Connection info spoofer and custom ping [till server 3.0.11.4]

0day

Contributor
Oct 16, 2015
140
268
148
https://www.virustotal.com/en/file/...906f76e0e82361aee36f108b/analysis/1446671983/


SHA256: 1b2ce729739a317d8ccebbcde726342c22490484906f76e0e82361aee36f108b
File name: Ts3 Spoof 3.0.18.1-2.zip
Detection ratio: 0 / 54
Analysis date: 2015-11-04 21:19:43 UTC ( 0 minutes ago )






This is for the 32 bit version of ts3 version 1.0.18.1-1.0.18.2


For those who do not know.

The "IP HIDER "spoof on" makes all of your connection information stick on retrieving for anyone viewing it from the connection info option like so...

yup.png


UPDATE 10/31/2015
Completely re-coded program, it now all functions from the system tray and checks if ts3 is running with the option to rehook incase you open it before opening ts3.


Incorporated name steal into spoofer.

Added Spoofer support for up to three open tabs. TS3 starts doing something funky after three tabs and have not had time to reverse it further. As of now this is how it stands until I get another wild hair lol.

Overall I think this will have a much better feel and will not be in the way so much.

Have fun.

10/31/2015 0day aka Zeroday(++)


Start ts3, Run program, The rest is self explanatory, let me know if you get any errors.
If you open it before running ts3 follow the procedure below. <-totally okay.
If you close ts3 with it still running and notice issues follow procedure below <- totally okay.
Just open/reopen ts3, go to program in system tray right click and click hook.

Note, once successfully hooked once, the program will auto hook each time if ts is closed until you reboot and continue the last action you had running unless you shut that action off.



Click (ON) to spoof connection info. Click OFF to return to normal.
Click (ON) to set custom ping. Click OFF to return to normal.
Custom ping and spoofer can not run at the same time.
To steal someones name, simply copy it from ts and paste it in the box and click Change name it will then
copy the exploited name to your clipboard. Paste it in to ts and have fun.
This whole program was designed for learning purposes only, only use on your own server.
image.png

right click
image.png




DOWNLOAD: http://www.megafileupload.com/mdbL/Ts3_Spoof_3.0.18.1-2.zip
Backup link: http://s000.tinyupload.com/?file_id=00747574647226136808
 
Last edited:

9dc

Member
Sep 21, 2015
47
18
43
whats spoof connection info exactly? Can i put in my own values?
 

0day

Contributor
Oct 16, 2015
140
268
148
Only on the ping so far, you can put what ever you would like in there- essentially it is the same tried and true method for blocking Client Connection Info but updated to work with (1.0.18.1 32 bit) after they changed the way they handed the value. :)
 

Supervisor

Administrator
Apr 27, 2015
1,863
2,546
335
I viewed the source code. Seems to look good (he could still hide something in there he didn't send me, so be careful anyways :p)
 
Jul 15, 2015
49
25
53
I tried it, it work on 3.0.18.2 on server : 3.0.11.4 nice, same of cheat engine fake infos but this is more simple with this program : )
 

0day

Contributor
Oct 16, 2015
140
268
148
What version of the .net framework are you running Derp? Also what os are you on?
 

0day

Contributor
Oct 16, 2015
140
268
148
Ah alright I think I see what is going on here, here is a recompiled version targeting the 4.0 .net framework.

This Jiangmin AV is annoying lol. Promise it is only detecting the R&W to memory module. Should probably just update it so it does not scare the junk AV lol.

SHA256: 6c3c56cbd44ac0a2ab2f54a3d559fece491911d3b9baad2b60224a53591034ec
File name: TEAMSPEAK Spoof 1.0.18.1 net 4.0.exe
Detection ratio: 1 / 55
Analysis date: 2015-10-28 18:38:10 UTC ( 1 minute ago )

https://www.virustotal.com/en/file/...b9baad2b60224a53591034ec/analysis/1446057490/

Download link:
OUT DATED
 
Last edited:

0day

Contributor
Oct 16, 2015
140
268
148
Ignore the fact that it used to be named TS OWN 1.6 lol - that was a long time ago on a late night when I first made the program for version 3.0.16-
I know using the term OWN on anything is juvenile and dates me as an old man lol. Sometimes it's just late and you think you will never reuse that project file lol. Let alone share the binary with anyone lol.
 

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
Ah alright I think I see what is going on here, here is a recompiled version targeting the 4.0 .net framework.

This Jiangmin AV is annoying lol. Promise it is only detecting the R&W to memory module. Should probably just update it so it does not scare the junk AV lol.

SHA256: 6c3c56cbd44ac0a2ab2f54a3d559fece491911d3b9baad2b60224a53591034ec
File name: TEAMSPEAK Spoof 1.0.18.1 net 4.0.exe
Detection ratio: 1 / 55
Analysis date: 2015-10-28 18:38:10 UTC ( 1 minute ago )

https://www.virustotal.com/en/file/...b9baad2b60224a53591034ec/analysis/1446057490/

Download link:
http://www.megafileupload.com/5oag/TEAMSPEAK_Spoof_1.0.18.1_net_4.0.zip


It's Ok

I monitored the executable in an isolated environment(Security reasons), It is not doing anything suspicious.

Great release @0day
Glad to have you in r4p3 ;)
 

0day

Contributor
Oct 16, 2015
140
268
148
It's Ok

I monitored the executable in an isolated environment(Security reasons), It is not doing anything suspicious.

Great release @0day
Glad to have you in r4p3 ;)
Understandable, I do not run anything unless I see the source code and compile it myself. I am a paranoid like that :p

Thank you and good to be here! I thought I was the only person who messed with teamspeak; it seems I have finally found my people XD.
 

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
Suggestion: Multiple Tabs Support?

I'm not a reverse engineerer but, I think it should be achievable, maybe by manually searching into the MemoryBlock where you're getting the serverid from
 

No-X

Member
Oct 8, 2015
15
2
38
SHA256: 84ba7378305c6b892cb5014c9d461873ad8d74d80f38f776f28312f0d924399c
Назва файлу: TEAMSPEAK SPOOF 1.0.18.1.exe
Співвідношення виявлення: 1 / 56
Дата дослідження: 2015-10-21 00:19:22 UTC ( 1 хвилина тому )

https://www.virustotal.com/uk/file/...0f38f776f28312f0d924399c/analysis/1445386762/
This is for the 32 bit version of ts3 version 1.0.18.1

Start ts3, Run program, The rest is self explanatory, let me know if you get any errors.


Click (CLICK SPOOF CONNECTION INFO) to spoof connection info. Click again to return to normal.
Click (SET CUSTOM PING) to set custom ping. a BOX WILL POPUP, ENTER WHAT YOU WANT.
Click (Fake Lost Connection) to kill ts and look like you lost connection, "gets you out of akward conversations lol."
ssss.png




File contains a zip folder containing a single .exe named (TEAMSPEAK SPOOF 1.0.18.1), be sure to verify SHA and scan yourself.
http://www.megafileupload.com/hVU1/TEAMSPEAK_SPOOF_1.0.18.1.zip

can you make one for 64x Bit ? and thnx
 
Top