S
S
sergey_vasiltsov2015-01-28 22:00:14
GPGPU
sergey_vasiltsov, 2015-01-28 22:00:14

What are the file decryptors, preferably with GPU support?

Hello!
I ran into another cryptographer at work. All important files of the user were restored from backups, but, all the same, the sediment remained.
Can you recommend applications that can pick up a key (even by brute force) for decryption, if the initial and final values ​​\u200b\u200bare known? preferably using GPU resources.
The idea arose to decrypt files using programs similar to those that pick up Wi-Fi keys and generate hash data for other purposes. Perhaps many will say that it is idiotic, resource-intensive and absolutely useless to anyone, but still.
Why did such an idea come to mind.
Ransomware ransomware uses single-key encryption for all files. And if everything is complicated with image and database files, then with document files, in particular, such as pdf, xls and others, everything is easier, because at the beginning they contain information about the file format, structure, markup, fonts, etc. d.
For example, the code of the first pdf document I came across (when opened via Notepad++) starts with the following lines:

%PDF-1.6
%vgPU
50442 0 obj
<1/L 15274060/O 50445/E 3678837/N 697/T 15266204/H [ 2256 13434]>>
endobj
50458 0 obj
<<5/Predictor 12>>/Filter/FlateDecode / ID 2A9310CA75A21D3BE91> <2CD25C8C4D8F894A80BA5E8D55FC0937>] / INDEX [50442 628] / Info 50441 0 R / Length 129 / Prev 15266205 / Root 50443 0 R / Size 51070 / Type / Xref / W [1 3 1] >> Stream

Since ransomware does not remove the file extension information, it is easy to understand from the file name that the file, which is now called "document.pdf.encrypted_by_radishes_who_want_my_money" was previously simply called "document.pdf". And the initial code of the encrypted file already contains completely different characters, in a completely different encoding (which is quite logical, given that the entire file is encrypted, not parts of it).

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir Martyanov, 2015-01-28
@vilgeforce

Calculate how long it will take to select a key if a hypothetical enumerator can check 10^9 options per second, and the key length is 64 bits. Then multiply by the number of possible algorithms (for example, by 16), then keep in mind that many algorithms can work with key lengths up to 400+ bits. Double the key length for CBC mode and don't forget to consider RSA and EC. And think about how much software will cost that will solve the problem in a reasonable time and why no one will give it to you or even tell you about its availability.
What are the names of the encrypted files?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question