Comments (4)
Hi thank you for the constructive feedback.
-
To be honest, I didn't look much into this new encryption, but as it doesn't require any password to derivate the key, I'm not surprised that it's easy to decrypt it. When I added that message, it mainly targeted the short term with skid grabbers that can barely scrape the leveldb.
DTP adds a few other levels of protection as stated on the readme: removing the leveldb database, integrity check & process protection. -
Few things to note about DTP's self-protection.
-
When DTP is running, it'll lock every file related to it (config, encrypted container, etc). The only way to edit/remove them is to kill DTP. And there's probably a way to read them, but not natively (Windows should block you from reading). This is why every user should keep DTP running in the background even when Discord is closed.
-
The last update moved some configs (related to the integrity check) to the encrypted container, to avoid their tamper.
-
DTP will try to protect itself and the Discord process using the same trick: removing the privilege to access the process for every user. However, there is a limit: any process with administrative privilege can bypass this protection and therefore can kill DTP, and read Discord's memory. To counter that the only way I see is to go to the kernel, but I feel like this a way too overkill method for a token protector...
Most "anti-protection" that I saw were just pathetic attempts to get UAC and kill/remove DTP with admin privilege. I can't do much about this, user education is probably the most that can be done.
And yes, I'm aware that a very targeted attack on DTP could leak the container encryption key/token (mitm/some hook maybe) / etc. But again, this is a cat and mouse game like cheaters vs anticheat devs. And from what I saw, most grabber developers are just skid who don't know much about what they're doing, so I don't know if that last point is a big concern.. (using vmp to obfuscate DTP should prevent some attacks)
Currently, I have some stuff planned to make DTP work with the latest Discord update. But the main problem currently is that I don't have the time to maintain this project.
Feel free to fork DTP and add some stuff, though the code base is a bit messy lol
If you want to contact me, send me a DM on telegram: https://t.me/andro2424
from discordtokenprotector.
Dealt with over telegram.
from discordtokenprotector.
- fuck the template lol
- "This will protect every users from LevelDB reading grabbers" - not at all. I already figured out how to decrypt the new encryption which is currently on canary and on some main clients. Lucky you I'm not a moron that grabs tokens. Keep messing with the leveldb if you want to keep users actually secure
- A config that every program can just rewrite... really? I get development is hard but I'm sure you can do better. This "Token Protector" is super easy to bypass & destroy
While I realize that does indeed sound fairly negative, my intentions are good and I'd love to talk with you somewhere, discord or whatever platform you prefer, to make this tool better and especially actually secure people against leveldb grabs bc discord failed really hard on that one. It took me a solid 15 minutes to get that decrypted. lmk if & where you'd like to talk about this further. Discord completely ignored me when I told them (in an actual professional way unlike here) that their new code sucks ass
who the fuck are you and why are you every fucking where lmao idk u
from discordtokenprotector.
- fuck the template lol
- "This will protect every users from LevelDB reading grabbers" - not at all. I already figured out how to decrypt the new encryption which is currently on canary and on some main clients. Lucky you I'm not a moron that grabs tokens. Keep messing with the leveldb if you want to keep users actually secure
- A config that every program can just rewrite... really? I get development is hard but I'm sure you can do better. This "Token Protector" is super easy to bypass & destroy
While I realize that does indeed sound fairly negative, my intentions are good and I'd love to talk with you somewhere, discord or whatever platform you prefer, to make this tool better and especially actually secure people against leveldb grabs bc discord failed really hard on that one. It took me a solid 15 minutes to get that decrypted. lmk if & where you'd like to talk about this further. Discord completely ignored me when I told them (in an actual professional way unlike here) that their new code sucks ass
who the fuck are you and why are you every fucking where lmao idk u
how about you just click on my profile to find out?
from discordtokenprotector.
Related Issues (20)
- Bug detection token HOT 1
- Better Discord Changes core init script HOT 4
- App Crash causes unremovable tray icon HOT 1
- Suggestion for further 2FA methods HOT 1
- Why is there a crypto miner? HOT 4
- why it show me this every time and also reset my settings HOT 3
- Software does not start.
- it just stopped, nothing work.
- Hello From No Text To Speech! HOT 13
- Shown in No Text To Speech's video HOT 5
- Make Sigma 5.1💯
- [SUGGESTION] Block scams links HOT 5
- make sigma 5.1(no joke lol) HOT 2
- NO WAY HOT 2
- [Suggestion] Program Hardening HOT 1
- Compilation failure due to PolyHook 2 dependency HOT 1
- lmao didn't u make sigma? HOT 3
- the account switcher is empty
- Support for Discord Development
- Handoff on canary.discord
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discordtokenprotector.