michaelperna/gist:3679aec9bf9538ca533f5e5180fcb43a Secret

## gistfile1.txt
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
Created by ART, Fortinet Inc.
Sample MD5: d8a84048067f2b73fc8bb994bc0abe71
"""

import os
import sys
import hashlib
import cStringIO

from Crypto import Random
from Crypto.Cipher import AES

SIGNATURE   = 'Dt0x__'
PASSWORD    = '123456789123456'

def derive_key_and_iv(password, salt, key_length, iv_length):
    d = s = ''
    while len(d) < key_length + iv_length:
        s = hashlib.md5(s + password + salt).digest()
        d += s
    return d[:key_length], d[key_length:key_length+iv_length]

def isEncryptedFile(filename):
    global SIGNATURE
    data = open(filename, "rb").read(len(SIGNATURE))
    if data==SIGNATURE:
        return True
    return False

def decrypt(in_file, out_file, password, key_length=32):
    global SIGNATURE
    ok = True
    try:
        bs = AES.block_size
        sig_len = len(SIGNATURE)
        salt = in_file.read(bs)[sig_len:]
        key, iv = derive_key_and_iv(password, salt, key_length, bs)
        cipher = AES.new(key, AES.MODE_CBC, iv)
        finished = False
        while not finished:
            chunk = in_file.read(1024 * bs)
            if len(chunk) == 0 or len(chunk) % bs != 0:
                padding_length = bs - (len(chunk) % bs)
                chunk += padding_length * chr(padding_length)
                finished = True

            out_file.write(cipher.decrypt(chunk))
    except:
        ok = False
    return ok

def decryptFile(infile):
    global PASSWORD
    if isEncryptedFile(infile):
        print "[*] Found encrypted file: %s", infile
        outfile = infile + ".decrypted"
        if decrypt(open(infile, "rb"), open(outfile, "wb"), PASSWORD):
            print "[+] Decrypt successfully! Store to:", outfile
        else:
            print "[-] Decrypt failed!"

def decryptFiles(target):
    if os.path.exists(target):
        if os.path.isdir(target):
            for root, dirs, names in os.walk(target):
                for name in names:
                    filename = os.path.join(root, name)
                    decryptFile(filename)
        else:
            decryptFile(target)

def bar():
    print """Fs0ciety Ransomware Decryption Tool.
Written by ART, Fortinet Inc.
"""

def main():
    bar()
    for target in sys.argv[1:]:
        decryptFiles(target)

if __name__ == "__main__":
    main()
	#!/usr/bin/env python
	# -- coding: utf-8 --

	"""
	Created by ART, Fortinet Inc.
	Sample MD5: d8a84048067f2b73fc8bb994bc0abe71
	"""

	import os
	import sys
	import hashlib
	import cStringIO

	from Crypto import Random
	from Crypto.Cipher import AES

	SIGNATURE = 'Dt0x__'
	PASSWORD = '123456789123456'

	def derive_key_and_iv(password, salt, key_length, iv_length):
	d = s = ''
	while len(d) < key_length + iv_length:
	s = hashlib.md5(s + password + salt).digest()
	d += s
	return d[:key_length], d[key_length:key_length+iv_length]

	def isEncryptedFile(filename):
	global SIGNATURE
	data = open(filename, "rb").read(len(SIGNATURE))
	if data==SIGNATURE:
	return True
	return False

	def decrypt(in_file, out_file, password, key_length=32):
	global SIGNATURE
	ok = True
	try:
	bs = AES.block_size
	sig_len = len(SIGNATURE)
	salt = in_file.read(bs)[sig_len:]
	key, iv = derive_key_and_iv(password, salt, key_length, bs)
	cipher = AES.new(key, AES.MODE_CBC, iv)
	finished = False
	while not finished:
	chunk = in_file.read(1024 * bs)
	if len(chunk) == 0 or len(chunk) % bs != 0:
	padding_length = bs - (len(chunk) % bs)
	chunk += padding_length * chr(padding_length)
	finished = True

	out_file.write(cipher.decrypt(chunk))
	except:
	ok = False
	return ok

	def decryptFile(infile):
	global PASSWORD
	if isEncryptedFile(infile):
	print "[*] Found encrypted file: %s", infile
	outfile = infile + ".decrypted"
	if decrypt(open(infile, "rb"), open(outfile, "wb"), PASSWORD):
	print "[+] Decrypt successfully! Store to:", outfile
	else:
	print "[-] Decrypt failed!"

	def decryptFiles(target):
	if os.path.exists(target):
	if os.path.isdir(target):
	for root, dirs, names in os.walk(target):
	for name in names:
	filename = os.path.join(root, name)
	decryptFile(filename)
	else:
	decryptFile(target)

	def bar():
	print """Fs0ciety Ransomware Decryption Tool.
	Written by ART, Fortinet Inc.
	"""

	def main():
	bar()
	for target in sys.argv[1:]:
	decryptFiles(target)

	if __name__ == "__main__":
	main()