springboot>> nelasod-recover>> 返回
项目作者: adrgs

项目描述 :
Recover files encrypted by Nelasod ransomware with plaintext/ciphertext pairs
高级语言: C#
项目地址: git://github.com/adrgs/nelasod-recover.git
创建时间: 2019-10-04T19:17:13Z
项目社区:https://github.com/adrgs/nelasod-recover
开源协议:
下载


NelasodRecover

Recover files encrypted by Nelasod with plaintext/ciphertext pairs

Go to release to download the compiled binary.

Made with Windows Forms C#

1570216925505

Made this tool while investigating an external HDD that was encrypted with Nelasod, without having the malware to analyze. What I found was that the virus produced an unique keystream for each file based on the first 5 byes, and then xors this keystream with the original file (leaving the first 5 bytes intact).

This means that, we can recover all the files that start with the same 5 bytes if we have just one original file of that type and the encrypted file.

Useful for binary file types that have a fixed header. Not so much for .txt files