The best part is that even if they had rolled a valid gift code by dumb luck, it wouldn't have detected it. There's a typo in the API call ("entitelemnts" instead of "entitlements") which will always return a 404.
what also fascinates me is HOW theyre generating them. the odds that a fully random string of letters is a nitro code is so unholily low, that if they were to put a minutes research in to see how nitro codes are compiled and try and systematically generate random codes, they would atleast have a chance at getting one.
@@ikyyntts7807 if the code is 6 letters long and it can be a combination of letters and numbers that would be 6 to the power of 12 more or less. It is very unlikely to say the least.
@@ikyyntts7807 I think these guys are in the range of being juuuuussssttt smart enough to write a scammy brute force code but just dumb enough to not put in any more effort in figuring out codes
@@fog- ah right, just an insight, apologies. but you could have also ACTUALLY utilised threading to have one thread continually generate codes and throw them into a pool, have a thread or two checking the codes. or something like that, either way the guy who made this one clearly doesn't have a clue what he's doing
This script is memory heavy (file writing) so if they would implement threading it wouldn't be great as threading is for I/O tasks (like API requests but without mass file open, writing, closing) for these memory heavy tasks they should use multiprocessing where a process on each CPU is spawned. However i assume that they are too stupid to understand multiprocessing, they also could use threading with the queue function and not directly writing to file.
@@electricz3045 It would definitely still have a performance benefit. I think you can spawn as many threads as your CPU supports without any performance hitch so at some point the threads would theoretically spawn on separate cores and max out the performance. Also, while sockets operate more internally (memory) for Windows, they are file-based I/O on Unix based systems (i.e. FreeBSD, macOS, Linux). Nevertheless, randomly generating a string based on random numbers seeded by time (standard random generator) is going to be wholly inefficient as it won't come near to producing similar results as a more complex cryptographically safe algorithm.
I seriously think that ONLY underage discord users fall for nitro generators. Also, I still cant believe that such low human beings exist, USING kids that don't know anything to get nitro. What a disappointment.
Yeah… I once downloaded one and it was an exe, but it is on my phone. And it came up with nsfw pop ups but I didn’t click any of them. Then I downloaded malwarebytes and they got rid of it lol. It was back in 2020 I believe . But I’m 13+ now since my bday was months ago, joined discord in 2018 but probably earlier since I had another acc
This is honestly hilarious, I can't not imagine the thought process : "Hey let's bruteforce nitro links. But we'll make gullible kids do it for us instead." Genuinely a modern supervillain, I love it lmao
Hey No Text To Speech, I'm a big fan of your UA-cam channel. I love your informative and entertaining videos about Discord and other social media platforms. I'm also impressed by your commitment to helping people avoid scams and stay safe online. Keep up the great work! Sincerely, Bard
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
it has two steps: first code is just encoded junk filled with comments, he decodes and gets to actual code. then, second code just takes a random guests to find a random nitro gifts. they verify the gift code and if it actually works, it will sent to programmer instead it uses your computer as nitro code miner
as a python programmer myself it's genuinely so funny to see a person try to encrypt their code only for it to be decrypted by a person who doesn't even code (much i think) hilarious. i want more of these videos.
@@SpaceKebab It's incredibly over-exaggerated on how hard it is to learn tbh, you just gotta get used to stupidly named functions and stupid symbols like >
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
i love how they spend all this effort cloaking the code in like 3 layers as if anybody who will actually fall for the scam is going to look closely at the code
The method they're using technically does work, but only for the first few times you try the request. After that you'll get rate limited to hell and back, and sending even more requests (say, 999995 of them) might actually get your IP banned from Discord altogether.
its a situation where you lose no matter what. 1: you dont get a working code. 2: you get a working code, it is traced back to you. 3: its detected as a ddos, literally banning you from the website if the ip is found.
ive sent like 3000 requests to discord before, you dont get banned you just get heavily rate limited (which, if you think about it, is basically a temporary ip ban)
this is like the guy from Willy Wonka making his workers find a golden ticket from millions of chocolate bars and they can't even keep it for themselves
Fun Fact: In Python, to add a note you need to add # or #[space] (can vary I think idk I’m new to Python) to create a note which doesn’t count as code which means the code shown at 2:02 is probably fake. Oof I messed up the spelling of “space” Also uhh a lot of the “[name]=“ stuff and “[“[int]/[value]”]” are just variable text. IGNORE THIS COMMENT AS I MAY BE WRONG!
Btw in terms of this crypted code, that is pyarmor obfuscator and in some point in time it has all the code in string so i just run this in pycharm community with debug points at last lines and go line by line until it has a variable with the text It could also be rewritten a little to just spit out plain decoded text when ran
Although you said the process was easy, the fact that you de-compiled all that code to prove why these "nitro generators" are scams is commendable. There definitely needs to be more awareness about said scams, as the phrase "don't accept random links from strangers" unfortunately isn't common knowledge...or not enough people care to double-check. Either way, feel free to keep making these kinds of videos; I'm gonna need this information at some point o-o _/ /
If I were in a situation like this, I would absolutely NOT spam their webhook. That would be a huge waste of time. Just tweak the code a little so it sends EVERY nitro link to the webhook instead of just the valid ones :)
Theoretically, if this DOES actually get a few valid ones and sends it to the random skiddies, you could tweak the code a bit and actually send it to your own webhook, basically giving you an actual free nitro generator.
Roockie mistake that verification system to the gift codes will just be timed out after like 5 tries. They should use some way to mask the ip. Also this type of system of brute force can run for a full year without find anything. Anyways great video!
Well in this case, whoever 'developed' the program sucks at encrypting it and you can directly tell what cipher it is from the code. Everything else is basic python with a questionable generation method
@@racapadexxa_ it does, it validates it through discords api until it finds a valid gift so yes you can just make it send to you instead of the webhook
I love videos like this because it takes away this façade hackers have, that they are some type of coding god or mastermind, but in reality its just garbage code packaged in a different way.
Nice explain, Shit like this happen really often and... Sometimes they send a software. I analysed it with the fantastic linux ubuntu terminal (i didn't decoded it cause i wanted to have some stuff like the pyinstaller), and it litteraly the same as this shit but in a software with a virus that litteraly take your discord token from your discord application. Well cya stay safe!
These generators generate 16-character long links out of 60 possible characters. That's 60^16 possible links. That's 2,8 x 10^28 different codes. So if you have a server with 10000 users who all generate 100000 codes, that means the number is now 2,8 x 10^19. The likelyhood that you manage to get a real code is so tiny. But I do still think Discord could increase this by making the links 32 characters. Because while the likelyhood is already small, it's not small enough for these people. Making it 32 characters long, makes it so small that it's not even worth even trying.
That would be the case if there was only one code. Of cource there is way more but still, it will be extremly rare for someone to hit the jackpot and get nitro for free
I've heard of hackers getting bitcoin by hacking a computer, but never heard of someone mining for a Nitro gift by making kids find the gifts for them.
if you de-obfuscated it, couldn't you just remove the bit where it asks discord's api "Is this code legit" and treat EVERY code it generates as legit, such that they receive a bunch of useless links?
@@declan_youtube actually we have, you know if you have access to the webhook link you can send anything you want into it. You can do this by coding a script or by using tools like discohook
absolute unnecessary bullshit, just change the exec, eval to print and the code will print out without going through any of these crap, interpreted python is a hot piece of garbage in terms of security
Wait, so technically couldn’t you change the code and make it so you get the nitro? Update: I got it to work if you replace the webhook url with one of your own
@@universoul8929 Do not say it is mathematically impossible when it is not. Math can NOT calculate luck. On average, it would take more than hundreds of times the age off the entire universe, but it's also possible for you to get 20 codes in a minute, it's just that the probability is astronomically low.
8:05 OK but this does mean that if someone was really desperate for free nitro, they could rewrite the code to NOT send the valid codes to the webhook and instead have it print them. I know what I must do.
I like how this technically isn't really a scam. As in, it won't steal your token, join servers for you or something like that. In theory this can work although chances are probably very very small
its still a scam, just stealing your computers processing power to generate random nitro links. and spamming discords api in your name. it wouldn't be a scam if it gave you the code if it did find it, but it doesn't it just gives it to the programmer
Sheeesh this man is really good on explaining stuff with code, bruv make like a whole 30 min video about smth that is normal if you scripted it(planned it) cuz it is very not boring
if you edit the code, you could theoretically make it send it to yourself for free nitro 😎 they just gave you the code to get started, so they are not lying, just as long as you know how to code
@@giakhanhvn2mc yeah, altho it should be noted that VM languages like Java, Kotlin, C++, Dart and Lua are extremely easy to de-compile. I woulden't really ever use them for anything to do with security.
@element what are you talking about? VM languages are not easy to deobfuscate because unlike python they are not interpeted but compiled. Their bytecodes can be transformed back to regular code therefor being easy to break in on the source codes. Python is also extremely easy to deobfuscate seeing as it's interpeted and they can't hide any code from you.
@Sir Avian I wasn't talking about obfuscation but rather compilation. Lua is not interpeted like python but compiled and ran in a virtual machine like java or c#. You can very easily get the original source code from this compilation. The lua compiler also destroys all unused variables and dumb stuff that you write meaning all your obfuscation is completely useless.
You could also just replace the last 'eval(compile(...))' with a print. Then running the code in replit would have it print out the deobfuscated version.
You must be new here, we don't take simple or easy way here we only use 500 websites and spread false news about coding since he doesn't know one thing he claims and has nothing to back him up
When a nitro code is bought you have 48h to claim it. So if the code isnt claimed within 48h it will be regenerated and the chance of a script kiddie guessing it is 1 in 218,340,105,584,896.
Hey NTTS I was wondering how you got your Notepad++ to have the whole thing fit on the screen. My code runs off and no matter how hard I look for a margin video I can't find one lol.
So basically, the owners of the server got a random script from the internet, not knowing what it does and not knowing any code at all, and shares it with over 200 people, and it ends up scamming no one, as it doesnt work. Theres no winner or looser in this story.
"this is basic obfuscation", once you sit in the ghex editor and a bunch of shit to just try to find something wrong in a NES game. That said, nice video.
Hold on, you could save the valid links to your own text file, and redeem them yourself, therefore you would have an inefficient but working nitro code generator!
C'mon now, in order to end up finding one working code you'd probably have to spend hours running that thing, not to mention the risk of getting IP banned from Discord if they flag you as trying to doxx (constant request/calls to the api beyond rate limits).. And even then, all that just for a subscription service that'll end soon anyways? Pffft lmao
man these nitro generators are absolutely hilarious By the by, some knowledge of ROT13 for the curious: ROT13 is not computer encoding but a _cipher._ If anyone here knows Caesar Cipher, it's that basically. For the uninitiated: It's an "encoding" where each letter is shifted a number of letters up or down. Take the case of the letter E, which is the fifth letter. If we say "shift three up", that means we need to find the third letter _after_ it, which is H. If we say "shift two down", that's the second letter _before_ it, which is C. ROT13 is a special form of these ciphers, since the ROT13 makes you find the thirteenth letter after it... which is also the thirteenth letter before it. That's because there are 26 letters in the alphabet, so you only need to find the letter of the ciphered letter's mirror position. (Example, if the ciphered letter is A, then the decoded letter is Z.)
I really love how satisfying it is to bruteforce poorly obfuscated code, i once did that with one of the exploits and it was poorly obfuscated that most of obfuscation was redirecting to unobfuscated source code. It's honestly funny seeing how their obfuscation just miserably fails and ends up exposing source code. Also, I'm pretty sure everyone know that you would never run something that's obfuscated so, it makes it even funnier.
imagine buying nitro and it gets claimed by a random person you dont even know 😂
that actually happened with a steam gift card i got for christmas one time and it sucks
The only giveaway I won was of discord Nitro and just that happened
It's virtually impossible for that to happen, sure there's an infinitesimal probability, but it's not going to happen.
@@imnotmarbin it must have happened before, lots though, if you managed to generate a nitro gift lift, there was an author who bought the gift lol
@@imnotmarbin it was a joke you smellfungus
The best part is that even if they had rolled a valid gift code by dumb luck, it wouldn't have detected it. There's a typo in the API call ("entitelemnts" instead of "entitlements") which will always return a 404.
fr but also ntts could of just used run function on code and print the run function to get code source
@@alex59292 might be a bad idea since it could be malware of some kind
@@electra_ hes using repl so who cares
@@alex59292 protip; replace 'exec' with 'print' lol
@@LiEnby print boring
The funniest thing is that there's a typo in the API endpoint, meaning it would never recognize it even if you do manage to generate a valid code.
didn't even notice LOL
whats the typo?
@@oclxtch9376 "entitelemnts"
@@andrew3606 the coder misspelled entitlements lmao
The funniest thing is that there's a typo in the API endpoint, meaning it would never recognize it even if you fo manage to generate a valid code.
So technically, they are just using kids to make free gift links by making them host it. What a genius plan.
Edit 30/12/22: While executed poorly.
child labour
@@edmarcthegreat free nitro child labour
@@edmarcthegreat best invention
@@gnomeslayah lol
@@edmarcthegreatbest invention since sliced bread
What fascinates me is it takes the time to write all possible codes to a txt file instead of just creating one, testing it and moving on to the next.
what also fascinates me is HOW theyre generating them. the odds that a fully random string of letters is a nitro code is so unholily low, that if they were to put a minutes research in to see how nitro codes are compiled and try and systematically generate random codes, they would atleast have a chance at getting one.
@@ikyyntts7807 if the code is 6 letters long and it can be a combination of letters and numbers that would be 6 to the power of 12 more or less. It is very unlikely to say the least.
@@ikyyntts7807 I think these guys are in the range of being juuuuussssttt smart enough to write a scammy brute force code but just dumb enough to not put in any more effort in figuring out codes
@@ikyyntts7807 nitro gifts are much different, they're 6-8 characters long
@@fog- ah right, just an insight, apologies. but you could have also ACTUALLY utilised threading to have one thread continually generate codes and throw them into a pool, have a thread or two checking the codes. or something like that, either way the guy who made this one clearly doesn't have a clue what he's doing
NTTS becoming an actual programmer after debunking all these scams 💀
ngl true
Fr
yes xD
nah
no
funny thing is they don't even use threading
lol
I thought I'm the only one who noticed that lol
This script is memory heavy (file writing) so if they would implement threading it wouldn't be great as threading is for I/O tasks (like API requests but without mass file open, writing, closing) for these memory heavy tasks they should use multiprocessing where a process on each CPU is spawned. However i assume that they are too stupid to understand multiprocessing, they also could use threading with the queue function and not directly writing to file.
@@electricz3045 them writing them to a file instead of doing it in memory is the funniest shit ever
@@electricz3045 It would definitely still have a performance benefit. I think you can spawn as many threads as your CPU supports without any performance hitch so at some point the threads would theoretically spawn on separate cores and max out the performance. Also, while sockets operate more internally (memory) for Windows, they are file-based I/O on Unix based systems (i.e. FreeBSD, macOS, Linux). Nevertheless, randomly generating a string based on random numbers seeded by time (standard random generator) is going to be wholly inefficient as it won't come near to producing similar results as a more complex cryptographically safe algorithm.
I love videos like this, especially you running through the steps you took
I love videos like this, especially you running through the steps you took
I love videos like this, especially you running through the steps you took
The mwah ! at the end is always appreciated, love what you do !
I seriously think that ONLY underage discord users fall for nitro generators. Also, I still cant believe that such low human beings exist, USING kids that don't know anything to get nitro. What a disappointment.
Yeah… I once downloaded one and it was an exe, but it is on my phone. And it came up with nsfw pop ups but I didn’t click any of them. Then I downloaded malwarebytes and they got rid of it lol. It was back in 2020 I believe . But I’m 13+ now since my bday was months ago, joined discord in 2018 but probably earlier since I had another acc
@@izzyxvibes I think you downloaded the wrong generator... you sure it said nitro?
@@rarehyperion FOR REAL that NSFW popup stuff is so annoying
@@rarehyperion ye it was for a pc tho. I have pc glad I didn’t download it on their
AAAAQwAAAGEAAABsAAAAbAAAACAAAABpAAAAdAAAACAAAABhAAAAIAAAAGQAAABpAAAAcwAAAGEAAABwAAAAcAAAAG8AAABpAAAAbgAAAHQAAABtAAAAZQAAAG4AAAB0AAAAIAAAAGEAAABsAAAAbAAAACAAAAB5AAAAbwAAAHUAAAAgAAAAdwAAAGEAAABuAAAAdAAAACwAAAAgAAAASQAAAHQAAAAnAAAAcwAAACAAAABlAAAAYQAAAHMAAAB5AAAAIAAAAGEAAABuAAAAZAAAACAAAABmAAAAdQAAAG4AAAAgAAAAdAAAAG8AAAAgAAAAdQAAAHMAAABlAAAALAAAACAAAABJAAAAJwAAAHYAAABlAAAAIAAAAHUAAABzAAAAZQAAAGQAAAAgAAAAbQAAAGUAAAB0AAAAaAAAAG8AAABkAAAAcwAAACAAAABsAAAAaQAAAGsAAABlAAAAIAAAAHQAAABoAAAAZQAAAHMAAABlAAAAIAAAAGIAAABlAAAAZgAAAG8AAAByAAAAZQAAACAAAABhAAAAbgAAAGQAAAAgAAAAcwAAAGEAAABmAAAAZQAAACAAAAB0AAAAbwAAACAAAABzAAAAYQAAAHkAAAAgAAAASQAAACcAAAB2AAAAZQAAACAAAABtAAAAYQAAAGQAAABlAAAAIAAAAGEAAAAgAAAAZgAAAGUAAAB3AAAAIAAAAGIAAAB1AAAAYwAAAGsAAABhAAAAcgAAAG8AAABvAAAAcwAAACAAAABmAAAAcgAAAG8AAABtAAAAIAAAAGkAAAB0AAAALg==
UTF-32
This is honestly hilarious, I can't not imagine the thought process : "Hey let's bruteforce nitro links. But we'll make gullible kids do it for us instead." Genuinely a modern supervillain, I love it lmao
Hey No Text To Speech,
I'm a big fan of your UA-cam channel. I love your informative and entertaining videos about Discord and other social media platforms. I'm also impressed by your commitment to helping people avoid scams and stay safe online.
Keep up the great work!
Sincerely,
Bard
?
Bro wrote a letter
Moral of the Story: Child Labour is the best way to do anything.
Ohhhh,thats how china makes alot of money.
This comment reminded me of minute movies
thats why roblox is the best platform ever
Nestle:
@@Sockren true true
we just need to milk Parrents Money Using Child as the Proxy
trully magnificent strategy that almost nobody relised
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
Learn python buddy, it's fun and easy
I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.
@@Theunicorn2012 bro?
it has two steps: first code is just encoded junk filled with comments, he decodes and gets to actual code.
then, second code just takes a random guests to find a random nitro gifts. they verify the gift code and if it actually works, it will sent to programmer instead
it uses your computer as nitro code miner
as a python programmer myself
it's genuinely so funny to see a person try to encrypt their code only for it to be decrypted by a person who doesn't even code (much i think)
hilarious. i want more of these videos.
At the end of the day the interpeter has to see clear code, so you just replace whatever eval() or run() function with a print() and it's all useless
@@racapadexxa_ Exactly. The code is being decoded for you, so just print it instead of doing the job of the interpreter (which is already laid out)
This is incredibly one-sided but as a C++ developer it pains me to see someone try to obfuscate python
@@declan_youtube im sorry for you.. c++ its a horrendous language to learn
@@SpaceKebab It's incredibly over-exaggerated on how hard it is to learn tbh, you just gotta get used to stupidly named functions and stupid symbols like >
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
@@RWPWarThunder STOPPP WTF
Your interest in Discord is contagious, and it’s actually making me more interested in Discord drama, breaking news and technicalities. You’re more interested than me, and I use Discord every day.
i love how they spend all this effort cloaking the code in like 3 layers as if anybody who will actually fall for the scam is going to look closely at the code
I think they do this just so that people don't find out and be able to not fall for it or report them
what happens in the dark, must never come to the light
weirdo
and they coded the thing wrong too so it doesn't even work
@@vnc.t sir
they did code it right
its a scam
obviously they're gonna take advantage of it
bro got the all the spirit elements😭 4:51 love,trust,god,eval,magic
Discord is a place without safety and privacy
Good point
True
Never has been.
It's the users fault if they run some random files on the internet
That applies to almost everything, ever. As long as you have even a single brain cell, you cannot fall for some guy saying he can get you free stuff.
7:33
Also, there is a typo which says "entitelemnts", so this has no chance to work
lmao
I nearly got scammed by a bit saying they would give me discord nitro, I had watched your video on it before and I managed to avoid it. Thanks!
Nobody ever is gonna get you Discord Nitro for free. If you trust somebody RANDOM, you already messed up.
@@fusseldiebnot for free, i missed this out, they were a friend and said it was a 80% discount. I found out later that my friends account was hacked
@@fusseldieb i literally got free nitro 2 times from random people 😭
Making the code readable is basically just simple puzzle solving, I'd see this in an escape room that lets decoder sites be used, kinda thing
CTFs are basically that!
The method they're using technically does work, but only for the first few times you try the request. After that you'll get rate limited to hell and back, and sending even more requests (say, 999995 of them) might actually get your IP banned from Discord altogether.
its a situation where you lose no matter what.
1: you dont get a working code.
2: you get a working code, it is traced back to you.
3: its detected as a ddos, literally banning you from the website if the ip is found.
you won't be banned, since, they have proxies in there, which means, you won't be banned, but proxies will be banned, as you still don't get banned.
ive sent like 3000 requests to discord before, you dont get banned you just get heavily rate limited (which, if you think about it, is basically a temporary ip ban)
I love scams
amen
Nah u an indian 100 percent
@ArkkOfSpark! do you?
@@deadeye8333 this man right here is clearly an american
@@deadeye8333 XDDD
this is like the guy from Willy Wonka making his workers find a golden ticket from millions of chocolate bars and they can't even keep it for themselves
Fun Fact:
In Python, to add a note you need to add # or #[space] (can vary I think idk I’m new to Python) to create a note which doesn’t count as code which means the code shown at 2:02 is probably fake.
Oof I messed up the spelling of “space”
Also uhh a lot of the “[name]=“ stuff and “[“[int]/[value]”]” are just variable text.
IGNORE THIS COMMENT AS I MAY BE WRONG!
Yes it is not necassary, at the top yoh see a line without '#' and atart with import requests.
The code works from the syntax side
Btw in terms of this crypted code, that is pyarmor obfuscator and in some point in time it has all the code in string so i just run this in pycharm community with debug points at last lines and go line by line until it has a variable with the text
It could also be rewritten a little to just spit out plain decoded text when ran
Dude smart!
@@xAffan Average programmer stuff.
@@Mythitie doesn't work if it's compiled to pyc. And there are no public decompilers so L
@@xAffan there are public ones
@@vuki4653 not for 3.8+ / also weird seeing u here
imma be honest, you would be a pretty good python teacher
For shure better than the one who wrote the code
how lmao what he said was so basicthat someone that doesnt even know python could do it lmao
@@JamesRelok 🤓🤓🤓
@@nubidubi23 "someone is smarter than me"
*Concatenation*
Although you said the process was easy, the fact that you de-compiled all that code to prove why these "nitro generators" are scams is commendable. There definitely needs to be more awareness about said scams, as the phrase "don't accept random links from strangers" unfortunately isn't common knowledge...or not enough people care to double-check. Either way, feel free to keep making these kinds of videos; I'm gonna need this information at some point o-o _/ /
If I were in a situation like this, I would absolutely NOT spam their webhook. That would be a huge waste of time.
Just tweak the code a little so it sends EVERY nitro link to the webhook instead of just the valid ones :)
Theoretically, if this DOES actually get a few valid ones and sends it to the random skiddies, you could tweak the code a bit and actually send it to your own webhook, basically giving you an actual free nitro generator.
or just make it show it on your screen lol
its easier just to literally make it send to your webhook@@_KDP
This is just beautiful code. Love the names of the variables
Lmao just saw the names
6:00 the worst attempent at obfuscation i have seen lmao
I actually learned how to do basic obfusctation in python, thank you!
Lmao the mwah at the end gets me everytime, it's weirdly sweet
I make sure to pause the video like 10 seconds before the end because of that outro. Everyone loves it but it grosses me out.
Wouldn’t I be able to change the webhook to my own? So I get the link?
Yes, but if you have an average luck you'll need to wait centuries for it to generate a valid token.
Edit the code so that nitro codes generated that don't work gets sent to them so it spams them with invalid codes.
Roockie mistake that verification system to the gift codes will just be timed out after like 5 tries. They should use some way to mask the ip. Also this type of system of brute force can run for a full year without find anything.
Anyways great video!
5:04 Wow, UA-cam's compression algorithm _really_ didn't like that
wow the deobfuscating the code just got me so into coding even in it was really simple, thats such a cool skill to have and to understand code
Well in this case, whoever 'developed' the program sucks at encrypting it and you can directly tell what cipher it is from the code. Everything else is basic python with a questionable generation method
Technically, you could fork it and change the webhook to your webhook, so it sends YOU the working nitro INSTEAD of the random people.
Yea the only problem is that the code to generate the code doesn't work
oh wow 😂
@@racapadexxa_ It does but it is a very slight chance
@@racapadexxa_ it does, it validates it through discords api until it finds a valid gift so yes you can just make it send to you instead of the webhook
@@IanGaming101HD Yes good luck with a one in a several trillion possibilities to get one code
that part when you were decompiling his code was the best programming tutorial for sure
not decompiling, de-obfuscating
@@ДмитроПрищепа-д3я no. decoding...
the best part: all you have to do to get the "gift link" yourself is make a webhook and change the link after you deobfuscate it
And find the 1 in multiple billions change to generate a working code before Discord bans your IP from their site
why the hell did this turn into a computer science lesson bro im on holiday
2:29(when you run out of words to say) * ntts * "so my computer is a little "drunk""
Imagine setting up a scam and not even going through the effort of making 5 different alts
3:33
rot13 is actually a letter substitution cipher, which replaces a letter with the 13th letter after it! Hope this helps!
Just change the weebhook link so you send nitro to your own weebhook 🤷
Genius.
good idea lmao
so you can just edit the code however you want?
@@tenidiotaodpizzy4603 you can but since the repl is owned by them changes to there repl wont work
@@alex59292 then run the code in your own python, if you trust it
I love videos like this because it takes away this façade hackers have, that they are some type of coding god or mastermind, but in reality its just garbage code packaged in a different way.
its like giving your 20 years of luck to someone else lol
Nice explain, Shit like this happen really often and... Sometimes they send a software. I analysed it with the fantastic linux ubuntu terminal (i didn't decoded it cause i wanted to have some stuff like the pyinstaller), and it litteraly the same as this shit but in a software with a virus that litteraly take your discord token from your discord application. Well cya stay safe!
May I ask what you mean by "I didnt decode it because I wanted pyinstaller"? But other than that, cool
@@declan_youtube i analysed the malware with the terminal and i found what pip (pyinstaller) he used and sum other things with commands
@@billyfromzera4162 how can you analyze a python sample without even using vim or a text editor? Especially for a pyinstalled sample
@@declan_youtube linux provide that + i used the notepad AND i runned it via the terminal
These generators generate 16-character long links out of 60 possible characters. That's 60^16 possible links. That's 2,8 x 10^28 different codes.
So if you have a server with 10000 users who all generate 100000 codes, that means the number is now 2,8 x 10^19. The likelyhood that you manage to get a real code is so tiny.
But I do still think Discord could increase this by making the links 32 characters. Because while the likelyhood is already small, it's not small enough for these people. Making it 32 characters long, makes it so small that it's not even worth even trying.
That would be the case if there was only one code. Of cource there is way more but still, it will be extremly rare for someone to hit the jackpot and get nitro for free
I've heard of hackers getting bitcoin by hacking a computer, but never heard of someone mining for a Nitro gift by making kids find the gifts for them.
if you de-obfuscated it, couldn't you just remove the bit where it asks discord's api "Is this code legit" and treat EVERY code it generates as legit, such that they receive a bunch of useless links?
Yes, but we have no way of contacting the webhook they use to receive the messages
@@declan_youtube actually we have, you know if you have access to the webhook link you can send anything you want into it. You can do this by coding a script or by using tools like discohook
@@elnexreal Yes, but the webhook in this sample is dead - so we still cannot contact the webhook being used
What if you changed the webhook links to go to you instead(I have no clue what im talking about and don't even know if thats possible)
you seem like a good programmer since everything you did was correct
absolute unnecessary bullshit, just change the exec, eval to print and the code will print out without going through any of these crap, interpreted python is a hot piece of garbage in terms of security
@@giakhanhvn2mche was trying to obfuscate it
@@funwithalbi2425 unnecessary steps, he can just replace all exec to print, it will spit out the code instantly, no hassles
Wait, so technically couldn’t you change the code and make it so you get the nitro?
Update: I got it to work if you replace the webhook url with one of your own
It's mathematically impossible to generate a valid code in your lifetime
@@robertplayz9157 how do you do that?
@@Yojo315 print()
@@starleighpersonal thanks
@@universoul8929 Do not say it is mathematically impossible when it is not. Math can NOT calculate luck. On average, it would take more than hundreds of times the age off the entire universe, but it's also possible for you to get 20 codes in a minute, it's just that the probability is astronomically low.
bro the voice crack in min 6:18 was hilarious 😂
8:05 OK but this does mean that if someone was really desperate for free nitro, they could rewrite the code to NOT send the valid codes to the webhook and instead have it print them. I know what I must do.
No because they will notice your ip/account spamming the api endpoint and ban you
+ it is mathematically impossible to generate a valid code during your lifetime
XD same thing that I tought.But this is still a mean thing to do.By using those somehow revealed links you are stealing nitro gifts from people.
thts wht i was thinking lmfao
@@NichtDu it doesnt use your account when checking, and you could add a 1s delay for each link
But nitro generators never work so dont even bother
i love ur voice sm bro i even sleep while watching your videos even the video is boring but ur voice isnt
0:07 IS THAT THE JENNY MOD FOR MINECRAFT SERVER?!?!?!?
OH NO HE GOT CAUGHT!!!!!
Yes it is
2:20 the proper way to do this is by using find and replace: ctrl+h, search mode: regular expression, search for "^#.*", replace with ""
I like how this technically isn't really a scam. As in, it won't steal your token, join servers for you or something like that. In theory this can work although chances are probably very very small
And you could change the python at the end so if a code is SOMEHOW found, it would just show it for you
Potrošački savetnik
its still a scam, just stealing your computers processing power to generate random nitro links. and spamming discords api in your name. it wouldn't be a scam if it gave you the code if it did find it, but it doesn't it just gives it to the programmer
@@jakethebeest2376 can discord ban you for that?
@@spacexplorer_ 👀
Sheeesh this man is really good on explaining stuff with code, bruv make like a whole 30 min video about smth that is normal if you scripted it(planned it) cuz it is very not boring
No ones gonna talk about there's a jenny's mod server on his list?
same!)
8:15 what is that jenna mod discord server????
8:18 the 4th server in your servers list....
"My brain barely works half the time, *_EXSPHESHLY_* when..."
yup. I concur, good ser.
if you edit the code, you could theoretically make it send it to yourself for free nitro 😎
they just gave you the code to get started, so they are not lying, just as long as you know how to code
Yes, in a million years you could actually find a code expired in 2012
Also you are stealing from others since someone has to buy the nitro to if you do get a link that works you stole it from someone else
@@VeeOasis i cant lie we dont care + we didnt ask + teachers pet
@@dorangex you sound like you would actually trust these generatorss
@@VeeOasis not really, the discord's api probably has a lot of these and they probably generate a new link whenever someone gifts nitro
I JUST Relised This Was 14 minutes ago xd Thanks For Warning Us And Making Content For Us (if you are wondering this comment was not written by a bot)
Who else tried to join the server to troll the owner but saw that its not on disboard anymore :P
that outro was the most beautiful thing I have ever seen
I ran quite a lot of nitro generators without even knowing what perks were in the past. Fortunately i changed OS few times.
Not kid me believing all the "survey/app tasks for cash" apps, AND downloading a code generator for one of these...
so wait, if you replace the webhooks in the code, does it brute force it to whoever you want?
instead of doing all this base64 stuff you could've just removed the evals and printed it lmfao.
yea, agreed, cmon, this isn't C++ or java or any compiled programming language, python is the easiest to de-obf than any other things
i was gonna say that
@@giakhanhvn2mc yeah, altho it should be noted that VM languages like Java, Kotlin, C++, Dart and Lua are extremely easy to de-compile. I woulden't really ever use them for anything to do with security.
@element what are you talking about? VM languages are not easy to deobfuscate because unlike python they are not interpeted but compiled.
Their bytecodes can be transformed back to regular code therefor being easy to break in on the source codes.
Python is also extremely easy to deobfuscate seeing as it's interpeted and they can't hide any code from you.
@Sir Avian I wasn't talking about obfuscation but rather compilation.
Lua is not interpeted like python but compiled and ran in a virtual machine like java or c#. You can very easily get the original source code from this compilation.
The lua compiler also destroys all unused variables and dumb stuff that you write meaning all your obfuscation is completely useless.
My guy, you need some CyberChef chef in your life.
You could also just replace the last 'eval(compile(...))' with a print. Then running the code in replit would have it print out the deobfuscated version.
You must be new here, we don't take simple or easy way here we only use 500 websites and spread false news about coding since he doesn't know one thing he claims and has nothing to back him up
@@alex59292 you could open the replit and fact check it?
@@foundfpvfootage well he did get code from this video but really really inefficient
@@pani777 about the nitro sniping video on how it's spamming discord api when it's just a gateway event 💀💀💩💩
@@alex59292 ?
python dev here. it literally says “import random, string” at the top, which basically means they can generate random strings of text 💀
what does that have to do with anything
@@koiwaiyotsuba it just generates random text, but i commented before i finished the video, completely on me mb sorry
When a nitro code is bought you have 48h to claim it. So if the code isnt claimed within 48h it will be regenerated and the chance of a script kiddie guessing it is 1 in 218,340,105,584,896.
yo fella i appreciate this kinda content keep it up!
wow no cap discord really should make you a mod
Hey NTTS I was wondering how you got your Notepad++ to have the whole thing fit on the screen. My code runs off and no matter how hard I look for a margin video I can't find one lol.
i'm imagining someone sending the scammer spam messages using his webhook link.
Lmao no wonder he said the web hook is invalid don't try it cause it probably died
So does that means you can send "fuck you scammer" messages using his webhook Link?
@@Rizzaural the webhook doesn't work anymore, but if it did, yes
I love how they basically scream that their code is best and multithreaded, but no actual threading in code.
Did these guys learn nothing from those free robux generators😭
the "muac" at the end always makes my brain release dopamine
So basically, the owners of the server got a random script from the internet, not knowing what it does and not knowing any code at all, and shares it with over 200 people, and it ends up scamming no one, as it doesnt work. Theres no winner or looser in this story.
it scams someone
This is the only youtuber who makes jokes about being drunk while having the most serious voice ever
@Shokk yes
"this is basic obfuscation", once you sit in the ghex editor and a bunch of shit to just try to find something wrong in a NES game. That said, nice video.
Hold on, you could save the valid links to your own text file, and redeem them yourself, therefore you would have an inefficient but working nitro code generator!
C'mon now, in order to end up finding one working code you'd probably have to spend hours running that thing, not to mention the risk of getting IP banned from Discord if they flag you as trying to doxx (constant request/calls to the api beyond rate limits).. And even then, all that just for a subscription service that'll end soon anyways? Pffft lmao
a killer, the guy that diskord anti is giving them a raise.
There are safe ways to run shady programs and code including using a VM.
Code dosent work. There’s a major typo that causes it to brick itself half way through execution
@@starleighpersonal i assume you mean line 83 "entitelmnts"?
How can we know that "eval" method only returns the text that is passed to it?
Look at python documentation
Since python obfuscation still needs python to run clear code, you can simply replace the eval() or run() with print()
man these nitro generators are absolutely hilarious
By the by, some knowledge of ROT13 for the curious:
ROT13 is not computer encoding but a _cipher._ If anyone here knows Caesar Cipher, it's that basically. For the uninitiated: It's an "encoding" where each letter is shifted a number of letters up or down. Take the case of the letter E, which is the fifth letter. If we say "shift three up", that means we need to find the third letter _after_ it, which is H. If we say "shift two down", that's the second letter _before_ it, which is C.
ROT13 is a special form of these ciphers, since the ROT13 makes you find the thirteenth letter after it... which is also the thirteenth letter before it. That's because there are 26 letters in the alphabet, so you only need to find the letter of the ciphered letter's mirror position. (Example, if the ciphered letter is A, then the decoded letter is Z.)
A NEW NTTS VIDEO WOO
Damn Rewards Server Still Exist?
@Shokk nah this is mine
I really love how satisfying it is to bruteforce poorly obfuscated code, i once did that with one of the exploits and it was poorly obfuscated that most of obfuscation was redirecting to unobfuscated source code.
It's honestly funny seeing how their obfuscation just miserably fails and ends up exposing source code. Also, I'm pretty sure everyone know that you would never run something that's obfuscated so, it makes it even funnier.
I'd like to see you try bruteforce our code.
@@wnuggy ikr base 64 isnt obfuscation
L furry
@@Hexarian May I try?
@@wnuggy It's not, Do you think I'm that stupid? Please remember that I do not have your brain in my skull.
Every NTTS video be like
Something interesting that you want + hacker things + Kiss = A video
If you remove the webhooks, you can technically keep the working nitro codes but make sure to run the script on a VM or something
what's the point of running it in a VM? either way mathematically impossible