Adrien Guinet
Adrien Guinet
For info @sklam , I rebased dragonffi on llvm7 in the current master branch. A release might appear at the end of the week!
This is indeed something we could do. Do not hesitate to submit a PR for this!
Windows 10.0.10240 (Win10 or Server 2016) / Intel 64-bit / Leaks
Well, are you actually infected by WannaCry? Because the whole point of wannakey/wanakiwi is to recover the private key used by a computer *infected* by WannaCry....
I guess that would be possible. Maybe using volatility to extract the public key and the memory of the wcry process to search for the primes would be an option....
Do you have the associated "installation key"?
Moreover, are you sure the files whose extension is listed here https://github.com/aguinet/petya2017_notes#encryption-process-1-pre-reboot do not have their first megabyte encrypted? Do you know which sample hit you?
so you had to pay twice right?
at least you had to send two "ransoms" information? (the one of the bootloader and the one from this readme)
Okay so you are waiting for them to send you the second "decryption key"? I thought the mail was dead?