Risky actions #66
Comments
|
bot.joinGuild 100% disables your account. I have tried it on multiple tokens. arandomnewaccount: |
|
I cloned discum and used it directly and bot.joinGuild still locks my account at first try. arandomnewaccount: |
|
something I noticed about discord is that joining a server when the account is too new will get you phonelocked even if you use the discord client, you might want to factor that in when using bot.joinGuild arandomnewaccount: |
|
In my experience, guildJoin (also guild creation) action(s) only disable the account when the Token was also generated by the bot. If I manually register an account, and join a guild programmatically, then it doesn't disable that account. |
|
bot.createDM 100% phone locks your token |
|
How to "adequately wait" between createDM requests? In REST API I tried 10 seconds and random between 5 and 10 seconds, in both cases I get banned after second created DM |
|
for me i got locked after 1dm |
Have you tried various delays? Did you find something suitable? |
|
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm |
can you please share example of headers, cloudfare cookies etc? |
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
"headers": {
"referer":"https://discord.com/channels/@me/916406548220248124"
"host":"discord.com",
"origin": "https://discord.com",
"accept": "*/*",
"accept-language": "en-GB",
"authorization": "*censored*",
"content-type": "application/json",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-debug-options": "bugReporterEnabled",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
"x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==",
"x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
"cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
},
"body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
"method": "POST",
});If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made |
that's to send a message in a dm to someone you already dmed not to create a dm |
Thank you! |
|
Btw how can I set the cookie? |
|
I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words |
Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected. |
Here is how you can get these values, code is ass but it works. The You can use the same X-Superproperties header as me, its just a base64 encoded json containing data from the user agent mostly import requests
def cloudflare_cookies():
r = requests.get("https://discord.com")
z = r.cookies.get_dict()
cookies = ""
for c in z:
cookies = cookies + c + "=" + r.cookies[c] + "; " # ugly af but idk shit about python formatting
print(cookies + "locale=us") #just return this value
def get_fingerprint():
r = requests.get("https://discord.com/api/v9/experiments")
print(r.json().get('fingerprint')) #just return this value
cloudflare_cookies()
get_fingerprint() |
|
I used all headers you gave including cookies and fingerprint, and when I try to join to server or create dm, it just throws 403 Forbidden. |
|
And seems like your function for getting cookie doesn't work, it returns empty cookie. arandomnewaccount: haven't added captcha support, that'll come in later you can try out the development branch: https://github.com/Merubokkusu/Discord-S.C.U.M/tree/development edit: pushed the changes the master branch. Let me know if you run into issues. |
You shouldn‘t use always the same fingerprint and the same cookies.. send their api/v9/experiments a request and obtain the needed stuff for every request arandomnewaccount: |
"x-super-properties" is a base64 encoded json string: {"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}*im used base64decode.org to decode it |
You can easily use the built-in base64 module in python for encoding decoding base64 stuff |
I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message? and how do we build up the information we need to make the message to a specific user id? |
POST /users/@me/channels. use devtools |
and others
Here's a compiled list of all the risky functions and actions that have been found along with their relevant issues. We will be updating this list as more risky actions come to our attention. Doing the following have a high change of phone-locking/disabling your account:
And, of course, for most endpoints, abusing the REST api (not waiting adequately between requests) can get your account phone-locked/disabled. Ideally, try not to get rate limited in the first place.
edit: b5a92ca updates the headers and cookies - was able to join a guild and dm a user right after from 2 accounts (1 new and another 1-week-aged). Try reinstalling and seeing how it goes.
Note: don't set suspicious user agents. If you set a good user agent, discum should join (non massive guilds), dm, etc smoothly.
The text was updated successfully, but these errors were encountered: