Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problmes of Teslacrypt V2 decryption with BloodDolly tool


  • This topic is locked This topic is locked
3 replies to this topic

#1 Jackleventreur

Jackleventreur

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 12 December 2016 - 03:22 PM

Hi the community

 

Been trying to follow the steps of BloodDolly tutorial to decrypt all infected files with extension .vvv (Teslacrypt V2). Special thanks to my 12 y/o son...

All instructions followed as they should (?)

But at the end, when using the Yafu factorX64 tools supposed to display the list of factors, it shows the following :

 

***factors found***

C115 = 3227857776454594174987475531309791655736192929601723862033809356093762314
893571447426026496511427677393398482184193

ans = 32278577764545941749874755313097916557361929296017238620338093560937623148
93571447426026496511427677393398482184193
 

And it didn't work at all with TeslaDecoder

 

The keys obtained with TeslaViewer are the following :

 

================
= PrivateKeyBC =
================

SharedSecret1*PrivateKeyBC
hex 10A1A4077C21D6ACFAB58DD84E425F7260D2C5768740BAF06F94DFC7AE2E9435FBF71EDC25A239807025EA50B2406C9365A9D3C1921CAB45FF1ED4DCDEBC5B32
dec 871057575470452389427199771980992408088017771494344947775095963129591877154425887152876109067976756476331555405307425714650728011287192737783463035034418

PrivateKeyBC =
PublicKeyBC = 04433AF4ABB94F9B4379E5A4C16732ACEF0B09086EA88FEC18664DC2A230CC2481FA2F644B4BC9EA7EE9CBD032C9264E0F43A11269C4964319CFEF0B54EA28F07F

==================
= PrivateKeyFile =
==================

SharedSecret2*PrivateKeyFile
hex 4524874DF2AD7101DACC4B10EB1DC49376724B4D13A757E6947992B6542F7896B6E2E66FB7EFE2ACD95FC1E64543DD5206D38F61EAF920774FF47FEFE8802644
dec 3621296490948933892290195954572195139047199555086338271661220552494654495667147040277042345097222199792925092080264924652525532002131898215821433083274820

PrivateKeyFile =
PublicKeyFile = 04FEE40B42AB7D4EA327DAF2832F4AE3B34BD0B790BE9554A5DDDD2D20EA223F9E85F8CB130448717E3B71AC896E3704CBC2DA09CDBDA542B71317CAEB14948AA2
 

Anyone to help me ?

 

Thanks

 

Jackleventreur



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:34 PM

Posted 12 December 2016 - 03:32 PM

You did not fully factor the number, it is still a C115 (C = Composite). Most likely, your yafu gave up after ECM and did not go into NFS due to tuning.

 

I do not have a computer available for a C115, but I will be able to factor your PrivateKeyFile quickly. I will edit this post in a few minutes with the key.

 

*Edit

 

PrivateKeyFile: 5B21F10A41C087C9D85EB3CEEA4274B285F7FFA1A530B667348FE4A7D0EEB6E1

 

If TeslaDecoder skips any files with this key, you will need to post in the support topic for someone to pickup your PrivateKeyBC case.


Edited by Demonslay335, 12 December 2016 - 03:37 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Jackleventreur

Jackleventreur
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 12 December 2016 - 06:03 PM

Wow !

Your key worked !

just finished cleaning my computer.

Thanks Demonslay 335

I've been trying hard for many months.

How did you get that key ?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:34 PM

Posted 12 December 2016 - 06:27 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the below support topic.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users