Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cycraft-corp/Prometheus-Decryptor

Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.
https://github.com/cycraft-corp/Prometheus-Decryptor

Last synced: about 2 months ago
JSON representation

Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.

Awesome Lists containing this project

README

        

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)

# Prometheus-Decryptor

Prometheus-Decryptor is an project to decrypt files encrypted by Prometheus ransomware.

## Command Arguments
```
Usage of ./bin/prometheus_decrypt:
-b string
Custom search with byte value. (i.e. \xde\xad\xbe\xef -> deadbeef)
Please use ?? to match any byte (i.e. de??beef)
-c Use current tickcount. (only support in Windows)
-d int
Decrypt size when guessing. The default size is 100, and you can specify your own size corresponding to your search pattern.
0 stands for the guessing file size, and -1 stands for the max header size 100 except for Microsoft documents. (default -1)
-e string
Search file extension.
-f int
Found candidate. (default 1)
-i string
Input encrypted file.
-k string
Decrypt with this key.
-m int
Move backward m minutes from the current decrypted seed when guessing the next sample. (default 30)
-o string
Output decrypted file.
-p int
Use n thread. (default 1)
-r Reversed tickcount.
-s string
Custom search with regular expression.
-t int
Start tickcount.
```

## Usage
### Guess password
Guess the password of a png image from tickcount 0.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16
```

In this command, there are 4 arguments:
- i: input encrypted file
- o: output file
- e: search file format
- p: thread count

### Reversed Tickcount
Guess the password of a png image from tickcount 100000 in reversed order.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16 -t 100000 -r
```

There are 2 additional arguments:
- t: start from 100000
- r: reversed order (100000...0)

### Guess from current tickcount (only for Windows)
Guess the password of a png image from the current tickcount in reversed order. This feature is usually used with reversed order.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16 -c -r
```

There is an additional argument:
- c: start from the current tickcount

### Decrypt (Encrypt) with a key
Decrypt (Encrypt) a file with a provided key.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -k "+@[%T-mZSh+E[^^i{W:dpwnhdL4