Need help with a virus tales-from-the-crypt 2.0 - Msieve

[EdH]

Quote:

Originally Posted by wombatman

Very nice! Anything that can simplify the process is a good thing for a situation such as this.

I was kind of wondering if I should look into building a linux LiveCD with all the basic necessities, that one could load into the infected machine and boot up. I'm not sure I have the time and capability right now, but I might learn something if I tried...

(A long time ago I made such a LiveCD that ran Aliqueit and all its factoring programs. This should be similar.)

[Lycanus]

Hi all people, I'm infected with the same virus ransome .vvv

I read the fórum and I'm tried to follow all the steps....but I'm confused in some steps....

I'd grateful if something can help me...

Firts of all I downloaded all the tolos, Install Python 2.7.11 de 64 bits and install pycrypto, edcsa and bitcoin...

I copied an encrypted file .pdf to python27 directory

then....I put this command in Windows cmd with adminstrators privileges...

C:\>cd python27
C:\Python27>python teslacrack.py
Cannot decrypt ./EMIR FEBRERO.pdf.vvv, unknown key
Software has encountered the following unknown AES keys, please crack them first
using msieve:
A18A7326CF8F93A0074AF3D73AD86F25887AA20F52CD5EBF9DC4BAD824CF376A0480244FE14A12A9
E940898C15A74414327E592AF7D02B2D0C46A919E813A0 found in ./EMIR FEBRERO.pdf.vvv
Alternatively, you can crack the following Bitcoin key(s) using msieve, and use
them with TeslaDecoder:
40413CEEDEFBE4A4E413D634ECAAE2315F03841FCF980829AE225A8FB648E273A5F7F930D77561E2
525A643D2207F0814828391E108FABC9AE8C47E2A3B7C860 found in ./EMIR FEBRERO.pdf.vvv

this program found two keys, I use the first.... I don't know if I need to use the two keys...


next step I wrote the first key in https://www.mathsisfun.com/binary-de...converter.html
and I obtained this number in decimal

33049137599095302374396682640744845307731042003964480422129470122523276957444481543241515917288889402055384566725057791374394208823805564887970039206816

then I follow the steps and I went to http://www.factordb.com/ and try to factorize it
I obtained this:

CF 152 (show) 3304913759...16<152> = 2^5 · 3^4 · 23 · 191 · 8161 · 40813 · 48187 · 68371 · 160343 · 1649567941...07<122>

then I don't know how I could write this using the yafu command or msieve command...


I would grateful if somethin can explain me how I must to write this number in the next step... or if someone step is wrong...

or what is the next step and how to do it...?

thanks to all for read this post....

[Dubslow]

If you have downloaded yafu, then yafu "factor(16495679416408707845355090663075461330634110078151418507654533297838903004324462064530842543922772232914017984511074866607)" -v -threads 8" should do the trick. That number is the C122 from your posted key. Change the threads count from 8 to whatever is appropriate for your system. You may need to download the gnfs-lasieve sievers as well, it depends. Edit: You'd also need to download GMP-ECM for multithreaded ECM, that is highly recommended.

(Nice inline tag, Mike!)

[Dubslow]

Actually, I gave it a crack since I use all this software on a regular basis; it took around 4-5 minutes for yafu to completely factor the number, you got lucky. The full factors are posted to the FDB: http://www.factordb.com/index.php?id...00000814180718

Edit: For shiggles I took a crack at the other key you posted; it was even easier, took ~5-10 seconds to fully factor it: http://factordb.com/index.php?id=1100000000814620516

[EdH]

I have been playing around to see what I can and can't do with a live linux DVD against an infected Windows system. I've found lots of "challenges," but this approach may be workable.

At this point, I am pursuing this mostly as an educational tool, but would like to know if there is perceived to be any practical interest. I plan on following this project for a while, but if there is no interest, I may not proceed past any real sticking points.

My basic scheme presently, is to build a Live-DVD with Xubuntu OS which works in the following manner:

Code:

1.  Boot infected machine from DVD (Xubuntu)
2.  Follow script file throughout the procedure, which
    a. creates a temporary drive under C:\Users, possibly called teslatemp
    b. finds a .pdf.vvv file as an example infection and copies that file into teslatemp
    c. runs TeslaCrypt to extract pre-key composites
    d. translates composite(s) from hexadecimal to decimal
    e. checks composite(s) against factordb.com by treating it as an aliquot sequence
        (1) if factored, returns all factors and branches to 3, below
        (2) if unfactored proceeds with f, below
    f. uses installed Aliqueit/ecm/msieve/ggnfs/+ packages to factor composite(s)
       (working files and relations would be stored in C:/Users/teslatemp)
    g. submits factors to factordb.com for retention
3.  presents factors for use by TeslaCrack

** It is also possible, I will develop this into a GUI application, but that might be a ways off **

Beyond the obvious (always present) possibility of trashing the Windows system, is there anything that I can't stumble into a way of doing, due to my ignorance of an in-built block?

Thank you for any and all comments, pro or con...

[jux]

Well I cannot help you with your scheme, but it seems to me that the activity around TeslaCrypt has died down a bit, so there may not be that much demand. Ironically, some people may see this as even more complicated than running factoring programs manually ("Linux DVD? That sounds scary!") But for educational purposes then there is really no problem.

[xilman]

Master key released
A shame in some ways. TeslaCrypt introduced a lot of new people to the delights of integer factorization.