Merge pull request #1 from andro2157/dev

Password changer

Author: andro2157

DiscordTokenProtector/Context.h

@@ -67,7 +67,7 @@ class Context {
 	inline void initTokenState() {
 		auto discoverToken = [this](bool hwid = false) {
 			secure_string token = Discord::getStoredToken(true);
-			if (token.empty() || Discord::getUserInfo(token).empty()) {//TODO invalid token message
+			if (token.empty() || Discord::getUserInfo(token).id.empty()) {//TODO invalid token message
 				this->state = hwid ? State::InvalidHWID : State::NoToken;
 			}
 			else if (hwid) {
@@ -87,7 +87,7 @@ class Context {
 
 		if (encryptionType_cache == EncryptionType::HWID) {
 			secure_string token = g_secureKV->read("token", HWID_kd);
-			if (token.empty() || Discord::getUserInfo(token).empty()) {
+			if (token.empty() || Discord::getUserInfo(token).id.empty()) {
 				discoverToken(true);
 			}
 			else {

DiscordTokenProtector/Crypto/CryptoUtils.h

@@ -1,6 +1,7 @@
 #pragma once
 #include "../Includes.h"
 #include <cryptopp/hex.h>
+#include <cryptopp/osrng.h>
 
 enum class EncryptionType {
 	HWID,
@@ -24,6 +25,23 @@ struct KeyData {
 static const KeyData HWID_kd({ EncryptionType::HWID, CryptoPP::SecByteBlock(), CryptoPP::SecByteBlock() });
 
 namespace CryptoUtils {
+	constexpr auto ALPHANUM = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	constexpr auto ALPHANUM_LEN = 26 * 2 + 10;
+
+	inline secure_string secureRandomString(size_t len, const char* charRange = ALPHANUM, size_t charRangeLen = ALPHANUM_LEN) {
+		using namespace CryptoPP;
+
+		secure_string output;
+		output.reserve(len);
+
+		AutoSeededRandomPool rng;
+
+		for (size_t i = 0; i < len; i++) {
+			output.push_back(ALPHANUM[rng.GenerateByte() % ALPHANUM_LEN]);
+		}
+
+		return output;
+	}
 	inline std::string toHex(const std::string& in) {
 		using namespace CryptoPP;
 

DiscordTokenProtector/Discord.cpp

@@ -339,7 +339,7 @@ WORD Discord::getDiscordRPCPort() {
 	WORD workingPort = 0;
 	for (WORD port = 6463; port <= 6472; port++) {
 		try {
-			std::string out;
+			secure_string out;
 			cURL_get(sf() << "http://127.0.0.1:" << port, nullptr, out);
 			json outJson = json::parse(out);
 			if (outJson["code"].get<int>() == 0 && outJson["message"].get<std::string>() == "Not Found") {
@@ -366,8 +366,8 @@ bool Discord::AcceptHandoff(const std::string& port, const std::string& key, con
 		json handoffData;
 		handoffData["key"] = key;
 
-		std::string handoffToken;
-		cURL_post("https://discord.com/api/v8/auth/handoff", chunk, handoffData.dump(), handoffToken);
+		secure_string handoffToken;
+		cURL_post("https://discord.com/api/v8/auth/handoff", chunk, handoffData.dump().c_str(), handoffToken);
 		handoffToken = json::parse(handoffToken)["handoff_token"].get<std::string>();
 
 		chunk = NULL;//Gets freed in cURL_post
@@ -381,8 +381,8 @@ bool Discord::AcceptHandoff(const std::string& port, const std::string& key, con
 		handoffData["args"]["handoffToken"] = handoffToken;
 		handoffData["nonce"] = getRandomUUID();
 
-		std::string handoffRPCOut;
-		cURL_post("http://127.0.0.1:" + port + "/rpc?v=1", chunk, handoffData.dump(), handoffRPCOut);
+		secure_string handoffRPCOut;
+		cURL_post("http://127.0.0.1:" + port + "/rpc?v=1", chunk, handoffData.dump().c_str(), handoffRPCOut);
 		json rpcResp = json::parse(handoffRPCOut);
 		if (rpcResp.contains("code") && rpcResp.contains("message")) {//Error!
 			throw std::runtime_error(sf() << "Error " << rpcResp["code"].get<int>() << " : " << rpcResp["message"].get<std::string>());
@@ -397,30 +397,35 @@ bool Discord::AcceptHandoff(const std::string& port, const std::string& key, con
 	return true;
 }
 
-std::string Discord::getUserInfo(const secure_string& token) {
+DiscordUserInfo Discord::getUserInfo(const secure_string& token) {
 	using nlohmann::json;
 
 	try {
 		struct curl_slist* chunk = NULL;
 		chunk = curl_slist_append(chunk, ("Authorization: " + token).c_str());
 		chunk = curl_slist_append(chunk, "Content-Type: application/json");
 
-		std::string userinfo;
+		secure_string userinfo;
 		cURL_get("https://discordapp.com/api/v6/users/@me", chunk, userinfo);
 
 		json userinfoJSON = json::parse(userinfo);
 
 		if (userinfoJSON.contains("message"))
 			throw std::runtime_error(userinfoJSON["message"].get<std::string>());
 
-		return sf() << userinfoJSON["username"].get<std::string>() << "#" << userinfoJSON["discriminator"].get<std::string>()
-			<< " (" << userinfoJSON["id"].get<std::string>() << ")";
+		return {
+			userinfoJSON["username"].get<std::string>() + "#" + userinfoJSON["discriminator"].get<std::string>(),
+			userinfoJSON["username"].get<std::string>(),
+			userinfoJSON["discriminator"].get<std::string>(),
+			userinfoJSON["id"].get<std::string>(),
+			userinfoJSON["mfa_enabled"].get<bool>()
+		};
 	}
 	catch (const std::exception& e) {
 		g_logger.error(sf() << "Failed getUserInfo : " << e.what());
 	}
 
-	return std::string();
+	return DiscordUserInfo();
 }
 
 secure_string Discord::getStoredToken(bool verify) {
@@ -450,7 +455,7 @@ secure_string Discord::getStoredToken(bool verify) {
 							secure_string match(matches[1].str());
 							if (results.find(match) == results.end()) {//A new token! let's add it to the list
 								if (std::find(invalids.begin(), invalids.end(), match) == invalids.end()) {//If not invalid
-									if (verify && getUserInfo(match).empty())
+									if (verify && getUserInfo(match).id.empty())
 										invalids.push_back(match);
 									else
 										results.insert({ match, 1 });
@@ -480,6 +485,102 @@ secure_string Discord::getStoredToken(bool verify) {
 	return "";
 }
 
+bool Discord::changePassword(
+	const secure_string& token,
+	const secure_string& currentPassword,
+	const secure_string& newPassword,
+	const secure_string& mfaCode,
+	secure_string& error) {
+
+	secure_string patchData;//We're avoiding the json lib to not keep the data in memory
+
+	auto jsonEscape = [](const secure_string& data) {
+		secure_string out;
+		out.reserve(data.size());
+
+		for (const char c : data) {
+			switch (c) {
+			case '\b': out += "\\b"; break;
+			case '\f': out += "\\f"; break;
+			case '\n': out += "\\n"; break;
+			case '\r': out += "\\r"; break;
+			case '\t': out += "\\t"; break;
+			case '\"': out += "\\\""; break;
+			case '\\': out += "\\\\"; break;
+			default: out += c;  break;
+			}
+		}
+
+		return out;
+	};
+
+	patchData += "{\"password\":\"" + jsonEscape(currentPassword) +
+		"\",\"new_password\":\"" + jsonEscape(newPassword) + "\"";
+
+	if (!mfaCode.empty()) {
+		patchData += ",\"code\":\"" + jsonEscape(mfaCode) + "\"";
+	}
+
+	patchData += "}";
+
+	try {
+		struct curl_slist* chunk = NULL;
+		chunk = curl_slist_append(chunk, ("Authorization: " + token).c_str());
+		chunk = curl_slist_append(chunk, "Content-Type: application/json");
+		chunk = curl_slist_append(chunk, "Accept-Language: en-US");
+
+		secure_string output;
+		cURL_post("https://discord.com/api/v9/users/@me", chunk, patchData, output, "PATCH");
+
+		//To avoid using json or regex (insecure)
+		auto getStringKey = [](const secure_string& data, secure_string key) {
+			key = "\"" + key + "\": \"";
+			size_t pos = data.find(key);
+			if (pos == secure_string::npos) return secure_string();
+
+			size_t endPos = pos + key.size();
+			while (true) {
+				endPos = data.find("\"", endPos);
+				if (endPos == secure_string::npos) return secure_string();
+				if (data[endPos - 1] == '\\') {
+					++endPos;
+					continue;
+				}
+				break;
+			}
+
+			return data.substr(pos + key.size(), endPos - pos - key.size());
+		};
+
+		//Requires 2FA!
+		if (auto pos = output.find("\"code\": 60008"); pos != secure_string::npos) {
+			error = "2FA";
+			return false;
+		}
+
+		//Other errors
+		if (secure_string message = getStringKey(output, "message"); !message.empty()) {
+			error = message;
+			return false;
+		}
+
+		//Success!
+		if (secure_string token = getStringKey(output, "token"); !token.empty()) {
+			error = token;
+			return true;
+		}
+
+		//Unknown error
+		error = "Unknown error";
+		return false;
+	}
+	catch (std::exception& e) {
+		g_logger.error(sf() << "Failed changePassword : " << e.what());
+		error = e.what();
+		return false;
+	}
+}
+
 //Credit : https://guidedhacking.com/threads/how-to-pass-multiple-arguments-with-createremotethread-to-injected-dll.15373/
 
 uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)

DiscordTokenProtector/Discord.h

@@ -10,6 +10,15 @@ enum class DiscordType {
 	DiscordCanary
 };
 
+//No need to store more info
+struct DiscordUserInfo {
+	std::string fullUsername = "";//username#discriminator
+	std::string username = "";
+	std::string discriminator = "";
+	std::string id = "";
+	bool mfa = false;
+};
+
 class Discord {
 private:
 	typedef LONG(NTAPI* NtResumeProcess)(HANDLE ProcessHandle);
@@ -36,8 +45,16 @@ class Discord {
 
 	static WORD getDiscordRPCPort();
 	static bool AcceptHandoff(const std::string& port, const std::string& key, const secure_string& token);
-	static std::string getUserInfo(const secure_string& token);
+	static DiscordUserInfo getUserInfo(const secure_string& token);
 	static secure_string getStoredToken(bool verify);
+
+	//error = token if it is successfull
+	static bool changePassword(
+		const secure_string& token,
+		const secure_string& currentPassword,
+		const secure_string& newPassword,
+		const secure_string& mfaCode,
+		secure_string& error);
 private:
 	static std::wstring getLocal();
 	static std::vector<DWORD> getProcessIDbyName(std::wstring process_name);

DiscordTokenProtector/Includes.h

@@ -24,7 +24,7 @@ __forceinline void FATALERROR_STR(std::string str) {
 	FATALERROR(str.c_str());
 }
 
-#define VER "dev-4"
+#define VER "dev-5"
 
 //The autostart gets flagged by some AV haha
 //#define DISABLE_AUTOSTART