I've found something strange with my employee document, it turns out that all files including document are being encrypted with ".vvv" extension. What I've found so far that it's called TeslaCrypt, it convert all my files to .vvv, even I rename it back to the right extension, it says that file already modified, so I can't open the files anymore. Please help, we cannot work until that document can be oppened. I can't tag this to "TeslaCrpyt" so if anyone can help me tagged it, it would be great.
content on how to recover :
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
How did this happen ?
---Specially for your PC was generated personal RSA-4096 KEY, both public and private.
---ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BTC NOW, and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://vr6g2curb2kcidou.encpayment23.com/E03029AB7D9A9D38
2. http://vr6g2curb2kcidou.expay34.com/E03029AB7D9A9D38
3. http://psbc532jm8c.hsh73cu37n1.net/E03029AB7D9A9D38
4. https://vr6g2curb2kcidou.onion.to/E03029AB7D9A9D38
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: vr6g2curb2kcidou.onion/E03029AB7D9A9D38
4. Follow the instructions on the site.
IMPORTANT INFORMATION:
Your personal pages:
http://vr6g2curb2kcidou.encpayment23.com/E03029AB7D9A9D38
http://vr6g2curb2kcidou.expay34.com/E03029AB7D9A9D38
http://psbc532jm8c.hsh73cu37n1.net/E03029AB7D9A9D38
https://vr6g2curb2kcidou.onion.to/E03029AB7D9A9D38
Your personal page (using TOR-Browser): vr6g2curb2kcidou.onion/E03029AB7D9A9D38
Your personal identification number (if you open the site (or TOR-Browser's) directly): E03029AB7D9A9D38
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
I've published a decryption tool on GitHub: https://github.com/googulator/teslacrack
This tool cryptographically breaks the encryption scheme of TeslaCrypt, and so doesn't require a saved master key. However, it's quite computationally intensive, so preferably use a fast computer, and even then, expect to wait up to a week for it to recover your key (although most keys can be found in just a few hours). Also, it's more of a PoC than a user-friendly turnkey decryptor, so you will need to do many things by hand.
I got hit by TeslaCrypt and all of the solutions (Cisco's Decrypt Tool, Shadow Explorer) did not work for me. Unrelated, I was sniffing around some articles on Ubuntu and found BloodDolly's Tesla Decrypter tool that actually work and my files are being restored as I write this. So just wanted to share since it didn't come up in any of my earlier searches.
It's a handful a steps,...I had no problems whatsoever with the process. Apparently this won't work for the most recent strain,...I had .vvv and had to factor primes with Yafu,...but the documentation and the software is pretty thorough and easy to follow. Took me 15-20 minutes from start to finish.
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/
Anyway, hope this helps some folks.
Related
I'm looking for a tool or method to prove the authenticity of resources download from the web and stored locally. To be clear: I don't mean the SHA or MD5 checksums to verify a downloaded file. What I need is a way to download and store a web resource in such a way that I can later prove that said resource indeed originated from that web server.
In particular for the following scenario: A website published an article about a client. He would like to sue for defamation of character. I need a way to store the article without them having the possibility of simply removing it and denying they ever published it. So preferably this would be a tool that is backed by publications making it credible in court.
I have thought about storing the TLS certificate, keys and the encrypted data. That would rely on the root CA, but I think that would in itself not be a problem. I could do this using a custom program and a library like OpenSSL, but I think this is such a common problem, there probably is a relatively standard tool for it. Also, I am not entirely sure to what extent this would constitute reliable evidence. And can someone point to publications that would back this method?
Maybe I am using the wrong search terms, but everything I find is about aforementioned SHA or MD5 checksums. Any help is much appreciated.
If I understand correctly you need something like signature with timestamp. Yes?
You not only need checksum from document (article, text value, whatever) but also proof that this article really existed in time.
When using digital signature you can store such timestamp in 3rd party certified providers. You sign document and send checksum to 3rd party provider. Later you can ask provider to verify that this exact document is valid & was indeed created at given time.
https://en.wikipedia.org/wiki/Trusted_timestamping
As this can cost (fee for provider to store the timestamps) you can create checksums from many documents (like take all documents from one hour), store all of them in a single file, create checksum from that file and sign it with timestamp. This way you create one timestamp for documents batch, not for each document.
I working on a simple vb application. But I want to protect it to give the user the option to use it only for a specific time.
So I was thinking to make a text file with a key-code (Beside Random characters, it contains an expire date). When the application is started after this expire date, the application should close automatically.
The location where this textile is location can be the same location where the executable is running from.
Does somebody of you have a good idea how to implement it? Or is there a easier way how to implement this
If you want to give a "Trial period" to your application you might want rather hard-code that to prevent tampering. Then, when purchased make a modification to registry and different files (maybe downloads a few files that "register" the application so that it recognizes itself as "full". To go one step further maybe periodically have the application reach out to your server and verify the license.
This is a huge subject that a lot of smarter people than me can weigh in on. I will note that this is part of a constant battle between developers and hackers trying to get around licensure.
To make software unlocked for some period of time, you can create text file on websites like Pastebin and add them an expiry date. Then make your software check if file is still valid.
Note that users can "track down" requests your software sends, never store your private information linked with your software.
You can also use HWID protection which ensures your software will work only if it matches hardware information stored in encrypted string.
You can hash other user's information like username, wifi name and so on, but remember that changing any of this information (OS, hardware or system information) will create new unique HWID, which may not match the previous one - resulting in failed HWID authorization.
To make bypassing protection harder, you can obfuscate your software.
First of all, be assured I am not asking how to write up a contract; I already have that covered. My question is how I can best program a system for generating it for clients to digitally sign?
My original plan that just seems like overkill to me is this:
I fill in all the details.
Click a button to preview it, making sure everything is correct.
Click a button to simultaneously create a directory for the client and create 3 files inside that directory.
The three newly created files are:
the unsigned contract.
a confirmation page of having signed the contract, with other details the client will need to know.
the actual signed contract that the client can now view online at any time by going to a URL such as /clients/username/index.php
I have it working, though I keep thinking it could be simplified further, but not sure of the best way to do it.
Any suggestions?
I recently helped on a project much like this, & I think you've got the right idea...
Write up the contract & preview (make sure it's right)
Have them come "sign" it
Save it
Only thing I'd change is, I'd use a DB instead of file creation. Personally, I find that simpler, but it might not feel that way to everybody. It's definitely more flexible though, 'cause you can easily generate an HTML or a PDF from the DB data, but you'd have a harder time doing that from a file on the system. Assuming you're using PHP (based on the .php you mentioned), there's a whole section of functions for generating PDF's in PHP.
I'm working on a new Cydia tweak, It'll be paid! The problem that I don't want it to be cracked/pirated/redistributed. Are there any scripts I can use in my tweak?
Few examples:
A script that will mail you a log securely to know if the user bought it or he got it cracked.
A script that will check your payment in a database, if it's exist then the tweak will be activated on the device, if not then the tweak will be disabled.
A script with UIAlertView that checks if you bought the package from Cydia Store it will activate the tweak, otherwise it'll open a pop up with UIAlertView to tell you that "You got this package with an illegal way, Blah Blah Blah.." and then when you click the "OK" button it'll take you to safe mode till you uninstall the tweak or till you buy it from safe mode. (Most important one)
You can't really protect software from being cracked. It is always a race between stronger and stronger DRM (and usually more annoying to legit users) and the crackers to see the challenge and do cracking for fun (or fame, or both).
What I would suggest, instead of investing large amount of time in coming up with DRM schemes and then implementing and testing, rather invest that time in the functionality of your product and testing it more thoroughly. If your product is good and priced right, people will buy it. Sure, some will pirate it, that is inevitable, but you will get rewarded for your work.
You could put an MD5 or an SHA1 check within your tweak in various locations in your functions just to make sure that if they modify your tweak it wont match. Also instead of packaging your tweak in a deb file you could get it remotely download after verification of some sort.
EX:
Example.tweak
-/var/root/downloadscript (can be any path) (this can also be used so that they cant just extract the file in question and install it)
-DEBIAN/control (config file for deb)
-PostInstall (Post deb installation script) https://wiki.ubuntu.com/PackagingGuide/Basic#postinst_and_prerm
Download Example.tweak from cydia
Using the 'postinst' execute the /var/root/downloadscript
you can use /usr/bin/deviceinfo -s which will print out serial number and use $POST to your server to send the said serial number and download some kind of licence, inside the licence you can include maybe UDID, mac address some other checks that would be checked out by your tweak.
I would like having a way to trigger Thunderbird, from an external script, into displaying a particular message in a particular folder.
If it were Firefox, say, I would use firefox -new-tab http://some-URL, and an already running Firefox (or a new one if none) would nicely fetch and display URL. But I found no way to do something equivalent with Thunderbird, neither on the Thunderbird site or through existing extensions, and even after some furious Googling around, which I attempted more than once!
One problem, compared to a plain URL, is the need some notation for selecting a message. Short of a better solution, I wrote a script which knows folder:SOME-FOLDER:ORDINAL, and behaves like an extension of xdg-open. My tool inserts a proper prefix and a few .sbd as needed within the SOME-FOLDER part to turn it into an absolute Thunderbird file reference, and ORDINAL picks a message in that folder. My tool then grabs the message, heuristically converts it into HTML file, and then, directs a Web browser to the resulting file (and if :ORDINAL is not given, it processes the whole folder instead, yielding an HTML index and many linked messages).
My current tool helps a bit at saving message references in other documents and efficiently retrieving them later, but I handle a copy of the Thunderbird message, and not the original. So if I want to delete it, refile it in another Thunderbird folder, and do other similar operation, I still have to go to Thunderbird, interactively find my way again to the wanted message before I can handle it, and this, is not efficient. What I'm dreaming of is a way to get rid of all my HTML conversion and browser trickery, but still keep the pseudo-URL paradigm and pseudo xdg-open interface, to directly force Thunderbird into the correct folder, with the wanted message correctly displayed.
In previous email readers I used (Emacs RMAIL and then Gnus, and Mutt as well later), such things could be managed, and I heavily used such capabilities in scripts. I am astonished, surprised, even a bit dismayed, by the apparent weakness of Thunderbird as a scriptable mail reader. Am I missing something evident? Any avenue or suggestion?
François
P.S. Of course, I agree that using ORDINAL is not very clever. It might mean a different message if the folder get some messages added or deleted. This is a lesser bad. A better but potentially heavier notation might use Message-ID values, but then, an index would also be needed to find the Thunderbird folder containing each message.
There seems to be some way to do it since Google Desktop supported it according to this thread - http://forums.mozillazine.org/viewtopic.php?f=39&t=584542. Perhaps try installing Google Desktop and see what kind of hyperlink its using?
I'll add Outlook supports using external hyperlinks using the outlook: naming scheme, for example outlook:Inbox or outlook:0000000007A2379547B0624691F4FB2E5468A0D7642E2000. See http://www.davidtan.org/create-hyperlinks-to-outlook-messages-folders-contacts-events/ for more info.