A decoder for Petya victim keys, using the Janus' masterkey
- Red Petya
- Green Petya (both versions) + Mischa
- Goldeneye (bootlocker + files)
Read more about identifying Petyas: https://blog.malwarebytes.com/cybercrime/2017/07/keeping-up-with-the-petyas-demystifying-the-malware-family/
DISCLAIMER: Those tools are provided as is and you are using them at your own risk. I am not responsible for any damage or lost data.
./petya_key [victim_data]where the 'victim_data' is a file containing the 'personal decryption code' displayed by the bootlocker
1) Save your 'personal decryption code' as a continuous string, without separators. Example of the valid file content:
2) Supply the saved file to the decoder:
./petya_key saved_id.txtChoose your version of Petya from the menu. If the given data is valid, you will get your key, i.e:
[+] Your key : TxgTCXnpUPSeR2U73) Before unlocking attempt I strongly recommend you to make a dump of the full disk. Some versions of Petya are buggy. For example they may hang during decryption and corrupt your data.
In order to decrypt MFT, supply the generated key to the bootlocker.
In order to decrypt files you need supply the key to an appropriate decryption tool.
For Mischa: https://drive.google.com/open?id=0Bzb5kQFOXkiSWUZ6dndxZkN1YlE
For Goldeneye: https://drive.google.com/open?id=0Bzb5kQFOXkiSdTZkUUYxZ0xEeDg