Clone or download

readme.md

Talos Universal TeslaDecrypter

Version 1.0
An application able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt:
  • TeslaCrypt 0.x - Encrypts files using an AES-256 CBC algorithm
  • AlphaCrypt 0.x - Encrypts files using AES-256 and encrypts the key with EC
  • TeslaCrypt 2.x - Same as before, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim's global private key.
  • TeslaCrypt 3 & 4 - The last ultimate versions. We are able to decrypt their files because we have sink-holed the C&C server EC private key.

Compiling
To proper compile the code you should have OpenSsl installed in a particular root directory (like "C:\OpenSsl"), and an environment variable named "openssldir" that points to it.
You can find an handy pre-compiled OpenSsl package here:
www.npcglib.org/~stathis/blog/precompiled-openssl/
The code has been tested with 2 environments: Visual Studio 2008 and Visual Studio 2015.
To proper allow the factorization to run, you should add 2 Msieve files inside the compiled application path:
  • msieve152.exe
  • pthreadGC2.dll
Those files have been already included in this repository. You can find a copy of Msieve here:
https://sourceforge.net/projects/msieve/

Improvements
This application contains a lot of improvements and modifications in respect to TeslaDecrypter 0.2. Here is a complete list:
  • Re-designed the decryption algorithm (now it properly deals with big files and uses less memory)
  • Added support for the Factorization algorithm (TeslaCrypt 2.x) able to reconstruct the victim's private key (Yes, written in plain C++ :-) and 50 times faster than its Python counterpart)
  • An algorithm able to manage and launch Msieve, and parse its log file
  • Added support for TeslaCrypt 3.x and 4.x
  • Added key verification algorithms (TeslaCrypt 2.x/3/4) - In this way the Decryptor can't produce invalid files
  • A powerful command line arguments
  • Imported leaked TeslaCrypt 3.x/4 C&C private key


Last revision: 05/31/2016