Saturday, March 22, 2014

Good News (part 2)

Hey guys! After some -lot of- research and reverse-engineering, I decided to create a video which explains how to recover the private keys via a sniffer.

Mind you, in some countries (United States and the United Kingdom and some countries in the European Union), ISPs are requested by law to retain data for over a year or so. Therefore, the authorities are able to retrieve the information (metadata) you sent and received anytime, including the day you got infected. It isn't hard for them to do, but that of course implies a long judicial process. Instead of paying the crooks, try to get in touch with the police and point out the existence of this law.

I am also working on a program to to brute-force the key based on parameters found inside the victim's computer which I won't disclose right now. It appears that although the 2048 bits is certainly strong, they used a weak seeding which is quite simple and a brute-force attack can be performed within an manageable range of parameters, not from 0 to quasi-infinitum (that would take years without any known parameters). Also, I plan to use OpenCL and CUDA in order to use GPUs (which are way faster than CPU performing parallel tasks) to speed up the process. If it isn't fast enough, I may also add a distributed computing module, so that many computers can work together to crack a group of keys. I'm quite confident guys! Just give me some time!...

10 comments:

  1. Hi there, my computer has been infected by this virus a couple of days ago. I tried everything to recover the data but nothing worked. I deleted the virus, do you think there's a way I can manage to find the private key even though the virus is deleted from the computer? I feel like I lost my whole life, aka 10 years of photos and work documents. I had no back up but planned to do so shortly. Too late unfortunately!!!

    I even tried to visit the site they have given me to see how much they ask, but couldn't even get there, probably for security reasons...

    This thing is the worst thing ever. I will keep the crypted files on an external disk with hope someone finds a solution! Thank you!

    ReplyDelete
    Replies
    1. I definitely think it's possible. That's why I'm working on this. I hope these crooks go to jail.

      Delete
  2. Hey,

    DecrypterFixer from bleeping computers.

    I was given a link to your blog, and i love to see others working on these infections. But i do have a question for you.

    What lead you to believe the seed is based on time? I dont quite understand why you say a computer cannot produce a random string of numbers without almost a seed of its own.

    For example: If i was writing a C# application and i wanted to produce a random number, i wouldn't use time at all. I would simply call Random(-10000, 10000) and collect the results. With negatives, and floating points this could result in many different returns, which would have nothing to do with the date?

    Good luck on your application though :) good to see others working on these infections, as more come out every day

    ReplyDelete
  3. Metal, I am not DecrypterFixer. Hehe!

    As for your question, I'd suggest you to read: http://en.wikipedia.org/wiki/Random_number_generator#Computational_methods

    Computers, especially desktop and notebook computers, cannot truly generate random numbers because all a CPU does is calculations and they are 100% exact. Also, you can't call rand() without using a srand() to load a seed first.


    Run this example on C++:

    #include
    #include
    #include

    int main()
    {
    for (;;) {

    unsigned int seed = time(NULL);
    srand(seed);


    float random = rand()%10000;

    printf("Randon Number: %f\n", random);
    // printf("Time seed : %f\n", seed);
    system("PAUSE");
    }


    }


    Disable or delete the srand() function, and the compiler will complain. Now try to change the seed value to ANY number you want. When you run the code, you will see that it will ALWAYS generate the same number. Now, if you leave time(NULL), you will have different values in each loop.

    ReplyDelete
    Replies
    1. I understand the formula :) thanks for explaining though! but what im saying is, no matter how calling Rand functions in the background, if i give it -10000 to 10000 im going to get a number in between those 2 places, then i would encrypt your data lets say with that number. So where in this would a date or time factor in?

      Delete
  4. This would be possible, but a difficult task indeed! To make this simpler lets use an example:

    Lets say we reversed the CryptoDefense dropper and found this is the function it uses to generate a random number to encrypt your files:

    _randomSeed = Exact current date and time converted to a integer

    public long rand()
    {
    _randomSeed = _randomSeed*1103515245 + 12345;
    return _randomSeed/65536 % 32768;
    }

    Now if this was really the function, to reproduce your RSA key, all we would need is the exact date and time you were infected. The reason this works is because no matter what machine this runs on, it will always produce the same random number if the seed is always the same. So lets say he doesn't return a range of numbers, but yet just the result of the function (which is still quite a good generator because time is always changing). Lets assume the seed he uses is the current time difference in milliseconds from epoch (to keep things simple)

    private long _randomSeed = 1395577148000; (1395577148000 at time of writing)

    public long rand()
    {
    _randomSeed = _randomSeed*1103515245 + 12345;
    return _randomSeed/65536 % 32768;
    }

    Every time you run this the first result will always be 29513 (Again this is only an example.) So now we would take this result and make a RSA key from it, thus giving you the correct key to decrypt your files.

    This will be quite a difficult task though. We would need the correct random function from the dropper, and if the function uses a range it would prove even more difficult. Not to mention you would need the EXACT time the decryption started. And this is even if he does use the current date as a seed.

    Though nothing is impossible ;)

    ReplyDelete
  5. Thanks, DecryptorFixer: Honestly, I couldn't have explained it better on my own! ;)

    ReplyDelete
  6. I finally managed to get on the website where they ask for 500$US to get our files decrypted. I can see a screening of my computer at the exact moment I got infected (with exact time as well) so I now know exactly where I got infected. They even offered to decrypt a single file as a test. I tried it and it worked. Can't load any more documents, I have to pay first. I copied everything, let me know if it can be of any help.

    ReplyDelete
  7. Your video makes sense to me and seems very plausible, but the question I have is, where does the Decrypter executable you run from your desktop folder come from?

    ReplyDelete
    Replies
    1. It was a sample provided by someone who unfortunately had to pay the ransom.

      Delete