Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCrypt


  • Please log in to reply
2149 replies to this topic

#2146 Cnet214

Cnet214

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 June 2017 - 04:46 PM

I really appreciate that ! It worked perfectly. Thank you so much for helping me. I really appreciate that.



BC AdBot (Login to Remove)

 


#2147 kojakzydownyk

kojakzydownyk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 13 June 2017 - 01:27 AM

Hello.

Thank you everyone for the wonderful work you do.

I found this thread about 4 hours ago, and began reading. Decied at about page 30 to skip ahead a bit. i would have been reading for a long time.

 

ive got files with the extension .vvv

 

ive got a decimal number to decode, but when i attempt to use Yafu, it causes an error and quits.

 

SharedSecret1*PrivateKeyBC    DEC

 

53315330561515383516334627020931395729744936256229891422167980907359615085566

58091645786497219738691108775361050827589363282207322423526562589824581817632

 

Here is the text from the cmd screen

06/13/17 02:15:13 v1.34.5 @ GREG-PC, System/Build Info:
Using GMP-ECM 6.3, Powered by GMP 5.1.1
detected Pentium® Dual-Core  CPU      E5700  @ 3.00GHz
detected L1 = 32768 bytes, L2 = 2097152 bytes, CL = 64 bytes
measured cpu frequency ~= 3034.364100
using 20 random witnesses for Rabin-Miller PRP checks

===============================================================
======= Welcome to YAFU (Yet Another Factoring Utility) =======
=======             bbuhrow@gmail.com                   =======
=======     Type help at any time, or quit to quit      =======
===============================================================
cached 78498 primes. pmax = 999983


>> fac: factoring 53315330561515383516334627020931395729744936256229891422167980
90735961508556658091645786497219738691108775361050827589363282207322423526562589
824581817632
fac: using pretesting plan: normal
fac: no tune info: using qs/gnfs crossover of 95 digits
div: primes less than 10000
div: found prime factor = 2
div: found prime factor = 2
div: found prime factor = 2
div: found prime factor = 2
div: found prime factor = 2
div: found prime factor = 7
div: found prime factor = 397
div: found prime factor = 3559
fmt: 1000000 iterations
rho: x^2 + 3, starting 1000 iterations on C146
rho: x^2 + 2, starting 1000 iterations on C146
rho: found prp5 factor = 11257
rho: x^2 + 2, starting 1000 iterations on C142
rho: x^2 + 1, starting 1000 iterations on C142
pm1: starting B1 = 150K, B2 = gmp-ecm default on C142
pm1: found prp9 factor = 157067203
fac: setting target pretesting digits to 40.92
fac: sum of completed work is t0.00
fac: work done at B1=2000: 0 curves, max work = 30 curves
fac: 30 more curves at B1=2000 needed to get to t40.92
ecm: 1/30 curves on C133, B1=2K, B2=gmp-ecm default
ecm: found prp10 factor = 1666508707

fac: setting target pretesting digits to 38.15
fac: t15: 0.07
fac: sum of completed work is t0.00
fac: work done at B1=2000: 2 curves, max work = 30 curves
fac: 28 more curves at B1=2000 needed to get to t38.15
ecm: 28/28 curves on C124, B1=2K, B2=gmp-ecm default
fac: setting target pretesting digits to 38.15
fac: t15: 1.00
fac: t20: 0.04
fac: sum of completed work is t15.18
fac: work done at B1=11000: 0 curves, max work = 74 curves
fac: 74 more curves at B1=11000 needed to get to t38.15
ecm: 74/74 curves on C124, B1=11K, B2=gmp-ecm default
fac: setting target pretesting digits to 38.15
fac: t15: 7.17
fac: t20: 1.04
fac: t25: 0.05
fac: sum of completed work is t20.24
fac: work done at B1=50000: 0 curves, max work = 214 curves
fac: 214 more curves at B1=50000 needed to get to t38.15
ecm: 0/214 curves on C124, B1=50K, B2=gmp-ecm default

 

Then i get a window come up that says:

 

ecm.exe has stopped working

 

A probelm caused the program to stop working correctly. Windows will

close the program and notify you if a solution is available.

 

Here is hopefully a properly uploaded, encrypted file to sendspace:

 

www.sendspace.com/file/vpnfkd

 

 

Any aid or direction would be much appreciated.

 

Thanks again.

 

EDIT: Found the thread with the master key https://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

 

This didn't work. makes a log file that says this when i tyr to decrypt my test folder.

 

 

Decryption started.
-------------------

SKIPPED - Header doesn't match with loaded key (Encrypted with different key): C:\Users\Greg\Desktop\td\IMG-20111209-00066.jpg.vvv

Decryption finished. (0 files decrypted, 1 files skipped, 0 warnings)

==========================================================================================


Edited by kojakzydownyk, 13 June 2017 - 12:50 PM.


#2148 TheFab

TheFab

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 13 June 2017 - 12:20 PM

@kojakzydownyk

 

No idea why ecm stopped so soon, but I took your case. Please wait 12 hours or so.



#2149 BloodDolly

BloodDolly

  • Security Colleague
  • 472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:09:52 PM

Posted 13 June 2017 - 12:34 PM

@kojakzydownyk

 

No idea why ecm stopped so soon, but I took your case. Please wait 12 hours or so.

TheFab, you can stop it. I will have the key in ~1 hour.

PrivateKeyBC = 6C9EBF8CE9187D18275321385050ACF3D0FD3EFC9BA24367D576864E655B94AF


Edited by BloodDolly, 13 June 2017 - 02:34 PM.


#2150 kojakzydownyk

kojakzydownyk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 13 June 2017 - 10:28 PM

Amazing. Thank you so much for your help and for all the time and effort you've put in to get this point. You're wonderful people.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users