mersenneforum.org Teslacrypt 2.0 Factoring
 Register FAQ Search Today's Posts Mark Forums Read

2015-12-24, 22:29   #1
wombatman
I moo ablest echo power!

May 2013

23×7×31 Posts
Teslacrypt 2.0 Factoring

Since there's an influx of people asking about Teslacrypt virus factorizations, it seemed appropriate to put up an instructional post that will let you do it yourself!

1) Convert the hexadecimal numbers to decimal here: https://www.mathsisfun.com/binary-de...converter.html

2) Go to www.factordb.com and search for the number--you might get lucky and it's already factorized!

3) If not, you want to use a program called YAFU ("Yet Another Factoring Utility"). You can find executables here: http://sourceforge.net/projects/yafu/

4) Run YAFU with a command similar to the following (this is for Windows):
Code:
yafu-x64.exe "factor(YOUR NUMBER HERE)" -v -threads 4
This will find smaller factors relatively quickly. Be sure to put those factors in at factordb.com with your number--this way you can keep track of all the factors.

5) If YAFU starts producing lines like this:
Code:
360 167333700367 192196274858148617776495
It is advantageous to switch over to msieve. MSieve can be found here: http://sourceforge.net/projects/msieve/

6) Download the files attached to this post (factmsieve.py and the executables) and put them into a folder at C:\GGNFS. Put the msieve executable in this folder as well.

7) If you have an NVIDIA GPU with a compute capability of 2.0 or greater, change the variable USE_CUDA on Line 73 of factmsieve.py to TRUE. You should also change THREADS_PER_CORE to the number of CPUs you have (i.e., 2 for dual core, 4 for quad core, and so on).

8) Put your number into a file named "my_number.n".

9) Go to the start menu and type "cmd" and press enter. From the command prompt, type "cd C:\GGNFS" and press enter. This will put you in the appropriate folder. Call the python script:
Code:
python factmsieve.py my_number
.

10) You should see it begin. Depending on the size of the number (and whether you utilize a GPU), the factorization will take a few hours to a few days. Be patient, and good luck!

Lastly, there may be some mistakes here since I did this off the top of my head, so feel free to ask questions in this thread.
Attached Files
 GGNFS.zip (286.1 KB, 1210 views)

Last fiddled with by wombatman on 2015-12-24 at 23:23 Reason: Told you there would be mistakes...

2015-12-24, 23:17   #2
chalsall
If I May

"Chris Halsall"
Sep 2002

11·19·43 Posts

Quote:
 Originally Posted by wombatman Since there's an influx of people asking about Teslacrypt virus factorizations, it seemed appropriate to put up an instructional post that will you do it yourself!
Thank you for doing this. Sincerely.

On the other hand, one might ask how and why one was infected by a "virus" in the first place which could run software locally and access the file-system.

It could be argued that Teslacrypt (since it is so easily bypassed) was actually designed to point out that people need to be much more careful.

Anyone serious, using the same "vector", could cause much more harm.

A tangent... When was the last time you did a full off-line backup?

Perhaps a kind gift to a friend (or perhaps yourself) would be a couple of 1 or 2 TB USB drives....

 2015-12-24, 23:22 #3 wombatman I moo ablest echo power!     May 2013 173610 Posts Yeah, I haven't been affected by the virus, but I definitely need to be better about backing things up...
2015-12-25, 00:02   #4
chalsall
If I May

"Chris Halsall"
Sep 2002

11·19·43 Posts

Quote:
 Originally Posted by wombatman Yeah, I haven't been affected by the virus, but I definitely need to be better about backing things up...
Sorry... When I said "You" above I meant "The abstract/general you" (as LaurV often uses so very well), not _you_ specifically.

But, yeah... Transactional backups, off-line backups, "cloud based" backups...

The Internet can be a dangerous place.

 2015-12-25, 00:29 #5 Dubslow Basketry That Evening!     "Bunslow the Bold" Jun 2011 40
 2015-12-25, 00:34 #6 wombatman I moo ablest echo power!     May 2013 23×7×31 Posts Hahaha, I figured as much! It was a good reminder for me personally, though. To add to my generally unspoken thoughts on posting this, it looks like Teslacrypt is at least sometimes caught by a Flash exploit (http://www.bbc.com/news/technology-31869589), and I generally loathe the type of people who create ransomware, so I figured it would be nice to help out those affected. Also, holiday season, glad tidings, etc.
 2015-12-25, 13:15 #7 jasonp Tribal Bullet     Oct 2004 2·3·587 Posts 700 win32 downloads from the sourceforge page this week, jeez.
 2015-12-25, 15:07 #8 VictordeHolland     "Victor de Hollander" Aug 2011 the Netherlands 23·3·72 Posts I've set Flash, Java and Unity player to ask before running and Ad-blocker blocks most other stuff. Ideally I'd like to delete Flash and Java entirely, but some (trusted) websites still use them and the site experience is terrible without them. It is a compromise, but isn't it always? Do I understand it correctly that this virus targets games specifically? I've bought virtually all my games on Steam and I think many PC gamers do nowadays. You just format the harddrive, perform a clean install and you can re-download the games from Steam (the licences are connected to your account).
2015-12-25, 15:12   #9
bsquared

"Ben"
Feb 2007

2·3·541 Posts

Quote:
 Originally Posted by jasonp 700 win32 downloads from the sourceforge page this week, jeez.
376 for yafu.

Haven't seen that much activity since... ever

Quote:
 Originally Posted by wombatman 5) If YAFU starts producing lines like this: Code: 360 167333700367 192196274858148617776495 It is advantageous to switch over to msieve. MSieve can be found here: http://sourceforge.net/projects/msieve/
Note also that unless you have a gpu, yafu can handle the NFS portion of the job equivalently to factmsieve. You again need the ggnfs executables, and you need to modify yafu.ini to point to the directory they are stored in, e.g.: ggnfs_dir=C:/ggnfs-bin/
then it should be good to go.

 2015-12-25, 15:44 #10 LaurV Romulan Interpreter     Jun 2011 Thailand 205268 Posts Put a tax. One buck per dld. Increase one cent for every new dld. Do like Amazon does, see the thread with the famous book costing a million, or so. Should I teach you how to make money? These guys would pay the buck to get their files back, for sure, and they worth to be taken out of a buck, so they can learn that the fox who does not guard its fur will have it eaten by the wolf... If anyone want ~C120 factored, PM me, I will do it for a buck per composite, and I accept paypal and bitcoin. It is not the money, but the lesson. Otherwise they will never learn. Paul, sorry for the competition Edit: buck = 1.0 US$Last fiddled with by LaurV on 2015-12-25 at 15:45 2015-12-25, 16:03 #11 xilman Bamboozled! May 2003 Down not across 23×1,249 Posts Quote:  Originally Posted by LaurV If anyone want ~C120 factored, PM me, I will do it for a buck per composite, and I accept paypal and bitcoin. It is not the money, but the lesson. Otherwise they will never learn. Paul, sorry for the competition Edit: buck = 1.0 US$
No problem. I posted that only to teach people that asking something for nothing is impolite.

My fee is actually a donation to an appropriate charity,

Last fiddled with by xilman on 2015-12-25 at 16:03