TeamSpeak 3 Protocol

MazeMcRoy

Member
Oct 17, 2015
20
11
35
And yes it is on Linux
"2015-10-18 19:32:34.183642|INFO | | | SystemInformation: Linux 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST 2015 x86_64 Binary: 32bit" ...
 
Nov 7, 2015
53
78
53
That's obviously for TeamSpeak 2.

---

MazeMcRoy, I see you broke through the firewall, if you know what I mean. ;)
Props for digging through the ASM code. The dump is pretty interesting and insightful.

Furthermore it's kinda hilarious that the TS devs opted for a regular ASCII protocol - a pretty shitty ASCII protocol that is. The ServerQuery syntax and escaping are horrific.
 
Last edited:

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
2015-10-18 19:32:34.682454|INFO |ClientUI | | Using configuration location: /home/mazemcroy/.ts3client/settings.db
I guess so
 

JohnDong

Member
Nov 1, 2016
11
7
38
It has come to my attention that not enough research has been put into decryption of the TeamSpeak 3 protocol. The TeamSpeak 3 protocol is proprietary, you may already know this.

TeamSpeak 3 runs via UDP (9987 by default), while UDP is the low-level protocol being used for connections to a TeamSpeak 3 server, the high-level protocol is the TeamSpeak 3 proprietary one. So when you connect to a server, it works like this:
  1. You click on Connect.
  2. Your client knows the TeamSpeak 3 proprietary protocol and sends the information encrypted for the TeamSpeak 3 protocol.
  3. The information is exchanged via the low-level protocol UDP.
This makes it harder than if TeamSpeak 3 just used UDP to exchange the information. They likely did this for many reasons, mainly security. The good thing is that although they have added this security, it is POSSIBLE to work around it.

There are a few examples of why someone would want the TeamSpeak 3 proprietary protocol encryption/decryption method, here are some.
  • Make fake connections to a server, filling up user slots. This would disallow other users from joining if full.
  • Make a complaint/report bot, 5 bots join a server and report a specific client resulting in a 20 minute ban by default.
  • Allow opensource programs to connect to TeamSpeak 3 servers (Mumble) or even make your own TeamSpeak 3 protocol if you really wanted.
  • Send false information to the server just for fun --- have a 1337 ping or never be idle.
So, why this announcement? I am calling for anyone and everyone to get involved, only if desired. Go grab Wireshark, WireEdit, mmBBQ --- analyze the TeamSpeak 3 protocol and see if you can figure out how the protocol encryption works. If you find anything, please message me the information. For any correct information, VIP will be rewarded. :cool:

This is an interesting post about TS3 encryption: https://archive.is/rUTmb
This will definitely be useful also: http://www.blizzhackers.cc/viewtopic.php?p=4597974
This demonstrates listening to a VoIP conversation with Wireshark: https://cyberarms.wordpress.com/201...g-to-voip-conversations-from-packet-captures/
Sorry to resurrect an old thread but this is an excellent up-to-date rundown of the teamspeak 3 protocol: https://github.com/Splamy/TS3AudioBot/blob/master/TS3Client/ts3protocol.md
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
an excellent up-to-date rundown of the teamspeak 3 protocol
No need to apologize @JohnDong --- there are rare cases when a thread should be resurrected but this is a good time. Adding helpful information for the community is a perfect example. I appreciate your kindness in sharing this information and a major thanks to @Splamy along with @Bluscream for working to release exciting information about TeamSpeak 3!

This is a TeamSpeak 3 hook: https://github.com/ReSpeak/TS3Hook
 

JohnDong

Member
Nov 1, 2016
11
7
38
No need to apologize @JohnDong --- there are rare cases when a thread should be resurrected but this is a good time. Adding helpful information for the community is a perfect example. I appreciate your kindness in sharing this information and a major thanks to @Splamy along with @Bluscream for working to release exciting information about TeamSpeak 3!

This is a TeamSpeak 3 hook: https://github.com/ReSpeak/TS3Hook
I'm actually porting this to a python 3 library at the moment and I'm pretty much done with it besides cleaning everything up, sucks that there aren't many libraries for ECDH key exchange :(, thanks for all the hard work @Splamy.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
I'm actually porting this to a python 3 library at the moment and I'm pretty much done with it besides cleaning everything up, sucks that there aren't many libraries for ECDH key exchange :(, thanks for all the hard work @Splamy.
When you finish, do you think you will open source it? No hard feelings if you don't.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
I'm always for open-source things: https://github.com/VisualStudio-zz
I have an interesting idea about making a custom TeamSpeak 3 client and TeamSpeak 3 server (hopefully get rid of this mostly) platform. Ideally one would fork TS3 client/server and begin rebuilding it to work on a blockchain architecture. Then perhaps all users could be joined into some sort of a P2P chat based on the channel they are in. VPNs could be highly encouraged. If encryption is implemented properly, this certainly could strengthen overall VoIP security and before anyone's IP is leaked to someone else, there could potentially be a very slight intermediary in place to literally shield IPs. Kind of like a gate with yes/no. The idea is to prevent IP leaks, so while it is decentralized there could be somewhat of a central security mechanism to prevent IP leaks for the P2P implementation.

I am still brainstorming thoughts/ideas, I know this thread is not so much about changing the TeamSpeak 3 protocol, but I am strongly interested in ways VoIP platforms overall can be made more secure and resilient. Do you have any thoughts on this? Feel free to correct any part of my brainstorming.

Then again, since Mumble/Murmur is already open source perhaps that could be something to work with. I just specifically like the idea of making TeamSpeak 3 safer.

Personally what I would like to see from a VoIP platform is a friends list which supports grouping friends together, so you may launch group calls. E.g. John, Kara, Phil, Ken join into a call after hitting a green call button. Kara leaves, any of the 3 individuals may press the call button to ring Kara back. The idea of making whole servers for VoIP seems slightly dated. I think the hype thing nowadays is "my circle of friends", so one could add 30 people, group them together, and that could be clan chat split into subgroups of "World of Warcraft" etc. The client could choose to mute calls from a group. Start back from the basics and just listen to what everyone wants, build it up from there.

Sorry for such a long post, I am just really interested in how VoIP could be made simpler and secure for all. :cool::D
 
Last edited:

JohnDong

Member
Nov 1, 2016
11
7
38
I have an interesting idea about making a custom TeamSpeak 3 client and TeamSpeak 3 server (hopefully get rid of this mostly) platform. Ideally one would fork TS3 client/server and begin rebuilding it to work on a blockchain architecture. Then perhaps all users could be joined into some sort of a P2P chat based on the channel they are in. VPNs could be highly encouraged. If encryption is implemented properly, this certainly could strengthen overall VoIP security and before anyone's IP is leaked to someone else, there could potentially be a very slight intermediary in place to literally shield IPs. Kind of like a gate with yes/no. The idea is to prevent IP leaks, so while it is decentralized there could be somewhat of a central security mechanism to prevent IP leaks for the P2P implementation.

I am still brainstorming thoughts/ideas, I know this thread is not so much about changing the TeamSpeak 3 protocol, but I am strongly interested in ways VoIP platforms overall can be made more secure and resilient. Do you have any thoughts on this? Feel free to correct any part of my brainstorming.

Then again, since Mumble/Murmur is already open source perhaps that could be something to work with. I just specifically like the idea of making TeamSpeak 3 safer.

Personally what I would like to see from a VoIP platform is a friends list which supports grouping friends together, so you may launch group calls. E.g. John, Kara, Phil, Ken join into a call after hitting a green call button. Kara leaves, any of the 3 individuals may press the call button to ring Kara back. The idea of making whole servers for VoIP seems slightly dated. I think the hype thing nowadays is "my circle of friends", so one could add 30 people, group them together, and that could be clan chat split into subgroups of "World of Warcraft" etc. The client could choose to mute calls from a group. Start back from the basics and just listen to what everyone wants, build it up from there.

Sorry for such a long post, I am just really interested in how VoIP could be made simpler and secure for all. :cool::D
It definitely is possible, I like the thought of being able to manipulate based on events like when a client joins a channel you could make others appear accordingly to make the server not so cluttered with channels.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
It definitely is possible, I like the thought of being able to manipulate based on events like when a client joins a channel you could make others appear accordingly to make the server not so cluttered with channels.
Yeah, I think what ends up happening with nearly all communication software is somehow it ends up cluttered. I think keeping things simple always wins hearts!
 
Top