search

REVENGE977 / Revenge-Ransomeware

a vigenere algorithm encrypt ransomeware created by me :p, for education purpose.
MIT License
38 stars 10 forks source link

Completly insecure, no offence #2

Open dustindog101 opened 4 years ago

dustindog101 commented 4 years ago

you're 'encryption algorhythem can easly be broken if someone finds the source code to this, all it does is shift the text inside of the file, if you want to be secure, when generating a key use sha-512

Here is my function for sha-512 you need to pass it the text and a salt public static string hash(string inp,string salt) { SHA256 s = SHA256.Create();//creatae new sha256 byte[] hashit = Encoding.UTF8.GetBytes(inp + salt + pepper) ;//convert to bytes and add salt+pepper string hashed = Convert.ToBase64String(s.ComputeHash(hashit));//HASHHHH return hashed; }

When encrypting and Decryption you also make it dificult on your self while making it insecure, You should be sending the key, initlization vector and teh salt to the webserver, and encrypting files with AES-256 CBC here is the function i use for that aswell Decryption is pretty straight forward just reverse that lol. ` public static byte[] encryptdata(byte[] bytearraytoencrypt, string key, string iv)//make it byte just in case we need to encrypt a file :shrug: { try {

            using (var dataencrypt = new AesCryptoServiceProvider())
            { //Block size : Gets or sets the block size, in bits, of the cryptographic operation.  
                dataencrypt.BlockSize = 128;
                //KeySize: Gets or sets the size, in bits, of the secret key  
                dataencrypt.KeySize = 128;
                //Key: Gets or sets the symmetric key that is used for encryption and decryption.  
                dataencrypt.Key = System.Text.Encoding.UTF8.GetBytes(key);
                //IV : Gets or sets the initialization vector (IV) for the symmetric algorithm  
                dataencrypt.IV = System.Text.Encoding.UTF8.GetBytes(iv);
                //Padding: Gets or sets the padding mode used in the symmetric algorithm  
                dataencrypt.Padding = PaddingMode.PKCS7;
                //Mode: Gets or sets the mode for operation of the symmetric algorithm  
                dataencrypt.Mode = CipherMode.CBC;
                //Creates a symmetric AES encryptor object using the current key and initialization vector (IV).  
                ICryptoTransform crypto1 = dataencrypt.CreateEncryptor(dataencrypt.Key, dataencrypt.IV);
                //TransformFinalBlock is a special function for transforming the last block or a partial block in the stream.   
                //It returns a new array that contains the remaining transformed bytes. A new array is returned, because the amount of   
                //information returned at the end might be larger than a single block when padding is added.  
                byte[] encrypteddata = crypto1.TransformFinalBlock(bytearraytoencrypt, 0, bytearraytoencrypt.Length);
                crypto1.Dispose();
                //return the encrypted data  
                return encrypteddata;

            }
        }
        catch (Exception)
        {

            throw;
        }
    }`

Anyways, not trying to be offencing just giving constructive critisisim.

HideakiAtsuyo commented 4 years ago

What is pepper?? Or i think this is: Encoding.UTF8.GetBytes(inp + salt + "pepper")

Resolved

dustindog101 commented 4 years ago

pepper is like salt but system wide

HideakiAtsuyo commented 4 years ago

I don't know much about cryptography but it sounds interesting. Do you have any links that could help me understand and learn?

omgnobody121 commented 3 years ago

I agree, this is just default .NET encryption, its not that hard to make your own Encryption algorithm, also, the Project Owner pointed out he made it for legal purposes, but why would he add "Windows doesn't detect it" and "Virustotal" scan, if its for fun that shouldn't matter.

And the .NET program can be disassembled within seconds, even if you obfucaste it, .NET is like Java, its so easy to Dump the orginial EXE

dustindog101 commented 3 years ago

I don't know much about cryptography but it sounds interesting. Do you have any links that could help me understand and learn?

Hey, I stopped coding in .net, so I don't really remember any but i think fox learn can help point you in the right direction and Microsoft docs are also good. Just keep in mind fox learn almost never explains thoroughly and almost never does the most efficient way to execute code. But Microsoft docs are wonderful and if you ever need help you can post to reddit.com as well, they are really helpful. and if you need anything else feel free to reply to me, seriously i love helping people

dustindog101 commented 3 years ago

I agree, this is just default .NET encryption, its not that hard to make your own Encryption algorithm, also, the Project Owner pointed out he made it for legal purposes, but why would he add "Windows doesn't detect it" and "Virustotal" scan, if its for fun that shouldn't matter.

And the .NET program can be disassembled within seconds, even if you obfucaste it, .NET is like Java, its so easy to Dump the orginial EXE

sup! while i agree, generally .net isnt the best if you dont want your code to be seen. but i disagree when you say its so easy, maybe if you obfuscate with confuser Ex or something everyone know how it works but something like netguard.io or something similar is EXTREMELY difficult to de-obfuscate to the point that its not worth it unless your being paid a giant sum of $$, at least when i used to use it(it may have gotten patched now, i dont code in .net anymore). Thanks!

imerzan commented 3 years ago

For a better encryption example, see my example at : https://github.com/imerzan/CryptoLocker/blob/master/IOWorker.cs

Of course mine isn't meant to be reversed, or used to ransom, but the concept of encryption is more or less the same. Keep in mind, mine uses a random 32 byte key for each file lol.

Instead of a password (which is easier to brute force), why not generate 32 crypto random bytes, and then you can POST those back to your remote? You could then use a Base64 string based on those bytes as a "decryption password".

Considerations:

  1. Key should be cryptographically random if possible, and not guessable (See code example below). If you insist on using a password/string, at least use Rfc2898DeriveBytes with a salt & good number of iterations.
  2. IV should be random for each file (never re-use), and prepended/appended to the encrypted file. The decryption operation should read the plaintext IV before attempting to decrypt.
byte[] GetRandomBytesCrypto(int length) // Generate crypto-random byte array, can use for a key/salt, etc.
{
    using (var rng = new RNGCryptoServiceProvider())
    {
        byte[] bytes = new byte[length];
        rng.GetBytes(bytes);
        return bytes;
    }
}

byte[] key = GetRandomBytesCrypto(32); // Use for encryption,etc.
string decryptionPassword = Convert.ToBase64String(byte[]); // Convert key to Base64 string that is human readable.
// POST above string to your remote, can then provide for decryption (decryption program convert base64 back to byte[] )