This project is still under development! You might face some instability issues!
This is in NO way a perfect solution against Discord token grabbers.
But this will protect you against most token grabbers:
- (Most common) LevelDB reading (from the beginning)
- (Less common) Script injection / Discord module tampering (from dev-6)
- (Rare) Memory reading (from dev-8)
Any targeted attack against DiscordTokenProtector can bypass this protection!
DTP is not affiliated with Discord.
DTP is in NO way responsible for what can happen on your Discord account.
Chances of getting terminated using DTP are very low, but please keep in mind that using third-party software is against Discord's TOS.
*Except from YubiKey NEO
Download the lastest release HERE
- Start DiscordTokenProtectorSetup.exe
- Select between Normal and NoStartup installation
- Set it up
- (YubiKey Setup Guide)
- Enjoy!
Here's a little diagram of how it works:
It removes the Local Storage
and Session Storage
directories from %appdata%\Discord
.
These directories can store your Discord token (used to authenticate you).
Most of the grabbers look for your token there. Therefore, by removing these directories you can avoid getting grabbed.
Your Discord token is stored in a secure container encrypted with AES-256.
-
By removing these directories, Discord cannot store any local settings. Meaning that all of your client-specific settings will be removed each time you start Discord. (eg. keybinds, default audio device, ...)
BUT, all of the server-side settings are still saved. (users descriptions, language, dark mode, ...) -
Discord canary might not work properly. These builds don't support handoff login.
-
Again, this is a project in development, and you might face some instabilities (crash, discord not launching, ...). Please report these issues on this repo.
-
Some anti-virus flags DiscordTokenProtector because it can start with Windows and it can inject payload into Discord. These activities are suspicious for AVs. I provided builds without the auto-startup, it reduces the amount of false-flag.
-
DiscordTokenProtector doesn't seem to work well on Windows 7
-
Integrity check hashes are uploaded manually, therefore you might get an error message saying that it's unable to get the hashes. Please open a ticket if it says so!
To compile, it's recommended to use vcpkg for the libraries
You can skip this step if you already have it
git clone https://github.com/microsoft/vcpkg
cd vcpkg
bootstrap-vcpkg.bat -disableMetrics
Start a new cmd as admin in the vcpkg
folder and type:
vcpkg integrate install
Copy and paste this (in the vcpkg directory if you don't have it in the PATH)
vcpkg install imgui:x86-windows-static imgui[glfw-binding]:x86-windows-static imgui[opengl3-binding]:x86-windows-static imgui[glfw-binding]:x86-windows-static imgui[win32-binding]:x86-windows-static nlohmann-json:x86-windows-static cryptopp:x86-windows-static curl[openssl]:x86-windows-static polyhook2:x86-windows-static gl3w:x86-windows-static
This process might take some time as it's building these libraries (for the static link)
git clone https://github.com/andro2157/DiscordTokenProtector
Open DiscordTokenProtector.sln
Everything should be setup, you just need to compile it with the PROD
or PROD-NOSTARTUP
config in x86.
- Download the latest yubico-piv-tool source code here: https://developers.yubico.com/yubico-piv-tool/Releases/
Don't clone from the repo, it won't compile on Windows! - Follow the instructions here to create the project.
- Open the generated .sln file in Visual Studio.
- Open the properties of the
ykpiv
project. - Go to
C++
>Code Generation
, and change theRuntime Library
fromMulti-threaded DLL (/MD)
toMulti-threaded (/MT)
- Compile
- By default, the
PROD-YUBI(-NOSTARTUP)
config will look for the library and the headers inC:\Program Files (x86)\Yubico\Yubico PIV Tool\
(default installation path of the PIV tool). You can move them here or change the path in the DTP project properties.
Note : C++17 is required to compile.
- Discord
- Ocornut for ImGui
- Nlohmann for the JSON lib
- CryptoPP
- Stevemk14ebr for Polyhook v2
- CUrl
- Yubico for YubiKeys and yubico-piv-tool
If you would like to support this project by donating, you can do it through:
- Brave Browser tips
- Crypto (ETH / BSC) 0x6997878c19ab249AEbc523635f09B95b793AfA5D