End to End Encryption on Discord

*Disclaimer this is for educational use only and I do not take responsibility for anything that you may choose to do with this code

The engineers and developers at Discord are very, very clever people. Being so clever begs the question “Why don’t they provide E2E encryption?”. Well, in the age where information is money the answer is very clear.

In Discord’s TOS they state very clearly that any messages or information passed over their system voluntarily will become their property. If you read message boards across the internet they will say that they won’t encrypt for your safety because there are bad people doing bad things. Well, that is true.. but “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” — Benjamin Franklin

I went on to try and figure out what I could do about this for myself, and for anyone else who loves privacy and encryption and I present to you my solution.

This solution is for the Desktop version, and although not tested browser version of the Discord service.

The brilliant minds at Discord decided to make the desktop application in Electron. Which is basically just a chromium browser.

So you may be astounded to find out when you complete step one.

Step One:

Open your discord application and press CTRL+SHIFT+I

This will bring up the chrome developer tools. Yep. All those interesting tools used for debugging applications built right into your desktop client.

Step Two:

Click the tab that says “Console”.

This console gives you direct access into the javascript powering your discord client. Through this we can upload our own custom script that will allow us to communicate via encryption.

Step Three:

**Copy the code from the following link: **

Code

Step Four:

Update the following line on the script:

var SECRET_KEY = “CREATE YOUR OWN SECRET KEY HERE”

Whatever secret key you choose the people you want to be able to see your messages in your servers will also need to know this key, and update their copy of the code as well.

Step 5:

Paste all of the code into the console terminal and hit enter.

Viola!

By using the prefix == your messages will be encrypted. The code will automatically decrypt any encrypted messages sent to you (as long as you have the appropriate key for the code).

The magic in this code is to intercept XHR requests leaving your browser and encrypt the content as seen here:

(function(send) {

    XMLHttpRequest.prototype.send = function(data) {

        if (data) {

           var jsn = JSON.parse(data)

           if(jsn.content.toString().substring(0,2) == PREFIX) {

           plaintxt = jsn.content.substring(2)

           jsn.content = "eMsg: " + CryptoJS.AES.encrypt(plaintxt, SECRET_KEY).toString();

          data = JSON.stringify(jsn)

          }

      }

    send.call(this, data);

};

Use at your own risk I do not know if this breaks Discords TOS, but I’m betting they want your data.