want a beer ?

[joseluu]

Need to spend those bitcoins: if you have a bitcoin address, I'll send you some for a few beers.

[fujikawali]

Thanks for this good tuto but i need your help now (sry for that ^^' )

unfactor.py file.vvv 2 2 3 3 5 23 124521286695295639 * did not produce any output. I try to install ecdsa like caiuspb did 3 days ago but i dont know how... :((

So i've tried this tuto to install ecdsa but it doesn't work. (easy_install not in good directory and pip is an unknown command) https://github.com/googulator/teslacrack

How install it ???

Thanks for your help Thanks Github

. * it's an exemple

[Paolo75]

Thanks to Artoes and Googulator! It worked perfectly!!! I hope in this life or the next ones to meet you and offer you by person a fresh beer, really. Paolo

[caiuspb]

@fujikawali either your Python is not within your system path variable or you are using an old version of Python. Open a cmd prompt, navigate into the Python Directory and search for the pip.exe executable. You can enter the pip install... comand there. right now i am on my Phone and cant do it for you.

[fujikawali]

@caiuspb

I've installed Python 2.7 and the variable is on system path variable (it's ok when in cmd prompt i write "python teslacrack.py" for exemple)

In command prompt with administrator rights i navigate to C:\python27\scripts and execute "pip install ecdsa" It returns "Could not find a version that satisfies the requirement ecdsa / No matching distribution found for ecdsa"

Thx for your help caiuspb but phone, teamviewer or skype is not a good idea ; i'm in France, in a very little village without a good line for internet ^^

[caiuspb]

I will execute it for you tomorrow on my PC because I cant do it now because I am writing from my mobile phone. This is was what Ive tried to say :)

[fujikawali]

Oh thx. But i dont want to disturb you for that.

[JJosep]

@artoes, could you please give the factoring for the below key as well. Thank you in advance.

8CCDD59F06E016F6556AA8D4E54A6CC8420948E786EC83EDC3DE9AFC360658304A51FE88D21695E3F57D9EE8F998440B136CAA9FA160810E2E82BB89B0456612

[artoes]

@JJosep try these,don't know if they will work (yafu): P1 = 2 P1 = 3 P1 = 3 P1 = 3 P1 = 7 P2 = 53 P3 = 283 P4 = 5347 P5 = 35671 P5 = 64937 P6 = 167641 P7 = 5877143 P20 = 73443085832941398311 P24 = 606252286193892644431417 P27 = 306898897198115921479713859 P32 = 10463449639660910970890473520501 P13 = 1660577664661 P9 = 448932373

[jordigg]

Hi guys!

A friend of mine got all personal files on his computer encrypted. I've been able to recover most of them by using the tool provided by Googulator and using YAFU. Now I'm stuck trying to crack some files with the following public key; 348EF6E04896D2D80C5DB8F74F25A1F0BE3190EF3B91317D6CAABCFACA52D6E43CF986A6F64F76D319263D6EAD1929F30C79748872D8B1F1859E9FB047B060D4

I've tried with MSIEVE and it's taking forever. I have left the computer running for 24h already and no result. With YAFU I don't get any result after running it for multiple hours. I got the results for the other combinations pretty fast but this one is driving me crazy. That's what I get with YAFU:

factor(0x348EF6E04896D2D80C5DB8F74F25A1F0BE3190EF3B91317D6CAABCFACA52D6E43CF986A
6F64F76D319263D6EAD1929F30C79748872D8B1F1859E9FB047B060D4)

Found expression: 0x348EF6E04896D2D80C5DB8F74F25A1F0BE3190EF3B91317D6CAABCFACA52
D6E43CF986A6F64F76D319263D6EAD1929F30C79748872D8B1F1859E9FB047B060D4
factoring 2752709622808224392710145143600436679441681648149112560607311065726265
92448242698682770281656387749232733916785538007032324675632166233023301675609963
7460
using pretesting plan: normal

div: primes less than 10000
fmt: 1000000 iterations
rho: x^2 + 1, starting 1000 iterations on C150
rho: x^2 + 3, starting 1000 iterations on C150
rho: x^2 + 3, starting 1000 iterations on C143
rho: x^2 + 2, starting 1000 iterations on C143
pp1: starting B1 = 20K, B2 = gmp-ecm default on C143
pm1: starting B1 = 100K, B2 = gmp-ecm default on C130
ecm: 25/25 curves on C130 input, at B1 = 2K, B2 = gmp-ecm default
ecm: 9/90 curves on C130 input, at B1 = 11K, B2 = gmp-ecm default
ecm: 200/200 curves on C113 input, at B1 = 50K, B2 = gmp-ecm default
pp1: starting B1 = 200K, B2 = gmp-ecm default on C113
pp1: starting B1 = 200K, B2 = gmp-ecm default on C113
pp1: starting B1 = 200K, B2 = gmp-ecm default on C113
pm1: starting B1 = 1M, B2 = gmp-ecm default on C113
ecm: 400/400 curves on C113 input, at B1 = 250K, B2 = gmp-ecm default
pp1: starting B1 = 2M, B2 = gmp-ecm default on C113
pp1: starting B1 = 2M, B2 = gmp-ecm default on C113
pp1: starting B1 = 2M, B2 = gmp-ecm default on C113
pm1: starting B1 = 10M, B2 = gmp-ecm default on C113
ecm: 1000/1000 curves on C113 input, at B1 = 1M, B2 = gmp-ecm default
ecm: 1426/1426 curves on C113 input, at B1 = 10M, B2 = gmp-ecm default
ecm: 2/2 curves on C113 input, at B1 = 100M, B2 = gmp-ecm default
nfs: commencing gnfs on c113: 45992975215119827281089346499945947165542770062348
464868725240860895646540707319010083517856891992447421802943411
could not find ../ggnfs-bin/gnfs-lasieve4I13e.exe, bailing

Can someone help, please? Thanks!

[Googulator]

That's a difficult key, use factmsieve.py for keys like this.

[philklc]

@tynek007 p1 factor: 2 p1 factor: 2 p1 factor: 5 p1 factor: 7 p2 factor: 17 p2 factor: 19 p2 factor: 29 p3 factor: 199 p5 factor: 42689 p6 factor: 701453 prp13 factor: 2242564104419 prp15 factor: 143225117460553 prp46 factor: 3639328917523403854603750339812989331165827183 prp63 factor: 693751189722381741495586720733833133697458646183011555183455771

[jordigg]

@Googulator I'm not very familiar how factmsieve.py works. I followed this guide http://gilchrist.ca/jeff/factoring/nfs_beginners_guide.html and I just get an empty return when running the factmsieve.py script. I got it from here: https://github.com/GDSSecurity/cloud-and-control/blob/master/scripts/gengnfsjob-testharness/factmsieve.74.py Any tips? Thanks!

[Googulator]

First, that version of factmsieve.py is outdated. Get factmsieve.86.zip and use the version found in that. Second, you have to make some edits to factmsieve.py, as detailed in that guide.

[jordigg]

The version 86 seems to work fine. Now I just need to know how to input the hex number. With 0x just parses 0, as 348EF6E04896D2D80C5DB8F74F25A1F0BE3190EF3B91317D6CAABCFACA52D6E43CF986A6F64F76D319263D6EAD1929F30C79748872D8B1F1859E9FB047B060D4 just 348.

Do you know how to do it? Thanks so much for helping out!

[Googulator]

You need to convert it to decimal. Run python on the command line (without any parameters), it will give you the Python shell. Then, just paste the number (prefixed with 0x), and it will convert it to decimal.

Remove the final L before inputting it to factmsieve.py.

[jordigg]

Got it working and then got the following message

-> Error: evaluated polynomial value polyval is not a multiple of n!

Seemed to be working fine for a while but it stopped.

As it's not related to your script I'll try to figure it out. Thanks for you help anyway, I will continue with other files not sharing the same key, hope those are "easy" like the first ones.

[caiuspb]

@fujikawali I suggest you upload an encrypted file on a one click hoster like uploaded.to or share-online.biz and give me the link to download it

[fujikawali]

@caiuspb

Thanks for your help. Please find the files you need here ( not confidentials; just few crypted files from Program-files :P ) http://www.share-online.biz/dl/YX3P350O87EZ

Usually i am the one who helps others. I am so happy for once to be helped myself ! Thanks to you Caiuspb and the Github Community ! http://unionrepublicaine.fr/wp-content/uploads/2014/11/merci.jpg

[caiuspb]

@fujikawali

Found AES private key: b'\xb2\x0a\x16\x78\xfd\x7e\x0d\x70\x7a\x21\x41\x82\xfc\x3e\xc7\x68\xc6\x51\x8e\x44\xc8\xc6\xe4\x31\x31\x12\xcd\xb2\xa3\x32\x57\x54' (B20A1678FD7E0D707A214182FC3EC768C6518E44C8C6E4313112CDB2A3325754)

[fujikawali]

@caiuspb

Cannot access to test.pdf.vvv (or other test file) try it with an other computer where i install all what need (python 2.7, msieve...) and i have the same result

No other idee for the moment... :cry:

[caiuspb]

Overwrite the known keys in your teslacrack.py with the following:

known_keys = { '4313D7926245FDA390BD31A4B3A74DB57EC0B36A2AFC82CF938C98790AC0586569F06C62268FA9DFFF8D09C5D2ABCF6A6526674FF73B60B80C32A6D0092ABA0C': b'\xb2\x0a\x16\x78\xfd\x7e\x0d\x70\x7a\x21\x41\x82\xfc\x3e\xc7\x68\xc6\x51\x8e\x44\xc8\xc6\xe4\x31\x31\x12\xcd\xb2\xa3\x32\x57\x54', }

I managed to decrypt the pdfs and an image. However, the other file was encrypted with another key.

[fujikawali]

Try it and i loose again ^^ : "Cannot access to test.pdf.vvv"

And i've tried it with the same files i've sent to you.

[caiuspb]

this looks like a problem with access rights on your computer ... copy the file to another directory and try it again

[jordigg]

Did you try to execute the terminal/command prompt as admin? Maybe that files is protected or on a protected folder your user don't have access to.

On Wed, Dec 30, 2015 at 3:57 PM, fujikawali notifications@github.com wrote:

Try it and i loose again ^^ : "Cannot access to test.pdf.vvv"

— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/5#issuecomment-168023679 .

[fujikawali]

I have ever done it : i have sent the files on a virtual computer that i use usually for test.

@ jordigg Yes i do it too !

News : on the virtual computer (XP SP3) i try again the terminal with administrator rights. Then i have the message :+1:

C:\TeslaCrack-master>python teslacrack.py test.jpg.vvv Traceback (most recent call last): File "teslacrack.py", line 17, in from Crypto.Cipher import AES ImportError: No module named Crypto.Cipher

C:\TeslaCrack-master>python teslacrack.py bg.jpg.vvv Traceback (most recent call last): File "teslacrack.py", line 17, in from Crypto.Cipher import AES ImportError: No module named Crypto.Cipher

teslacrack.py Line 17 = from Crypto.Cipher import AES

pycrypto-2.6.1-py2.7-win32.egg in C:\Python27\Lib\site-packages

---

Same error "Cannot access to test.pdf.vvv" for the original computer

[caiuspb]

@fujikawali Download pycrypto for your python version http://www.voidspace.org.uk/python/modules.shtml

[fujikawali]

@caiuspb

I've download and installed PyCrypto 2.6 for Python 2.7 32bit

Now i have "Cannot access to test.pdf.vvv"

If you want to connect with teamviever, it's not a problem because it's a virtual test computer with no confidential data.

....

I've tried with 3rd virtual computer and this method https://www.comment-supprimer.com/teslacrypt/

Same result "cannot access"

It's bit boring me... :(

[malekalmorte75]

@fujikawali : This tutorial is a copy/paste of my first version...

uninstall python & pycrypto follow this tutorial http://www.malekal.com/how_recover-teslacrypt-extension-vvv/ it will work for sure.

[fujikawali]

@malekalmorte75

Bonjour Malekal. J'ai étudié le post et je suis arrivé au bout de la procédure. Il me reste la dernière étape et je ne comprends vraiment pas pourquoi elle coince... "cannot access". J'espérais d'ailleurs avoir une réponse pour pouvoir la rapporter sur votre site pour qu'elle serve à d'autres utiilisateurs. Et vous êtes venus ici. Sinon, une idée ?

@For all other

Malekal is the webmaster of this good site of mutual aid, in french ;-) https://forum.malekal.com/

[malekalmorte75]

super ! Bonne année !

[jeregar]

Thanks for your help. I just finished decrypting my beloved files!!!! I put it to work, don't ask me how!

[mariosangiorgio]

I am attempting to factor (using msieve) 0x3B440387BF09A782DCBC748D88F81B84194B2239DB1ACF293B6F30A0F104864B3837C92FF1D655282A68B1D01B411D28ECABB46D10A20D0EE81BEBF80D913D36 but it's taking quite a long time on my machine. If anyone want to give it a try it would be very appreciated.

[spaseto]

Hello Everyone,

Can someone please help me?

PS C:\Users\Spase\Downloads\msieve> .\msieve.exe -v -e 0xDA7625C70691E2C6BE719E84C32ED3748C886360D599932B7418B0302A296BB 0789453C73AB2661DDB1391C343B4A8D14AE002FE9E1E2F3B2FCA7AA9454FF652

Msieve v. 1.52 (SVN 939) Tue Dec 29 17:54:45 2015 random seeds: aebe2790 15c749d7 factoring 11441757886585322117824403032457595558101292867414563875325866820300046071582535174154468737366652738696192955 702113022111007007478905486825354033082922578 (155 digits) searching for 15-digit factors searching for 20-digit factors searching for 25-digit factors 200 of 214 curves completed 214 ECM curves searching for 30-digit factors 425 of 430 curves completed 430 ECM curves searching for 35-digit factors ECM stage 1 factor found commencing quadratic sieve (106-digit input) using multiplier of 1 using VC8 32kb sieve core sieve interval: 40 blocks of size 32768 processing polynomials in batches of 6 using a sieve bound of 4372259 (154000 primes) using large prime bound of 655838850 (29 bits) using double large prime bound of 7417111754086350 (45-53 bits) using trial factoring cutoff of 53 bits polynomial 'A' values have 14 factors

sieving in progress (press Ctrl-C to pause) 11856 relations (9458 full + 2398 combined from 579507 partial), need 154096

It's running 49 hours :(

[fujikawali]

Happy new year !

;-)

[darkskysofrenia]

@spaseto : sorry for late reply, you can found your key semi factored here : http://factordb.com/index.php?query=11441757886585322117824403032457595558101292867414563875325866820300046071582535174154468737366652738696192955

i will launch the rest of factorisation on my computer i'll post the result on factordb and here when's it's done edit : work done, your factors are : 5 59 491 24416681 260128064711276375770195912091356083082328617643 12436993471962402741619098301003970200295449434733

[darkskysofrenia]

@mariosangiorgio : same thing (maybe too late) : your factors are here : http://pastebin.com/Aepm3gKd

2 5078248421 227499828884237719930172870434943 38774243738134370165736245537299 77003023992098611285316857458946817757904709 449929997555583120913769801886846943

[mariosangiorgio]

@darkskysofrenia I was still trying to find them. Thank you very much!

[Googulator]

http://factordb.com/index.php?query=11441757886585322117824403032457595558101292867414563875325866820300046071582535174154468737366652738696192955 is an incorrect link (truncated number), should be http://factordb.com/index.php?query=11441757886585322117824403032457595558101292867414563875325866820300046071582535174154468737366652738696192955702113022111007007478905486825354033082922578

[philklc]

@jordigg Factors of 0x348EF6E04896D2D80C5DB8F74F25A1F0BE3190EF3B91317D6CAABCFACA52D6E43CF986A6F64F76D319263D6EAD1929F30C79748872D8B1F1859E9FB047B060D4

p1 factor: 2 p1 factor: 2 p1 factor: 5 p3 factor: 179 p8 factor: 29376829 prp13 factor: 3781127193827 prp18 factor: 150508028824344799 prp54 factor: 918956555824315960210033714034249995413981960027682753 prp59 factor: 50049129007914341984594237580072842425474218298326964406387

[darkskysofrenia]

@Googulator && @spaseto sorry for this copy/paste mistake , i've done the good one this time (and add to factordb too ) : 2 13 101 2243 303915 303915923 202160990851568496157499097821251 2437631462556779095617013010691647659669 1297029632325568043586065965675976698196199252754148073988766583131

[jordigg]

I'll give it a try! Thanks so much @philklc

[jsampson80]

Is this very hard to do. Got infected the day after I bought 1TB of google drive space and was just about to dump all my files on was welcomed to this .vvv Teslacrypt BS.... Anyways I have zero coding experience so I was just wondering how complex this is? Thanks!

[Googulator]

Ticket dead for over 3 weeks, closing.