The best part is that even if they had rolled a valid gift code by dumb luck, it wouldn't have detected it. There's a typo in the API call ("entitelemnts" instead of "entitlements") which will always return a 404.
what also fascinates me is HOW theyre generating them. the odds that a fully random string of letters is a nitro code is so unholily low, that if they were to put a minutes research in to see how nitro codes are compiled and try and systematically generate random codes, they would atleast have a chance at getting one.
@@ikyyntts7807 if the code is 6 letters long and it can be a combination of letters and numbers that would be 6 to the power of 12 more or less. It is very unlikely to say the least.
@@ikyyntts7807 I think these guys are in the range of being juuuuussssttt smart enough to write a scammy brute force code but just dumb enough to not put in any more effort in figuring out codes
@@fog- ah right, just an insight, apologies. but you could have also ACTUALLY utilised threading to have one thread continually generate codes and throw them into a pool, have a thread or two checking the codes. or something like that, either way the guy who made this one clearly doesn't have a clue what he's doing
I seriously think that ONLY underage discord users fall for nitro generators. Also, I still cant believe that such low human beings exist, USING kids that don't know anything to get nitro. What a disappointment.
Yeah… I once downloaded one and it was an exe, but it is on my phone. And it came up with nsfw pop ups but I didn’t click any of them. Then I downloaded malwarebytes and they got rid of it lol. It was back in 2020 I believe . But I’m 13+ now since my bday was months ago, joined discord in 2018 but probably earlier since I had another acc
This script is memory heavy (file writing) so if they would implement threading it wouldn't be great as threading is for I/O tasks (like API requests but without mass file open, writing, closing) for these memory heavy tasks they should use multiprocessing where a process on each CPU is spawned. However i assume that they are too stupid to understand multiprocessing, they also could use threading with the queue function and not directly writing to file.
@@electricz3045 It would definitely still have a performance benefit. I think you can spawn as many threads as your CPU supports without any performance hitch so at some point the threads would theoretically spawn on separate cores and max out the performance. Also, while sockets operate more internally (memory) for Windows, they are file-based I/O on Unix based systems (i.e. FreeBSD, macOS, Linux). Nevertheless, randomly generating a string based on random numbers seeded by time (standard random generator) is going to be wholly inefficient as it won't come near to producing similar results as a more complex cryptographically safe algorithm.
This is honestly hilarious, I can't not imagine the thought process : "Hey let's bruteforce nitro links. But we'll make gullible kids do it for us instead." Genuinely a modern supervillain, I love it lmao
as a python programmer myself it's genuinely so funny to see a person try to encrypt their code only for it to be decrypted by a person who doesn't even code (much i think) hilarious. i want more of these videos.
@@SpaceKebab It's incredibly over-exaggerated on how hard it is to learn tbh, you just gotta get used to stupidly named functions and stupid symbols like >
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Hey No Text To Speech, I'm a big fan of your RUclips channel. I love your informative and entertaining videos about Discord and other social media platforms. I'm also impressed by your commitment to helping people avoid scams and stay safe online. Keep up the great work! Sincerely, Bard
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
it has two steps: first code is just encoded junk filled with comments, he decodes and gets to actual code. then, second code just takes a random guests to find a random nitro gifts. they verify the gift code and if it actually works, it will sent to programmer instead it uses your computer as nitro code miner
i love how they spend all this effort cloaking the code in like 3 layers as if anybody who will actually fall for the scam is going to look closely at the code
The method they're using technically does work, but only for the first few times you try the request. After that you'll get rate limited to hell and back, and sending even more requests (say, 999995 of them) might actually get your IP banned from Discord altogether.
its a situation where you lose no matter what. 1: you dont get a working code. 2: you get a working code, it is traced back to you. 3: its detected as a ddos, literally banning you from the website if the ip is found.
ive sent like 3000 requests to discord before, you dont get banned you just get heavily rate limited (which, if you think about it, is basically a temporary ip ban)
this is like the guy from Willy Wonka making his workers find a golden ticket from millions of chocolate bars and they can't even keep it for themselves
Although you said the process was easy, the fact that you de-compiled all that code to prove why these "nitro generators" are scams is commendable. There definitely needs to be more awareness about said scams, as the phrase "don't accept random links from strangers" unfortunately isn't common knowledge...or not enough people care to double-check. Either way, feel free to keep making these kinds of videos; I'm gonna need this information at some point o-o _/ /
Btw in terms of this crypted code, that is pyarmor obfuscator and in some point in time it has all the code in string so i just run this in pycharm community with debug points at last lines and go line by line until it has a variable with the text It could also be rewritten a little to just spit out plain decoded text when ran
Theoretically, if this DOES actually get a few valid ones and sends it to the random skiddies, you could tweak the code a bit and actually send it to your own webhook, basically giving you an actual free nitro generator.
@@racapadexxa_ it does, it validates it through discords api until it finds a valid gift so yes you can just make it send to you instead of the webhook
Roockie mistake that verification system to the gift codes will just be timed out after like 5 tries. They should use some way to mask the ip. Also this type of system of brute force can run for a full year without find anything. Anyways great video!
I've heard of hackers getting bitcoin by hacking a computer, but never heard of someone mining for a Nitro gift by making kids find the gifts for them.
"this is basic obfuscation", once you sit in the ghex editor and a bunch of shit to just try to find something wrong in a NES game. That said, nice video.
Fun Fact: In Python, to add a note you need to add # or #[space] (can vary I think idk I’m new to Python) to create a note which doesn’t count as code which means the code shown at 2:02 is probably fake. Oof I messed up the spelling of “space” Also uhh a lot of the “[name]=“ stuff and “[“[int]/[value]”]” are just variable text. IGNORE THIS COMMENT AS I MAY BE WRONG!
These generators generate 16-character long links out of 60 possible characters. That's 60^16 possible links. That's 2,8 x 10^28 different codes. So if you have a server with 10000 users who all generate 100000 codes, that means the number is now 2,8 x 10^19. The likelyhood that you manage to get a real code is so tiny. But I do still think Discord could increase this by making the links 32 characters. Because while the likelyhood is already small, it's not small enough for these people. Making it 32 characters long, makes it so small that it's not even worth even trying.
That would be the case if there was only one code. Of cource there is way more but still, it will be extremly rare for someone to hit the jackpot and get nitro for free
Nice explain, Shit like this happen really often and... Sometimes they send a software. I analysed it with the fantastic linux ubuntu terminal (i didn't decoded it cause i wanted to have some stuff like the pyinstaller), and it litteraly the same as this shit but in a software with a virus that litteraly take your discord token from your discord application. Well cya stay safe!
I like how this technically isn't really a scam. As in, it won't steal your token, join servers for you or something like that. In theory this can work although chances are probably very very small
its still a scam, just stealing your computers processing power to generate random nitro links. and spamming discords api in your name. it wouldn't be a scam if it gave you the code if it did find it, but it doesn't it just gives it to the programmer
8:05 OK but this does mean that if someone was really desperate for free nitro, they could rewrite the code to NOT send the valid codes to the webhook and instead have it print them. I know what I must do.
Well in this case, whoever 'developed' the program sucks at encrypting it and you can directly tell what cipher it is from the code. Everything else is basic python with a questionable generation method
absolute unnecessary bullshit, just change the exec, eval to print and the code will print out without going through any of these crap, interpreted python is a hot piece of garbage in terms of security
I love videos like this because it takes away this façade hackers have, that they are some type of coding god or mastermind, but in reality its just garbage code packaged in a different way.
I really love how satisfying it is to bruteforce poorly obfuscated code, i once did that with one of the exploits and it was poorly obfuscated that most of obfuscation was redirecting to unobfuscated source code. It's honestly funny seeing how their obfuscation just miserably fails and ends up exposing source code. Also, I'm pretty sure everyone know that you would never run something that's obfuscated so, it makes it even funnier.
if you de-obfuscated it, couldn't you just remove the bit where it asks discord's api "Is this code legit" and treat EVERY code it generates as legit, such that they receive a bunch of useless links?
@@declan_youtube actually we have, you know if you have access to the webhook link you can send anything you want into it. You can do this by coding a script or by using tools like discohook
You could also just replace the last 'eval(compile(...))' with a print. Then running the code in replit would have it print out the deobfuscated version.
You must be new here, we don't take simple or easy way here we only use 500 websites and spread false news about coding since he doesn't know one thing he claims and has nothing to back him up
man these nitro generators are absolutely hilarious By the by, some knowledge of ROT13 for the curious: ROT13 is not computer encoding but a _cipher._ If anyone here knows Caesar Cipher, it's that basically. For the uninitiated: It's an "encoding" where each letter is shifted a number of letters up or down. Take the case of the letter E, which is the fifth letter. If we say "shift three up", that means we need to find the third letter _after_ it, which is H. If we say "shift two down", that's the second letter _before_ it, which is C. ROT13 is a special form of these ciphers, since the ROT13 makes you find the thirteenth letter after it... which is also the thirteenth letter before it. That's because there are 26 letters in the alphabet, so you only need to find the letter of the ciphered letter's mirror position. (Example, if the ciphered letter is A, then the decoded letter is Z.)
if you edit the code, you could theoretically make it send it to yourself for free nitro 😎 they just gave you the code to get started, so they are not lying, just as long as you know how to code
Sheeesh this man is really good on explaining stuff with code, bruv make like a whole 30 min video about smth that is normal if you scripted it(planned it) cuz it is very not boring
Wait, so technically couldn’t you change the code and make it so you get the nitro? Update: I got it to work if you replace the webhook url with one of your own
@@universoul8929 Do not say it is mathematically impossible when it is not. Math can NOT calculate luck. On average, it would take more than hundreds of times the age off the entire universe, but it's also possible for you to get 20 codes in a minute, it's just that the probability is astronomically low.
the even bigger problem is that Discord did nothing to gives users more so that less likely they would want Nitro and so is the chance they fall into those scams.
Hold on, you could save the valid links to your own text file, and redeem them yourself, therefore you would have an inefficient but working nitro code generator!
C'mon now, in order to end up finding one working code you'd probably have to spend hours running that thing, not to mention the risk of getting IP banned from Discord if they flag you as trying to doxx (constant request/calls to the api beyond rate limits).. And even then, all that just for a subscription service that'll end soon anyways? Pffft lmao
@@giakhanhvn2mc yeah, altho it should be noted that VM languages like Java, Kotlin, C++, Dart and Lua are extremely easy to de-compile. I woulden't really ever use them for anything to do with security.
@element what are you talking about? VM languages are not easy to deobfuscate because unlike python they are not interpeted but compiled. Their bytecodes can be transformed back to regular code therefor being easy to break in on the source codes. Python is also extremely easy to deobfuscate seeing as it's interpeted and they can't hide any code from you.
@Sir Avian I wasn't talking about obfuscation but rather compilation. Lua is not interpeted like python but compiled and ran in a virtual machine like java or c#. You can very easily get the original source code from this compilation. The lua compiler also destroys all unused variables and dumb stuff that you write meaning all your obfuscation is completely useless.
When a nitro code is bought you have 48h to claim it. So if the code isnt claimed within 48h it will be regenerated and the chance of a script kiddie guessing it is 1 in 218,340,105,584,896.
rot13 is not just some "coding computer thing", it's a Caesar cipher where alphabetically the letters are shifted by 13 places. It's actually laughably simple and I'm surprised they didn't go for something more clever.
The best part is that even if they had rolled a valid gift code by dumb luck, it wouldn't have detected it. There's a typo in the API call ("entitelemnts" instead of "entitlements") which will always return a 404.
fr but also ntts could of just used run function on code and print the run function to get code source
@@alex59292 might be a bad idea since it could be malware of some kind
@@electra_ hes using repl so who cares
@@alex59292 protip; replace 'exec' with 'print' lol
@@LiEnby print boring
imagine buying nitro and it gets claimed by a random person you dont even know 😂
that actually happened with a steam gift card i got for christmas one time and it sucks
The only giveaway I won was of discord Nitro and just that happened
It's virtually impossible for that to happen, sure there's an infinitesimal probability, but it's not going to happen.
@@imnotmarbin it must have happened before, lots though, if you managed to generate a nitro gift lift, there was an author who bought the gift lol
@@imnotmarbin it was a joke you smellfungus
So technically, they are just using kids to make free gift links by making them host it. What a genius plan.
Edit 30/12/22: While executed poorly.
child labour
@@edmarcthegreat free nitro child labour
@@edmarcthegreat best invention
@@gnomeslayah lol
@@edmarcthegreatbest invention since sliced bread
The funniest thing is that there's a typo in the API endpoint, meaning it would never recognize it even if you do manage to generate a valid code.
didn't even notice LOL
whats the typo?
@@oclxtch9376 "entitelemnts"
@@andrew3606 the coder misspelled entitlements lmao
The funniest thing is that there's a typo in the API endpoint, meaning it would never recognize it even if you fo manage to generate a valid code.
What fascinates me is it takes the time to write all possible codes to a txt file instead of just creating one, testing it and moving on to the next.
what also fascinates me is HOW theyre generating them. the odds that a fully random string of letters is a nitro code is so unholily low, that if they were to put a minutes research in to see how nitro codes are compiled and try and systematically generate random codes, they would atleast have a chance at getting one.
@@ikyyntts7807 if the code is 6 letters long and it can be a combination of letters and numbers that would be 6 to the power of 12 more or less. It is very unlikely to say the least.
@@ikyyntts7807 I think these guys are in the range of being juuuuussssttt smart enough to write a scammy brute force code but just dumb enough to not put in any more effort in figuring out codes
@@ikyyntts7807 nitro gifts are much different, they're 6-8 characters long
@@fog- ah right, just an insight, apologies. but you could have also ACTUALLY utilised threading to have one thread continually generate codes and throw them into a pool, have a thread or two checking the codes. or something like that, either way the guy who made this one clearly doesn't have a clue what he's doing
NTTS becoming an actual programmer after debunking all these scams 💀
ngl true
Fr
yes xD
nah
no
The mwah ! at the end is always appreciated, love what you do !
I seriously think that ONLY underage discord users fall for nitro generators. Also, I still cant believe that such low human beings exist, USING kids that don't know anything to get nitro. What a disappointment.
Yeah… I once downloaded one and it was an exe, but it is on my phone. And it came up with nsfw pop ups but I didn’t click any of them. Then I downloaded malwarebytes and they got rid of it lol. It was back in 2020 I believe . But I’m 13+ now since my bday was months ago, joined discord in 2018 but probably earlier since I had another acc
@@izzyxvibes I think you downloaded the wrong generator... you sure it said nitro?
@@rarehyperion FOR REAL that NSFW popup stuff is so annoying
@@rarehyperion ye it was for a pc tho. I have pc glad I didn’t download it on their
AAAAQwAAAGEAAABsAAAAbAAAACAAAABpAAAAdAAAACAAAABhAAAAIAAAAGQAAABpAAAAcwAAAGEAAABwAAAAcAAAAG8AAABpAAAAbgAAAHQAAABtAAAAZQAAAG4AAAB0AAAAIAAAAGEAAABsAAAAbAAAACAAAAB5AAAAbwAAAHUAAAAgAAAAdwAAAGEAAABuAAAAdAAAACwAAAAgAAAASQAAAHQAAAAnAAAAcwAAACAAAABlAAAAYQAAAHMAAAB5AAAAIAAAAGEAAABuAAAAZAAAACAAAABmAAAAdQAAAG4AAAAgAAAAdAAAAG8AAAAgAAAAdQAAAHMAAABlAAAALAAAACAAAABJAAAAJwAAAHYAAABlAAAAIAAAAHUAAABzAAAAZQAAAGQAAAAgAAAAbQAAAGUAAAB0AAAAaAAAAG8AAABkAAAAcwAAACAAAABsAAAAaQAAAGsAAABlAAAAIAAAAHQAAABoAAAAZQAAAHMAAABlAAAAIAAAAGIAAABlAAAAZgAAAG8AAAByAAAAZQAAACAAAABhAAAAbgAAAGQAAAAgAAAAcwAAAGEAAABmAAAAZQAAACAAAAB0AAAAbwAAACAAAABzAAAAYQAAAHkAAAAgAAAASQAAACcAAAB2AAAAZQAAACAAAABtAAAAYQAAAGQAAABlAAAAIAAAAGEAAAAgAAAAZgAAAGUAAAB3AAAAIAAAAGIAAAB1AAAAYwAAAGsAAABhAAAAcgAAAG8AAABvAAAAcwAAACAAAABmAAAAcgAAAG8AAABtAAAAIAAAAGkAAAB0AAAALg==
UTF-32
funny thing is they don't even use threading
lol
I thought I'm the only one who noticed that lol
This script is memory heavy (file writing) so if they would implement threading it wouldn't be great as threading is for I/O tasks (like API requests but without mass file open, writing, closing) for these memory heavy tasks they should use multiprocessing where a process on each CPU is spawned. However i assume that they are too stupid to understand multiprocessing, they also could use threading with the queue function and not directly writing to file.
@@electricz3045 them writing them to a file instead of doing it in memory is the funniest shit ever
@@electricz3045 It would definitely still have a performance benefit. I think you can spawn as many threads as your CPU supports without any performance hitch so at some point the threads would theoretically spawn on separate cores and max out the performance. Also, while sockets operate more internally (memory) for Windows, they are file-based I/O on Unix based systems (i.e. FreeBSD, macOS, Linux). Nevertheless, randomly generating a string based on random numbers seeded by time (standard random generator) is going to be wholly inefficient as it won't come near to producing similar results as a more complex cryptographically safe algorithm.
I love videos like this, especially you running through the steps you took
I love videos like this, especially you running through the steps you took
I love videos like this, especially you running through the steps you took
This is honestly hilarious, I can't not imagine the thought process : "Hey let's bruteforce nitro links. But we'll make gullible kids do it for us instead." Genuinely a modern supervillain, I love it lmao
as a python programmer myself
it's genuinely so funny to see a person try to encrypt their code only for it to be decrypted by a person who doesn't even code (much i think)
hilarious. i want more of these videos.
At the end of the day the interpeter has to see clear code, so you just replace whatever eval() or run() function with a print() and it's all useless
@@racapadexxa_ Exactly. The code is being decoded for you, so just print it instead of doing the job of the interpreter (which is already laid out)
This is incredibly one-sided but as a C++ developer it pains me to see someone try to obfuscate python
@@declan_youtube im sorry for you.. c++ its a horrendous language to learn
@@SpaceKebab It's incredibly over-exaggerated on how hard it is to learn tbh, you just gotta get used to stupidly named functions and stupid symbols like >
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
@@RWPWarThunder STOPPP WTF
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Hey No Text To Speech,
I'm a big fan of your RUclips channel. I love your informative and entertaining videos about Discord and other social media platforms. I'm also impressed by your commitment to helping people avoid scams and stay safe online.
Keep up the great work!
Sincerely,
Bard
?
Bro wrote a letter
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
Learn python buddy, it's fun and easy
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
@@Theunicorn2012 bro?
it has two steps: first code is just encoded junk filled with comments, he decodes and gets to actual code.
then, second code just takes a random guests to find a random nitro gifts. they verify the gift code and if it actually works, it will sent to programmer instead
it uses your computer as nitro code miner
Moral of the Story: Child Labour is the best way to do anything.
Ohhhh,thats how china makes alot of money.
This comment reminded me of minute movies
thats why roblox is the best platform ever
Nestle:
@@Sockren true true
we just need to milk Parrents Money Using Child as the Proxy
trully magnificent strategy that almost nobody relised
i love how they spend all this effort cloaking the code in like 3 layers as if anybody who will actually fall for the scam is going to look closely at the code
I think they do this just so that people don't find out and be able to not fall for it or report them
what happens in the dark, must never come to the light
weirdo
and they coded the thing wrong too so it doesn't even work
@@vnc.t sir
they did code it right
its a scam
obviously they're gonna take advantage of it
Making the code readable is basically just simple puzzle solving, I'd see this in an escape room that lets decoder sites be used, kinda thing
CTFs are basically that!
bro got the all the spirit elements😭 4:51 love,trust,god,eval,magic
7:33
Also, there is a typo which says "entitelemnts", so this has no chance to work
lmao
Discord is a place without safety and privacy
Good point
True
Never has been.
It's the users fault if they run some random files on the internet
That applies to almost everything, ever. As long as you have even a single brain cell, you cannot fall for some guy saying he can get you free stuff.
I nearly got scammed by a bit saying they would give me discord nitro, I had watched your video on it before and I managed to avoid it. Thanks!
Nobody ever is gonna get you Discord Nitro for free. If you trust somebody RANDOM, you already messed up.
@@fusseldiebnot for free, i missed this out, they were a friend and said it was a 80% discount. I found out later that my friends account was hacked
@@fusseldieb i literally got free nitro 2 times from random people 😭
The method they're using technically does work, but only for the first few times you try the request. After that you'll get rate limited to hell and back, and sending even more requests (say, 999995 of them) might actually get your IP banned from Discord altogether.
its a situation where you lose no matter what.
1: you dont get a working code.
2: you get a working code, it is traced back to you.
3: its detected as a ddos, literally banning you from the website if the ip is found.
you won't be banned, since, they have proxies in there, which means, you won't be banned, but proxies will be banned, as you still don't get banned.
ive sent like 3000 requests to discord before, you dont get banned you just get heavily rate limited (which, if you think about it, is basically a temporary ip ban)
2:29(when you run out of words to say) * ntts * "so my computer is a little "drunk""
imma be honest, you would be a pretty good python teacher
For shure better than the one who wrote the code
how lmao what he said was so basicthat someone that doesnt even know python could do it lmao
@@JamesRelok 🤓🤓🤓
@@nubidubi23 "someone is smarter than me"
*Concatenation*
this is like the guy from Willy Wonka making his workers find a golden ticket from millions of chocolate bars and they can't even keep it for themselves
Although you said the process was easy, the fact that you de-compiled all that code to prove why these "nitro generators" are scams is commendable. There definitely needs to be more awareness about said scams, as the phrase "don't accept random links from strangers" unfortunately isn't common knowledge...or not enough people care to double-check. Either way, feel free to keep making these kinds of videos; I'm gonna need this information at some point o-o _/ /
5:04 Wow, RUclips's compression algorithm _really_ didn't like that
Btw in terms of this crypted code, that is pyarmor obfuscator and in some point in time it has all the code in string so i just run this in pycharm community with debug points at last lines and go line by line until it has a variable with the text
It could also be rewritten a little to just spit out plain decoded text when ran
Dude smart!
@@xAffan Average programmer stuff.
@@Mythitie doesn't work if it's compiled to pyc. And there are no public decompilers so L
@@xAffan there are public ones
@@vuki4653 not for 3.8+ / also weird seeing u here
Lmao the mwah at the end gets me everytime, it's weirdly sweet
I make sure to pause the video like 10 seconds before the end because of that outro. Everyone loves it but it grosses me out.
Theoretically, if this DOES actually get a few valid ones and sends it to the random skiddies, you could tweak the code a bit and actually send it to your own webhook, basically giving you an actual free nitro generator.
or just make it show it on your screen lol
its easier just to literally make it send to your webhook@@_KDP
2:20 the proper way to do this is by using find and replace: ctrl+h, search mode: regular expression, search for "^#.*", replace with ""
Technically, you could fork it and change the webhook to your webhook, so it sends YOU the working nitro INSTEAD of the random people.
Yea the only problem is that the code to generate the code doesn't work
oh wow 😂
@@racapadexxa_ It does but it is a very slight chance
@@racapadexxa_ it does, it validates it through discords api until it finds a valid gift so yes you can just make it send to you instead of the webhook
@@IanGaming101HD Yes good luck with a one in a several trillion possibilities to get one code
This is just beautiful code. Love the names of the variables
Lmao just saw the names
"My brain barely works half the time, *_EXSPHESHLY_* when..."
yup. I concur, good ser.
the best part: all you have to do to get the "gift link" yourself is make a webhook and change the link after you deobfuscate it
And find the 1 in multiple billions change to generate a working code before Discord bans your IP from their site
Roockie mistake that verification system to the gift codes will just be timed out after like 5 tries. They should use some way to mask the ip. Also this type of system of brute force can run for a full year without find anything.
Anyways great video!
6:00 the worst attempent at obfuscation i have seen lmao
I've heard of hackers getting bitcoin by hacking a computer, but never heard of someone mining for a Nitro gift by making kids find the gifts for them.
I love scams
amen
Nah u an indian 100 percent
@ArkkOfSpark! do you?
@@deadeye8333 this man right here is clearly an american
@@deadeye8333 XDDD
"this is basic obfuscation", once you sit in the ghex editor and a bunch of shit to just try to find something wrong in a NES game. That said, nice video.
Imagine setting up a scam and not even going through the effort of making 5 different alts
Fun Fact:
In Python, to add a note you need to add # or #[space] (can vary I think idk I’m new to Python) to create a note which doesn’t count as code which means the code shown at 2:02 is probably fake.
Oof I messed up the spelling of “space”
Also uhh a lot of the “[name]=“ stuff and “[“[int]/[value]”]” are just variable text.
IGNORE THIS COMMENT AS I MAY BE WRONG!
Yes it is not necassary, at the top yoh see a line without '#' and atart with import requests.
The code works from the syntax side
why the hell did this turn into a computer science lesson bro im on holiday
3:33
rot13 is actually a letter substitution cipher, which replaces a letter with the 13th letter after it! Hope this helps!
its like giving your 20 years of luck to someone else lol
that part when you were decompiling his code was the best programming tutorial for sure
not decompiling, de-obfuscating
@@ДмитроПрищепа-д3я no. decoding...
These generators generate 16-character long links out of 60 possible characters. That's 60^16 possible links. That's 2,8 x 10^28 different codes.
So if you have a server with 10000 users who all generate 100000 codes, that means the number is now 2,8 x 10^19. The likelyhood that you manage to get a real code is so tiny.
But I do still think Discord could increase this by making the links 32 characters. Because while the likelyhood is already small, it's not small enough for these people. Making it 32 characters long, makes it so small that it's not even worth even trying.
That would be the case if there was only one code. Of cource there is way more but still, it will be extremly rare for someone to hit the jackpot and get nitro for free
Nice explain, Shit like this happen really often and... Sometimes they send a software. I analysed it with the fantastic linux ubuntu terminal (i didn't decoded it cause i wanted to have some stuff like the pyinstaller), and it litteraly the same as this shit but in a software with a virus that litteraly take your discord token from your discord application. Well cya stay safe!
May I ask what you mean by "I didnt decode it because I wanted pyinstaller"? But other than that, cool
@@declan_youtube i analysed the malware with the terminal and i found what pip (pyinstaller) he used and sum other things with commands
@@billyfromzera4162 how can you analyze a python sample without even using vim or a text editor? Especially for a pyinstalled sample
@@declan_youtube linux provide that + i used the notepad AND i runned it via the terminal
I like how this technically isn't really a scam. As in, it won't steal your token, join servers for you or something like that. In theory this can work although chances are probably very very small
And you could change the python at the end so if a code is SOMEHOW found, it would just show it for you
Potrošački savetnik
its still a scam, just stealing your computers processing power to generate random nitro links. and spamming discords api in your name. it wouldn't be a scam if it gave you the code if it did find it, but it doesn't it just gives it to the programmer
@@jakethebeest2376 can discord ban you for that?
@@spacexplorer_ 👀
bro the voice crack in min 6:18 was hilarious 😂
8:05 OK but this does mean that if someone was really desperate for free nitro, they could rewrite the code to NOT send the valid codes to the webhook and instead have it print them. I know what I must do.
No because they will notice your ip/account spamming the api endpoint and ban you
+ it is mathematically impossible to generate a valid code during your lifetime
XD same thing that I tought.But this is still a mean thing to do.By using those somehow revealed links you are stealing nitro gifts from people.
thts wht i was thinking lmfao
@@NichtDu it doesnt use your account when checking, and you could add a 1s delay for each link
But nitro generators never work so dont even bother
yo fella i appreciate this kinda content keep it up!
Edit the code so that nitro codes generated that don't work gets sent to them so it spams them with invalid codes.
wow the deobfuscating the code just got me so into coding even in it was really simple, thats such a cool skill to have and to understand code
Well in this case, whoever 'developed' the program sucks at encrypting it and you can directly tell what cipher it is from the code. Everything else is basic python with a questionable generation method
Just change the weebhook link so you send nitro to your own weebhook 🤷
Genius.
good idea lmao
so you can just edit the code however you want?
@@tenidiotaodpizzy4603 you can but since the repl is owned by them changes to there repl wont work
@@alex59292 then run the code in your own python, if you trust it
7:35 "entitelemnts" thats totally a valid endpoint
you seem like a good programmer since everything you did was correct
absolute unnecessary bullshit, just change the exec, eval to print and the code will print out without going through any of these crap, interpreted python is a hot piece of garbage in terms of security
@@giakhanhvn2mche was trying to obfuscate it
@@funwithalbi2425 unnecessary steps, he can just replace all exec to print, it will spit out the code instantly, no hassles
I love videos like this because it takes away this façade hackers have, that they are some type of coding god or mastermind, but in reality its just garbage code packaged in a different way.
I really love how satisfying it is to bruteforce poorly obfuscated code, i once did that with one of the exploits and it was poorly obfuscated that most of obfuscation was redirecting to unobfuscated source code.
It's honestly funny seeing how their obfuscation just miserably fails and ends up exposing source code. Also, I'm pretty sure everyone know that you would never run something that's obfuscated so, it makes it even funnier.
I'd like to see you try bruteforce our code.
@@wnuggy ikr base 64 isnt obfuscation
L furry
@@Hexarian May I try?
@@wnuggy It's not, Do you think I'm that stupid? Please remember that I do not have your brain in my skull.
My guy, you need some CyberChef chef in your life.
0:07 IS THAT THE JENNY MOD FOR MINECRAFT SERVER?!?!?!?
OH NO HE GOT CAUGHT!!!!!
Yes it is
if you de-obfuscated it, couldn't you just remove the bit where it asks discord's api "Is this code legit" and treat EVERY code it generates as legit, such that they receive a bunch of useless links?
Yes, but we have no way of contacting the webhook they use to receive the messages
@@declan_youtube actually we have, you know if you have access to the webhook link you can send anything you want into it. You can do this by coding a script or by using tools like discohook
@@elnexreal Yes, but the webhook in this sample is dead - so we still cannot contact the webhook being used
Code obfuscation and written in a super modern high level language? Wow, that's original.
Assemblomaniacs have had you all beat for _centuries_
I ran quite a lot of nitro generators without even knowing what perks were in the past. Fortunately i changed OS few times.
Not kid me believing all the "survey/app tasks for cash" apps, AND downloading a code generator for one of these...
0:03 one time I was actually at one of those Santa things when I was like 9, I asked for my dad back, and the Santa dude just said “did he run away?”
I had to agree.
8:18 the 4th server in your servers list....
This is the only youtuber who makes jokes about being drunk while having the most serious voice ever
@Shokk yes
I love how they basically scream that their code is best and multithreaded, but no actual threading in code.
You could also just replace the last 'eval(compile(...))' with a print. Then running the code in replit would have it print out the deobfuscated version.
You must be new here, we don't take simple or easy way here we only use 500 websites and spread false news about coding since he doesn't know one thing he claims and has nothing to back him up
@@alex59292 you could open the replit and fact check it?
@@foundfpvfootage well he did get code from this video but really really inefficient
@@pani777 about the nitro sniping video on how it's spamming discord api when it's just a gateway event 💀💀💩💩
@@alex59292 ?
This was incredibly interesting and informative
No ones gonna talk about there's a jenny's mod server on his list?
same!)
man these nitro generators are absolutely hilarious
By the by, some knowledge of ROT13 for the curious:
ROT13 is not computer encoding but a _cipher._ If anyone here knows Caesar Cipher, it's that basically. For the uninitiated: It's an "encoding" where each letter is shifted a number of letters up or down. Take the case of the letter E, which is the fifth letter. If we say "shift three up", that means we need to find the third letter _after_ it, which is H. If we say "shift two down", that's the second letter _before_ it, which is C.
ROT13 is a special form of these ciphers, since the ROT13 makes you find the thirteenth letter after it... which is also the thirteenth letter before it. That's because there are 26 letters in the alphabet, so you only need to find the letter of the ciphered letter's mirror position. (Example, if the ciphered letter is A, then the decoded letter is Z.)
if you edit the code, you could theoretically make it send it to yourself for free nitro 😎
they just gave you the code to get started, so they are not lying, just as long as you know how to code
Yes, in a million years you could actually find a code expired in 2012
Also you are stealing from others since someone has to buy the nitro to if you do get a link that works you stole it from someone else
@@VeeOasis i cant lie we dont care + we didnt ask + teachers pet
@@dorangex you sound like you would actually trust these generatorss
@@VeeOasis not really, the discord's api probably has a lot of these and they probably generate a new link whenever someone gifts nitro
I JUST Relised This Was 14 minutes ago xd Thanks For Warning Us And Making Content For Us (if you are wondering this comment was not written by a bot)
i'm imagining someone sending the scammer spam messages using his webhook link.
Lmao no wonder he said the web hook is invalid don't try it cause it probably died
So does that means you can send "fuck you scammer" messages using his webhook Link?
@@Rizzaural the webhook doesn't work anymore, but if it did, yes
let's see when the owner finally has nitro... maybe he just found the credit card of his mom then lmao
Who else tried to join the server to troll the owner but saw that its not on disboard anymore :P
Sheeesh this man is really good on explaining stuff with code, bruv make like a whole 30 min video about smth that is normal if you scripted it(planned it) cuz it is very not boring
Wait, so technically couldn’t you change the code and make it so you get the nitro?
Update: I got it to work if you replace the webhook url with one of your own
It's mathematically impossible to generate a valid code in your lifetime
@@robertplayz9157 how do you do that?
@@Yojo315 print()
@@starleighpersonal thanks
@@universoul8929 Do not say it is mathematically impossible when it is not. Math can NOT calculate luck. On average, it would take more than hundreds of times the age off the entire universe, but it's also possible for you to get 20 codes in a minute, it's just that the probability is astronomically low.
the even bigger problem is that Discord did nothing to gives users more so that less likely they would want Nitro and so is the chance they fall into those scams.
Hold on, you could save the valid links to your own text file, and redeem them yourself, therefore you would have an inefficient but working nitro code generator!
C'mon now, in order to end up finding one working code you'd probably have to spend hours running that thing, not to mention the risk of getting IP banned from Discord if they flag you as trying to doxx (constant request/calls to the api beyond rate limits).. And even then, all that just for a subscription service that'll end soon anyways? Pffft lmao
i love ur voice sm bro i even sleep while watching your videos even the video is boring but ur voice isnt
Since python obfuscation still needs python to run clear code, you can simply replace the eval() or run() with print()
the "muac" at the end always makes my brain release dopamine
instead of doing all this base64 stuff you could've just removed the evals and printed it lmfao.
yea, agreed, cmon, this isn't C++ or java or any compiled programming language, python is the easiest to de-obf than any other things
i was gonna say that
@@giakhanhvn2mc yeah, altho it should be noted that VM languages like Java, Kotlin, C++, Dart and Lua are extremely easy to de-compile. I woulden't really ever use them for anything to do with security.
@element what are you talking about? VM languages are not easy to deobfuscate because unlike python they are not interpeted but compiled.
Their bytecodes can be transformed back to regular code therefor being easy to break in on the source codes.
Python is also extremely easy to deobfuscate seeing as it's interpeted and they can't hide any code from you.
@Sir Avian I wasn't talking about obfuscation but rather compilation.
Lua is not interpeted like python but compiled and ran in a virtual machine like java or c#. You can very easily get the original source code from this compilation.
The lua compiler also destroys all unused variables and dumb stuff that you write meaning all your obfuscation is completely useless.
Jeffrey really matches the "Nerd" PFP in Discord
When a nitro code is bought you have 48h to claim it. So if the code isnt claimed within 48h it will be regenerated and the chance of a script kiddie guessing it is 1 in 218,340,105,584,896.
rot13 is not just some "coding computer thing", it's a Caesar cipher where alphabetically the letters are shifted by 13 places. It's actually laughably simple and I'm surprised they didn't go for something more clever.
wow no cap discord really should make you a mod
At first I thought it was gonna be a Token Grabber, and it turns out it's a shittily made botnet
There are safe ways to run shady programs and code including using a VM.
Code dosent work. There’s a major typo that causes it to brick itself half way through execution
@@starleighpersonal i assume you mean line 83 "entitelmnts"?
that outro was the most beautiful thing I have ever seen
1:40 Steven He
bro really said to the scammers "dude your code sucks and your encryption sucks let me tell you what you should be doing to code anything really"
A NEW NTTS VIDEO WOO
"I am 100% real hacker now:❌"
"I am 100% mentally unstable now:✅"
If you remove the webhooks, you can technically keep the working nitro codes but make sure to run the script on a VM or something
what's the point of running it in a VM? either way mathematically impossible
I actually learned how to do basic obfusctation in python, thank you!
its almost like they are creating their own botnet to bruteforce nitro codes
Except they are all running on basically the same system because replit users all share servers and there’s only so many servers.
I was just gonna say this, this is just a botnet with extra steps