ReversingWannacry

These are the scripts and Ghidra projects for my Reversing Wannacry series:

Extracting the Ghidra projects and the resources

Note that the Ghidra project and the files in the resources ZIP file will probably trigger your AV!

The Ghidra projects and the DLL are in an encrypted ZIP, protected by the password "ghidra".

Simply run:

dd if=t.wnry of=encrypted_aes_key bs=1 skip=12 count=256
dd if=t.wnry of=large_chunk.bin skip=280 bs=1

The Ghidra projects are exported as ZIP files. You can simply drag them into the Ghidra project screen.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
part3		part3
README.md		README.md
RSA Decryption.cpp		RSA Decryption.cpp
decrypt_large_chunk.py		decrypt_large_chunk.py
ghidra_projects.zip		ghidra_projects.zip
resources.zip		resources.zip