vicmarleon
commented
8 years ago I meant the use of teslacrack in directories with files having different keys, and teslacrack with only one found key.
Closed vicmarleon closed 8 years ago
vicmarleon
commented
8 years ago I meant the use of teslacrack in directories with files having different keys, and teslacrack with only one found key.
Googulator
commented
8 years ago It's normal and supported if you have multiple keys. Every invocation of the TeslaCrypt executable will run with a new AES key (the Bitcoin key is per-machine, and should not change between runs). Simply put both keys in the known_keys array. The --delete option will only delete files that were successfully decrypted.
There was a bug in unfactor.py until recently, where it would ignore the magic number set in the function definition. This should be fixed now.
vicmarleon
commented
8 years ago Yes, I have just decrypted a second key file, also using unfactor_ecdsa and ran teslacrack with both succesfully ;) As you say, the BitCoin key did not change. Positively I have two keys, before and after rebooting. I have run multiple antimalware, antivirus etc and I am pretty sure it is erased (I was attacked four weeks ago and no reproductions since), but do you know any trace that may be left and recognizable as some .exe etc?
Thanks very much again for your work! You deserve some donation, only bitcoin is possible?
Googulator
commented
8 years ago I can also take Flattr. For now I'm doing this pseudonymously, so I can't publish my PayPal address.
Hi all,
First thank you very much Googulator for this project. And to all contributors in the different threads. Following them, I managed to decrypt the sample pdf file, via unfactor_ecdsa, unfactor.py never returned key similarly to some cases I read. My biggest factor had 50 digits, if that matters. Anyway, I am writing this new issue because when I turned to decrypt all my files I found that I have (at least) one new and different key in some directories! (still finding out if there are others). Someone in the same situation? I'm pretty sure infection ran in a shot, but for one rebooting of the pc I made when I realized the pc was being slowed (in the new session I was faced with our "how to decrypt" explanations and then started my trip...) Also, Googulator, I was wondering that, if I use the --delete option with different keys it will not delete files that are not decrypted (thats my guess, it will prompt the not found key, right?)
Thanks again!