search

jg-fisher / python-ransomware

Basic ransomware proof of concept with Python 3.7.
GNU General Public License v3.0
59 stars 42 forks source link

Decryptions leaves old encrypted data #1

Open Gaunah opened 5 years ago

Gaunah commented 5 years ago

Issue: If the encrypted base64 string is larger than the original file the f.write(data) will expand the file, while the decryption will f.seek(0) to the start of the file and write the original content but will leave a part of the encrypted base64 string at the "end" of the file.

fix: Use f.truncate(0) in addition to f.seek(0)

steps to reproduce:

echo "test" > test.txt
python main.py --action encrypt
cat test.txt
python main.py --action decrypt --keyfile keyfile
cat test.txt
xM-Gx commented 4 years ago

Worked thx :)

SwapnilSoni1999 commented 4 years ago

got any fix?

SwapnilSoni1999 commented 4 years ago

Found it! f.truncate() will fix

f.seek(0)
f.write(data)
f.truncate()