Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- import argparse
- import os
- key = (Your keys go here)
- parser = argparse.ArgumentParser(description='Decrypt .crypted files by ransomware')
- parser.add_argument('-s', '--source_file', action='store', nargs="+", required=True, help="Crypted files (source files list)")
- args = parser.parse_args()
- for source_file in args.source_file:
- path=os.getcwd()
- fullname=os.path.join(path,source_file)
- bf = open(fullname, "rb")
- sf = fullname.replace( ".crypted", " ")
- nf = open(sf, "wb")
- i = 0
- # Uncomment the line below if you like verbosity
- # print("byte# bad key new str(new)")
- read_bytes = 0
- while read_bytes < 2048:
- bad_byte = bf.read(1)
- new_byte = (key[i] ^ ord(bad_byte))
- # Uncomment the line below if you like verbosity
- # print(str(read_bytes) + " " + hex(ord(bad_byte)) + " " + hex(key[i]) + " " + hex(new_byte) + " " + str(new_byte) + " ")
- nf.write(bytes([new_byte]))
- i = i + 1
- if i > 254:
- i = 0
- read_bytes = read_bytes + 1
- while bad_byte:
- bad_byte = bf.read(1)
- nf.write(bad_byte)
- nf.close()
- bf.close()
- #decrypt_dir.bat
- #Run the python decryptor recursively in the current directory
- #You must have python in your path
- #and you must have specify full path (FULLPATHGOESHERE) to decrypt_file.py
- #
- for /r . %%X in ("*.crypted") do (python FULLPATHGOESHERE\decrypt_file.py -s "%%X")
- echo "done"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
