-
-
Save azurda/b15c66246732221ff0ad5434e76730b2 to your computer and use it in GitHub Desktop.
Related: https://medium.com/@entdark_/decrypting-ransomwares-internal-strings-2f3b6b8d8ee0#.jxzfwbykd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.security.NoSuchAlgorithmException; | |
import javax.crypto.Cipher; | |
import javax.crypto.NoSuchPaddingException; | |
import javax.crypto.spec.IvParameterSpec; | |
import javax.crypto.spec.SecretKeySpec; | |
public class decryption_class { | |
private Cipher cipher; | |
protected String iv; | |
private IvParameterSpec ivParameterSpec; | |
protected String key; | |
byte[] newArray; | |
private SecretKeySpec secretKeySpec; | |
byte[] string; | |
public decryption_class() { | |
this.iv = "DhnbRhHfUXKeFEUX"; | |
this.newArray = null; | |
this.key = "o5dke7ZqYhZzRcvA"; | |
getIV(); | |
this.secretKeySpec = new SecretKeySpec(this.key.getBytes(), "AES"); | |
try { | |
this.cipher = Cipher.getInstance("AES/CBC/NoPadding"); | |
} catch (NoSuchAlgorithmException e) { | |
e.printStackTrace(); | |
} catch (NoSuchPaddingException e2) { | |
e2.printStackTrace(); | |
} | |
} | |
private void getIV() { | |
this.ivParameterSpec = new IvParameterSpec(this.iv.getBytes()); | |
} | |
private static byte[] getBuffer(String code) { | |
int len = code.length() / 2; | |
byte[] buffer = new byte[len]; | |
for (int i = 0; i < len; i++) { | |
int tmp = i * 2; | |
buffer[i] = (byte) Integer.parseInt(code.substring(tmp, tmp + 2), 16); | |
} | |
return buffer; | |
} | |
public String setProperty(String code) { | |
try { | |
this.cipher.init(2, this.secretKeySpec, this.ivParameterSpec); | |
if (code == null || code.length() < 2) { | |
return null; | |
} | |
this.string = this.cipher.doFinal(getBuffer(code)); | |
if (this.string.length > 0) { | |
int trim = 0; | |
for (int i = this.string.length - 1; i >= 0; i--) { | |
if (this.string[i] == 0) { | |
trim++; | |
} | |
} | |
if (trim > 0) { | |
this.newArray = new byte[(this.string.length - trim)]; | |
this.newArray = scope(this.string, this.newArray, trim); | |
this.string = this.newArray; | |
} | |
} | |
return new String(this.string); | |
} catch (Exception e) { | |
} | |
return "ERROR"; | |
} | |
private static byte[] scope(byte[] src, byte[] dst, int trim) { | |
int length = src.length - trim; | |
for (int i = 0; i < length; i++) { | |
dst[i] = src[i]; | |
} | |
return dst; | |
} | |
public static void main(String [] args) { | |
decryption_class t = new decryption_class(); | |
System.out.println(t.setProperty(args[0])); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment