got the primes, but neither unfactor.py nor unfactor_ecdsa.py works

[yishen123]

Hello, Googulator!

First, thank you so much for your successful job! it helps so many people!

i followed your suggestions and got the primes of the 5. step, but i cant success in the 6. step, neither by unfactor.py nor by unfactor_ecdsa.py. tried it already for half a day so far, but i was always told that the system cant find the file or the way.

my AES key is:025B96A3F9AB13753ED84694034422216C03FD0298E67D87E9B1ACE8027D6C50F02CFD14724768AEA2BE2D53707661B554A8D5EAFA0D5CF3C3F2F299E614870F

and the factors:

p1 factor: 5 p1 factor: 5 p1 factor: 5 p2 factor: 31 p2 factor: 59 p7 factor: 1506317 p7 factor: 1615181 p8 factor: 32339941 prp12 factor: 122098624903 prp21 factor: 521215182980524891501 prp42 factor: 790355274904991699508542726894030536679239 prp54 factor: 136479699905329522235449077339883560021814719121773623

Could you please help me? I wil whole-heartedly appreciate!

PS, i study philosophy, instead of computer science. maybe i did something wrong in inputing command or installing the tools. So i wil be very happy if u can answer me with some patience.

Thanks in advance,

Yishen

[ankostis]

Can you send one of your teslacrypted files (prefferably a pdf, jpg, docx, zip, etc)? You can drag and drop it in this issue, as new comment.

[yishen123]

thank u so much for yr replay! i tried several times to drag and upload my file, but it is weird that always be told "Unfortunately, we don’t support that file type. 选择文件 Try again with a PNG, GIF, JPG, DOCX, PPTX, XLSX, TXT, PDF, or ZIP.", acctually all the file i draged were either pdf or docx before.

[ankostis]

You may use a free file-transfer service (https://www.wetransfer.com) and then paste the link here,

In any case, can you paste here the exact python unfactor.py command you used?

[yishen123]

if u like, i can send one of my teslacrypted files in pdf to yr email. or do we have some other alternative?

[ankostis]

I would prefer if you do it here, so that others may examine it.

[ankostis]

@yishen123 you can send it to me and I will upload it here. Use my username in gmail.

[yishen123]

just send it to yr gmail. and of course u can upload it here.

[yishen123]

and i used: c:user\Sony\Downloads\TeslaCrack-master\python unfactor.py Sein, Wahrheit, Welt.pdf.vvv 5 5 5 31 59 1506317 1615181 32339941 122098624903 521215182980524891501 790355274904991699508542726894030536679239 136479699905329522235449077339883560021814719121773623

and unfactor.py is in my work folder "Downloads"

[ankostis]

You should surround your filename in double quotes.(i receiver your file, thanks)

[yishen123]

u mean in the following form? : c:users\Sony\ \Downloads\TeslaCrack-master\python unfactor.py Sein, Wahrheit, Welt.pdf.vvv Sein, Wahrheit, Welt.pdf.vvv 5 5 5 31 59 1506317 1615181 32339941 122098624903 521215182980524891501 790355274904991699508542726894030536679239 136479699905329522235449077339883560021814719121773623

[yishen123]

i tried in this following form, but can still not run through: \Downloads\TeslaCrack-master\python unfactor.py "Sein, Wahrheit, Welt.pdf.vvv" 5 5 5 31 59 1506317 1615181 32339941 122098624903 521215182980524891501 790355274904991699508542726894030536679239 136479699905329522235449077339883560021814719121773623

[ankostis]

Your AES key is: b'79E263D45D5D7D2B576307116B31680DECE84E59562DAAA0BF93A5A0D34C9DED' I tested it and it decrypts correct your file.

Please report any other difficulties you bump into.

[yishen123]

@ankostis thanks so much for the second AES key! but after i add the key pair in the following form as the other already given in the teslacrack.py. and run: \Downloads\TeslaCrack-master\python teslacrack.py —— i was also told that the system can not find the way( or the file). why?？？

[ankostis]

I'm suspecting that you don't properly specify the paths, because your 1st unfactor command above was correct, and it should have brought you the result.

Suppose, for instance, you have this folder structure in your PC:

C:\Downloads\TeslaCrack-master\<teslacrack-python-files>
D:\InfectedRootFolder\some-tesla.pdv.vvv

You have 3 alternatives to decrypt that last teslafile:

1. You may type the following regardless from your current-directory:

python  C:\Downloads\TeslaCrack-master\teslacrack.py   D:\InfectedRootFolder\some-tesla.pdv.vvv

1. Alternatively, you can cd to C:\Downloads\TeslaCrack-master\ and type:

python  teslacrack.py   D:\InfectedRootFolder\some-tesla.pdv.vvv

1. Or cd to C:\InfectedRootFolder\ and type:

python  C:\Downloads\TeslaCrack-master\teslacrack.py    some-tesla.pdv.vvv

Of course you should specify instead of a single file, the whole parent-folder C:\InfectedRootFolder and have decrypt.py scan all files in subdirectories for you. But initially better experiment with a single file to make it work.

[yishen123]

thanks so much for this! i will try them out. yes, the file i gave to you, and put in the TeslaCrack-master, was originally from the D:.

is that probablly the reason why the system cant find the way?

[ankostis]

Yes, I believe so.

As a tip, you can specify the current-dir with dot(.). So in the above example, if you are in D:\InfectedRootFolder, to decrypt all files therein you can issue:

python  C:\Downloads\TeslaCrack-master\teslacrack.py    .

[yishen123]

sorry..i tried but i guess i have not understood yr suggestions of the 3 alternatives.. i am totally not a computer expert:) first, u mean i type "python C:\Downloads\TeslaCrack-master\teslacrack.py D:\InfectedRootFolder\some-tesla.pdv.vvv" after i run cmd or not? second, what means "cd" in the 2. 3. alternative?

please forgive my ignorance:)

or can i simply just try the whole method again with a file from my C: ?

[yishen123]

when i input C:\Users\SONY>Downloads\TeslaCrack-master\python C:\Downloads\TeslaCrack-master \teslacrack.py D:\InfectedRootFolder\some-tesla.pdv.vvv result: 'Downloads\TeslaCrack-master\python' is neither the command nor the programms, which can run through..(this sentence is translated into english from me)

[ankostis]

first, u mean i type "python C:\Downloads\TeslaCrack-master\teslacrack.py D:\InfectedRootFolder\some-tesla.pdv.vvv" after i run cmd or not?

What "cmd" are your efering to?

second, what means "cd" in the 2. 3. alternative?

cd is the console-command that (C)hanges your current-(D)irectory - like when you move around with mouse and the file-explorer. You see your current-directory in the "prompt" (at the left of the > character). Filepaths entered in the command are assumed to be in relation to current-directory, unless they are absolute (start with a backslash(\) and optionally with a drive-letter).

To learn about the cd command, open a console and type:

cd /?

It will provide you with an explanation of the command - always try /? first on some command, even if some times you get no useful answer.

please forgive my ignorance:)

No problem, as long as you try to get rid of it :-)

[ankostis]

when i input C:\Users\SONY>Downloads\TeslaCrack-master\python C:\Downloads\TeslaCrack-master \teslacrack.py D:\InfectedRootFolder\some-tesla.pdv.vvv result: 'Downloads\TeslaCrack-master\python' is neither the command nor the programms, which can run through..(this sentence is translated into english from me)

Indeed, completely wrong syntax :-) You copied also the (>) character.

Type the word python alone (that's your "command", try python /?), leave 1 space and then teslarack.py's path, leave another space, and finally the teslapath + [Enter].

[ankostis]

Can you please send me a smaller tesla-file.

[yishen123]

thank u so much! i will firstly learn this and try again!:) and i sent u just one another smaller file.

[yishen123]

C:\Users\SONY\Downloads\TeslaCrack-master>python teslacrack.py 2016-02-26 19:43:37,786:INF: +++Dir 1: u'\?\C:\Users\SONY\Downloads' scanned: 8 noAccessDirs: 0 teslaExt: 0 badheader: 0 crypted: 0 decrypted: 0 skipped: 0 unknown: 0 failed: 0

   overwritten:      0
   badExisting:      0
       deleted:      0

2016-02-26 19:43:37,788:WAR: Unknown key: 025B96A3F9AB13753ED84694034422216C03FD 0298E67D87E9B1ACE8027D6C50F02CFD14724768AEA2BE2D53707661B554A8D5EAFA0D5CF3C3F2F2 99E614870F in file: \?\C:\Users\SONY\Downloads\TeslaCrack-master\Sein, Wahrheit, Welt.pd f.vvv 2016-02-26 19:43:37,796:WAR: Bad(?) decrypted-file u'\?\C:\Users\SONY\Dow nloads\TeslaCrack-master\tests\tesla3_bad_decrypted.atxt' had unexpected size (disk_size(58) != 29)! Will be overwritten: False 2016-02-26 19:43:37,799:ERR: Error decrypting u'\?\C:\Users\SONY\Download s\TeslaCrack-master\tests\tesla_corrupted.pdf.ccc' due to ValueError('Input s trings must be a multiple of 16 in length',)! Please try again. 2016-02-26 19:43:37,799:INF: File u'\?\C:\Users\SONY\Downloads\TeslaCrac k-master\tests\tesla_invalid_magic.pdf.ccc' doesn't appear to be TeslaCrypted.

2016-02-26 19:43:37,799:WAR: Unknown key: 9B2A14529F5CEF649FD0330D15B4E59A9F6048 4DB5D044E44F757521850BC8E1DCDF3CB770FEE0DD2B6A7742B99300ED02103027B742BC862110A1 765A8B4FC6 in file: \?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_key14.jpg.v vv 2016-02-26 19:43:37,802:WAR: Unknown key: 7097DDB2E5DD08950D18C263A41FF5700E7F2A 01874B20F4UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU711A9DC44EA47FC220814E88 009C90EA in file: \?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_unknown_key 1.pdf.ccc 2016-02-26 19:43:37,803:WAR: Unknown key: 7097DDB2E5DD08950D18C263A41FF5700E7F2A 01874B20F4DDDDDDDDDDDDDDDDDDDDDD6AF2642AE37BD64AB65B6426711A9DC44EA47FC220814E88 009C90EA in file: \?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_unknown_key 2.pdf.ccc 2016-02-26 19:43:37,805:INF: File u'\?\C:\Users\SONY\Downloads\TeslaCrac k-master\tests\unreadable-CHMOD_IT.vvv' doesn't appear to be TeslaCrypted. 2016-02-26 19:43:37,812:INF: +++Unknown key(s) encountered: 4 AES: u'9B2A14529F5CEF649FD0330D15B4E59A9F60484DB5D044E44F757521850BC8E1DCDF 3CB770FEE0DD2B6A7742B99300ED02103027B742BC862110A1765A8B4FC6' BTC: u'372AE820BBF2C3475E18F165F46772087EFFC7D378A3A4D10789AE7633EC09C74578 993A2A7104EBA577D229F935AF77C647F18E113647C25EF19CC7E4EE3C4C' File: u'\?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_k ey14.jpg.vvv' AES: u'7097DDB2E5DD08950D18C263A41FF5700E7F2A01874B20F4UUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUU711A9DC44EA47FC220814E88009C90EA' BTC: u'E87B5578A94FAC67F7021384CBC64625DEA8B1C5608CACC66D711965E682B9EFAE1C A639CE803D6B485BA0FB2AA56FEFF3C9B03C7C74C730AFDD631CACB516' File: u'\?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_u nknown_key1.pdf.ccc' AES: u'7097DDB2E5DD08950D18C263A41FF5700E7F2A01874B20F4DDDDDDDDDDDDDDDDDDDD DD6AF2642AE37BD64AB65B6426711A9DC44EA47FC220814E88009C90EA' BTC: u'' File: u'\?\C:\Users\SONY\Downloads\TeslaCrack-master\tests\tesla_u nknown_key2.pdf.ccc' AES: u'025B96A3F9AB13753ED84694034422216C03FD0298E67D87E9B1ACE8027D6C50F02C FD14724768AEA2BE2D53707661B554A8D5EAFA0D5CF3C3F2F299E614870F' BTC: u'26F87C633F1F2BC7A2411F2DF0E1DA0F2AC0FD973CD56CB28730751412D5806AA42F C891073674BA78937741126FB778CA4E57806374311807397AF7ADFF5B4E' File: u'\?\C:\Users\SONY\Downloads\TeslaCrack-master\Sein, Wahrheit , Welt.pdf.vvv' Use msieve on AES-key(s), or msieve + TeslaDecoder on Bitcoin-key(s) to crack them! 2016-02-26 19:43:37,815:INF: +++Dir 10 scanned: 33 noAccessDirs: 0 teslaExt: 15 badheader: 2 crypted: 13 decrypted: 0 skipped: 8 unknown: 4 failed: 1

   overwritten:      0
   badExisting:      1
       deleted:      0

C:\Users\SONY\Downloads\TeslaCrack-master>python C:\Downloads\TeslaCrack-master \teslacrack.py D:\InfectedRootFolder\some-tesla.pdv.vvv python: can't open file 'C:\Downloads\TeslaCrack-master\teslacrack.py': [Errno 2 ] No such file or directory

[yishen123]

i think this time i did correctly. but the result above looked not so positiv. Do you known why?

[yishen123]

i also tried the other 2 alternatives from u with yr tip, the result was the same.

[yishen123]

i did the step 6. and this time, i got my private key as follows:

C:\Users\SONY\Downloads\TeslaCrack-master>python unfactor.py "Sein, Wahrheit, W lt.pdf.vvv" 5 5 5 31 59 1506317 1615181 32339941 122098624903 52121518298052489 501 790355274904991699508542726894030536679239 13647969990532952223544907733988 560021814719121773623 Candidate AES private key: 79e263d45d5d7d2b576307116b31680dece84e59562daaa0bf93a5a0d34c9ded None

but why does not the key begin with "b" as u gave to me firstly?

[yishen123]

hey i just use the new key correct my file!!!!! @ankostis

[yishen123]

i am still several steps away from the final Success. because the teslacrack.py told me that i have totally 4 AES keys!! i have a lot of documents and pictures in my pc, including my Dissertation. So i was so happy when i succeeded in decrypting the first file!! Thank you so much, @ankostis !! i dont known how to express it but i really appreciate it!

i am going on working with killing this fucking ransom and i hope i can get all my files back.

[Demonslay335]

@yishen123 It looks like you may have not passed a directory to decrypt, so it ran through the tests, thus all the errors.

If you upload a file through a sharing site such as WeTransfer or SendSpace and link the file here, we can better assist. If you have that many keys (caused by reboots while the virus was still active), it may be best to go for the PrivateKeyBC and use TeslaDecoder. It may reduce some complications and confusion for you at this point.

[ankostis]

@Demonslay335 Here is the file that Yishen send me: tesla_key33.docx.vvv.zip (remove the last .zip)

[Demonslay335]

@ankostis Thanks. Clever, I figured GitHub would let you do something like that. ;)

It's a C107 after ECM, so I'll have the PrivateKeyBC in a couple of hours.

[ankostis]

@Demonslay335 it is not necessary to break also BTC. As you said, probably the multiple keys that Yishen reported come from the test-files. He must be able to decrypt his files, it is just a matter of understanding how paths work on the console.

[ankostis]

@yishen123

Thank you so much, @ankostis !! i dont known how to express it but i really appreciate it!

Don't thank me; try to understand the 3 alternatives I described to you, don't just copy-paste them :-)

[Demonslay335]

Well, it wasn't too bad of a challenge. Here's the PrivateKeyBC if you end up needing it anyways.

9F0E6C608AFF777F1231D1D691FB0FFE8BF20CEC13ECBBCBA4992E51348462F2

[ankostis]

Just listing here all prime factors of the btc (from factordb):

2
3 3 3 3
653
30593
2536198376473
14750956432784909988369359<26>
35611703795037623446642023140478610781
473379042095770498166803972432242507015417089299862806179460011953993