TeamSpeak 5.0.0-beta.12.offline

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
I am excited to do some debugging and fuzzing ;) I am busy right now studying for exams but I would imagine there are fresh issues..
 

fyfywka

TeamSpeak Developer
Contributor
Sep 10, 2015
147
140
158
I can tell that it updated data saving in settings.db, now there is no useful information, fixed, after changing settings they appeared in settings.db

now it is impossible to create a server in offline version (without tester badge)
 
Last edited:

kalle

high minded
Contributor
Oct 28, 2015
411
253
178
They have hardcoded check of beta badge so I changed id to Gamescom 2019 badge id, so right now I am able to use myteamspeakid normaly. Server list is also imported from my account so its good for now.
Other functions dont work because they have own check.

1571259696014.png
Latest version 5.0.0-beta-3
 

Attachments

  • main-057cddb3c4359eb2b3f8.js.zip
    381.8 KB · Views: 118

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Latest version 5.0.0-beta-3
I am about to start putting Google Analytics inside these JS 'n' other files and making custom ones when they release the client for all. Going to have a client that embeds a YouTube music player or something lmao :cool:

Speaking of all this, I would imagine you could generate malicious JavaScript that hijacks a user's inputs (email/username) or other information. Heck, I wonder what type of JavaScript wildness one could execute in the client.
 

kalle

high minded
Contributor
Oct 28, 2015
411
253
178
I am about to start putting Google Analytics inside these JS 'n' other files and making custom ones when they release the client for all. Going to have a client that embeds a YouTube music player or something lmao :cool:

Speaking of all this, I would imagine you could generate malicious JavaScript that hijacks a user's inputs (email/username) or other information. Heck, I wonder what type of JavaScript wildness one could execute in the client.
There is already piece of code in file which does something similiar, includes google analytics to every request.
Also their webdownload page keeps track of users os, browser and hardware type. But still you can direct access to file.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
But still you can direct access to file.
It sounds to me like TeamSpeak is beginning to get more invasive about tracking users similar to Discord. This is kind of strange because TeamSpeak in the past has been all about user privacy and now they are acting more like Discord in many ways. Do you agree?
 

kalle

high minded
Contributor
Oct 28, 2015
411
253
178
It sounds to me like TeamSpeak is beginning to get more invasive about tracking users similar to Discord. This is kind of strange because TeamSpeak in the past has been all about user privacy and now they are acting more like Discord in many ways. Do you agree?
I agree that TS dives more in user privacy, but from perspective of programmer tracking user for better site experience is good because you know what user likes, what he doesnt use, total number of users, what is overloaded etc
So it depends what you want with user data.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
So it depends what you want with user data.
Well all I can tell you is TeamSpeak in the past has never listened to user feedback, so why they are now automating this is very funny to me. Arse backwards company if you ask me!
 

kalle

high minded
Contributor
Oct 28, 2015
411
253
178
This code have function which sends POST request to api.teamspeak.com
JavaScript:
            async doNetworkRequest(e, t) {
                return fetch(v.endpointBasePath + e, {
                    method: "POST",
                    body: JSON.stringify(t),
                    headers: {
                        "Content-Type": "application/json"
                    }
                })
            }

So if we fake request with our myteamspeak uuid we get response code 400 which means bad request. Message says user not found so there is backend check if we are beta tester.

1571345438133.png

Only logical way would be to use myts uuid which have beta access to use features like server create, do we have beta servers, allowed server count, server info etc
 
Top