Posted 22 May 2015 - 08:13 PM
Amazing amazing amazing!
Thank you BloodDolly.
I will be testing this on a Server that had a very large sum of files encrypted, I'll try to run it over the weekend.
Will this crash the Server if the files encrypted exceeded 50 thousand?
I'm thinking about running it by chucks, what would you suggest?
Thanks again!
A Network isn't something you 'own' or 'have'; you may only wield it like the sword of Excalibur.
Posted 22 May 2015 - 11:53 PM
Hi BloodDolly
Thanks for your attempts 
your program gives me this message:
Loading data file from >> C:\Users\farhad\AppData\Roaming\key.dat
Data file version 3 recognized.
ERROR - Decryption key is not present in data file.
Decryption key was destroyed by TeslaCrypt.
Unfortunately this tool can't recover decryption key. :-(
What can i do? 
Thanks
Posted 23 May 2015 - 05:13 AM
Sadly for me still no solution 
Damn TeslaCrypt stupid ransom thing...!!
With the last version of this tool 0.53 i can't do much, because the decription key is no more present in my pc,
(This because the 96 hours of ransom is over? Yep i think...)
anyway many thx to the creator\s of that tool, You have done an amazing job! 
So user like us what we have to do? I still have files encrypted with EXX extension.
In future will be come a solution or not? im just asking anyway.
Thx guys.
Edited by Skypiercer, 23 May 2015 - 05:16 AM.
Posted 23 May 2015 - 08:38 AM
Nice 0.0.53! BloodDolly i gratitude for your marvelous service.
will you keep upload newest version on https://www.dropbox.com/s/abcziurxly2380e/TeslaDecoder.zip?dl=0 sustainedly?
Yes, each new version will be on that address.
Posted 23 May 2015 - 08:47 AM
Amazing amazing amazing!
Thank you BloodDolly.
I will be testing this on a Server that had a very large sum of files encrypted, I'll try to run it over the weekend.
Will this crash the Server if the files encrypted exceeded 50 thousand?
I'm thinking about running it by chucks, what would you suggest?
Thanks again!
It will not crash the server if your disks are able to handle heavy work for long time. Decryption is executed in one thread so if you have more disks you can run it for every disk separately to save time.
People was sending me their numbers of files decrypted and few of them had more than 100,000 files. The biggest number was little more than 1,200,000 files.
Posted 23 May 2015 - 09:00 AM
Sadly for me still no solution
Damn TeslaCrypt stupid ransom thing...!!
With the last version of this tool 0.53 i can't do much, because the decription key is no more present in my pc,
(This because the 96 hours of ransom is over? Yep i think...)
anyway many thx to the creator\s of that tool, You have done an amazing job!
So user like us what we have to do? I still have files encrypted with EXX extension.
In future will be come a solution or not? im just asking anyway.
Thx guys.
Unfortnutately I can do nothing when the key is destroyed. It has nothing to do with 96h ransom time, it is pure scare tactic from their side. The decryption key is destroyed in data file (in your case storage.bin) when all your files were encrypted. The key was sent to their servers, but they do not need it, because in your storage.bin and RECOVERY_FILE.TXT are 2 numbers they need to recalculate your decryption key (your private key). But there is a catch of course - for doing this you need their private key. So I hope when TeslaCrypt's creators will be arrested their private key will be published. They are using 2 private keys so far.
Recalculate your decryption key without their private key is impossible in reasonable time with current tech. But it will be broken in the future. So I can only recommend you to save all your encrypted files, storage.bin and RECOVERY_FILE.TXT and wait.
Posted 23 May 2015 - 09:14 AM
Hello,
I would like here to appeal to those who launched this crypter:
It's not human being to destroy all our work. It is true that the world is very unfair and that some fail to live properly with enough money.
I may be dream, I will ask you to give us a list of your cryptage keys. I'm sure you can help us now.
Thanks to all.
kilikibi
Grenoble
France
Posted 24 May 2015 - 11:23 AM
First of all, thank you guys for sharing useful information and your wonderful tool.
I still have key.dat but unfortunately it's unusable, and I was wondering if it could be possible to find a decryption key by comparing two versions of the same file, before and after encryption (for example a backup copy).
Thank you again.
Posted 24 May 2015 - 11:58 AM
First of all, thank you guys for sharing useful information and your wonderful tool.
I still have key.dat but unfortunately it's unusable, and I was wondering if it could be possible to find a decryption key by comparing two versions of the same file, before and after encryption (for example a backup copy).
Thank you again.
Tesla/AlphaCrypt uses AES CBC 256. AES is resistent to plaintext attacks so this method is not possible.
Posted 24 May 2015 - 12:07 PM
First of all, thank you guys for sharing useful information and your wonderful tool.
I still have key.dat but unfortunately it's unusable, and I was wondering if it could be possible to find a decryption key by comparing two versions of the same file, before and after encryption (for example a backup copy).
Thank you again.
Tesla/AlphaCrypt uses AES CBC 256. AES is resistent to plaintext attacks so this method is not possible.
Thank you for the information, and my congratulations on your great tool again.
Keep up the good job.
Posted 25 May 2015 - 10:19 AM
Hi guys,
I was infected by Alpha Crypt a few weeks ago and have been laying low until some solution came up. I tried BloodDolly's excellent Decode tool but alas I guess they destroyed my decryption key as I have the same error as alot of people. I do have a question. On my desktop I have a Save_Files shortcut that links to C:\Users\'my name'\AppData\Roaming\bixoaju.exe
Does anyone know what that exe is? It's the same folder where my key.dat file is.
The weird thing is, according to the properties of the file, it was created today, the exact same time I ran the Decode tool.
Should I delete it or save it for a future solution?
Is it related to Alpha Crypt or to the decode tool?
Regards,
Mockmaster
Posted 25 May 2015 - 11:19 AM
Hi guys,
I was infected by Alpha Crypt a few weeks ago and have been laying low until some solution came up. I tried BloodDolly's excellent Decode tool but alas I guess they destroyed my decryption key as I have the same error as alot of people. I do have a question. On my desktop I have a Save_Files shortcut that links to C:\Users\'my name'\AppData\Roaming\bixoaju.exe
Does anyone know what that exe is? It's the same folder where my key.dat file is.
The weird thing is, according to the properties of the file, it was created today, the exact same time I ran the Decode tool.
Should I delete it or save it for a future solution?
Is it related to Alpha Crypt or to the decode tool?
Regards,
Mockmaster
It is related to AlphaCrypt. It copies itself to %appdata% after execution and creates link on the desktop. It has nothing to do with my decoder and I have no idea why the creation time is the same. Be sure that it is not running in memory. You don't need original infector for decryption.
Posted 25 May 2015 - 11:36 AM
Hi guys,
I was infected by Alpha Crypt a few weeks ago and have been laying low until some solution came up. I tried BloodDolly's excellent Decode tool but alas I guess they destroyed my decryption key as I have the same error as alot of people. I do have a question. On my desktop I have a Save_Files shortcut that links to C:\Users\'my name'\AppData\Roaming\bixoaju.exe
Does anyone know what that exe is? It's the same folder where my key.dat file is.
The weird thing is, according to the properties of the file, it was created today, the exact same time I ran the Decode tool.
Should I delete it or save it for a future solution?
Is it related to Alpha Crypt or to the decode tool?
Regards,
Mockmaster
It is related to AlphaCrypt. It copies itself to %appdata% after execution and creates link on the desktop. It has nothing to do with my decoder and I have no idea why the creation time is the same. Be sure that it is not running in memory. You don't need original infector for decryption.
Thanks BD, I'll delete it and the shortcut asap.
Posted 25 May 2015 - 11:54 AM
One more question, where can I find my storage.bin file?
I found no decryption key present in my key.dat so want to try putting the bin file through the tool.
Thanks in advance.
Posted 25 May 2015 - 12:48 PM
Hi again BloodDolly. I used a recovery program to find more versions of key.dat and storage.bin but I'm now gettin the error message 'bitcoin address is missing'. I obviously have the bitcoin address in all of the help_recovery_file.txt, is there anyway I can insert this into key.dat? (which appears empty when viewd in notepad :/)
0 members, 1 guests, 0 anonymous users
Back to top
