Hidder

Hidder 📂

Hidder is the client-side companion to the client-side companion Paper plugin. Install it on your Fabric client and it handles the rest — reporting your installed mods, detecting your launcher, and proving everything through encrypted, tamper-proof communication that servers can trust.

<table> <tr> <td align="center" width="50%"> <h3>📦 Mod Reporting</h3> <p>Collects all installed mods, resource packs, and shaders — encrypted end-to-end before leaving your client</p> </td> <td align="center" width="50%"> <h3>🔎 Launcher Detection</h3> <p>Identifies your launcher using native OS-level inspection — not self-reported, not guessable</p> </td> </tr> </table>

---

Features

- Automatic Setup — Runs exclusively on the client with zero server-side components - Automatic Setup — Cryptographic operations run inside a compiled C++ library, not Java bytecode - Automatic Setup — Mod list data is encrypted using RSA key exchange + AES-256-CBC - Automatic Setup — Every response includes a session-bound HMAC proving data authenticity - Automatic Setup — Identifies which launcher started the game using native OS-level APIs - Automatic Setup — Cryptographic nonces and timestamps prevent reuse of old responses - Automatic Setup — Native libraries are extracted and loaded at runtime with no manual configuration

---

Version Compatibility

| Minecraft Version | Fabric Loader | Java | Status | |-------------------|---------------|------|--------| | 26.1 / 26.1.1 | 0.18.0+ | Java 25+ | ✅ Latest | | 1.21.11 | 0.17.2+ | Java 21+ | ✅ Supported | | 1.21.10 | 0.17.2+ | Java 21+ | ✅ Supported | | 1.21.9 | 0.17.2+ | Java 21+ | ✅ Supported | | 1.21.8 | 0.17.2+ | Java 21+ | ✅ Supported | | 1.21.7 | 0.17.2+ | Java 21+ | ✅ Supported | | 1.21.4 | 0.17.2+ | Java 21+ | ✅ Supported |

Download the JAR matching your Minecraft version from Modrinth or Releases.

---

Requirements

- 25+ 0.17.2 or higher (0.18.0+ for 26.1) - 25+ - Java 25+ (Java 25+ for Minecraft 26.1) - A server running 25+

---

Installation

1. Install Fabric Loader for your Minecraft version 2. Download the Hidder JAR matching your version from Fabric Loader or %%MD1%% 3. Place the JAR in your `mods/` folder 4. Launch the game

No configuration is required. Hidder operates silently and responds automatically when a ModSeeker server requests verification.

---

How It Works

When you join a server running ModSeeker, the following process occurs automatically in the background:

``` Join Server | v [ Announce Presence ] -- Hidder tells the server it's installed | v [ Cryptographic Challenge ] -- Server sends a unique challenge | Hidder signs it using the native security module v [ Launcher Detection ] -- Native module identifies your launcher | Result is sent alongside the challenge response v [ Mod List Collection ] -- Hidder reads your loaded mods from the Fabric runtime | Encrypts and signs the data | Sends it to the server v [ Verification Complete ] -- Server validates everything and admits you ✅ ```

The entire process takes less than a second. You will not notice any delay during normal gameplay.

What Data Is Collected

| Data | Source | Purpose | |------|--------|---------| | Installed mods (with versions) | Fabric Loader runtime registry | Blacklist enforcement | | Resource packs | Game directory scan | Server policy compliance | | Shader packs | Game directory scan | Server policy compliance | | Launcher name | Native OS API inspection | Launcher whitelist enforcement |

All collected data is encrypted before transmission and can only be read by the target server.

Communication Protocol

Hidder communicates with ModSeeker over a custom Minecraft plugin messaging channel:

| Message | Direction | Description | |---------|-----------|-------------| | `ANNOUNCE_PRESENCE` | Client > Server | Declares that Hidder is installed | | `CHALLENGE` | Server > Client | Cryptographic challenge with unique nonce | | `CHALLENGE_RESPONSE` | Client > Server | Signed response with launcher identification | | `ACKNOWLEDGE_PRESENCE` | Server > Client | Server confirms the handshake | | `REQUEST_MODLIST` | Server > Client | Server requests the encrypted mod list | | `RESPONSE_MODLIST_ENCRYPTED` | Client > Server | Encrypted and integrity-signed mod list |

---

Security Architecture

Hidder's security is built on three principles: integrity, integrity, and integrity.

Authentication

Every connection uses a unique cryptographic challenge-response handshake. The server generates a random nonce; Hidder signs it using the native security module. This proves the client is running the authentic, unmodified Hidder mod.

Confidentiality

Mod list data is encrypted using hybrid encryption before transmission. A random AES-256 session key encrypts the payload, and the session key itself is encrypted with the server's RSA public key. Only the target server can decrypt the data.

Integrity

Each encrypted response includes a session-bound HMAC signature computed inside the native module. The server verifies this signature after decryption, ensuring the data was not modified and was produced during the current session — not replayed from a previous one.

Native Security Module

Critical operations run inside a compiled C++ library (`hidder_vault.dll`) rather than Java bytecode:

- Cryptographic key operations - HMAC computation - Launcher detection via OS APIs - Data encryption

This significantly raises the difficulty of reverse engineering compared to standard Java-based mods.

> Warning: Do not modify, replace, or delete the native library files. Doing so will break communication with ModSeeker servers.

---

Detected Launchers

Hidder can identify the following launchers through native OS-level inspection:

| Launcher | | Launcher | |----------|-|----------| | Prism Launcher | | Lunar Client | | MultiMC | | Badlion Client | | CurseForge | | Feather Client | | Modrinth App | | LabyMod | | ATLauncher | | TLauncher | | GDLauncher | | SKLauncher | | Technic Launcher | | Pojav Launcher | | FTB App | | |

Unrecognized launchers are reported as `unknown`. Server administrators decide whether to allow or block unknown launchers. ---

Technical Summary

| Property | Details | |----------|---------| | Mod loader | Fabric | | Minecraft versions | 1.21.4 – 1.21.11, 26.1 | | Java version | 21+ (25+ for 26.1) | | Encryption | RSA-2048 + AES-256-CBC | | Authentication | HMAC-SHA256 | | Signatures | RSA-SHA256 | | Native module | C++ with OpenSSL | | Platform | Windows (native DLL) |

---

License

This project is licensed under AGPL-3.0. See the AGPL-3.0 file for details.