Teamspeak automaticilly reports infringing servers

[ehthe]

Old thread

I don't think anyone knows it but here we go. The Teamspeak client automatically reports cracked servers (servers with a high MaximumClients) that it connects to.
The domain in question is reportpiracy-env.elasticbeanstalk.com.

Let's say I try to connect to http://r4p3.net/forum/exploits/47/strange-teamspeak-server-much-1337-h4x111-o/1024/.
The client will send a POST request to http://reportpiracy-env.elasticbeanstalk.com/ReportPiracy.
This POST request will contain a json object.
Here it is for that server :

{ "serverPort" : 9988, "serverIP" : "192.158.30.154", "serverDNS" : "192.158.30.154", "serverVersion" : "18446744073709551615", "license" : 0, "slotCount" : 1337, "violationType": 1 }

It that case it won't do much because the serverVersion is not a valid Long value.

So in the end add reportpiracy-env.elasticbeanstalk.com to your host file (clientside of course)

Here is some additional work on it :

enum LicenseViolationType {
    NO_VIOLATION = 0,
    SLOT_VIOLATION,
    SLOT_SUSPICION
};

Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots, but even at 16776960 slots it will still report it as SLOT_SUSPICION.

#!/bin/bash

json='{ "serverPort" : 9988, "serverIP" : "192.158.30.154", "serverDNS" : "192.158.30.154", "serverVersion" : "18446744073709551615", "license" : 0, "slotCount" : 1337, "violationType": 1 }'
#serverport :        signed int, no port restriction
#serverip :            string
#serverdns :        string
#serverversion :    signed long int, no restriction
#licence :            signed int, no restriction            0 : No licence ; 1 : Licenced Hosting Provider ; 2 : Offline license ; 3 : NPL
#slotCount :        signed int, no restriction
#violationType :    signed int, no restriction

#uses jackson https://github.com/FasterXML/jackson/blob/master/README.md
curl -v 'http://reportpiracy-env.elasticbeanstalk.com/ReportPiracy' -H 'Accept-Language: en-US,*' -H 'Connection: keep-alive' -H 'Host: reportpiracy-env.elasticbeanstalk.com' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json' --data "$json"

com.teamspeak.reportpiracy.ReportPiracy.doPost(ReportPiracy.java)
com.teamspeak.reportpiracy.filter.ReportPiracyFilter.doFilter(ReportPiracyFilter.java)
com.teamspeak.reportpiracy.json.JSON_newReport


Apache Tomcat/7.0.27
org.codehaus.jackson
javax.servlet.http.HttpServlet.service
org.apache.logging.log4j.core.web.Log4jServletFilter.doFilter

 

[Supervisor]

Just wanted to add: Doing this is no protection for getting reported and blacklisted on the server you may host! Your client won't be able to report any more servers if you edit your hosts file. However other users are still gonna report servers.

Follow those rules of you don't want to get reported:

• Don't tell anyone it's your license/server
• NEVER ASSIGN SERVER AMIN QUERY TO CLIENTS
• Don't have more slots than needed on the individual TeamSpeak servers (e.g. not more than 100)

 

[ehthe]

IIRC the limit before being reported (with the cracked license) is 8000 slots. Will have to check again to make sure.

EDIT : The limit is actually 1999 slots
starting 2000 the client will try to report it

 

[Supervisor]

ah.. how do you know that? Would be nice to know the source of it

 

[ehthe]

Well I redirected the domain to localhost and fired up wireshark. Then you change the slot numer and reconnect.

 

[Supervisor]

Good man

 

[ehthe]

Necroposting because it's still interesting

What that means :
no license <= 32 or SLOT_VIOLATION
ATHP <= 1999 or SLOT_SUSPICION
Offline <= ∞
NPL <= 512

If you don't respect that then the client reports you

 

[kingston]

So how is this a FUD then? https://r4p3.net/threads/clients-reporting-our-servers-constantly.1096/

Seems i was totally right if such reporting crap exists. And hell knows what else they added and what they monitor/collect especially with blacklist IP check that every single server goes tru many times a day on every client connecting to it.

 

[ehthe]

So how is this a FUD then? https://r4p3.net/threads/clients-reporting-our-servers-constantly.1096/

Please read everything carefully. I quoted specific parts of your posts in the other thread

 

[BoTz]

So, what do you mean with "Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots" Which Slots do you mean? All slots that i use on all my virtual servers? Like that?

"Benutzer" means users
Or do you mean not more then 2000 slots on one virtual server?
OR do you mean the maximum of slots that i can use with the license?

 

[ehthe]

The client only sees what the server tells him, so virtual server slots.

 

[BoTz]

The client only sees what the server tells him, so virtual server slots.

Okay, that's nice. Thanks a lot. But with Admin Server Query you can see the licenseinfo. - https://img.botz.cc/420289.png Is this the reason why you shouldn't add somebody to Admin Server Query?

 

[MadKill]

lets see..

nano etc/host
add
reportpiracy-env.elasticbeanstalk.com
(no have any ip ?
and its done ?

 

[BoTz]

lets see..

nano etc/host
add
reportpiracy-env.elasticbeanstalk.com
(no have any ip ?
and its done ?

noob, he said that the user client is sending informations to teamspeak.com, not the server xD.

 

[dedmen]

I wonder if we could circumvent that by crating a crack that only shows "No License" and 32 slots... But make the Server ignore the Slotlimit.. AFAIK the license suspicion detection doesnt trigger when there are 33 people on a 32 slot server... So that would disable the automatic detection safely i guess... And also the manual one when one reports a Server for that.. Because... Well.. When the teamspeak guys check that infringement claim.. Theyll only find a server with an offline license and the default slot count...

 

[Alligatoras]

Necroposting because it's still interesting

What that means :
no license <= 32 or SLOT_VIOLATION
ATHP <= 1999 or SLOT_SUSPICION
Offline <= ∞
NPL <= 512

If you don't respect that then the client reports you

I do have a question though, maybe i don't understand something. About ATHP you said less than 1999 slots. Is that per server or per license ??

What i mean will it report if i have for example 3 ts servers in ports: 9987, 9988, 9989 with 1500 per port ?

 

[BoTz]

I do have a question though, maybe i don't understand something. About ATHP you said less than 1999 slots. Is that per server or per license ??

What i mean will it report if i have for example 3 ts servers in ports: 9987, 9988, 9989 with 1500 per port ?

So, what do you mean with "Cracked hosting provider license : The client report the server with SLOT_SUSPICION as soon as you hit 2000 slots" Which Slots do you mean? All slots that i use on all my virtual servers? Like that?

"Benutzer" means users
Or do you mean not more then 2000 slots on one virtual server?
OR do you mean the maximum of slots that i can use with the license?

The client only sees what the server tells him, so virtual server slots.

 

[Alligatoras]

So we talk only the specific server that the client is connected. Thank you my friend for your answer!

 

[NoXx]

Yes, a client only reports you if he sees a maximum over 1999 slots on ONE of your servers.

Best regards

 

[0vert1m3]

That means for a NPL 512 Slots are fine ?