search

aiko-chan-ai / discord.js-selfbot-v13

An unofficial discord.js fork for creating selfbots
https://discordjs-self-v13.netlify.app
GNU General Public License v3.0
832 stars 172 forks source link

2fa #749

Open Strooss opened 1 year ago

Strooss commented 1 year ago

Which package is the feature request for?

The core library

Feature

add a way to enable 2fa

Ideal solution or implementation

so the abilty to activate 2fa in the account. it can give the user the access code and with that access you can generate the 2fa code and put it and activate it normally.

let accessCode = client.user.getAccessCode();
await client.enable2fa(function(accessCode))

Alternative solutions or implementations

No response

Other context

No response

TheDevYellowy commented 1 year ago

The access code is not given by discord it's given by whatever service you use. So you need to do the following

1) see if the service you use has an api that will give you a code 2) if it does then you would need to code your own function to get the code

Strooss commented 1 year ago

I already coded the function that Crete the 2fa code I'm just stuck with getting the access code

TheDevYellowy commented 1 year ago

I don't think any 2fa apps have public apis for security purposes

You could try and reverse engineer their api and see if you can get it that way

Strooss commented 1 year ago

u don't need any api or application for this. it's just an algorithm and you can create the 2fa code ez with the access code i tested it and it works fine and it enabled the 2fa. I just need a way to get the access code with the a request i don't want to do it manually

Strooss commented 1 year ago

also to correct the access code is given by discord. when you try to enable the 2fa it give you 2 options one is to scan and the other is a code. that code is the access token

TheDevYellowy commented 1 year ago

Ohhhhh, I am currently not home but if someone doesn't give you a response by the time I get home tomorrow I'll take a look at discords api and see if I can get the 2fa token

Strooss commented 1 year ago

Yee thanks. what i want is this the access code

TheDevYellowy commented 1 year ago

From what I can see there is no way to get the access code via the api you would have to do some web scraping to get it

aiko-chan-ai commented 1 year ago

you can only get it when you enable 2fa for the first time (just like you reset bot's token)

Strooss commented 1 year ago

you can only get it when you enable 2fa for the first time (just like you reset bot's token)

and how i can get it?

XielQs commented 9 months ago

Actually you can enable/disable 2FA with node using speakeasy package (or something), here is an example:

const speakeasy = require('speakeasy')
const secret = 'A'.repeat(32) // anything you can want (but it must be 32 char)
const totp = speakeasy.totp({
  secret,
  encoding: 'base32'
})
const response = await axios.post('https://discord.com/api/v9/users/@me/mfa/totp/enable', {
  code: totp,
  secret: secret,
  password: "<DISCORD_PASSWORD>"
}, { headers: { Authorization: '<DISCORD_TOKEN>' } })

HTTP Syntax

POST /api/v9/users/@me/mfa/totp/enable HTTP/1.1
Host: discord.com
Content-Type: application/json
Authorization: <TOKEN>

{
  "code": "<TOTP_CODE>",
  "secret": "<2FA_SECRET_YOU_GENERATED>",
  "password": "<ACCOUNT_PASSWORD>"
}

It returns

{
  "token": "<NEW_DISCORD_TOKEN>",
  "backup_codes": [
    {
      "user_id": "<YOUR_USER_ID>",
      "code": "<BACKUP_CODE>",
      "consumed": false
    },
    ... // it generates 10 backup code
  ]
}

You're old discord token will be invalid after 2FA enabled, if you want to disable it simply just:

POST /api/v9/users/@me/mfa/totp/disable HTTP/1.1
Host: discord.com
Authorization: <TOKEN>

It returns a 401 response like:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
    "message": "Two factor is required for this operation",
    "code": 60003,
    "mfa": {
        "ticket": "<TOKEN_TICKET>",
        "methods": [
            {
                "type": "totp",
                "backup_codes_allowed": true
            },
            {
                "type": "backup" // if you have backup keys or something like that idk
            }
        ]
    }
}

You need TOKEN_TICKET to process, next request is:

POST /api/v9/mfa/finish HTTP/1.1
Host: discord.com
Authorization: <TOKEN>
Content-Type: application/json

{
    "ticket": "<TOKEN_TICKET>",
    "mfa_type": "totp", // or another method you want
    "data": "<TOTP_CODE_or_something>"
}

And it responds with a object, that has a token like

{
    "token": "<JWT_TOKEN>"
}

And last step!

POST /api/v9/users/@me/mfa/totp/disable HTTP/1.1
Host: discord.com
Authorization: <TOKEN>
Content-Type: application/json
X-Discord-Mfa-Authorization: <JWT_TOKEN>

{
    "token": "<TOKEN_TICKET>"
}

And if its successful it returns your discord token like

{
    "token": "<YOUR_NEW_DISCORD_TOKEN>"
}

Note: I did NOT tried the 2FA remove method, but it will probably work, and the adding method seems to work without any problems.

Thats all i got :D