|
2015-12-24, 22:29
|
#1 |
|
I moo ablest echo power!
May 2013
22×463 Posts |
Teslacrypt 2.0 Factoring
Since there's an influx of people asking about Teslacrypt virus factorizations, it seemed appropriate to put up an instructional post that will let you do it yourself!
1) Convert the hexadecimal numbers to decimal here: https://www.mathsisfun.com/binary-de...converter.html 2) Go to www.factordb.com and search for the number--you might get lucky and it's already factorized! 3) If not, you want to use a program called YAFU ("Yet Another Factoring Utility"). You can find executables here: http://sourceforge.net/projects/yafu/ 4) Run YAFU with a command similar to the following (this is for Windows): Code:
yafu-x64.exe "factor(YOUR NUMBER HERE)" -v -threads 4 5) If YAFU starts producing lines like this: Code:
360 167333700367 192196274858148617776495 6) Download the files attached to this post (factmsieve.py and the executables) and put them into a folder at C:\GGNFS. Put the msieve executable in this folder as well. 7) If you have an NVIDIA GPU with a compute capability of 2.0 or greater, change the variable USE_CUDA on Line 73 of factmsieve.py to TRUE. You should also change THREADS_PER_CORE to the number of CPUs you have (i.e., 2 for dual core, 4 for quad core, and so on). 8) Put your number into a file named "my_number.n". 9) Go to the start menu and type "cmd" and press enter. From the command prompt, type "cd C:\GGNFS" and press enter. This will put you in the appropriate folder. Call the python script: Code:
python factmsieve.py my_number 10) You should see it begin. Depending on the size of the number (and whether you utilize a GPU), the factorization will take a few hours to a few days. Be patient, and good luck! Lastly, there may be some mistakes here since I did this off the top of my head, so feel free to ask questions in this thread. Last fiddled with by wombatman on 2015-12-24 at 23:23 Reason: Told you there would be mistakes... |
|
|
|
2015-12-24, 23:17
|
#2 | |
|
If I May
"Chris Halsall"
Sep 2002
Barbados
34×137 Posts |
Quote:
On the other hand, one might ask how and why one was infected by a "virus" in the first place which could run software locally and access the file-system. It could be argued that Teslacrypt (since it is so easily bypassed) was actually designed to point out that people need to be much more careful. Anyone serious, using the same "vector", could cause much more harm. A tangent... When was the last time you did a full off-line backup? Perhaps a kind gift to a friend (or perhaps yourself) would be a couple of 1 or 2 TB USB drives.... |
|
|
|
|
2015-12-24, 23:22
|
#3 |
|
I moo ablest echo power!
May 2013
22·463 Posts |
Yeah, I haven't been affected by the virus, but I definitely need to be better about backing things up...
|
|
|
|
|
2015-12-25, 00:02
|
#4 | |
|
If I May
"Chris Halsall"
Sep 2002
Barbados
34×137 Posts |
Quote:
But, yeah... Transactional backups, off-line backups, "cloud based" backups... The Internet can be a dangerous place. Manage your risk. |
|
|
|
|
|
2015-12-25, 00:29
|
#5 |
|
Basketry That Evening!
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88
3×29×83 Posts |
English is an awful language in oh so many ways.
|
|
|
|
|
2015-12-25, 00:34
|
#6 |
|
I moo ablest echo power!
May 2013
111001111002 Posts |
Hahaha, I figured as much! It was a good reminder for me personally, though.
To add to my generally unspoken thoughts on posting this, it looks like Teslacrypt is at least sometimes caught by a Flash exploit (http://www.bbc.com/news/technology-31869589), and I generally loathe the type of people who create ransomware, so I figured it would be nice to help out those affected. Also, holiday season, glad tidings, etc. 
|
|
|
|
|
2015-12-25, 13:15
|
#7 |
|
Tribal Bullet
Oct 2004
32×5×79 Posts |
700 win32 downloads from the sourceforge page this week, jeez.
|
|
|
|
|
2015-12-25, 15:07
|
#8 |
"Victor de Hollander"
Aug 2011
the Netherlands
32×131 Posts |
I've set Flash, Java and Unity player to ask before running and Ad-blocker blocks most other stuff. Ideally I'd like to delete Flash and Java entirely, but some (trusted) websites still use them and the site experience is terrible without them.
It is a compromise, but isn't it always? Do I understand it correctly that this virus targets games specifically? I've bought virtually all my games on Steam and I think many PC gamers do nowadays. You just format the harddrive, perform a clean install and you can re-download the games from Steam (the licences are connected to your account). |
|
|
|
|
2015-12-25, 15:12
|
#9 | ||
"Ben"
Feb 2007
32×5×83 Posts |
Quote:
Haven't seen that much activity since... ever Quote:
then it should be good to go. |
||
|
|
|
|
2015-12-25, 15:44
|
#10 |
|
Romulan Interpreter
"name field"
Jun 2011
Thailand
1028110 Posts |
Put a tax. One buck per dld. Increase one cent for every new dld. Do like Amazon does, see the thread with the famous book costing a million, or so. Should I teach you how to make money?
 These guys would pay the buck to get their files back, for sure, and they worth to be taken out of a buck, so they can learn that the fox who does not guard its fur will have it eaten by the wolf... If anyone want ~C120 factored, PM me, I will do it for a buck per composite, and I accept paypal and bitcoin. It is not the money, but the lesson. Otherwise they will never learn. Paul, sorry for the competition  Edit: buck = 1.0 US$ Last fiddled with by LaurV on 2015-12-25 at 15:45 |
|
|
|
|
2015-12-25, 16:03
|
#11 | |
|
Bamboozled!
"๐บ๐๐ท๐ท๐ญ"
May 2003
Down not across
1166810 Posts |
Quote:
My fee is actually a donation to an appropriate charity, Last fiddled with by xilman on 2015-12-25 at 16:03 |
|
|
|
|
 |
| Thread Tools | |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Yafu performance - Teslacrypt and AES | Damien | YAFU | 9 | 2016-05-06 20:47 |
