[Question] Snapshot password decryption

schoeppi5 · February 2, 2021, 8:11pm

I got a question regarding snapshots created with a password.

I was able to figure out, that snapshots without a password are first compressed using ZStandard compression and then encoded using base64. That was the easy part.

But this far I was not able to figure out the algorithm used to encrypt the snapshot with the password. I guess it is something like aes-256 but what method is used to transform the password to a suitable key (if it even is aes).

Can you help me out here? I simply want to decode my snapshots but don’t want to lose the protection of a password.

MfG
Philipp

schoeppi5 · February 2, 2021, 11:48pm

Ok, this is how far I got till now (not very far): I am pretty sure about the aes thing and I also think that it uses a block size of 16 bytes (aes-128). This would mean we need a 128 bit key. Looking at other algorithms TS3 uses I would go with something like MD5(MD5(password) + salt) or maybe MD5(password+salt).

The questions remaining are:

Do I need to decode the base64 salt or is the base64 string used
What mode is used with aes
Is it even aes
Why am I doing this again

The only sort of proven thing right now is the 128 bit block size.

I would really appreciate any help from anyone on this.

MfG,
Philipp

schoeppi5 · February 3, 2021, 10:58am

Another Update from my side:

It is using the ECB mode since the ciphers of the same snapshot are different everytime I generate them.

schoeppi5 · February 5, 2021, 10:28am

@TeamSpeakStaff Can you help me out here? Or is this something you are either not allowed or not able to tell me. Any kind of response would help.

Thanks
MfG

schoeppi5 · February 5, 2021, 7:45pm

@TS.ChrisR anything?

schoeppi5 · February 5, 2021, 8:00pm

I have another update: It is using AES for encryption. I noticed the logline:

Using hardware aes

in the serverlog.

So this uncertainty is cleared.