[Question] Snapshot password decryption

I got a question regarding snapshots created with a password.

I was able to figure out, that snapshots without a password are first compressed using ZStandard compression and then encoded using base64. That was the easy part.

But this far I was not able to figure out the algorithm used to encrypt the snapshot with the password. I guess it is something like aes-256 but what method is used to transform the password to a suitable key (if it even is aes).

Can you help me out here? I simply want to decode my snapshots but don’t want to lose the protection of a password.

MfG
Philipp

Ok, this is how far I got till now (not very far): I am pretty sure about the aes thing and I also think that it uses a block size of 16 bytes (aes-128). This would mean we need a 128 bit key. Looking at other algorithms TS3 uses I would go with something like MD5(MD5(password) + salt) or maybe MD5(password+salt).

The questions remaining are:

  • Do I need to decode the base64 salt or is the base64 string used
  • What mode is used with aes
  • Is it even aes
  • Why am I doing this again

The only sort of proven thing right now is the 128 bit block size.

I would really appreciate any help from anyone on this.

MfG,
Philipp

1 Like

Another Update from my side:

It is using the ECB mode since the ciphers of the same snapshot are different everytime I generate them.

@TeamSpeakStaff Can you help me out here? Or is this something you are either not allowed or not able to tell me. Any kind of response would help.

Thanks
MfG

@TS.ChrisR anything?

I have another update: It is using AES for encryption. I noticed the logline:

Using hardware aes

in the serverlog.

So this uncertainty is cleared.

twitch instagram twitter facebook