2FA Token Syntax Research / FR: Add mfa token to generator

[hxr404]

If somone enables 2FA on their account, the token changes. You can still log in with theses Tokens, like with normal ones.

Here is an example of my alt's Token: (replaced capital letters with A, numbers with 0 and small letter with a)

mfa.AAaAa0a0AaaAAaaaA0A_aAAAaAaAaAAaAAa000aa0AAaa0A-0A0aAAaa0aAAAAaa0aaaAaaAAA0aAa00aaaA and after changing the password: mfa.AaAaaAaAA0aaaAaaAAAaaaaaaaAAaaA0AaaaaaaAaAaAaAaAa0AaAA0aAA0-AaAaAaaAa00AAaA0AaAaaAAA

The 1st and the 2nd token doesn't have anything in common (except. mfa. the length and the fact that they only use certain chars (upper/lower case letters, numbers, - or _) my alt had a verified email and no verified mobile idk if this changes something

Maybe You can figure out how they are generated (could be a hash of a normal token? idk) Thanks

PS Everyone who reads this, dont try to bruteforce the tokens, I deleted the account

[hxr404]

And verifying the Phone does also change the token

[hxr404]

like I said in #13 I forgot closing this issue, I continued my "research" here: https://github.com/hxr404/Discord-Console-hacks#inner-workings-of-discord

mfa tokens are just JWT's with this syntax: "mfa." + HMAC