Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:58

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
 Post subject: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 20:11 

Joined: 24 Jul 2009 19:56
Posts: 3
Hello world!
if read the note
Quote:
the file TeamSpeak.Conf of TeamSpeak is simply XORed with the bytes "0xAD 0xA6 0x6D 0xAD" and the remaining bytes which don't fit a block (so file_length % 4) XORed with 0xAD


Can someone Post an example written in VB.NET or C#?

I dont really understand the last part. If the (file_lenght % 4) = 2, you should read the last 2 bytes and XOR them with 0xAD into a var... and later i should take this var to xor the reults of the XORation of 0xAD ?

VERY BAD ENGLISH, SRY

hope youll help


Top
 Profile  
 
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 20:25 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes exactly.
for example if the file is 11 bytes long you must xor the first 8 bytes with the usage 0xad 0xa6 0x6d 0xad sequence and the last 3 with 0xad like the following example:

xor string: 0xAD 0xA6 0x6D 0xAD 0xAD 0xA6 0x6D 0xAD 0xAD 0xAD 0xAD


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 21:13 

Joined: 24 Jul 2009 19:56
Posts: 3
so, if the config is like:
Code:
0x3F 0x3F 0x3F 0x6D     0x3F 0x3F

should i do it like this? :
Code:
deccontent = ""
deccontent &= convert.ToChar( 0x3F XOR 0xAD )
deccontent &= convert.ToChar( 0x3F XOR 0xA6 )
deccontent &= convert.ToChar( 0x3F XOR 0x6D )
deccontent &= convert.ToChar( 0x6D XOR 0xAD )
deccontent &= convert.ToChar( 0x3F XOR 0xAD )
deccontent &= convert.ToChar( 0x3F XOR 0xAD )


and that was it?


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 21:18 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes, it's correct (the xor bytes because I don't know that language)


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 21:27 

Joined: 24 Jul 2009 19:56
Posts: 3
its not a language.. its just to diplay what i meaned.

Now i wrote this code In VB.NET and it still returns incorrect letters, can you find the mistake?

Code:
  Sub Main()
        Dim TEAMSPEAK_CONF_PATH As String = "C:\ts.conf"
        Dim TsConfContent As String = New StreamReader(TEAMSPEAK_CONF_PATH).ReadToEnd

        Dim FinString As String = ""
        Dim CharCount As Int64

        Dim BytesWhichDontFit As Int32 = TsconfContent.Length Mod 4

        For Each c As Char In TsconfContent
            Dim b As Byte
            If CharCount >= TsConfContent.Length - BytesWhichDontFit Then
                b = Asc(c) Xor &HAD
                FinString &= Chr(b)
            Else
                b = Asc(c) Xor GetByteFromArray(CharCount)
                FinString &= Chr(b)
            End If
            CharCount += 1
        Next

        Dim str As New StreamWriter("C:\ts_dec.lol")
        str.Write(FinString)
        str.Close()

        Console.ReadLine()
    End Sub

    Private Function GetByteFromArray(ByVal Count As Int64) As Byte
        Dim b() As Byte = {&HAD, &HA6, &H6D, &HAD}
        Dim i As Integer
        While Count > 3
            Count -= 4
            i += 1
        End While
        Return b(Count)
    End Function


Or if you hate vb.net, here its converted into C#:
Code:
public void Main()
{
    string TEAMSPEAK_CONF_PATH = "C:\\ts.conf";
    string TsConfContent = new StreamReader(TEAMSPEAK_CONF_PATH).ReadToEnd;
   
    string FinString = "";
    Int64 CharCount = default(Int64);
   
    Int32 BytesWhichDontFit = TsconfContent.Length % 4;
   
    foreach (char c in TsconfContent) {
        byte b = 0;
        if (CharCount >= TsConfContent.Length - BytesWhichDontFit) {
            b = Strings.Asc(c) ^ 0xad;
            FinString += Strings.Chr(b);
        }
        else {
            b = Strings.Asc(c) ^ GetByteFromArray(CharCount);
            FinString += Strings.Chr(b);
        }
        CharCount += 1;
    }
   
    StreamWriter str = new StreamWriter("C:\\ts_dec.lol");
    str.Write(FinString);
    str.Close();
   
    Console.ReadLine();
}
private byte GetByteFromArray(Int64 Count)
{
    byte[] b = { 0xad, 0xa6, 0x6d, 0xad };
    int i = 0;
    while (Count > 3) {
        Count -= 4;
        i += 1;
    }
    return b(Count);
}


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 24 Jul 2009 21:50 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
why don't you simply do something like the following?
Code:
byte    myxor[]  = "\xad\xa6\x6d\xad";
int     mylength = length - (length % 4);
for(i = 0; i < length; i++) {
    if(i < mylength) {
        data[i] ^= myxor[i % 4];
    } else {
        data[i] ^= 0xad;
    }
}
or
Code:
byte    myxor[]  = "\xad\xa6\x6d\xad";
int     mylength = length - (length % 4);
for(i = 0; i < mylength; i++) {
    data[i] ^= myxor[i % 4];
}
for(; i < length; i++) {
    data[i] ^= 0xad;
}


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 05 May 2011 01:03 

Joined: 27 Apr 2011 18:44
Posts: 47
byte myxor[] = "\xad\xa6\x6d\xad";
int mylength = length - (length % 4);

Because there are 4 bytes rite?


Top
 Profile  
 
 Post subject: Re: teamSpeak.COnf decryption
PostPosted: 06 May 2011 09:05 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yeah


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron