Teamspeak 3 Server Classes

T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
I did some reversing on the pointers in Teamspeak Server 32bit but its messy like FUCK

heres the classes i have generated already for the server, Can be used for modifiying settings etc.

Latest classes v3.0.13.4 https://gist.github.com/JABirchall/4952707206510e320f2257515af36cc9
Base pointer: "ts3server.exe"+0062349C
reClass project file: https://mega.nz/#!jcUnUZoJ!9HP8RkU6pnssXvGVe0eqvJIQz7Fp7beic2ucW8jF8Zg

F.A.Q
Q. What is this?
A. This is a manual reversed class set for Teamspeak 3 Servers

Q. How do i use it
A. if you're lucky and it works, you use this this as a C++ header file to access data inside the process of teamspeak 3 server.

Q. Can I crack teamspeak server with this
A. It hasnt been done yet, but yes it should be very possible. and a lot more Hopefully. Imagine bots, fake clients, server bridging and alot more.

Q. Will you do it for me
A. No, I do this in my free time and when I can give enough fucks.

Q. What if i pay you
A. $50/hour sure.

Q. I want to help you reverse the server how can i help you.
A. Cool, the more experienced people helping the better. you can download the current progress I have released and start there. If you think you cracked something PM me your current progress.
Download: https://mega.nz/#!jcUnUZoJ!9HP8RkU6pnssXvGVe0eqvJIQz7Fp7beic2ucW8jF8Zg

Q. Are you DrWhat from Unknowncheats
A. yes sir

Q. Sign my profile
A. noooo

Q. Will you reverse the client.
A. Maybe, I would assume most of the classes would be the same, Like transmission, and TeamspeakString etc. You should be able to get a good start using some classes from teamspeaks Server.
 
Last edited:
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
Well, I had finished reversing the VirtualServerBase::class >.> Started reversing Client::class
gone 2 hours in and
rmKX78w.png


Didn't save any of my work >.>
on another note you can
qs5vn0l.png

and teamspeak doesnt care.

And I did find the absolute base pointer:
ts3server_win32.exe+0043A850
 
Last edited:
Kaptan647

Kaptan647

Retired Staff
Contributor
Apr 25, 2015
314
395
112
If you need any help just let us know. We will happly help you although i dont have any reverse engineering history. This would be first for me :)
 
Bluscream

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
Did you tried to connect more than 32 clients? I think it's more a cosmetic change ...

Nice to see someone using my plugin :p
 
Last edited:
0day

0day

Contributor
Oct 16, 2015
140
268
148
DrWhat, Why you no have Uknowncheats AVATAR?
avatar398315_5.gif


Ahh that is better.
 
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
heres an update for VirtualServerSettings::class

Code: 
class VirtualServerSettings
{
public:
   TeamspeakString* uniqueID; //0x0000
   TeamspeakString* files; //0x0004
   DWORD online; //0x0008
   char pad_0x000C[0x4]; //0x000C
   TeamspeakString* VirtualServerName; //0x0010
   char pad_0x0014[0xC]; //0x0014
   TeamspeakString* WelcomeMessage; //0x0020
   char pad_0x0024[0xC]; //0x0024
   TeamspeakString* osType; //0x0030
   char pad_0x0034[0xC]; //0x0034
   TeamspeakString* version; //0x0040
   char pad_0x0044[0xC]; //0x0044
   DWORD maxClients; //0x0050
   char pad_0x0054[0xC]; //0x0054
   TeamspeakString* password; //0x0060
   char pad_0x0064[0xC]; //0x0064
   DWORD totalWithQuery; //0x0070
   char pad_0x0074[0xC]; //0x0074
   DWORD channels; //0x0080
   char pad_0x0084[0xC]; //0x0084
   DWORD created; //0x0090
   char pad_0x0094[0xC]; //0x0094
   DWORD serverUptime; //0x00A0
   char pad_0x00A4[0xC]; //0x00A4
   DWORD encryption; //0x00B0
   char pad_0x00B4[0x9C]; //0x00B4
   TeamspeakString* keyPair; //0x0150
   char pad_0x0154[0xC]; //0x0154
   N0000188C* hostMessage; //0x0160
   char pad_0x0164[0xC]; //0x0164
   DWORD hostMessageMode; //0x0170
   char pad_0x0174[0xC]; //0x0174
   TeamspeakString* filebase; //0x0180
   char pad_0x0184[0xC]; //0x0184
   DWORD defaultServergroup; //0x0190
   char pad_0x0194[0xC]; //0x0194
   DWORD DefaultChannelGroup; //0x01A0
   char pad_0x01A4[0xC]; //0x01A4
   DWORD passwordFlag; //0x01B0
   char pad_0x01B4[0xC]; //0x01B4
   DWORD defaultChannelId; //0x01C0
   char pad_0x01C4[0xC]; //0x01C4
   __int32 downloadQuota; //0x01D0
   char pad_0x01D4[0xC]; //0x01D4
   __int32 uploadQuota; //0x01E0
   char pad_0x01E4[0xC]; //0x01E4
   TeamspeakString* hostBannerUrl; //0x01F0
   char pad_0x01F4[0xC]; //0x01F4
   TeamspeakString* hostBannerGfxUrl; //0x0200
   char pad_0x0204[0xC]; //0x0204
   DWORD hostBannerGfxInterval; //0x0210
   char pad_0x0214[0xC]; //0x0214
   DWORD complainBanCount; //0x0220
   char pad_0x0224[0xC]; //0x0224
   DWORD complainbanTime; //0x0230
   char pad_0x0234[0xC]; //0x0234
   DWORD complainRemoveTime; //0x0240
   char pad_0x0244[0xC]; //0x0244
   DWORD minClientForceSilence; //0x0250
   char pad_0x0254[0x10]; //0x0254
   float prioritySpeakerDimmModifier; //0x0264
   char pad_0x0268[0x8]; //0x0268
   DWORD virtualServerid; //0x0270
   char pad_0x0274[0xC]; //0x0274
   DWORD antiFloodPointsPerTick; //0x0280
   char pad_0x0284[0xC]; //0x0284
   DWORD antiFloodPointsBlockCommand; //0x0290
   char pad_0x0294[0xC]; //0x0294
   DWORD antiFloodPointsBlockIp; //0x02A0
   char pad_0x02A4[0xC]; //0x02A4
   DWORD clientConnectionsCount; //0x02B0
   char pad_0x02B4[0xC]; //0x02B4
   DWORD queryClientConnectionsCount; //0x02C0
   char pad_0x02C4[0xC]; //0x02C4
   TeamspeakString* hostButtonTooltip; //0x02D0
   char pad_0x02D4[0xC]; //0x02D4
   TeamspeakString* hostButtonUrl; //0x02E0
   char pad_0x02E4[0xC]; //0x02E4
   TeamspeakString* hostButtonGfxUrl; //0x02F0
   char pad_0x02F4[0xC]; //0x02F4
   DWORD queryClientsOnline; //0x0300
   char pad_0x0304[0xC]; //0x0304
   __int32 monthDownloadQuota; //0x0310
   char pad_0x0314[0xC]; //0x0314
   __int32 monthUploadQuota; //0x0320
   char pad_0x0324[0xC]; //0x0324
   DWORD monthdownload; //0x0330
   char pad_0x0334[0xC]; //0x0334
   DWORD monthUpload; //0x0340
   char pad_0x0344[0xC]; //0x0344
   DWORD totalDownload; //0x0350
   char pad_0x0354[0xC]; //0x0354
   DWORD totalUpload; //0x0360
   char pad_0x0364[0xC]; //0x0364
   __int32 Port; //0x0370
   char pad_0x0374[0xC]; //0x0374
   DWORD autoStart; //0x0380
   char pad_0x0384[0xC]; //0x0384
   TeamspeakString* machineId; //0x0390
   char pad_0x0394[0xC]; //0x0394
   DWORD securityLevel; //0x03A0
   char pad_0x03A4[0xC]; //0x03A4
   DWORD logClient; //0x03B0
   char pad_0x03B4[0xC]; //0x03B4
   DWORD logQuery; //0x03C0
   char pad_0x03C4[0xC]; //0x03C4
   DWORD logChannel; //0x03D0
   char pad_0x03D4[0xC]; //0x03D4
   DWORD logPermissions; //0x03E0
   char pad_0x03E4[0xC]; //0x03E4
   DWORD logServer; //0x03F0
   char pad_0x03F4[0xC]; //0x03F4
   DWORD logFiles; //0x0400
   char pad_0x0404[0xC]; //0x0404
   DWORD minClientVersion; //0x0410
   char pad_0x0414[0xC]; //0x0414
   TeamspeakString* phoneticName; //0x0420
   char pad_0x0424[0xC]; //0x0424
   DWORD iconId; //0x0430
   char pad_0x0434[0xC]; //0x0434
   DWORD reservedSlots; //0x0440
   char pad_0x0444[0xC]; //0x0444
   DWORD packetLossSpeech; //0x0450
   char pad_0x0454[0xC]; //0x0454
   DWORD N0000118B; //0x0460
   char pad_0x0464[0xC]; //0x0464
   DWORD N0000118F; //0x0470
   char pad_0x0474[0xC]; //0x0474
   DWORD N00001193; //0x0480
   char pad_0x0484[0xC]; //0x0484
   DWORD totalPing; //0x0490
   char pad_0x0494[0xC]; //0x0494
   TeamspeakString* bindIp; //0x04A0
   char pad_0x04A4[0xC]; //0x04A4
   DWORD webList; //0x04B0
   char pad_0x04B4[0xC]; //0x04B4
   TeamspeakString* generatesPriKey; //0x04C0
   char pad_0x04C4[0xC]; //0x04C4
   DWORD askForPrivKey; //0x04D0
   char pad_0x04D4[0xC]; //0x04D4
   DWORD hostBannerMode; //0x04E0
   char pad_0x04E4[0xC]; //0x04E4
   DWORD tempChannelDeleteDelay; //0x04F0
   char pad_0x04F4[0xC]; //0x04F4
};//Size=0x0500
full class reversed
btw variables N0000118B, N0000118F, N00001193 are some kind of packet loss or ping but i couldnt find which one was which, Voice was easy because i could simulate lag. its harder with others (chat etc)
 
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
Bluscream said:
Did you tried to connect more than 32 clients? I think it's more a cosmetic change ...

Nice to see someone using my plugin :p
Click to expand...
I didn't, but i did find a place to byte patch to crack the server in the Accounting::class. So I may release a real cracked teampeak3 server soon, No emulator needed.
But I released the VirtualServerSettings class, So try it your self.
 
Last edited:
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
im uploading a quick tutorial to show you how easy it is to Start reversing teamspeak
EDIT: Youtube destroyed the video quality so I'm trying a second time under different render settings

 
Last edited:
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
update: SDK with updated classes, pointer and variable names. this also has license manager partly reversed.
Since the sdk is larger then 10000 I will upload it with the reclass project.

I made a small kit :p Download it here: https://mega.nz/#!OMMHRYoZ!baSLeuPd8Q_dLvlHklbmcmGU_oJs-aPEDt-1KauUsnE
Contains, SDK.h as it currently stands, Reclass and current Reclass project.

*note, Classes with END at the end of them are classes I know finish at that point, So there is no point trying to reverse after that point as you may be reversing a different class or a completely different process
 
Last edited:
T

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
Last edited:
ehthe

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,029
896
216
Well I'm no real reverse engineer, I just know my way around IDA :D
I don't even correctly understand what a base pointer is xD
 
Derp

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
@DrWhat me and the others have been pretty busy lately, I'll see if I can push some commits on yumbbq later just to get things running.

Thanks :)
 
dedmen

dedmen

TeamSpeak Developer
Contributor
Mar 28, 2016
530
583
157
TeamspeakString is just std::string compiled on gcc. And ... zZz
 
TrueStory

TrueStory

Member
Dec 14, 2015
32
40
53
I am also interested in this if you guys still playing around with it - jut got a copy of hopper to run it on Linux since i was unable to find a IDA version cracked for linux :)
 
You must log in or register to reply here.
Top