3 Antworten in diesem Thema

[Zerobyte]

Hallo leute hab hier mal wieder source code für euch. Schaut es euch einfach mal an 

 

Würde mich über Antworten hier freuen

 

Versteckter Inhalt
Klicke auf den Danke-Button um den versteckten Inhalt sehen zu können. Nur registrierte Mitglieder haben Zugriff hierauf.

 

 

Viel spass damit

[gr33d]

Ich finde es zwar grundsätzlich gut, dass du Source Codes postest aber ich würde mir vielleicht noch eine kurze Beschreibung wünschen.

Vielleicht bin ich der einzige hier aber mit "CryptoTrooper" kann ich nicht so viel anfangen. 

[FatalityMods]

Gibt es schon auf GitHub.

[Zerobyte]

Ich weiss dass die meisten sachen auf GitHub sind,@ FatalityMods aber ich finde dass die auch noch sehr interessant sind.

 

Und nun zur kurzen beschreibung von CryptoTrooper. hab ich von gitHub Kopiert.

 

CryptoTrooper

CryptoTrooper is the world's first Linux white-box ransomware for learning purpose

It requires :

    Debian-based 64-bit OS with root - mostly used nowadays
    Apache/Nginx - for Web service encryption and for changing the main page
    MySQL/PostgreSQL - for database encryption
    /root and /home - for personal data encryption

How it works :

    Infection - the victim's server is exploited and infected somehow, gaining root privileges
    Encryption - the ransomware generates a unique symmetric encryption key and encrypts the data
    White-box - the white-box cipher uses the one-way white-boxed key and encrypts the key used for data encryption
    Decryption - the victim sends to the attacker the white-box encrypted key and its initialization vector (IV), this key is decrypted by the attacker with its IV and the master key used to generate the white-box key, the true key is sent to the victim

Pros :

    NO INTERNET CONNECTION IS REQUIRED AFTER INFECTION (since it doesn't uses public-key cryptography at all or any C&C)
    Key-extraction protection
    AES only
    Anti-forensic
    Random key generation
    Radom IV

Cons :

    Chowns white-box construction is broken (not the implementation, but the algorithm itself), thus the ransomware presents ABSOLUTELY NO THREAT AND NO INTEREST FOR MALICIOUS PURPOSE
    CBC mode isn't the best-one for random data and not the fastest
    128-bit key-length should be longer
    The same key is used for every file
    The same hardcoded white-box key is used for every execution
    No code obfuscation (except white-box)

Purposes :

    Learn ransomware's implementations and concepts, in order to defeat it
    Practice reverse engineering
    Be prepared for new and advanced threats
    Demonstrate the ransomware's power and potential

##How to

Prepare environment

apt-get install apache2 nginx-common mysql-server postgresql

Prepare ransomware

cd /
mv $CRYPTOTROOPER_SOURCE_DIRECTORY/* .

*Encrypt*
```bash
/cipher.sh &

It will encrypt the data with AES-128-CBC with a randomly generated key and a random IV for each file

Than it will use white-box to one-way encrypt this key and will generate key.enc and key.iv

The victim now has to send both files to the attacker

If you visit the local Website, you will notice the message

firefox localhost &

After payment

mv key.enc key.iv $YOUR_DIRECTORY
./whiteDecipher.sh

It will decrypt the victim's key that you may send to it

Decrypt

mv key /
/decipher.sh

Everything should get back to as it was

###Notes

Encryption isn't just encoding, but mathematical encoding

White-box encryption isn't just obfuscation, but mathematical obfuscation

The only way to defeat evil is to become its master

    "Research is to see what everybody else has seen, and to think what nobody else has thought."

Albert Szent-Gyorgyi