/TSIdentityTool

Tool to read out various information about TeamSpeak identities

Primary LanguageCMIT LicenseMIT

TSIdentityTool

TSIdentityTool is a small tool that can read out various information about TeamSpeak identities. Moreover, it is also able to generate new identities.

In case you are interested in efficiently increasing the security level of your identity, you might want to check out TeamSpeakHasher.

Build Instructions

  1. Make sure you have installed libtomcrypt and libtommath. If you are running a standard Linux distribution (Ubuntu, Fedora, etc.), you can simply install them from the default repositories. Alternatively, you can compile the libraries from source.
  2. Compile with gcc1: 
    gcc TSIdentityTool.c -o TSIdentityTool -l tommath -l tomcrypt

1 TSIdentityTool should compile with LLVM/clang, too. However, the LLVM assembler seems to reject some of the inline assembly from the tomcrypt_macros.h header file. Those can be removed safely as the TSIdentityTool does not make use of them.

Usage

The general usage format is as follows.

./TSIdentityTool COMMAND OPTIONS ​

There are three commands:

  • read inidentity.ini

    Prints basic information about the identity. This could look as follows:

    Public key: MEwDAgcAAgEgAiEAvX2kANeB4c23aW/bTKK3thz9RudAUWqzqauWpOloLYsCID54CZpzepDZyzxREwf8xNTGyTnaghxQNl+CbS7nb7Kq
Public key length (Base64): 104
Fingerprint: Er5KNEMM3ZoatAuGZHmzSj3ZbUw=
Curve name: ECC-256 (NIST)
Curve size (octets): 32
Current security level: 8 (with counter=6)

    Warning: TSIdentityTool currently only outputs information about the first identity contained in inidentity.ini. This allows us to keep the parsing function as simple as possible.

  • generate nickname outidentity.ini

    Generates a new identity with name nickname and writes it to the file outidentity.ini.

  • generategood nickname outidentity.ini

    Generates a new identity with name nickname and writes it to the file outidentity.ini. This is similar to the command generate, but it additionally makes sure that the Base64 representation of the public key consists of at most 100 characters. This can come in handy when increasing the security level of the identity.

    Warning: A key pair generated by this command has an entropy that is roughly 13 bits less than the entropy of a regular key pair. In theory, this can make the key less secure by allowing a faster exhaustive search. The practical consequences of this are unknown, so use this feature with great caution.

FAQ

  • What is a TeamSpeak identity?

    A TeamSpeak identity is simply an ECC key pair for the NIST curve ECC-256 as generated by the libtomcrypt library, together with a counter value that is a 64-bit unsigned integer.

  • How does the TeamSpeak identity relate to what is stored in its corresponding ini file?

    Let KEYPAIR_ASN1 be the ASN.1 DER encoding of the key pair that is generated by libtomcrypt's ecc_export function (with PK_PRIVATE as argument). Moreover, let obfuscate be TeamSpeak's obfuscation function and let COUNTER be the decimal ASCII encoding of a 64-bit unsigned integer. Then the identity entry of the ini file is defined as follows.

    identity := COUNTER || 'V' || base64encode(obfuscate(base64encode(KEYPAIR_ASN1)))

    For more details about obfuscate, look at the code of function obfuscateInplace.

  • What is the encoding of the public key that TSIdentityTool prints?

    Let publickey_asn1 be the ASN.1 DER encoding of the public key that is generated by libtomcrypt's ecc_export function (with PK_PUBLIC as argument). Then the public key PUBLICKEY that TSIdentityTool prints is defined as follows.

    PUBLICKEY := base64encode(publickey_asn1)

  • What is the fingerprint?

    The fingerprint is what the TeamSpeak Client shows you as "Unique ID".

    Let PUBLICKEY be the public key as it is printed by TSIdentityTool's read command. Then the fingerprint is defined as follows.

    fingerprint := base64encode(sha1(PUBLICKEY))

  • What is the security level?

    The security level is a TeamSpeak feature that makes use of a classical Proof-of-work system in order to slow down the process of generating new identities.

    Let PUBLICKEY be the public key as it is printed by TSIdentityTool's read command. Further, let COUNTER be the decimal ASCII-encoding of a 64-bit unsigned integer. Then the security level is defined as follows.

    securitylevel := leadingzerobits(sha1(PUBLICKEY || COUNTER))

    For more details about the computation, look at the code of function getSecurityLevel.

    Consequently, the expected number of counter values that need to be tried to reach security level n is 2^n (under the assumption that SHA-1 is a uniform random function).

    If you are interested in efficiently increasing your identity's security level, you might want to check out TeamSpeakHasher.