Discord token structure

[samuelscheit]

trafficstars

The second part is just the timestamp when the token was generated encoded as base64

[hxr404]

was really busy yesterday, so I added it tday

[nicholaslz]

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

[samuelscheit]

@nicholaslz do not try to decode the value as a base64 utf8 string, but as a base64 buffer. Can you send the code?

[aiko-chan-ai]

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

base64 => hex => number => + discord timestamp

[mrafieefard]

Are you

I tried decoding the second part and I didn't exactly get the value intended. Can anyone help?

base64 => hex => number => + discord timestamp

Are you sure about that cuz i do it . this is my second part of my token GX-tjF but i can't get timestamp

[Walkoud]

@nicholaslz do not try to decode the value as a base64 utf8 string, but as a base64 buffer. Can you send the code?

What is Base64 buffer ? Can you explain ? I couldn't find it on google

[PixelatedLagg]

Using @aiko-chan-ai's decryption idea, I get this from @IamZiroToxic's token:

GX-tjF - Base64url ('-' is an invalid character in normal base64)

197fad8c - Convert to hex

427797900 - Convert to decimal

1721637900 - Add discord epoch (1293840000)

The date represented by this unix timestamp is Jul 22 2024, so something is slightly wrong here. No idea what @Flam3rboy means when they say to "not try to decode the value as a base64 utf8 string, but as a base64 buffer".

[hxr404]

No idea what @Flam3rboy means when they say to "not try to decode the value as a base64 utf8 string, but as a base64 buffer".

I think he means that you shouldn't try decoding it as a string, but directly as decimal (don't use a character encoding like utf-8/ascii in the raw binary data stored in the decoded buffer, but convert said binary data to decimals right-away.)

It's rather interesting though that the timestamp you obtained is only off by a bit. Usually I'd expect wrong results caused by encoding issues to have a much bigger skew; with wrongfully applied utf-8 (like with ascii) numbers should be off by 48 per digit.

Unfortunately I bricked my PC so I can't check if it works with proper decoding. So until it's assured that the encoding (still) works as described I'll mark this issue as open.

[Walkoud]

So how can i convert directly as decimal ?

[idanyas]

+1 tried base64url -> hex -> decimal -> unix timestamp (decimal + 1293840000)

but the final date is 2025, even though I created it about 10 minutes ago. what am I doing wrong?

[casualdegenerate]

Tried GmlTB0(input) -> Base64(Base64url) -> Integer(Decimal, 32-bit, Big-endian) = 443110151(output) 443,110,151 + 1,293,840,000 = 1,736,950,151 -> UnixConverter = Wed Jan 15 2025 14:09:11 GMT+0000(output) Some reason I'm getting a date further than I could possibly create the token? Or is what's written incorrect? This could be when the token is expired.

[v2ny]

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value.

Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I.

Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

[Walkoud]

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value.

Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I.

Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

You have to ask the Discord team to change their documentation, I recently learned that the ids have evolved and can contain one more digit

[v2ny]

For some reason if I try re-encode the decoded base64 215968764 it doesn't go back like it was, Tried to directly encode it from decimal to base64 & base64url didn't work. I'm trying to reverse the way I got to the last thing, When I tried to encode it, It's a different value. Let's take an example; The second part of a dummy account's token G0N03I, When I get when the account was created from here and I follow this way which I found it working for every account no single idea why "Add 15 days and subtract 36 from when the account was created" it gives me the correct timestamp then I subtract it from 1293840000 divided by 1000 to remove the last 3 zeros. I get the decoded value of the second part which is 1495196146 and I go to this website and use it to convert it to readable date I get the same as here. Now every thing is same. When I try to encode the value to base64, This is what I get MTQ5NTE5NjE0Ng instead of G0N03I. Probably discord changed it or something is missing, Sorry if I have a lot of grammar issues, It's 2:04am in my country and I've been awake for 17 hours.

You have to ask the Discord team to change their documentation, I recently learned that the ids have evolved and can contain one more digit

There's 2 possibilities, The first possibility the second part isn't base64 at all, The second possibility that it's encoded in some what way we still don't know.

Like @aiko-chan-ai said

base64 => hex => number => + discord timestamp

If we reverse it, It would be like this: discord timestamp - => number => hex => base

Maybe I should try converting the number to hex then base64 without using .toString()

[aiko-chan-ai]

you can generate some tokens to test

POST: https://discord.com/api/v9/auth/handoff Headers: authorization: user token Body:

{
   "key": "random string bruh",
}

Response

{
   "handoff_token": "fake token",
}

idk what this token does but it can't be used

[gentlemenVap]

I'm noticing that every time i login i get a new token. same id in base64. 6 characters *.38 characters *ive noticed every token i generate on multiple accounts 6 characters starting with "G" any one else getting that?

[HappyFrenchFRI]

How do you convert the Unix timestamp to the token Epotch?

[v2ny]

How do you convert the Unix timestamp to the token Epotch? @HappyFrenchFRI

You can check my repo and see the second section in the README.md, Unfortunately discord generates it once/twice a week, so yea no way to get the second section unless you have the specific time when it was regenerated or you crack it some what way.

[RiyadSteve]

Hey guys i'm working on a project on discord right now i also came across the same problem with the timestamp DN9r_A , DN9r_A does not appear to be a valid base64-encoded value. Hey @hxr404 wanna join the project? because i'm alone i'm sure we can be friends tho

[RiyadSteve]

Also if anyone having trouble with the timestamp don't worry

[Sunlitkoreakorea]

so it is impossible to get the last part?

[RiyadSteve]

Yep, Near-Impossible

Le lun. 22 janv. 2024 à 16:00, Sunlitkoreakorea @.***> a écrit :

so it is impossible to get the last part?

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-1904185294, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQKO4JNOSK43TFQYMALYPZ5HBAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJQGQYTQNJSHE2A . You are receiving this because you commented.Message ID: @.***>

[v2ny]

The second part can't be base64, Or maybe there's a encoding schema before encoding it to base64

[RiyadSteve]

I kinda made the second part

On Tue, May 28, 2024 at 11:02 AM reyu @.***> wrote:

The second part can't be base64, Or maybe there's a encoding schema before encoding it to base64

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2134824921, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQNUZRNLQVBXRCTS3CDZERI2BAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJTGQ4DENBZGIYQ . You are receiving this because you commented.Message ID: @.***>

[mrafieefard]

Can't believe I commented here like 2 years ago So what you got?

[RiyadSteve]

not gonna lie, I made the code script like a year ago in summer, But its basically just turning userid to timestamp and turning it into second part token

On Thu, May 30, 2024 at 10:59 PM Mohammad Rafieefard < @.***> wrote:

Can't believe I commented here like 2 years ago So what you got?

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2140925639, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQJ7KAMZCWDTV2AW5L3ZE6OM5AVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJUGA4TENJWGM4Q . You are receiving this because you commented.Message ID: @.***>

[mrafieefard]

So it's working

[RiyadSteve]

Yeah, the problem is that he gave an incorrect discord token so i've decided to test using my own.

On Fri, May 31, 2024 at 5:56 AM Mohammad Rafieefard < @.***> wrote:

So it's working

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2141231693, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQIZWTWV2D6BUB2KE4DZE77GVAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJUGEZDGMJWHEZQ . You are receiving this because you commented.Message ID: @.***>

[mrafieefard]

But I think the last part is encrypted with AES or RSA and it is nearly impossible to reverse-engineer it

[RiyadSteve]

I agree with you with that, The last part of the token is 98% code-generated so yeah, Its nearly impossible to reverse engineer the last part.

On Tue, Jun 11, 2024 at 12:07 AM Mohammad Rafieefard < @.***> wrote:

But I think the last part is encrypted with AES or RSA and it is nearly impossible to reverse-engineer it

— Reply to this email directly, view it on GitHub https://github.com/Discord-Oxygen/Discord-Console-hacks/issues/2#issuecomment-2159455334, or unsubscribe https://github.com/notifications/unsubscribe-auth/A25KGQPUW3WYXVF656POXH3ZGYWSRAVCNFSM46GENYD2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJVHE2DKNJTGM2A . You are receiving this because you commented.Message ID: @.***>