GitHub - yohanes/akira-bruteforce

Read more about the akira decryption process at https://tinyhack.com

Initial chacha8 code is from : https://github.com/madMAx43v3r/chia-plotter, the license is Apache 2: https://github.com/madMAx43v3r/chia-plotter/blob/master/LICENSE

Initial kcipher2 code is from https://github.com/l00sy4/LCipher2, the license is GPL v3: https://github.com/l00sy4/LCipher2/blob/main/LICENSE

The License for this software is GPL v3

Requirements

I tested this on Debian Bookworm, but Ubuntu might be easier to setup

apt-get install -y nettle-dev libssl-dev nvidia-cuda-toolkit nvidia-cuda-toolkit-gcc build-essential git nasm

Building

git clone https://github.com/yohanes/akira-bruteforce
cd akira-bruteforce
make

Testing

I have provided akira encrypted files (the akira ransomware is patched with my own code to record the timing), you can test it by running

cd tests
# Note: this will take several minutes and will make your GPU fans spin fast
./akira-bruteforce run2 config-test.json

Meaning of the fields:

count: number nano seco 747A nds tested starting from start_timestamp
start_timestamp: the timestamp when the test started
brute_force_time_range: the time range in nano seconds that we are testing (the "offset range")
offset: the start offset of the brute force
matches: the list of matches to check, the filename is used to make the output to be more readable

{
	"count": 20000000,
	"start_timestamp": 1741841294358440000,
	"brute_force_time_range": 30000,
	"offset": 1111000,
	"matches": [
		{
            "filename": "zeroes.vmdk",
			"plaintext": "0x0000000000000000",
			"encrypted": "0xd5b71efb8d6969e5",
			"bitmask": "  0xffffffffffffffff"
		},
		{
            "filename" :"ones.vmdk",
			"plaintext": "0x0101010101010101",
			"encrypted": "0x9d1c37f111077987",
			"bitmask": "  0xffffffffffffffff"
		}		
	]	
}

Obtaining plaintext: as explained in the blog post, this depends on the file type

Obtaining ciphertext: use a hex editor, or use the "readhex" in the util directory

./util/readhex  tests/ones.vmdk.akira
./util/readhex  tests/ones.vmdk.akira 65535 # for chacha8

chacha8 bruteforce

An example chacha config is like this

{
    "t3_ts": 1741841294374553498,
    "t3_t1_offset": 3000000,
    "t1_t2_start_offset": 1300000,
    "t1_t2_end_offset": 2000000,
    "encrypted": "0x03d3319ddbf9caee",
    "plaintext": "0x0"
}

t3_ts is the timestamp found by akira-bruteforce
t3_t1_offset is how far back (maximum) the time from t1 to t3
t1_t2_start_offset is the start offset of the brute force
t1_t2_end_offset is the end offset of the brute force
encrypted is the encrypted value
plaintext is the plaintext value

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
public-key-patch		public-key-patch
tests		tests
timing-patch-1		timing-patch-1
timing-patch-2		timing-patch-2
util		util
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
akira-bruteforce.cu		akira-bruteforce.cu
akira-bruteforce.h		akira-bruteforce.h
chacha8.c		chacha8.c
chacha8.h		chacha8.h
decrypt.c		decrypt.c
generate-test-files.py		generate-test-files.py
json.hpp		json.hpp
kcipher2-tables.h		kcipher2-tables.h
kcipher2.c		kcipher2.c
kcipher2.h		kcipher2.h
test-ts.h		test-ts.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Requirements

Building

Testing

chacha8 bruteforce

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

yohanes/akira-bruteforce

Folders and files

Latest commit

History

Repository files navigation

Requirements

Building

Testing

chacha8 bruteforce

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages