Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Release Adding TeslaDecrypt v1.0 Jun 8, 2016
res
AlphaCrypt.cpp Adding TeslaDecrypt v1.0 Jun 8, 2016
AlphaCrypt.h Adding TeslaDecrypt v1.0 Jun 8, 2016
EcFactorizer.cpp Adding TeslaDecrypt v1.0 Jun 8, 2016
EcFactorizer.h
Log.cpp
Log.h Adding TeslaDecrypt v1.0 Jun 8, 2016
TeslaDecrypter.cpp Adding TeslaDecrypt v1.0 Jun 8, 2016
TeslaDecrypter.h
TeslaDecrypter.rc Adding TeslaDecrypt v1.0 Jun 8, 2016
TeslaDecrypter.sln
TeslaDecrypter.vcproj Adding TeslaDecrypt v1.0 Jun 8, 2016
TeslaDecrypter.vcxproj
TeslaDecrypter.vcxproj.filters
TeslaDecrypterApp.cpp
TeslaDecrypterApp.h Adding TeslaDecrypt v1.0 Jun 8, 2016
TeslaDecrypter_vs2015.sln
Version History.txt
entrypoint.cpp Adding TeslaDecrypt v1.0 Jun 8, 2016
readme.md Adding TeslaDecrypt v1.0 Jun 8, 2016
resource.h Adding TeslaDecrypt v1.0 Jun 8, 2016
stdafx.cpp Adding TeslaDecrypt v1.0 Jun 8, 2016
stdafx.h
targetver.h Adding TeslaDecrypt v1.0 Jun 8, 2016
warranty_disclaimer.txt

readme.md

Talos Universal TeslaDecrypter

Version 1.0
An application able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt:
  • TeslaCrypt 0.x - Encrypts files using an AES-256 CBC algorithm
  • AlphaCrypt 0.x - Encrypts files using AES-256 and encrypts the key with EC
  • TeslaCrypt 2.x - Same as before, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim's global private key.
  • TeslaCrypt 3 & 4 - The last ultimate versions. We are able to decrypt their files because we have sink-holed the C&C server EC private key.

Compiling
To proper compile the code you should have OpenSsl installed in a particular root directory (like "C:\OpenSsl"), and an environment variable named "openssldir" that points to it.
You can find an handy pre-compiled OpenSsl package here:
www.npcglib.org/~stathis/blog/precompiled-openssl/
The code has been tested with 2 environments: Visual Studio 2008 and Visual Studio 2015.
To proper allow the factorization to run, you should add 2 Msieve files inside the compiled application path:
  • msieve152.exe
  • pthreadGC2.dll
Those files have been already included in this repository. You can find a copy of Msieve here:
https://sourceforge.net/projects/msieve/

Improvements
This application contains a lot of improvements and modifications in respect to TeslaDecrypter 0.2. Here is a complete list:
  • Re-designed the decryption algorithm (now it properly deals with big files and uses less memory)
  • Added support for the Factorization algorithm (TeslaCrypt 2.x) able to reconstruct the victim's private key (Yes, written in plain C++ :-) and 50 times faster than its Python counterpart)
  • An algorithm able to manage and launch Msieve, and parse its log file
  • Added support for TeslaCrypt 3.x and 4.x
  • Added key verification algorithms (TeslaCrypt 2.x/3/4) - In this way the Decryptor can't produce invalid files
  • A powerful command line arguments
  • Imported leaked TeslaCrypt 3.x/4 C&C private key


Last revision: 05/31/2016