I got a question regarding snapshots created with a password.
I was able to figure out, that snapshots without a password are first compressed using ZStandard compression and then encoded using base64. That was the easy part.
But this far I was not able to figure out the algorithm used to encrypt the snapshot with the password. I guess it is something like aes-256 but what method is used to transform the password to a suitable key (if it even is aes).
Can you help me out here? I simply want to decode my snapshots but don’t want to lose the protection of a password.
Ok, this is how far I got till now (not very far): I am pretty sure about the aes thing and I also think that it uses a block size of 16 bytes (aes-128). This would mean we need a 128 bit key. Looking at other algorithms TS3 uses I would go with something like MD5(MD5(password) + salt) or maybe MD5(password+salt).
The questions remaining are:
- Do I need to decode the base64 salt or is the base64 string used
- What mode is used with aes
- Is it even aes
- Why am I doing this again
The only sort of proven thing right now is the 128 bit block size.
I would really appreciate any help from anyone on this.
Another Update from my side:
It is using the ECB mode since the ciphers of the same snapshot are different everytime I generate them.
@TeamSpeakStaff Can you help me out here? Or is this something you are either not allowed or not able to tell me. Any kind of response would help.
I have another update: It is using AES for encryption. I noticed the logline:
Using hardware aes
in the serverlog.
So this uncertainty is cleared.