Teamspeak automaticilly reports infringing servers

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,028
896
216
Old thread

I don't think anyone knows it but here we go. The Teamspeak client automatically reports cracked servers (servers with a high MaximumClients) that it connects to.
The domain in question is reportpiracy-env.elasticbeanstalk.com.

Let's say I try to connect to http://r4p3.net/forum/exploits/47/strange-teamspeak-server-much-1337-h4x111-o/1024/.
The client will send a POST request to http://reportpiracy-env.elasticbeanstalk.com/ReportPiracy.
This POST request will contain a json object.
Here it is for that server :

Code:
{ "serverPort" : 9988, "serverIP" : "192.158.30.154", "serverDNS" : "192.158.30.154", "serverVersion" : "18446744073709551615", "license" : 0, "slotCount" : 1337, "violationType": 1 }

It that case it won't do much because the serverVersion is not a valid Long value.

So in the end add reportpiracy-env.elasticbeanstalk.com to your host file :p (clientside of course)

Here is some additional work on it :
Code:
enum LicenseViolationType {
    NO_VIOLATION = 0,
    SLOT_VIOLATION,
    SLOT_SUSPICION
};
Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots, but even at 16776960 slots it will still report it as SLOT_SUSPICION.
Code:
#!/bin/bash

json='{ "serverPort" : 9988, "serverIP" : "192.158.30.154", "serverDNS" : "192.158.30.154", "serverVersion" : "18446744073709551615", "license" : 0, "slotCount" : 1337, "violationType": 1 }'
#serverport :        signed int, no port restriction
#serverip :            string
#serverdns :        string
#serverversion :    signed long int, no restriction
#licence :            signed int, no restriction            0 : No licence ; 1 : Licenced Hosting Provider ; 2 : Offline license ; 3 : NPL
#slotCount :        signed int, no restriction
#violationType :    signed int, no restriction

#uses jackson https://github.com/FasterXML/jackson/blob/master/README.md
curl -v 'http://reportpiracy-env.elasticbeanstalk.com/ReportPiracy' -H 'Accept-Language: en-US,*' -H 'Connection: keep-alive' -H 'Host: reportpiracy-env.elasticbeanstalk.com' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json' --data "$json"

Code:
com.teamspeak.reportpiracy.ReportPiracy.doPost(ReportPiracy.java)
com.teamspeak.reportpiracy.filter.ReportPiracyFilter.doFilter(ReportPiracyFilter.java)
com.teamspeak.reportpiracy.json.JSON_newReport


Apache Tomcat/7.0.27
org.codehaus.jackson
javax.servlet.http.HttpServlet.service
org.apache.logging.log4j.core.web.Log4jServletFilter.doFilter
 
Last edited:

Supervisor

Administrator
Apr 27, 2015
1,863
2,546
335
Just wanted to add: Doing this is no protection for getting reported and blacklisted on the server you may host! Your client won't be able to report any more servers if you edit your hosts file. However other users are still gonna report servers.

Follow those rules of you don't want to get reported:
  • Don't tell anyone it's your license/server
  • NEVER ASSIGN SERVER AMIN QUERY TO CLIENTS
  • Don't have more slots than needed on the individual TeamSpeak servers (e.g. not more than 100)
 

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,028
896
216
IIRC the limit before being reported (with the cracked license) is 8000 slots. Will have to check again to make sure.

EDIT : The limit is actually 1999 slots
starting 2000 the client will try to report it
 
Last edited:

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,028
896
216
Well I redirected the domain to localhost and fired up wireshark. Then you change the slot numer and reconnect.
 

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,028
896
216
Necroposting because it's still interesting :p
QtiyFJXbJVbCchnh.png

What that means :
no license <= 32 or SLOT_VIOLATION
ATHP <= 1999 or SLOT_SUSPICION
Offline <= ∞
NPL <= 512

If you don't respect that then the client reports you :eek:
 
Last edited:

BoTz

Member
Apr 12, 2016
57
17
43
So, what do you mean with "Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots" Which Slots do you mean? All slots that i use on all my virtual servers? Like that?
405323.png
"Benutzer" means users
Or do you mean not more then 2000 slots on one virtual server?
OR do you mean the maximum of slots that i can use with the license?
 

ehthe

Retired Staff
Contributor
Apr 26, 2015
1,028
896
216
The client only sees what the server tells him, so virtual server slots.
 

MadKill

Active Member
Sep 1, 2015
190
47
66
lets see..

nano etc/host
add
reportpiracy-env.elasticbeanstalk.com
(no have any ip ?
and its done ?
 

BoTz

Member
Apr 12, 2016
57
17
43
lets see..

nano etc/host
add
reportpiracy-env.elasticbeanstalk.com
(no have any ip ?
and its done ?
noob, he said that the user client is sending informations to teamspeak.com, not the server xD.
 

dedmen

TeamSpeak Developer
Contributor
Mar 28, 2016
530
583
157
I wonder if we could circumvent that by crating a crack that only shows "No License" and 32 slots... But make the Server ignore the Slotlimit.. AFAIK the license suspicion detection doesnt trigger when there are 33 people on a 32 slot server... So that would disable the automatic detection safely i guess... And also the manual one when one reports a Server for that.. Because... Well.. When the teamspeak guys check that infringement claim.. Theyll only find a server with an offline license and the default slot count...
 

Alligatoras

Administrator
Mar 31, 2016
2,570
12
2,857
381
Necroposting because it's still interesting :p
QtiyFJXbJVbCchnh.png

What that means :
no license <= 32 or SLOT_VIOLATION
ATHP <= 1999 or SLOT_SUSPICION
Offline <= ∞
NPL <= 512

If you don't respect that then the client reports you :eek:
I do have a question though, maybe i don't understand something. About ATHP you said less than 1999 slots. Is that per server or per license ??

What i mean will it report if i have for example 3 ts servers in ports: 9987, 9988, 9989 with 1500 per port ?
 

BoTz

Member
Apr 12, 2016
57
17
43
I do have a question though, maybe i don't understand something. About ATHP you said less than 1999 slots. Is that per server or per license ??

What i mean will it report if i have for example 3 ts servers in ports: 9987, 9988, 9989 with 1500 per port ?
So, what do you mean with "Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots" Which Slots do you mean? All slots that i use on all my virtual servers? Like that?
405323.png
"Benutzer" means users
Or do you mean not more then 2000 slots on one virtual server?
OR do you mean the maximum of slots that i can use with the license?
The client only sees what the server tells him, so virtual server slots.
 

Alligatoras

Administrator
Mar 31, 2016
2,570
12
2,857
381
So we talk only the specific server that the client is connected. Thank you my friend for your answer!
 
Top