want a beer ?

[joseluu]

Need to spend those bitcoins: if you have a bitcoin address, I'll send you some for a few beers.

[Hipapheralkus]

I must admit I was very skeptical about this solution (especially because TeslaCrypt message said 4096 RSA key), however I must admit after trying it, it does work and much faster than I expected = I got 1st file decrypted in the matter of seconds (after I overcame all the obstacles about how to run all the commands properly). So huge thanks from my part, I wouldn't believe it would be possible and this fast to decrypt .vvv files from the newest variation of TeslaCrypt ransomware.

[MucciGeek]

Why not!

Sent from my iPhone

On Dec 23, 2015, at 2:34 PM, Godziluu notifications@github.com wrote:

Need to spend those bitcoins: if you have a bitcoin address, I'll send you some for a few beers

— Reply to this email directly or view it on GitHub.

[MucciGeek]

Any chance someone can update the steps with more details . Commands, apps version used, screenshot if necessary.

This is too high level for junior like myself.

Sent from my iPhone

On Dec 23, 2015, at 3:00 PM, Andrej Šimko notifications@github.com wrote:

I must admit I was very skeptical about this solution (especially because TeslaCrypt message said 4096 RSA key), however I must admit after trying it, it does work and much faster than I expected = I got 1st file decrypted in the matter of seconds (after I overcame all the obstacles about how to run all the commands properly). So huge thanks from my part, I wouldn't believe it would be possible and this fast to decrypt .vvv files from the newest variation of TeslaCrypt ransomware.

— Reply to this email directly or view it on GitHub.

[Hipapheralkus]

So I'm using Windows, and if it helps someone, here are my steps:

• find out whether you use 64-bit or 32-bit system
• download Python 2.7.11 from https://www.python.org/downloads/release/python-2711/ + install it
• I also added Python into the PATH (This Computer - Properties - Advanced system settings - Environment variables - PATH - edit; and add folder where you installed Python separated by semicolon. For me, I added ;C:\Python27). This will make possible to run Python from CMD as a command
• download msieve from http://sourceforge.net/projects/msieve/ and unzip it to some folder
• download TeslaCrypt and unzip it to some folder. Here, add at least one .vvv encrypted file for you to experiment with
• open CMD; change directory to TeslaCrypt with cd C:\Users\MyUser\Desktop\TeslaCrack-master and run python teslacrack.py
• copy the long number which is shown there, for me it was 1AC4F519ABD305147597D06A871B460C637D6C56680A42AF585781E34F0A808DEFD540D7450B2570CFB22EC753BE6251FCF994037379AB54C99B304D1DA8C6E3
• open another instance of CMD, again change directory this time to msieve and run msieve.exe -v -e 0x1AC4F519ABD305147597D06A871B460C637D6C56680A42AF585781E34F0A808DEFD540D7450B2570CFB22EC753BE6251FCF994037379AB54C99B304D1DA8C6E3, where 0x is followed by your number
• your result will be few numbers, for me it was:

p1 factor: 5
p2 factor: 23
p3 factor: 101
p3 factor: 401
p3 factor: 521
p5 factor: 60923
p7 factor: 1331579
p8 factor: 18129493
p8 factor: 51086263
p9 factor: 261805031
p9 factor: 367833107
prp12 factor: 146960733259
prp12 factor: 176213684197
prp14 factor: 54687906005041
prp25 factor: 8822013769107847618100579
prp40 factor: 6391279197703140648271919831053563496759
elapsed time 00:00:12

• run python unfactor.py my_encrypted_file.pdf.vvv 5 23 101 401 521 60923 1331579 18129493 51086263 261805031 367833107 146960733259 176213684197 54687906005041 8822013769107847618100579 6391279197703140648271919831053563496759 where numbers are factors like you saw from msieve
• You will be shown something like Candidate AES private key: \x34\x53\x11\x83\xb1\xaa\x96\x00\x2e\x65\x0c\xb7\x32\x9f\x28\x8a\xcd\xb2\xa6\xbc\xa0\x31\x93\x83\x57\xc2\x10\xf3\xdf\xfd\x37\xc5' (34531183B1AA96002E650CB7329F288ACDB2A6BCA031938357C210F3DFFD37C5)
• edit teslacrack.py file in any text editor, and add another entry to known keys (the long key from first command; then followed by \x keys from the last output), for me it was

'1AC4F519ABD305147597D06A871B460C637D6C56680A42AF585781E34F0A808DEFD540D7450B2570CFB22EC753BE6251FCF994037379AB54C99B304D1DA8C6E3': b'\x34\x53\x11\x83\xb1\xaa\x96\x00\x2e\x65\x0c\xb7\x32\x9f\x28\x8a\xcd\xb2\xa6\xbc\xa0\x31\x93\x83\x57\xc2\x10\xf3\xdf\xfd\x37\xc5',

• save file, and run python teslacrack.py again
• you should have successfully decrypted sample file:)

[nebuhcaneza]

I too am trying the fix but I can't get msieve to run. It says pthreadgc2.dll is missing. I find it fine in windows/system32 but when I try to unregister and register it gives me an error. In the meantime I tried running yafu instead. I ran the tool, big pain to get it working right and my result is just two numbers. When I try to run this against the unfactor.py it does nothing ... no error just like someone hits a carriage return and I am back to the dos prompt. Any thoughts?

[artoes]

Strange for the dll, are you using the compurer that has been infected? Can you provide the line command you are calling for yafu?

------ Message d'origine ------ De : "nebuhcaneza" notifications@github.com À : "Googulator/TeslaCrack" TeslaCrack@noreply.github.com Envoyé 24/12/2015 00:25:00 Objet : Re: [TeslaCrack] want a beer ? (#5)

I too am trying the fix but I can't get msieve to run. It says pthreadgc2.dll is missing. I find it fine in windows/system32 but when I try to unregister and register it gives me an error. In the meantime I tried running yafu instead. I ran the tool, big pain to get it working right and my result is just two numbers. When I try to run this against the unfactor.py it does nothing ... no error just like someone hits a carriage return and I am back to the dos prompt. Any thoughts?

— Reply to this email directly or view it on GitHub.

[TamaBaka]

I wonder if it's the version of Windows or the CPU. I got the dll error too, and I'm running a 64 bit version of Windows on an Intel I5.

I got a recompiled version of MSieve from here: http://gilchrist.ca/jeff/factoring/

I used 1.52dev SVN 883 (with MPIR 2.6.0/GMP-ECM 6.4.4. That one worked without the dll error.

[Googulator]

DLL errors despite DLL being present are due to architecture mismatch between msieve.exe and the DLL.

It's best to put a 64-bit DLL into system32 and a 32-bit one to SysWOW64 (yes, 32-bit to SysWOW64 and 64-bit to system32 - Windows is confusing).

@Godziluu: My Bitcoin address is 1AdcYneBgky3yMP7d2snQ5wznbWKzULezj. I will eventually set up a donate button when I have time - for now, I'm still learning GitHub's readme syntax.

[Googulator]

BTW, always use a 64-bit computer and a 64-bit build of msieve/YAFU for factoring, and a 64-bit Python environment for the key reconstruction step, especially if you're using unfactor-ecdsa.py. The speed advantage is huge.

[nebuhcaneza]

Yeah I am using the infected computer. I have ran Malwarebytes, CCleaner, Spyhunter 4 which seems to have stopped the spread. I am now trying the link provided by TamaBaka and it seems to have stopped the dll error. I will post an update if I get any success with the results from msieve versus yafu. I really appreciate the active responses in this thread.

[nebuhcaneza]

Just to provide the info back to @artoes the syntax for yafu is the following

from the command prompt I ran yafu-x64 to open the interactive environment then I execute:

factoring(0x629DA6B433697CACD81769F31F5FD69ABC1B035BFE888A1CEFC82793F4C45881D6590DEA70780157BC8841195DED488291FEC953463CE868B17806A37DD2CEB0) it then returns two prime results which look like the following: prp53 = 124130930199757704304153681538005871429475701571159911 prp46 = 2964356128334903860988928453047174445489908777

when I provide these plus a sample file to unfactor.py it does the above essentially a carriage return in the dos prompt no output of any kind (error messages or otherwise).

[pyragius]

Hi,

My msieve has been running for an hour now, but it is still at "searching for 40-digit factors", so it seems to be really really slow. Looking at @Hipapheralkus result - 12 seconds to complete, I cannot help but think that I'm doing something wrong. I did follow the instructions best I could. Any suggestions here? My number is - 10B699D0F9D9221BF8630B189BF6D1056FDB1BA9842AE239D8A88E210A152C96FA9FDA1B396834320417F250281F22562CB8D0A9BC560D21843496FB6A080CF0 - if that helps.

Edit: I'm on i7-4790K.

[joseluu]

Some sieve can take days, don't worry, yafu has been much faster for me. YMMV a lot because these numbers come at random. On Dec 24, 2015 9:51 AM, "pyragius" notifications@github.com wrote:

Hey,

My msieve has been running for an hour now, but it is still at "searching for 40-digit factors", so it seems to be really really slow. Looking at Hipapheralkus result - 12 seconds to complete, I cannot help but think that I'm doing something wrong. I did follow the instructions the best I could. Any suggestions here? My number is - 10B699D0F9D9221BF8630B189BF6D1056FDB1BA9842AE239D8A88E210A152C96FA9FDA1B396834320417F250281F22562CB8D0A9BC560D21843496FB6A080CF0

• if that helps.

— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/5#issuecomment-167070586 .

[artoes]

Maybe check that your public key is consistent across differents files (rerun teslacrack on different files),that you use the first key provided by teslacrack in the results , that the sample file for unfactor is a PDF, and the synthax is : python unfactor.py sample.pdf.vvv factor1 factor2

------ Message d'origine ------ De : "nebuhcaneza" notifications@github.com À : "Googulator/TeslaCrack" TeslaCrack@noreply.github.com Cc: "artoes" leo.geoffroy@laposte.net Envoyé 24/12/2015 05:16:18 Objet : Re: [TeslaCrack] want a beer ? (#5)

Just to provide the info back to @artoes the syntax for yafu is the following

from the command prompt I ran yafu-x64 to open the interactive environment then I execute:

factoring(0x629DA6B433697CACD81769F31F5FD69ABC1B035BFE888A1CEFC82793F4C45881D6590DEA70780157BC8841195DED488291FEC953463CE868B17806A37DD2CEB0) it then returns two prime results which look like the following: prp53 = 124130930199757704304153681538005871429475701571159911 prp46 = 2964356128334903860988928453047174445489908777

when I provide these plus a sample file to unfactor.py it does the above essentially a carriage return in the dos prompt no output of any kind (error messages or otherwise).

— Reply to this email directly or view it on GitHub.

[pyragius]

Ok, will do, thank you for your help.

[artoes]

Sorry the message was for the issue of @nebuhcaneza @pyragius , your key indeed seems more complicated to solve than the other ones (not done in a matter of minutes), so I guess you will need to be patient to solve it..

[artoes]

@pyragius , try with these factors: prp40 = 2010016410945281522497851335963470977343 prp60 = 682984475336114242231553303639353776039092210814553616622019

[pyragius]

@artoes Thank you. I tried these two, but nothing happens with unfactor? It just finishes instantly with nothing printed out. I then tried unfactor-ecdsa, that one gives "No keys found, check your factors!"

C:\Users\Pyragius\Desktop\A>python unfactor.py Success1113.pdf.vvv 2010016410945281522497851335963470977343 682984475336114242231553303639353776039092210814553616622019

Edit: I see that I have the same problem as @nebuhcaneza now with unfactor. Will try to get another file.

[nebuhcaneza]

msieve crashed overnight after getting about 54% through. I am going to go back and try running the teslacrack on several files to see if I get the same public key. When I try using the the two factors provided by @artoes to unfactor.py it does the same thing as before instantly finishes with no output at all.

[MucciGeek]

All,

So far I'm able to decrypt 1 file and I have about 12300 files infected.

I don't plan to do this 1-by-1.

Do you if there is way to decrypt by at a least 100-500 files at once?

Will the key for 1 be the same for others?

Also, is there any application that can do it on the market?

Thanks,

Sent from my iPhone

On Dec 24, 2015, at 9:02 AM, pyragius notifications@github.com wrote:

@artoes Thank you. I tried these two, but nothing happens with unfactor? It just finishes instantly with nothing printed out. I then tried unfactor-ecdsa, that one gives "No keys found, check your factors!"

C:\Users\Pyragius\Desktop\A>python unfactor.py Success1113.pdf.vvv 2010016410945281522497851335963470977343 682984475336114242231553303639353776039092210814553616622019

— Reply to this email directly or view it on GitHub.

[joseluu]

Beer money coming!

The world owe you a beer On Dec 24, 2015 1:55 AM, "Googulator" notifications@github.com wrote:

DLL errors despite DLL being present are due to architecture mismatch between msieve.exe and the DLL.

It's best to put a 64-bit DLL into system32 and a 32-bit one to SysWOW64 (yes, 32-bit to SysWOW64 and 64-bit to system32 - Windows is confusing).

@Godziluu https://github.com/Godziluu: My Bitcoin address is 1AdcYneBgky3yMP7d2snQ5wznbWKzULezj. I will eventually set up a donate button when I have time - for now, I'm still learning GitHub's readme syntax.

— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/5#issuecomment-167015621 .

[MucciGeek]

Absolutely!

Sent from my iPhone

On Dec 24, 2015, at 10:25 AM, Godziluu notifications@github.com wrote:

Beer money coming!

The world owe you a beer On Dec 24, 2015 1:55 AM, "Googulator" notifications@github.com wrote:

DLL errors despite DLL being present are due to architecture mismatch between msieve.exe and the DLL.

It's best to put a 64-bit DLL into system32 and a 32-bit one to SysWOW64 (yes, 32-bit to SysWOW64 and 64-bit to system32 - Windows is confusing).

@Godziluu https://github.com/Godziluu: My Bitcoin address is 1AdcYneBgky3yMP7d2snQ5wznbWKzULezj. I will eventually set up a donate button when I have time - for now, I'm still learning GitHub's readme syntax.

— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/5#issuecomment-167015621 .

— Reply to this email directly or view it on GitHub.

[flazh99]

Hey may someone can help me i did all the steps. My Hex Sting is: E836ECC94557FB79A6E71D7AEA4867D688686C06503E854F6B6AEAC0CAA1B9577A6DCE5A7C1E28E5329A03E09C9353BD2BC2FEA9F1F100C7DA19DF79D972969F

Factors using yafu: P1 = 3 P1 = 3 P1 = 3 P1 = 3 P2 = 83 P3 = 271 P3 = 389 P5 = 51869 P6 = 114769 P8 = 28912607 P13 = 2766537563071 P12 = 179756071823 P18 = 567412261382607197 P30 = 917344692257464338723186217847 P57 = 385171465067318664775134453175017986681644161058243731631

ans = 1

Candidate AES private key: b'\xed\x9f\x71\x43\xf1\x77\xe2\x83\x07\x96\x90\xeb\xc 5\x34\x69\x6c\xe7\x3a\x33\x78\x31\x89\xe1\xdc\xe6\xf8\x79\x9a\x66\x41\x5b\x3f' ( ED9F7143F177E283079690EBC534696CE73A33783189E1DCE6F8799A66415B3F)

But i still cant decrypt my files. Did I something wrong? I found the Hex-string using a Hex editor on an encryptet jpg. I chose the second one. May someone could help me to solve the problem. Teslacrack.py says: cannot access... when i try to decrypt

[TamaBaka]

@MucciGeek - Once you can decrypt one file, just run the teslacrack from a root directory and it'll step through each subdirectory while searching for vvv files.

@flazh99 - Sounds like a file permission problem. If you weren't able to decrypt, you would get an "Error decrypting" message.

[nebuhcaneza]

update I have now been successful running the version of msieve from the download link provided by @TamaBaka. I get the following list of primes: p1 factor: 2 p1 factor: 2 p1 factor: 2 p1 factor: 2 p1 factor: 7 p1 factor: 7 p8 factor: 38642137 prp23 factor: 37507539247992179199893 prp24 factor: 123525968791743699388073 prp46 factor: 2964356128334903860988928453047174445489908777 prp53 factor: 12413093019975770430415368153800587142947570157115991

When I run it against the unfactor.py it still does the same thing. No output, no error, just runs instantly and returns back to the command prompt. I am running the unfactor.py with the following syntax:

python unfactor.py Invoice_354_Receipt.pdf.vvv 2 7 38642137 37507539247992179199893 123525968791743699388073 2964356128334903860988928453047174445489908777 12413093019975770430415368153800587142947570157115991

I thought it strange that I got a 2 in my list so I also tried running it with the 7 as my starting list. Same result. At this point I am adding a bunch of output lines to the unfactor.py code to see where it gets to try and figure out why I get nothing.

[joseluu]

Try to put all the factors on the list, ie: python unfactor.py Invoice_354_Receipt.pdf.vvv 2 2 2 2 7 7 38642137 37507539247992179199893 123525968791743699388073 2964356128334903860988928453047174445489908777 12413093019975770430415368153800587142947570157115991

On Fri, Dec 25, 2015 at 1:52 AM, nebuhcaneza notifications@github.com wrote:

update I have no been successful running the version of msieve from the download link provided by @TamaBaka https://github.com/TamaBaka. I get the following list of primes: p1 factor: 2 p1 factor: 2 p1 factor: 2 p1 factor: 2 p1 factor: 7 p1 factor: 7 p8 factor: 38642137 prp23 factor: 37507539247992179199893 prp24 factor: 123525968791743699388073 prp46 factor: 2964356128334903860988928453047174445489908777 prp53 factor: 12413093019975770430415368153800587142947570157115991

When I run it against the unfactor.py it still does the same thing. No output, no error, just runs instantly and returns back to the command prompt. I running the unfactor.py with the following syntax:

python unfactor.py Invoice_354_Receipt.pdf.vvv 2 7 38642137 37507539247992179199893 123525968791743699388073 2964356128334903860988928453047174445489908777 12413093019975770430415368153800587142947570157115991

I thought it strange that I got a 2 in my list so I also tried running it with the 7 as my starting list. Same result. At this point I am adding a bunch of output lines to the unfactor.py code to see where it gets to try and figure out why I get nothing.

— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/5#issuecomment-167173391 .

[TamaBaka]

What Godziluu said, if you get multiple 2's, 3's, etc, put them ALL into that list.

[caiuspb]

Thank you so much @Googulator, I could help a friend to decrypt his files. I tried to factorize the key with his msieve on his machine. It took the whole night and it is still calculating. However, it only took 5 minutes own my own machine.

@Hipapheralkus approach did not work exactly on my machine. Thus, I'll tell you how I managed it on my windows machine:

• python teslacrack.py revealed 2 keys for me. In the following I used the first key. Lets say it was 01502AFAAF
• msieve.exe -v -e 0x01502AFAAF gave me a factor list. Lets say it was 2 2 3 3 5 23 124521286695295639
• unfactor.py file.vvv 2 2 3 3 5 23 124521286695295639 did not produce any output. Therefore I did the following: pip install ecdsa
• unfactor-ecdsa.py file.vvv 2 2 3 3 5 23 124521286695295639 gave me the AES private key

At this point you can continue to use @Hipapheralkus tutorial.

@Googulator is there any way besides bitcoins to buy you a beer?

[flazh99]

I could decrypt some files but i find out that i have different hexstrings on some files. I managed to run yafu on one. But not on this one: Could anyone try to factroing this Hex-string: 085B43E8BB797455E7F279AC620D9C4B7B41C34F4C9B18066DF8118F65A11D865165D556D9C894253F5F546DE4BA062EA6EFA80AD16DD7A93DE925AACD772111

It would be so great thanks for your help

[ghost]

Guys, i'm new here and i really need some help. I don't know how to use YAFU and msieve is way too slow. Can someone guide me via Skype?

[caiuspb]

@AxelDavid010 Starting yafu-x86 or yafu-x64 (depending on your windows architecture) opens a command prompt. Within this command prompt you have to enter the following commando: factor(0xYourKey) (Prepend 0x before the key)

@flazh99 Try using msieve .. Even if it takes long it should produce a solution

[flazh99]

@caiuspb after 6 hours msieve:

sieving in progress (press Ctrl-C to pause) 3738 relations (3620 full + 118 combined from 212572 partial), need 325096 this will take a month?

[artoes]

@pyragius , as nebuhcaneza, you should try to use msieve once and do all the checks I specified in my previous comments. I feel like yafu sometimes miss some factors, eg. I didn't get the same result as nebuhcaneza got on msieve for his key with yafu.

[artoes]

@flazh99 try these, they are the output of your key on yafu.. no guarantee they will work: P1 = 3 P1 = 3 P1 = 3 P1 = 5 P3 = 113 P3 = 239 P3 = 541 P4 = 1879 P5 = 20681 P5 = 49811 P6 = 544717 P11 = 11967458297 P63 = 452583086668697705938583035669110947319140148546835311692729903 P53 = 38854414096630090129819413308001670606234408122397331

But yeah, seems like it can take a certain amount of time on msieve, but it gets faster while it's progressing

[flazh99]

@artoes it worked. thanks a lot

[tynek007]

Hi everyone. I've tried msieve and now I've switched to YAFU.... all tools take a long time. Now YAFU says 7.5 hours to finish... I do not have any guarantee that it is a last loop. Could you check if it runs same time on your comps...? Or somebody can help me in other way? My factoring hex string is: -DELETED-

Sorry all. My mistake. I paste a wrong string....

the correct one hex string is: 1EA7496A87189C4CBA47F19AB2E0A5B56B55837228A2AFD9598BB54D2BE7F2DEEE0BBBCC2174E26975CE9A8491DB1C04AFF15DEF2EEE5AB3F4C41CAC4AF74F5E

[pyragius]

Thank you @Godziluu and @artoes for your help and @Googulator for your awesome tool.

It took 67 hours but msieve did finish. Then I followed the steps and the file was decoded. Now I have fingers crossed for the drive to be decrypted as well.

Cheers and good luck to everyone!

[artoes]

@pyragius nice to hear that, hope it will work out :) @tynek007 try these, no guarantee: P1 = 2 P1 = 3 P2 = 41 P2 = 59 P3 = 971 P3 = 991 P4 = 1657 P4 = 2309 P6 = 174533 P12 = 749408492659 P31 = 1440557948530025978658655174937 P54 = 154271062082343439166622644294119294922775443602425689 P37 = 1033616807051153377187939916965724841

[tynek007]

@artoes :+1: Thanks a lot for your help.... IT WORKS.

Unfortunatly, I found that my files are encrypted using 4 different keys... I have tried another one hex string 0x350594175C9664B7A2F00B3367F23BADBFE095E2FAF13FEBF430815D0882E68605E51A4A0BD1E827CDB6AB3A757B028AF9173B3B5BAAFBCE65BCAE9B1BC62334 but msieve crashed after messege "memory use 5.5 MB". for the same hex key yafu showed me two factors, but unfactor.py and unfactor-ecdsa.py said "No keys found, check your factors!"

Any ideas....?

[flazh99]

@ tynek007 P1 = 2 P1 = 2 P2 = 19 P2 = 37 P3 = 127 P3 = 457 P4 = 8191 P9 = 201080111 P17 = 15326146114152971 P15 = 102203965561441 P17 = 17876649422139577 P23 = 10419286374605507828633 P33 = 183176465978411078805930689973599 P33 = 193302043597505257464462113587217

[tynek007]

@flazh99 :+1: You are great....!!!!! Thank you very much

[tynek007]

I think this is the last one. 0x78FEB95253A03706ED7F8ACB4EAD6C5D3A1A8B43B0733ECAC2A0E9C1F21D0FB6E593704DD920E652AAEA210147BA6963893DECF87EFE4D32DD3058BD2DDAEB84

I kindly ask for help :)

BTW: I found over 38000 encrypted files on local HD and NAS :(

[Googulator]

To those working with YAFU: don't run yafu-x64.exe by double-clicking it, as then it will only run on a single core. Run it from command line, and use the -threads option.

[tynek007]

What I did in wrong way. Previously when I ran YAFU-x64 I received condensed verbose message on the screen.... now it generates in cmd window milions of numbers.... I think it will slow down process? What I did wrong?

I found the answer on the page: http://www.mersenneforum.org/showthread.php?t=20779:

"5) If YAFU starts producing lines like this: 360 167333700367 192196274858148617776495 It is advantageous to switch over to msieve."

For me it is problem, becouse I have to factor 5 hex strings, so time is importatnt to me. As it was mentioned here, YAFU is faster then msieve....

[tynek007]

maybe somebody has a possibility or trick to faster factor this string 0x78FEB95253A03706ED7F8ACB4EAD6C5D3A1A8B43B0733ECAC2A0E9C1F21D0FB6E593704DD920E652AAEA210147BA6963893DECF87EFE4D32DD3058BD2DDAEB84

[JJosep]

Hello,

Please assist on the below. My msieve is still running. Could you please advise on this.

step 01 ) C:\Users\abc\Desktop\Python27>python teslacrack.py Cannot decrypt ./DSC_0008.JPG.vvv, unknown key Cannot decrypt ./DSC_0009.JPG.vvv, unknown key Software has encountered the following unknown AES keys, please crack them first using msieve: 0628611DA68D80A6193D2B3CAB1F798D5DD2B65AE87465B4BF786B430DB85EC2464243342B72428D 00D62324767CA9E433807C47F258FC28841D39A7EEF5B78C found in ./DSC_0008.JPG.vvv Alternatively, you can crack the following Bitcoin key(s) using msieve, and use them with TeslaDecoder: 024108FA4478CB0B323105233F8F541BA112640B822BC5CE7A70DDD85DF6DBB8168BE9FF0AC3867D 6482EDC70950B3D4C918267508F26FEFFC0E1874D9E4CBF6 found in ./DSC_0008.JPG.vvv

step 02) C:\Users\abc\Desktop\Python27>msieve -v -e 0x0628611DA68D80A6193D2B3CAB1F798D5DD2B65AE87465B4BF786B430DB85EC2464243342B72428D00D62324767CA9E433807C47F258FC28841D39A7EEF5B78C

860 (153 digits) searching for 15-digit factors P-1 stage 2 factor found searching for 20-digit factors searching for 25-digit factors 200 of 214 curves completed 214 ECM curves searching for 30-digit factors 425 of 430 curves completed 430 ECM curves searching for 35-digit factors 45 of 904 curves

[artoes]

@JJosep try these:, result of yafu:

P1 = 2 P1 = 2 P1 = 5 P2 = 59 P3 = 241 P7 = 1681003 P10 = 6499087801 P11 = 73606771529 P65 = 54634056395513543566214947389956562278673639988687221155650762567 P56 = 25812937514480377259725700093703749856650470261323433193

[Paolo75]

Hi all! Could you please help me in factoring my AES key. It's almost one day it's running and "sieving in progress" says: 36503 relations (20863 full + 15640 combined from 1285742 partial), need 172443

Below the key: 32BAD312A52ED3EC55D5D807C8E5D74C34F65BDA349D5258C87C3F23A20BC82401C71E0945A92C6D08BEFA0A51650D48F9E16DC31E2124581D209F8A734C2CE7

Many thanks to everybody and, since we are close to the end of 2015, I wish you all an happy new year 2016!!! Paul

[JJosep]

Thank you @artoes for your help and @Googulator for your awesome tool.

It would perfectly and was able to decrypt my encrypted files !!! :+1:

Cheers and good luck to everyone!

[artoes]

@JJosep Nice, glad it worked :)

@Paolo75 try these: P1 = 5 P2 = 23 P2 = 29 P4 = 1237 P4 = 4219 P6 = 248621 P63 = 459020553369596545556329263763387110920737297904772026082547541 P44 = 89014403587866026904783587573553741980847041 P9 = 508124017 P11 = 14994654361 P13 = 1972283530751