search

Discord-Oxygen / Discord-Console-hacks

A collection of JavaScript Codes I've made to enhance the User Experience of Discord and some other Discord related stuff
GNU General Public License v3.0
520 stars 114 forks source link

Discord token structure #2

Open SamuelScheit opened 3 years ago

SamuelScheit commented 3 years ago

The second part is just the timestamp when the token was generated encoded as base64

image

hxr404 commented 3 years ago

was really busy yesterday, so I added it tday

nicholaslz commented 2 years ago

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

SamuelScheit commented 2 years ago

@nicholaslz do not try to decode the value as a base64 utf8 string, but as a base64 buffer. Can you send the code?

aiko-chan-ai commented 2 years ago

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

base64 => hex => number => + discord timestamp

mrafieefard commented 2 years ago

Are you

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

base64 => hex => number => + discord timestamp

Are you sure about that cuz i do it . this is my second part of my token GX-tjF but i can't get timestamp

Walkoud commented 1 year ago

@nicholaslz do not try to decode the value as a base64 utf8 string, but as a base64 buffer. Can you send the code?

What is Base64 buffer ? Can you explain ? I couldn't find it on google

PixelatedLagg commented 1 year ago

Using @aiko-chan-ai's decryption idea, I get this from @IamZiroToxic's token:

GX-tjF - Base64url ('-' is an invalid character in normal base64)

197fad8c - Convert to hex

427797900 - Convert to decimal

1721637900 - Add discord epoch (1293840000)

The date represented by this unix timestamp is Jul 22 2024, so something is slightly wrong here. No idea what @Flam3rboy means when they say to "not try to decode the value as a base64 utf8 string, but as a base64 buffer".

hxr404 commented 1 year ago

No idea what @Flam3rboy means when they say to "not try to decode the value as a base64 utf8 string, but as a base64 buffer".

I think he means that you shouldn't try decoding it as a string, but directly as decimal (don't use a character encoding like utf-8/ascii in the raw binary data stored in the decoded buffer, but convert said binary data to decimals right-away.)

It's rather interesting though that the timestamp you obtained is only off by a bit. Usually I'd expect wrong results caused by encoding issues to have a much bigger skew; with wrongfully applied utf-8 (like with ascii) numbers should be off by 48 per digit.

Unfortunately I bricked my PC so I can't check if it works with proper decoding. So until it's assured that the encoding (still) works as described I'll mark this issue as open.

Walkoud commented 1 year ago

So how can i convert directly as decimal ?

idanyas commented 1 year ago

+1 tried base64url -> hex -> decimal -> unix timestamp (decimal + 1293840000)

but the final date is 2025, even though I created it about 10 minutes ago. what am I doing wrong?

casualdegenerate commented 1 year ago

Tried GmlTB0(input) -> Base64(Base64url) -> Integer(Decimal, 32-bit, Big-endian) = 443110151(output) 443,110,151 + 1,293,840,000 = 1,736,950,151 -> UnixConverter = Wed Jan 15 2025 14:09:11 GMT+0000(output) Some reason I'm getting a date further than I could possibly create the token? Or is what's written incorrect? This could be when the token is expired.

re1yu commented 1 year ago

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value.

Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I.

Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

Walkoud commented 1 year ago

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value.

Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I.

Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

You have to ask the Discord team to change their documentation, I recently learned that the ids have evolved and can contain one more digit

re1yu commented 1 year ago

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value. Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I. Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

You have to ask the Discord team to change their documentation, I recently learned that the ids have evolved and can contain one more digit

There's 2 possibilities, The first possibility the second part isn't base64 at all, The second possibility that it's encoded in some what way we still don't know.

Like @aiko-chan-ai said

base64 => hex => number => + discord timestamp

If we reverse it, It would be like this: discord timestamp - => number => hex => base

Maybe I should try converting the number to hex then base64 without using .toString()

aiko-chan-ai commented 1 year ago

you can generate some tokens to test image

POST: https://discord.com/api/v9/auth/handoff Headers: authorization: user token Body: 

{
   "key": "random string bruh",
}

Response

{
   "handoff_token": "fake token",
}

idk what this token does but it can't be used

gentlemenVap commented 1 year ago

I'm noticing that every time i login i get a new token. same id in base64. 6 characters .38 characters ive noticed every token i generate on multiple accounts 6 characters starting with "G" any one else getting that?

HappyFrenchFRI commented 1 year ago

How do you convert the Unix timestamp to the token Epotch?

re1yu commented 1 year ago

How do you convert the Unix timestamp to the token Epotch? @HappyFrenchFRI

You can check my repo and see the second section in the README.md, Unfortunately discord generates it once/twice a week, so yea no way to get the second section unless you have the specific time when it was regenerated or you crack it some what way.

RiyadSteve commented 10 months ago

Hey guys i'm working on a project on discord right now i also came across the same problem with the timestamp DN9r_A , DN9r_A does not appear to be a valid base64-encoded value. Hey @hxr404 wanna join the project? because i'm alone i'm sure we can be friends tho

RiyadSteve commented 10 months ago

Also if anyone having trouble with the timestamp don't worry 2023-08-24 (1)

Sunlitkoreakorea commented 5 months ago

so it is impossible to get the last part?

RiyadSteve commented 5 months ago

Yep, Near-Impossible

Le lun. 22 janv. 2024 à 16:00, Sunlitkoreakorea @.***> a écrit :

so it is impossible to get the last part?

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-1904185294, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQKO4JNOSK43TFQYMALYPZ5HBAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJQGQYTQNJSHE2A . You are receiving this because you commented.Message ID: @.***>

re1yu commented 1 month ago

The second part can't be base64, Or maybe there's a encoding schema before encoding it to base64

RiyadSteve commented 1 month ago

I kinda made the second part

On Tue, May 28, 2024 at 11:02 AM reyu @.***> wrote:

The second part can't be base64, Or maybe there's a encoding schema before encoding it to base64

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2134824921, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQNUZRNLQVBXRCTS3CDZERI2BAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJTGQ4DENBZGIYQ . You are receiving this because you commented.Message ID: @.***>

mrafieefard commented 1 month ago

Can't believe I commented here like 2 years ago So what you got?

RiyadSteve commented 1 month ago

not gonna lie, I made the code script like a year ago in summer, But its basically just turning userid to timestamp and turning it into second part token

On Thu, May 30, 2024 at 10:59 PM Mohammad Rafieefard < @.***> wrote:

Can't believe I commented here like 2 years ago So what you got?

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2140925639, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQJ7KAMZCWDTV2AW5L3ZE6OM5AVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJUGA4TENJWGM4Q . You are receiving this because you commented.Message ID: @.***>

mrafieefard commented 1 month ago

So it's working

RiyadSteve commented 3 weeks ago

Yeah, the problem is that he gave an incorrect discord token so i've decided to test using my own.

On Fri, May 31, 2024 at 5:56 AM Mohammad Rafieefard < @.***> wrote:

So it's working

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2141231693, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQIZWTWV2D6BUB2KE4DZE77GVAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJUGEZDGMJWHEZQ . You are receiving this because you commented.Message ID: @.***>

mrafieefard commented 3 weeks ago

But I think the last part is encrypted with AES or RSA and it is nearly impossible to reverse-engineer it

RiyadSteve commented 3 weeks ago

I agree with you with that, The last part of the token is 98% code-generated so yeah, Its nearly impossible to reverse engineer the last part.

On Tue, Jun 11, 2024 at 12:07 AM Mohammad Rafieefard < @.***> wrote:

But I think the last part is encrypted with AES or RSA and it is nearly impossible to reverse-engineer it

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2159455334, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQPUW3WYXVF656POXH3ZGYWSRAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJVHE2DKNJTGM2A . You are receiving this because you commented.Message ID: @.***>

mrafieefard commented 3 weeks ago

But if you have a nasa pc you can bruteforce it 😂

RiyadSteve commented 2 weeks ago

Lol, Btw i kinda forgot about this whole discord token cracker thing, Why? cuz its boring, Plus its already too late for that, Discord already released 2FA update

On Thu, Jun 13, 2024 at 7:10 PM Mohammad Rafieefard < @.***> wrote:

But if you have a nasa pc you can bruteforce it 😂

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2166476478, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQIQMFS3DD6VDBFFN3LZHHOB5AVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJWGY2DONRUG44A . You are receiving this because you commented.Message ID: @.***>