Petya key decoder

source code (Red Petya recovery)

NEWS

[17 July 2016]new
A new (3-rd) version of Petya has been released – the current solutions no longer work. It looks exactly like the previous (green) Petya, but contains fixes in cryptography implementation and different Stage 1 keys. More info here.

[02 June 2016]
Procrash prepared a brutforcer for Green Petya key (using multi-threading and GPU for the high performance). Sourcecode available here: https://github.com/procrash/petya-green-multicore. Cracking the key takes about 3 days.

[20 May 2016]
I found a weakness in Green Petya’s Salsa20 implementation (only 8 out of 16 characters of the key matters – read more here). I made a prototype decoder performing random attack on the key.

[ 14 May 2016 ]
I added support for the new (green) version of Petya to the antipetya live CD – again the key can be recovered from Stage 1 – unfortunately, there is no solution for Sage 2 so far.

[ 12 May 2016 ]
A new (green) version of Petya has been released – the current solutions no longer work.

[ 21 April 2016 ]
m0rb packaged my tools into antipetya_multi.iso – now recovering Stage 2 key is simpler and faster (no Kali Linux required). You can see it in action on the video.

[ 18 April 2016 ]
I made much faster way to recover the key from Stage 1. Read more: https://hshrzd.wordpress.com/2016/04/20/anti-petya-live-cd-the-fastest-stage1-key-decoder/

[ 17 April 2016 ]
reimplemented leo-stone‘s idea in C++ and integrated with my code. (Thanks!) You can find new version here: petya_recovery (64 bit ELF) – I updated the tutorial to describe the new feature.

[ 8 April 2016 ]
Petya at Stage 2 has been cracked by leo-stone. Read more: https://petya-pay-no-ransom.herokuapp.com/ and https://github.com/leo-stone/hack-petya
. Congratulations to the author! I updated my decoder – now if if cannot give you the Stage1 key, it will give you the data necessary to supply to the Leo’s web application: [1] or [2]

[ 31 March 2016 ]
I made a decoder for key of Petya ransomware . It works for Stage 1 of encryption – if the system was not rebooted after the infection. Research about a possibility to decrypt Stage 2 is in progress.


My research is possible thanks to Malwarebytes.
Disclaimer: This tool is an experiment in unlocking a particular kind of Ransomware, neither Malwarebytes or Hasherezade promise this tool will help in your particular case. This tool should not be considered an official solution to the Petya problem. Any files destroyed, further encrypted or otherwise tampered with against the desire of the user are not the responsibility of the developers. Please use at your own risk.


TUTORIAL

WARNING: The Stage 2 decoder works only for the Red Petya!

You can download the decoder’s binary here (it is 64bit ELF). Sourcecode is available here.

Few tips

If you opened some executable downloaded from the Internet and your system crashed,
it can be attack of PETYA RANSOMWARE.

Best is if you don’t let the system reboot after the blue screen. However, even if you didn’t managed to catch Petya at proper time, still there is a chance to recover your data.

What to do:
1) From another computer download i.e. Kali Linux ISO 64 bit (https://www.kali.org/downloads/) and record on a DVD
2) Boot the computer that crashed from this DVD, choose forensic mode.

kali_forensics

3) Now your original hard disk should be mounted. Find it’s identificator, i.e using:

fdisk -l

Sample output:

Device     Boot Start     End Sectors  Size Id Type
/dev/sda1  *      [....]

it means your disk is sda
4) Download the decoder and make it executable (chmod +x decoder). Run it:

./decoder /dev/sda

It will tell you if known symptoms of Petya have been detected on your disk:

[+] Petya bootloader detected!
[+] Petya http address detected!
[+] Petya FOUND on the disk!
---

If you managed to catch Petya at Stage1, this decoder will give you a key directly:

Key: 8fb9GLT7qkQJ5hBu
[OK] Stage 1 key recovered!!

In other case, we need to recover from the Stage2. It may take up to few minutes. Wait till your key appears:

[+] Trying to decrypt... Please be patient...
ugxwErH4 89
hiSwhrau 77
ugdwErH4 74
hiSwhra4 69
ugdPErH4 67
hiSw1ra4 62
hgSPErH4 59
hiSw1raB 56
gAf31aib 51
hcfw1raB 48
hAf31aib 42
XqfJ115b 38
XPgK115b 37
Xac4115b 35
XaFF1A5e 32
AaFD1Q5B 28
xa8D1Q5B 26
xaM51Q5B 25
x4Gu1Q5B 24
xbGu1Q5F 22
xbG41Q1r 21
xbGt1QuB 18
8bGTqQ5B 0
[+] Key generation finished
[+] Validation passed
[+] YOUR KEY: 8xbxGxTxqxQx5xBx

5) Copy or write down the resulting key. It is very important for recovery!
6) Even if the decoder gave you a key, new Petya versions may come with some changes. That’s why, I cannot guarantee that this key will be valid for you!
I strongly recommend you to make a dump of full disk.
First mount an external disk of appropriate capacity and then dump there the full disk:

dd if=<path_to_infected_disk> of=<output_path>

example (dump an image of the infected disk into a file stored on external disk – in my case the external disk was mounted as kingston):

dd if=/dev/sda of=/media/root/kingston/disk_dump.bin

You can also clone one disk on another – read more here.

After that, you can reboot your system from the disk. If the Petya screen appear, supply the key that you got from the decoder:

petya_insert_key
After entering the key, Petya will inform you about the progress of decrypting your system. Wait for your system to decrypt.  It will inform you when you can reboot the computer. After that, your system should boot normally.

About hasherezade

Programmer and researcher, interested in InfoSec.
This entry was posted in Malware, Malware Decryptor, Tools. Bookmark the permalink.

18 Responses to Petya key decoder

  1. Rmb says:

    Well its use is limited to ‘on purpose testing’ by default windows will reboot after bsod ( unless you disabled it) caused by petya NtRaiseHardError call, and encryption process will start.

    At stage1 you can restore boot loader and bootmgr aswell instead of letting malware execute and providing it with a key.

    Also you could use search method used by malware to find the structure where key resides

    Anyway good work! Keep it up😉

    • hasherezade says:

      Sure, I am not claiming that this is the ultimate solution for Petya problem. Just one of the possible ways to recover from the stage 1. Anyways, turning off automatic restart after a system failure is recommend.

  2. Pingback: Decrypt Petya Ransomware Encrypted HDD for Free

  3. Pingback: Petya key decoder #ransomware – Security Lock – Segurança da Informação Belo Horizonte MG / Atendemos todo o Brasil

  4. Pingback: Petya:将勒索软件带向底层 | 邪恶十六进制

  5. Pingback: Veille Cyber N72 – 11 avril 2016 |

  6. Alejandro says:

    Good work dude! Keep going😉

  7. Klondike says:

    I have built up on leo-stone’s code with a propper cryptanalisys, you can see the results at http://klondike.es/klog/2016/04/12/cryptanalyzing-petya/

    Maybe that can help you recovering the keys from your own tool🙂

  8. Pingback: Otra herramienta de ayuda para romper Ransomware Petya – Cuidando Tu Negocio

  9. Pingback: Decoder della chiave di Petya – Leonardo Musumeci

  10. Pingback: Decrypt Petya Encrypted PC via Bootable Disk | SME IT guy

  11. Pingback: Tour d’horizon des ransomwares 2016 – CONIX Cybersécurité

  12. Pingback: Recovery from Petya ransomware - spyware virus removal

  13. ytnom says:

    Just for your information:
    seems there is a new version of petya. Encryption stops with the tool, if you try it online it starts again and again and again!

  14. maaaster says:

    Will there be a live cd for the green petya for brute-force cracking the key? You posted it earlier here on your site, but now this text can’t be found anymore

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s