Skip to content

Latest commit

 

History

History
289 lines (235 loc) · 14.4 KB

README.md

File metadata and controls

289 lines (235 loc) · 14.4 KB

Note: I'm not affilated with Discord and do not encourage using any of these hacks. Use everything here at your own risk. This is meant for educational purposes only and using these codeblocks may result in your account being disabled/terminated.

Community

We have a Discord Server: (not available rn*) (2nd server)

* Currently all my IP Adresses (all exit nodes, I2P (darknet) outproxies, VPN's and proxies) are blacklisted and I can't create any accounts. Allthough I expclicitly put a disclaimer above any code published, Discord is going after me, which makes it... more... difficult to create new accounts...

Please don't use console hacks not sent by me, or you might risk loosing your account.
I'll update this invite regularly, if e.g. my account gets compromised or Discord shuts down the Server, I will create a new Account, a new Server and will then update the invite above.
If the invite doesn't work anymore, it means the Server got deleted and you need to wait until I can create a new Account.

Inner workings of Discord

Click here

Discord Token Syntax

Example
User ID Encoded in Base64NTzQvPcLBacBmgajXQc7QAaU
Dot.
Timestamp -epoch(1293840000) converted to base64 (credit to @Flam3rboy)XCgboz
Dot.
HMAC (credit to @Flam3rboy) consiting of 27 chars (uppercase/lowercase letters, numbers, - or _)c4t51kFWSEmdmaPnKoyUuu8E78E
There is this awesome diagram from #2 wich shows the exact token structure:



Discords Internal Server Structure

Check out this Article about Reverse Engineering Discord, and the proof that Discord acts as a MITM (Intercepts your traffic and decrypts your messsages): https://medium.com/tenable-techblog/lets-reverse-engineer-discord-1976773f4626
That means, Discord Staff can read all of your messages... (still better than Telegram, where anyone can read your messages xD)
If you need privacy, use Signal or Threema or Briar. (or all of them :)

grafik
How sending Audioo/Video Messages in Discord Works.



Console Hacks

Click here

Be Careful!

As stated in my Disclaimer I don't promote using any kind of client modifications. Please don't use the code found here for illegal / hacking purposes, or you might risk seeing this error message:
image

How to use these Hacks

It only works on Dekstop Versions (Windows, Linux, MacOS), not on Mobile

  1. Press CTRL + SHIFT + I to toggle Developer Tools (Discord is electronjs wich is basically google chrome)
  2. Click on "Console" if not already selected
  3. Paste the script in
  4. Press enter

Obtaining your Token

Copies your Token into the Clipboard.

paste this into the Console (while being logged in) and before the loading animation has finished, paste it again.

window.location.reload();
copy(document.body.appendChild(document.createElement `iframe`).contentWindow.window.localStorage.token);

The token should be in your Clipboard. If it's just "null" or "undefined" do the same thing again. Don't wait to lomg inbetween the two times


Logging in using Token

Modifies the Login screen so you can use Tokens to log in.

paste this into the Console (CTRL + SHIFT + I) on the login screen (you need to be logged out)

function login(e){setInterval(()=>{document.body.appendChild(document.createElement`iframe`).contentWindow.localStorage.token=`"${e}"`},50),setTimeout(()=>{window.location.reload()},2500)}function buttonlogin(){login(document.getElementsByClassName("inputDefault-_djjkz input-cIJ7To")[0].value)}var element;(element=document.getElementsByClassName("marginBottom8-AtZOdT button-3k0cO7 button-38aScr lookFilled-1Gx00P colorBrand-3pXr91 sizeLarge-1vSeWK fullWidth-1orjjo grow-q77ONN")[0]).addEventListener("click",buttonlogin),(element=document.getElementsByClassName("marginBottom20-32qID7")[0]).parentElement.removeChild(element),(element=document.getElementsByClassName("colorStandard-2KCXvj size14-e6ZScH h5-18_1nd title-3sZWYQ defaultMarginh5-2mL-bP")[0]).innerHTML="Token",element.id="Token",(element=document.getElementsByClassName("transitionGroup-aR7y1d qrLogin-1AOZMt")[0]).parentElement.removeChild(element),(element=document.getElementsByClassName("verticalSeparator-3huAjp")[0]).parentElement.removeChild(element);

and log in
Note that this doesn't work with Bot tokens, Bot tokens are different than user tokens, and Discord doesn't support this.

exampleimage
Login Screen after running the hack

Enable Staff Mode

Enables some hidden features and sets your client to staff mode

This will trick your client into thinking that you are Discord Staff (by modifiying the flags) and also enables the secret experiments and Developer Options Menu (where you can get secret unrelesed discord updates, emulate a different client, generate build overrides etc.) Credit for the Settings hack to https://gist.github.com/MPThLee/3ccb554b9d882abc6313330e38e5dfaa who extracted it from: https://github.com/samogot/betterdiscord-plugins (The original Creator)

(()=>{const e="function"==typeof webpackJsonp?webpackJsonp([],{__extra_id__:(e,t,n)=>t.default=n},["__extra_id__"]).default:webpackJsonp.push([[],{__extra_id__:(e,t,n)=>e.exports=n},[["__extra_id__"]]]);delete e.m.__extra_id__,delete e.c.__extra_id__;Object.defineProperty(((t,n)=>((t,n={})=>{const{cacheOnly:l=!0}=n;for(let n in e.c)if(e.c.hasOwnProperty(n)){let l=e.c[n].exports;if(l&&l.__esModule&&l.default&&t(l.default))return l.default;if(l&&t(l))return l}if(l)return console.warn("Cannot find loaded module in cache"),null;console.warn("Cannot find loaded module in cache. Loading all modules may have unexpected side effects");for(let n=0;n<e.m.length;++n)try{let l=e(n);if(l&&l.__esModule&&l.default&&t(l.default))return l.default;if(l&&t(l))return l}catch(e){}return console.warn("Cannot find module"),null})(e=>t.every(t=>void 0!==e[t]),n))(["isDeveloper"]),"isDeveloper",{get:e=>1,set:e=>e,configurable:!0})})();
Object.values(webpackJsonp.push([[],{[''] :(_,e,r)=>{e.cache=r.c}},[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getCurrentUser!==void 0).exports.default.getCurrentUser().flags+=1

discorddevoptions Developer Options Setting

Get all Badges

This script enables all Badges on you client.

Note that other users won't see the badge

Object.values(webpackJsonp.push([[],{[''] :(_,e,r)=>{e.cache=r.c}},
[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getCurrentUser!==void
0).exports.default.getCurrentUser().flags=-1
Object.values(webpackJsonp.push([[],{[''] :(_,e,r)=>{e.cache=r.c}},
[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getCurrentUser!==void
0).exports.default.getCurrentUser().public_flags=-1

preview
This isn't a fake screenshot your client will really display this.

Easy Edit mode

you can use this to make Fake Screenshots without having to do Inspect Element each time
document.designMode = 'on'

Free Discord Nitro (hack)

Get some Nitro features without buying Nitro

Tricks your client into thinking you have Nitro. Converts the API request into non-nitro requests, so Discord won't notice that yoou don't have Nitro. Be extra careful with scripts that claim to do this, this script is the only working one. If you find a copy of this script, not directly provided by me or this repo, pls report it to me, its probably a scam.
Credit to https://github.com/An00nymushun/DiscordFreeEmojis for the Emoji handling part.
Note that not every feature is supported as, some things that run Server Side can't be simulated. But basic features (like animated emojis) should work.

/*
I removed the code bc this shouldn't go public. Ppl would just copy and paste this anywhere and bad ppl would backdoor it.
Also I don't want Discord to fix this.
Its a WIP, join the Server Linked in #Community if you want to know more.
If you are a developer and want to contribute, also DM me.
*/

grafik The Subscription Overview. The Account used for the Screenshot didn't buy Nitro

oauth Bot and System

test. Doesn't work. Don't run this
Object.values(webpackJsonp.push([[],{[''] :(_,e,r)=>{e.cache=r.c}},
[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getCurrentUser!==void
0).exports.default.getCurrentUser().bot=true
Object.values(webpackJsonp.push([[],{[''] :(_,e,r)=>{e.cache=r.c}},
[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getCurrentUser!==void
0).exports.default.getCurrentUser().system=true

grafik
Using the System Badge to make funny fake announcements
grafik
Fake Bot badge
grafik
User Pop-Out with Bot badge

Get hidden Channel ID's

Displays the ID's of channel that you can't see without hacks.

All credit to https://github.com/X-x-X-0/discord-js

Object.values(webpackJsonp.push([
    [], {
        ['']: (_, e, r) => {
            e.cache = r.c
        }
    },
    [
        ['']
    ]
]).cache).find(m => m.exports && m.exports.default && m.exports.default.getPrivateChannelIds !== void 0).exports.default.getPrivateChannelIds()

grafik
Example Output of this command

Changing Password

Change the Password of the Account, thats currently logged in.
await fetch("https://discord.com/api/v9/users/@me", {
  "credentials": "include",
  "body": "{\"password\":\"oldpassword\",\"new_password\":\"hackedbyhxr404\"}",
  "method": "PATCH",
});

Add guild features

Enable server features... Replace 'FEATURE' with something like 'PARTNERED' or 'VERIFIED'

)

Unknown Author.

Object.values(webpackJsonp.push([[],{['']:(_,e,r)=>{e.cache=r.c}},[['']]]).cache).find(m=>m.exports&&m.exports.default&&m.exports.default.getGuilds!==void 0).exports.default.getGuild('SERVERID').features.add('FEATURE')

Change Client Color

Changes Your Client Color To Your Likeing.

Unknown Author.

__SECRET_EMOTION__.injectGlobal(`
    * {
--background-primary: #000000;
    --background-secondary: #000000;
--background-secondary-alt: #070707ff;
--background-accent: #252525;
--background-floating: #242424ff;
    --scrollbar-thin-track: #000000;
    --channeltextarea-background: #151515;
    }
`)

The Framework

Click here

The Framework is a new project, wich combines every Console Hack into a single script.
Simply Include the source code (.js file) into your Discord Client (Desktop or Web).
You can either do this by pasting it into your Console (CTRL + SHIFT + I, CTRL + V, ENTER)
Or by adding it as a Userscript. (You need a Browser Extension, for Firefox I recommend Firemonkey)

How it works

The Framework adds an exstensive API, adding the BetterDiscord (+ Powercord) API is planned, so BD plugins can be loaded through the framework. Its similar to a modloader of a game, except for it is preconfigured and all good mods are already installed (Open a PR or issue if you want to merge your mods to mainstream) Its modularized and each module runs seperatetly in its own Block Scope, not like the Old Nitro hack. This should prevent Discord from fixing it, as it no longer depends on hardcoded modifications.

Features:

Screenhots will be added here

History

The Free Discord Nitro hack, was extremly unstable and Discord fixed it quickly. Thats when I started working on the Framework. It was the improved Discord Nitro. It is much more performant, offers better UX and made development way easier. After successfully merging the old Nitro hack, I continued improving Nitro with more features. And then I thought: why only adding default Nitro features? There are much more awesome features that can be useful as well. And since the Framwerork is modularized, it took about 5 Minutes merging the other Console hacks. And like this a new project was born.