TSIdentityTool is a small tool that can read out various information about TeamSpeak identities. Moreover, it is also able to generate new identities.
In case you are interested in efficiently increasing the security level of your identity, you might want to check out TeamSpeakHasher.
- Make sure you have installed
libtomcrypt
andlibtommath
. If you are running a standard Linux distribution (Ubuntu, Fedora, etc.), you can simply install them from the default repositories. Alternatively, you can compile the libraries from source. - Compile with gcc1:
gcc TSIdentityTool.c -o TSIdentityTool -l tommath -l tomcrypt
1 TSIdentityTool should compile with LLVM/clang, too. However, the LLVM assembler seems to reject some of the inline assembly from the tomcrypt_macros.h
header file. Those can be removed safely as the TSIdentityTool does not make use of them.
The general usage format is as follows.
./TSIdentityTool COMMAND OPTIONS
There are three commands:
-
read inidentity.ini
Prints basic information about the identity. This could look as follows:
Public key: MEwDAgcAAgEgAiEAvX2kANeB4c23aW/bTKK3thz9RudAUWqzqauWpOloLYsCID54CZpzepDZyzxREwf8xNTGyTnaghxQNl+CbS7nb7Kq Public key length (Base64): 104 Fingerprint: Er5KNEMM3ZoatAuGZHmzSj3ZbUw= Curve name: ECC-256 (NIST) Curve size (octets): 32 Current security level: 8 (with counter=6)
Warning: TSIdentityTool currently only outputs information about the first identity contained in
inidentity.ini
. This allows us to keep the parsing function as simple as possible. -
generate nickname outidentity.ini
Generates a new identity with name
nickname
and writes it to the fileoutidentity.ini
. -
generategood nickname outidentity.ini
Generates a new identity with name
nickname
and writes it to the fileoutidentity.ini
. This is similar to the commandgenerate
, but it additionally makes sure that the Base64 representation of the public key consists of at most 100 characters. This can come in handy when increasing the security level of the identity.Warning: A key pair generated by this command has an entropy that is roughly 13 bits less than the entropy of a regular key pair. In theory, this can make the key less secure by allowing a faster exhaustive search. The practical consequences of this are unknown, so use this feature with great caution.
-
What is a TeamSpeak identity?
A TeamSpeak identity is simply an ECC key pair for the NIST curve ECC-256 as generated by the libtomcrypt library, together with a counter value that is a 64-bit unsigned integer.
-
How does the TeamSpeak identity relate to what is stored in its corresponding ini file?
Let
KEYPAIR_ASN1
be the ASN.1 DER encoding of the key pair that is generated by libtomcrypt'secc_export
function (withPK_PRIVATE
as argument). Moreover, letobfuscate
be TeamSpeak's obfuscation function and letCOUNTER
be the decimal ASCII encoding of a 64-bit unsigned integer. Then theidentity
entry of the ini file is defined as follows.identity := COUNTER || 'V' || base64encode(obfuscate(base64encode(KEYPAIR_ASN1)))
For more details about
obfuscate
, look at the code of functionobfuscateInplace
. -
What is the encoding of the public key that TSIdentityTool prints?
Let
publickey_asn1
be the ASN.1 DER encoding of the public key that is generated by libtomcrypt'secc_export
function (withPK_PUBLIC
as argument). Then the public keyPUBLICKEY
that TSIdentityTool prints is defined as follows.PUBLICKEY := base64encode(publickey_asn1)
-
What is the fingerprint?
The fingerprint is what the TeamSpeak Client shows you as "Unique ID".
Let
PUBLICKEY
be the public key as it is printed by TSIdentityTool'sread
command. Then the fingerprint is defined as follows.fingerprint := base64encode(sha1(PUBLICKEY))
-
What is the security level?
The security level is a TeamSpeak feature that makes use of a classical Proof-of-work system in order to slow down the process of generating new identities.
Let
PUBLICKEY
be the public key as it is printed by TSIdentityTool'sread
command. Further, letCOUNTER
be the decimal ASCII-encoding of a 64-bit unsigned integer. Then the security level is defined as follows.securitylevel := leadingzerobits(sha1(PUBLICKEY || COUNTER))
For more details about the computation, look at the code of function
getSecurityLevel
.Consequently, the expected number of counter values that need to be tried to reach security level
n
is2^n
(under the assumption that SHA-1 is a uniform random function).If you are interested in efficiently increasing your identity's security level, you might want to check out TeamSpeakHasher.