Talos Universal TeslaDecrypter
An application able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt: Version 1.0
- TeslaCrypt 0.x - Encrypts files using an AES-256 CBC algorithm
- AlphaCrypt 0.x - Encrypts files using AES-256 and encrypts the key with EC
- TeslaCrypt 2.x - Same as before, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim's global private key.
- TeslaCrypt 3 & 4 - The last ultimate versions. We are able to decrypt their files because we have sink-holed the C&C server EC private key.
To proper compile the code you should have OpenSsl installed in a particular root directory (like "C:\OpenSsl"), and an environment variable named "openssldir" that points to it. Compiling
You can find an handy pre-compiled OpenSsl package here:
The code has been tested with 2 environments: Visual Studio 2008 and Visual Studio 2015.
To proper allow the factorization to run, you should add 2 Msieve files inside the compiled application path:
This application contains a lot of improvements and modifications in respect to TeslaDecrypter 0.2. Here is a complete list: Improvements
- Re-designed the decryption algorithm (now it properly deals with big files and uses less memory)
- Added support for the Factorization algorithm (TeslaCrypt 2.x) able to reconstruct the victim's private key (Yes, written in plain C++ :-) and 50 times faster than its Python counterpart)
- An algorithm able to manage and launch Msieve, and parse its log file
- Added support for TeslaCrypt 3.x and 4.x
- Added key verification algorithms (TeslaCrypt 2.x/3/4) - In this way the Decryptor can't produce invalid files
- A powerful command line arguments
- Imported leaked TeslaCrypt 3.x/4 C&C private key
Last revision: 05/31/2016