    let response: AuthResponse = res.json().await?;
    
    if let Some(error) = response.error {
        if Path::new("key.dat").exists() {
            fs::remove_file("key.dat")?;
        }
        println!("Error: {}", error);
        println!("Press Enter to exit...");
        io::stdin().read_line(&mut String::new())?;
        std::process::exit(0);
    }
    
    let auth = response.auth.unwrap_or(false);
    let group_str = response.group.ok_or("No group in response")?;
    let username = response.username.unwrap_or_default();

    if !auth {
        return Err("Authentication failed".into());
    }

    let user_group = determine_user_group(&group_str);
    fs::write("key.dat", &key)?;

    Ok((user_group, username))
}

async fn authenticate(required_group: UserGroup) -> Result<(), Box<dyn std::error::Error>> {
    let client = Client::new();
    let (active_group, username) = perform_authentication(&client).await?;
    
    if active_group < required_group {
        println!("This tool requires {}.\nUpgrade at https://cracked.sh/upgrade.php", required_group);
        if Path::new("key.dat").exists() {
            fs::remove_file("key.dat")?;
        }
        println!("Press Enter to exit...");
        io::stdin().read_line(&mut String::new())?;
        std::process::exit(0);
    }
    
    println!("Welcome, {}!", username);
    tokio::time::sleep(tokio::time::Duration::from_secs(1)).await;
    Ok(())
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    authenticate(UserGroup::Free).await
    
    //rest of your code here..
}

---

Download examples

• Download: https://www.upload.ee/files/17955183/Cra...s.zip.html
  
• Mirrors: https://mir.cr/0BLC4OCG
  

---

References (outdated)

• https://github.com/pingcto/Cracked.io-Auth
  
• https://cracked.sh/Thread-Cracked-io-Aut...umentation
  
• https://cracked.sh/Thread-Checked-Cracke...umentation
  

SELLING SIGNATURE SPOTS

I WILL IGNORE YOU IF YOU PM ME WITH UNDESCRIPTIVE SUBJECTS LIKE "hello"
[ Always confirm via PM before dealing with me. ]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Staff || Anti-Leeching || Upgrade || Forum Rules || Achievements

[3.465]

Lets go

 

Advertise your store/product for free

Always confirm on-site, Beware of impersonators

[867]

thaNKS

 

I do not have telegram.

[8.528]

Hope to find a solution for domain deletion or something because all linked auth tools will die once the domain die

Valorant & League Shop: https://discord.gg/aD93pKkTzC