Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Created by ART, Fortinet Inc.
Sample MD5: d8a84048067f2b73fc8bb994bc0abe71
"""
import os
import sys
import hashlib
import cStringIO
from Crypto import Random
from Crypto.Cipher import AES
SIGNATURE = 'Dt0x__'
PASSWORD = '123456789123456'
def derive_key_and_iv(password, salt, key_length, iv_length):
d = s = ''
while len(d) < key_length + iv_length:
s = hashlib.md5(s + password + salt).digest()
d += s
return d[:key_length], d[key_length:key_length+iv_length]
def isEncryptedFile(filename):
global SIGNATURE
data = open(filename, "rb").read(len(SIGNATURE))
if data==SIGNATURE:
return True
return False
def decrypt(in_file, out_file, password, key_length=32):
global SIGNATURE
ok = True
try:
bs = AES.block_size
sig_len = len(SIGNATURE)
salt = in_file.read(bs)[sig_len:]
key, iv = derive_key_and_iv(password, salt, key_length, bs)
cipher = AES.new(key, AES.MODE_CBC, iv)
finished = False
while not finished:
chunk = in_file.read(1024 * bs)
if len(chunk) == 0 or len(chunk) % bs != 0:
padding_length = bs - (len(chunk) % bs)
chunk += padding_length * chr(padding_length)
finished = True
out_file.write(cipher.decrypt(chunk))
except:
ok = False
return ok
def decryptFile(infile):
global PASSWORD
if isEncryptedFile(infile):
print "[*] Found encrypted file: %s", infile
outfile = infile + ".decrypted"
if decrypt(open(infile, "rb"), open(outfile, "wb"), PASSWORD):
print "[+] Decrypt successfully! Store to:", outfile
else:
print "[-] Decrypt failed!"
def decryptFiles(target):
if os.path.exists(target):
if os.path.isdir(target):
for root, dirs, names in os.walk(target):
for name in names:
filename = os.path.join(root, name)
decryptFile(filename)
else:
decryptFile(target)
def bar():
print """Fs0ciety Ransomware Decryption Tool.
Written by ART, Fortinet Inc.
"""
def main():
bar()
for target in sys.argv[1:]:
decryptFiles(target)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.