Skip to content

Latest commit

 

History

History
37 lines (29 loc) · 1.99 KB

spora_pseudo_code_explanation.md

File metadata and controls

37 lines (29 loc) · 1.99 KB
Raw

-------------------------------------------------------------------------------------
ENCRYPTION:

Spora (Contains RSA Key A2 Public)
|
|_> aes_b = encrypt_with_RSA_A2(generate(AES_KEY_B))
  |
  |_> encrypt_with_aes_b(generate(PRIVATE_RSA_KEY_C1))
  |_> rsa_c2 = generate(PUBLIC_RSA_KEY_C2)
      |
      |_> aes_key_f1 = encrypt_with_rsa_c2(generate(AES_KEY_F1))
      |_> encrypt_key_file(aes_key_f1, file)
      |_> aes_key_f2 = encrypt_with_rsa_c2(generate(AES_KEY_F2))
      |_> encrypt_lst_file(aes_key_f2, file)
-------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------
DECRYPTION:
                                                                               <--: In order to decrypt this key
                                                                               
              [Contains]   [Contains]           [Contains]  [Only Malware Authors Have Access]
  First File: AES_KEY_F1<--PRIVATE_RSA_KEY_C1<--AES_KEY_B<--[RSA_A2_PRIVATE_MASTER_KEY]
  
               [Contains]   [Contains]           [Contains]  [Only Malware Authors Have Access]
  Second File: AES_KEY_F2<--PRIVATE_RSA_KEY_C1<--AES_KEY_B<--[RSA_A2_PRIVATE_MASTER_KEY]
-------------------------------------------------------------------------------------   
    
-------------------------------------------------------------------------------------
Result:

The master key (RSA A1 Private) isn't exposed, the decrypter works for only one user.
If the RSA A1 Private is leaked, every victim can decrypt the files.
-------------------------------------------------------------------------------------

https://www.gdatasoftware.com/blog/2017/01/29442-spora-worm-and-ransomware