The best part is that even if they had rolled a valid gift code by dumb luck, it wouldn't have detected it. There's a typo in the API call ("entitelemnts" instead of "entitlements") which will always return a 404.

imagine buying nitro and it gets claimed by a random person you dont even know 😂

The funniest thing is that there's a typo in the API endpoint, meaning it would never recognize it even if you do manage to generate a valid code.

So technically, they are just using kids to make free gift links by making them host it. What a genius plan. Edit 30/12/22: While executed poorly.

NTTS becoming an actual programmer after debunking all these scams 💀

What fascinates me is it takes the time to write all possible codes to a txt file instead of just creating one, testing it and moving on to the next.

funny thing is they don't even use threading

I seriously think that ONLY underage discord users fall for nitro generators. Also, I still cant believe that such low human beings exist, USING kids that don't know anything to get nitro. What a disappointment.

This is honestly hilarious, I can't not imagine the thought process : "Hey let's bruteforce nitro links. But we'll make gullible kids do it for us instead." Genuinely a modern supervillain, I love it lmao

as a python programmer myself it's genuinely so funny to see a person try to encrypt their code only for it to be decrypted by a person who doesn't even code (much i think) hilarious. i want more of these videos.

I love videos like this, especially you running through the steps you took

i love how they spend all this effort cloaking the code in like 3 layers as if anybody who will actually fall for the scam is going to look closely at the code

Moral of the Story: Child Labour is the best way to do anything.

The mwah ! at the end is always appreciated, love what you do !

Discord is a place without safety and privacy

Hey No Text To Speech, I'm a big fan of your KZbin channel. I love your informative and entertaining videos about Discord and other social media platforms. I'm also impressed by your commitment to helping people avoid scams and stay safe online. Keep up the great work! Sincerely, Bard

bro got the all the spirit elements😭 4:51 love,trust,god,eval,magic

Making the code readable is basically just simple puzzle solving, I'd see this in an escape room that lets decoder sites be used, kinda thing

I thought that python obfuscation looked familiar, turns out it was the same one some skid used to try and disguise a token stealer as a "maze game".

I love scams

The method they're using technically does work, but only for the first few times you try the request. After that you'll get rate limited to hell and back, and sending even more requests (say, 999995 of them) might actually get your IP banned from Discord altogether.

Theoretically, if this DOES actually get a few valid ones and sends it to the random skiddies, you could tweak the code a bit and actually send it to your own webhook, basically giving you an actual free nitro generator.

I nearly got scammed by a bit saying they would give me discord nitro, I had watched your video on it before and I managed to avoid it. Thanks!

6:00 the worst attempent at obfuscation i have seen lmao

Btw in terms of this crypted code, that is pyarmor obfuscator and in some point in time it has all the code in string so i just run this in pycharm community with debug points at last lines and go line by line until it has a variable with the text It could also be rewritten a little to just spit out plain decoded text when ran

imma be honest, you would be a pretty good python teacher

the best part: all you have to do to get the "gift link" yourself is make a webhook and change the link after you deobfuscate it

Technically, you could fork it and change the webhook to your webhook, so it sends YOU the working nitro INSTEAD of the random people.

this is like the guy from Willy Wonka making his workers find a golden ticket from millions of chocolate bars and they can't even keep it for themselves

why the hell did this turn into a computer science lesson bro im on holiday

Although you said the process was easy, the fact that you de-compiled all that code to prove why these "nitro generators" are scams is commendable. There definitely needs to be more awareness about said scams, as the phrase "don't accept random links from strangers" unfortunately isn't common knowledge...or not enough people care to double-check. Either way, feel free to keep making these kinds of videos; I'm gonna need this information at some point o-o _/ /

5:04 Wow, KZbin's compression algorithm _really_ didn't like that

Imagine setting up a scam and not even going through the effort of making 5 different alts

Edit the code so that nitro codes generated that don't work gets sent to them so it spams them with invalid codes.

These generators generate 16-character long links out of 60 possible characters. That's 60^16 possible links. That's 2,8 x 10^28 different codes. So if you have a server with 10000 users who all generate 100000 codes, that means the number is now 2,8 x 10^19. The likelyhood that you manage to get a real code is so tiny. But I do still think Discord could increase this by making the links 32 characters. Because while the likelyhood is already small, it's not small enough for these people. Making it 32 characters long, makes it so small that it's not even worth even trying.

I actually learned how to do basic obfusctation in python, thank you!

This is just beautiful code. Love the names of the variables

0:07 IS THAT THE JENNY MOD FOR MINECRAFT SERVER?!?!?!?

I like how this technically isn't really a scam. As in, it won't steal your token, join servers for you or something like that. In theory this can work although chances are probably very very small

No ones gonna talk about there's a jenny's mod server on his list?

2:20 the proper way to do this is by using find and replace: ctrl+h, search mode: regular expression, search for "^#.*", replace with ""

Did these guys learn nothing from those free robux generators😭

8:18 the 4th server in your servers list....

7:33 Also, there is a typo which says "entitelemnts", so this has no chance to work

I love how they basically scream that their code is best and multithreaded, but no actual threading in code.

I ran quite a lot of nitro generators without even knowing what perks were in the past. Fortunately i changed OS few times.

If I were in a situation like this, I would absolutely NOT spam their webhook. That would be a huge waste of time. Just tweak the code a little so it sends EVERY nitro link to the webhook instead of just the valid ones :)

its like giving your 20 years of luck to someone else lol

can you make video about "User is suspected..."?

Lmao the mwah at the end gets me everytime, it's weirdly sweet

My guy, you need some CyberChef chef in your life.

you seem like a good programmer since everything you did was correct

man these nitro generators are absolutely hilarious By the by, some knowledge of ROT13 for the curious: ROT13 is not computer encoding but a _cipher._ If anyone here knows Caesar Cipher, it's that basically. For the uninitiated: It's an "encoding" where each letter is shifted a number of letters up or down. Take the case of the letter E, which is the fifth letter. If we say "shift three up", that means we need to find the third letter _after_ it, which is H. If we say "shift two down", that's the second letter _before_ it, which is C. ROT13 is a special form of these ciphers, since the ROT13 makes you find the thirteenth letter after it... which is also the thirteenth letter before it. That's because there are 26 letters in the alphabet, so you only need to find the letter of the ciphered letter's mirror position. (Example, if the ciphered letter is A, then the decoded letter is Z.)

wow no cap discord really should make you a mod

the even bigger problem is that Discord did nothing to gives users more so that less likely they would want Nitro and so is the chance they fall into those scams.

i'm imagining someone sending the scammer spam messages using his webhook link.

Christmas rewards basically pulled up the community bitcoin mining card lmao

Damn Rewards Server Still Exist?

I'm not too completely sure on how this all works, but you explained it really well! It was also interesting to watch for some reason, and fulfilled the promise of it being satisfying. Thank you for entertaining 9 minutes of my day lol.

There are safe ways to run shady programs and code including using a VM.

Jeffrey really matches the "Nerd" PFP in Discord

Wait, so technically couldn’t you change the code and make it so you get the nitro? Update: I got it to work if you replace the webhook url with one of your own

2:29(when you run out of words to say) * ntts * "so my computer is a little "drunk""

Yes

python dev here. it literally says “import random, string” at the top, which basically means they can generate random strings of text 💀

8:05 OK but this does mean that if someone was really desperate for free nitro, they could rewrite the code to NOT send the valid codes to the webhook and instead have it print them. I know what I must do.

I love videos like this because it takes away this façade hackers have, that they are some type of coding god or mastermind, but in reality its just garbage code packaged in a different way.

if you de-obfuscated it, couldn't you just remove the bit where it asks discord's api "Is this code legit" and treat EVERY code it generates as legit, such that they receive a bunch of useless links?

Fun Fact: In Python, to add a note you need to add # or #[space] (can vary I think idk I’m new to Python) to create a note which doesn’t count as code which means the code shown at 2:02 is probably fake. Oof I messed up the spelling of “space” Also uhh a lot of the “[name]=“ stuff and “[“[int]/[value]”]” are just variable text. IGNORE THIS COMMENT AS I MAY BE WRONG!

Since python obfuscation still needs python to run clear code, you can simply replace the eval() or run() with print()

Could you just remove the part with the send it to the owner of the program and instead use it for yourself or like send it to yourself?

1:40 Steven He

3:33 rot13 is actually a letter substitution cipher, which replaces a letter with the 13th letter after it! Hope this helps!

You could also just replace the last 'eval(compile(...))' with a print. Then running the code in replit would have it print out the deobfuscated version.

Wouldn’t I be able to change the webhook to my own? So I get the link?

So basically, the owners of the server got a random script from the internet, not knowing what it does and not knowing any code at all, and shares it with over 200 people, and it ends up scamming no one, as it doesnt work. Theres no winner or looser in this story.

Roockie mistake that verification system to the gift codes will just be timed out after like 5 tries. They should use some way to mask the ip. Also this type of system of brute force can run for a full year without find anything. Anyways great video!

When a nitro code is bought you have 48h to claim it. So if the code isnt claimed within 48h it will be regenerated and the chance of a script kiddie guessing it is 1 in 218,340,105,584,896.

bro really said to the scammers "dude your code sucks and your encryption sucks let me tell you what you should be doing to code anything really"

Who else tried to join the server to troll the owner but saw that its not on disboard anymore :P

Sheeesh this man is really good on explaining stuff with code, bruv make like a whole 30 min video about smth that is normal if you scripted it(planned it) cuz it is very not boring

instead of doing all this base64 stuff you could've just removed the evals and printed it lmfao.

Bro you just ruined my whole plan

its almost like they are creating their own botnet to bruteforce nitro codes

Code obfuscation and written in a super modern high level language? Wow, that's original. Assemblomaniacs have had you all beat for _centuries_

If you remove the webhooks, you can technically keep the working nitro codes but make sure to run the script on a VM or something

7:35 "entitelemnts" thats totally a valid endpoint

I really love how satisfying it is to bruteforce poorly obfuscated code, i once did that with one of the exploits and it was poorly obfuscated that most of obfuscation was redirecting to unobfuscated source code. It's honestly funny seeing how their obfuscation just miserably fails and ends up exposing source code. Also, I'm pretty sure everyone know that you would never run something that's obfuscated so, it makes it even funnier.

i'm actually surprised they didn't add cookie loggers to it

that outro was the most beautiful thing I have ever seen

A NEW NTTS VIDEO WOO

Lololololol rot13 I've never seen someone use a rotation cypher in the wild, that's amazing, brings me right back to childhood learning about encryption

I just got doxxed because i sent a sticker

Nice explain, Shit like this happen really often and... Sometimes they send a software. I analysed it with the fantastic linux ubuntu terminal (i didn't decoded it cause i wanted to have some stuff like the pyinstaller), and it litteraly the same as this shit but in a software with a virus that litteraly take your discord token from your discord application. Well cya stay safe!

i feel bad for anyone who falls for this tbh

Hey NTTS I was wondering how you got your Notepad++ to have the whole thing fit on the screen. My code runs off and no matter how hard I look for a margin video I can't find one lol.

The funniest thing is once you decode the program, you can just change one line of code so you get the nitro instead (don't do this, it's illegal).

You can also delete any webhook by its URL, if you send a HTTP request to the webhoook url with the 'DELETE" http method it will completely delete the webhook, its on the discord developers documentation

quick question, what is that server with the jenny image?

the "muac" at the end always makes my brain release dopamine