Awesome
Discord Token Protector
Protect your Discord token from malicious grabbers!
For NTTS viewers here's my response to the video
✔️ Works with the latest version of Discord
<p align="center"> <img width="500" src="Assets/DiscordTokenProtectorUI.png"> </p>This project is still under development! You might face some instability issues!
This is in NO way a perfect solution against Discord token grabbers.
But this will protect you against most token grabbers:
- (Most common) LevelDB reading (from the beginning)
- (Less common) Script injection / Discord module tampering (from dev-6)
- (Rare) Memory reading (from dev-8)
Any targeted attack against DiscordTokenProtector can bypass this protection!
✔️Good practices when using DTP
⚠️ Disclaimer
DTP is not affiliated with Discord.
DTP is in NO way responsible for what can happen on your Discord account.
Chances of getting terminated using DTP are very low, but please keep in mind that using third-party software is against Discord's TOS.
Features
✅ Protect your self from most token grabbers
✅ Securely store your Discord token in an encrypted file (YubiKeys* are supported)
✅ Switch easily between multiple accounts
✅ Change your Discord password in one-click
✅ Check the integrity of your Discord installation on launch (BetterDiscord is supported)
✅ Check scripts for known malwares (eg AnarchyGrabber3)
✅ Protect the Discord process from memory reading / code injection
✅ Protect DTP from tampering attacks (protects the process/config from unauthorized users)
*Except from YubiKey NEO
Installation / Update
Download the latest release HERE
- Start DiscordTokenProtectorSetup.exe
- Select between Normal and NoStartup installation
- Set it up
- (YubiKey Setup Guide)
- Enjoy!
What does it do?
Here's a little diagram of how it works:
<p align="center"> <img width="800" src="Assets/how_does_it_work.jpg"> </p>It removes the Local Storage
and Session Storage
directories from %appdata%\Discord
.
These directories can store your Discord token (used to authenticate you).
Most of the grabbers look for your token there. Therefore, by removing these directories you can avoid getting grabbed.
Your Discord token is stored in a secure container encrypted with AES-256.
Some stuff to consider
-
By removing these directories, Discord cannot store any local settings. Meaning that all of your client-specific settings will be removed each time you start Discord. (eg. keybinds, default audio device, ...)
BUT, all of the server-side settings are still saved. (users descriptions, language, dark mode, ...) -
Discord canary might not work properly. These builds don't support handoff login.
-
Again, this is a project in development, and you might face some instabilities (crash, discord not launching, ...). Please report these issues on this repo.
-
Some anti-virus flags DiscordTokenProtector because it can start with Windows and it can inject payload into Discord. These activities are suspicious for AVs. I provided builds without the auto-startup, it reduces the amount of false-flag.
-
DiscordTokenProtector doesn't seem to work well on Windows 7
-
Integrity check hashes are uploaded manually, therefore you might get an error message saying that it's unable to get the hashes. Please open a ticket if it says so!
Compilation
To compile, it's recommended to use vcpkg for the libraries
Step 1: Installing vcpkg
You can skip this step if you already have it
git clone https://github.com/microsoft/vcpkg
cd vcpkg
bootstrap-vcpkg.bat -disableMetrics
Start a new cmd as admin in the vcpkg
folder and type:
vcpkg integrate install
Step 2: Installing the libraries
Copy and paste this (in the vcpkg directory if you don't have it in the PATH)
vcpkg install imgui:x86-windows-static imgui[glfw-binding]:x86-windows-static imgui[opengl3-binding]:x86-windows-static imgui[glfw-binding]:x86-windows-static imgui[win32-binding]:x86-windows-static nlohmann-json:x86-windows-static cryptopp:x86-windows-static curl[openssl]:x86-windows-static polyhook2:x86-windows-static gl3w:x86-windows-static
This process might take some time as it's building these libraries (for the static link)
Step 3: Cloning DiscordTokenProtector
git clone https://github.com/andro2157/DiscordTokenProtector
Step 4: Open the project in VS
Open DiscordTokenProtector.sln
Everything should be setup, you just need to compile it with the PROD
or PROD-NOSTARTUP
config in x86.
(Optional) Step 5: Compile with YubiKey support
- Download the latest yubico-piv-tool source code here: https://developers.yubico.com/yubico-piv-tool/Releases/
Don't clone from the repo, it won't compile on Windows! - Follow the instructions here to create the project.
- Open the generated .sln file in Visual Studio.
- Open the properties of the
ykpiv
project. - Go to
C++
>Code Generation
, and change theRuntime Library
fromMulti-threaded DLL (/MD)
toMulti-threaded (/MT)
- Compile
- By default, the
PROD-YUBI(-NOSTARTUP)
config will look for the library and the headers inC:\Program Files (x86)\Yubico\Yubico PIV Tool\
(default installation path of the PIV tool). You can move them here or change the path in the DTP project properties.
Note : C++17 is required to compile.
Credit
- Discord
- Ocornut for ImGui
- Nlohmann for the JSON lib
- CryptoPP
- Stevemk14ebr for Polyhook v2
- CUrl
- Yubico for YubiKeys and yubico-piv-tool
Donation
If you would like to support this project by donating, you can do it through:
- Brave Browser tips
- Crypto (ETH / BSC) 0x6997878c19ab249AEbc523635f09B95b793AfA5D