How To Hack A Ransomware

[Music] [Praise] Do modern system of just all day and acquisition law of the most interesting topic has been Wednesday Islamabad searches for Ajay how to hack hey very interesting and senior engineer 101 plundered Pluto

that tyon Ali Bhai Bismillahirrahmanirrahim Assalam Walekum Hello Ravi first of all thank you for the side and direction for giving me this opportunity and the topic I will talk about is how to current affairs questions have been done so I will talk about Jackson and today we will talk about the outline which will be of some points now first of all I will give an introduction of the hair family for those who are hearing about this friends and family for the first time straight family and after that I will tell you a little about these questions just to print 21 there are rich and uncles of Narendra Nagar there are questions only that's why Question types will be explained to

you and apart from this population after that like possibilities of deletion and imitation I will talk about what are the possibilities what are we will see by reversing it and what indicators will we give so that we can see this Rafi can we do this city that this is a software based on which we developers can do it by holding the thumbs and similarly it will be a surprise for the attackers that we can like their piece of malware on this website and take their birds and weaknesses and then we can attack them back so a little bit about this and apart from this when will my presentation come on the message sending portion, we will see the

infection mechanism of Phone Locker and Server and after this we will decrypt Phone Locker and Server and we will talk about how we can describe it and after this we will be ah yes yes so first of all the tractor 575 Family Date How long is the white general practice of forensics that to 25 when you joint attack, then after that any pass is useless that then you have to do it on the res, if you have your own back, so till now this has been a hot topic since 2015, but in 2019 it is the hottest and millions of dollars have been spent on it till now, apart from this time episode 110 reputation all these have to do,

so at the top I would say that Screensaver's senior poison screen teen vision and we are working day and night on it, all the people who are in the same screen, and this year for the first time SIM related has happened in Germany, that is, in a place which is another doctor's clinic, his enthusiasm, digital and structure, all this was destroyed and if you do all the poison, then that hospital was on one side, so a patient who was coming on the way and was quite serious, so he was taken to a resort He had to be admitted to another hospital and during this time he would die, so this is the first lesson related date too, so

this getting should not be very serious and apart from this not only your data is encrypted but your traction has also started, solan data is being clicked, sorry, we are present on this by image networking them and continent survey has made our personal data uploaded public, so not only your data is being input and you have also given a response message, even after that your data can be clicked, hence it is very well encrypted and very little is happening in the industry on this, so the possibility is that when we will read the details of the hair, now you have the possibility, can you write its decryptor, so you do not need to fill points, so at least the cost of

hybrid can be used and there are also its drawbacks, friends, now this ideal and what are the ingredients in this dress made of What happens is that for this topic, Rafael, like this is what is above his lip, it is a cryptography only different, apart from this, there are other things like thoughts, you will see that they have the capacity, now I am not a hindrance in ransomware, sanctioned by the River Singh and heavy weapon system in action, we have seen that there is a lot of it, the minute stop and such kind of services are stopped using Kumar, any antivirus that is running is tried to be stopped, after privilege circulation, then what happens after this is backup

deletion, America's schedule of devotion, so that users cannot restore the backup, today there is sexual harassment, that this point has to be made, there are some whitelisted files, we have to do this, similarly there is animation, which files will be generated or imported in these scripts, there are other methods, they will move forward, so there is generation of more of this, has it ever been decided that some things which are public Another thing that is used is that hair is randomly generated that is on the flower and after that it is done for inspection, so this is an important thing in the hospital where River Singh's, we see what this chapter is doing, basically after this it takes action on the sample and

for this there are different trading etc. and after that the mention note, this is quite 10 days that when you see any file on your back end staff or Arvind, then at that time friends, we are asked how much powder will we put, there is a link of the air torch website, you go there and chat with Atract, they tell you how much money you have to pay, friends, we are giving, after that you will get the delivery system, but our focus today is that because this is quite an Android topic, so we will only focus on how these are generated and imported on the infection and how the encryption is done so that we

can delete it because the core part of the front server is not under pressure, hence today's presentation is for those who Regarding this, we will now look at the interception mechanism and import keys and after that we will see what are the possibilities in the business of sperm locking server. So first of all a small introduction, many people will know what is encryption, that metric encryption and other types of encryption. The symmetry is not symmetric, that is one used, if you see on the right side, this is a diagram, as long as this client is there, we interact with it through a single key, then we get text on the server, so the same key is used

for decryption, there is only one more thing in submit, so you have to communicate with the receiver, so go to many sites, this key is required in it, which is 84 and Phone Locker and Server also uses symmetric, which we will see in a little detail later, secondly, there are two keys in this metric, today when you browse any place like this, you will see the lock sign on the left side, then it says public key, In which the data is encrypted with the public key and the private key which is with the ransomware will be digits. So you need to clear two keys for this. There is a different one for the query and a different one for the

description. This is quite advanced and runs on servers. Nowadays, the more advanced end-user software uses this metric or public cryptography and this was done to prevent end-users from being exploited. For example, if you show this, the description of the ransomware is available, then it is symmetric. Submit these queries and write it on the data. Now, describe what are the possibilities and what are the limited possibilities. It is possible that whenever you are reversing this ransomware, you will see how things are being generated in it. If that thing is correct, then for example, there is a username and a string is being added with it, the profit ID key. After that, the front part, etc., etc., so you will see that you can

reset it easily. After a little trouble, you can leave the group and do a Guddu Force attack and you can do that, record description is possible, one of it is this, second is custom encryption which is amentation flowers and poor, like first friends if we read that there are Israel who have knowledge flowers and their devotees are in Perth city and by tweeting we will digitally give you night in this Jagran, I have created a special file for cold tasty Kashmir, print print print print, if you want to read something then this is the print of this which I have clicked, you are seeing that Africa and name order is Saver's right, so this color

time friends benefit, but you will see that you will get a plain text award as it is in these questions, so it is telling that this is their infection and war and there is such a class, that agent decision is very famous, popular and software, it was also there, so now if one thing then it tells that there are some flowers But the message is friends, if there is lamination because the method of replacement is custom, custom implementation is such that the B Windows key please goes to what are Eid and beauty products and they were watching and monitoring, so we are also using it, then that text goes, that behavior and exit happens, then we

try to make it a custom implementation, then somewhere in it there is some flower etc., so this is the data pane of a tree, so in this there can be equal Champions America and some other similar classes, so this implementation is fruit, apart from this, if someone had shared his degree after ransomware payment and inside that decryptor, he mistakenly shared his private key, as I have heard, then if that sample is shared with the committee, the cyber security committee, taking the student private key, then that decryptor can be made available to everyone and this is my If it's a question of thought, did they get a specific modern ATM like this, and whatever they have given in their website,

you have given something in the game that a new script Aman has not given 2 inches of America, because most of the people we have seen are Aaver Adarsh, so they don't know deeply that this can also happen, so they stay away from that house and somewhere they become a first flight courier, and apart from this, we have seen some people that night time encryption is a very heavy activity, so if they have some large files, but it is 20, then improving all of them is not an easy task, so I have seen that some end share either they leave the large files or they have some initial, like an MBA, BBA, they tighten it

and then they can also recover some data, like they can leave the large files, the general limitation of this is that if you have this metric encryption in the kitchen, like public Cryptography is the only slide in it which is getting great, it is cut to the public and which is different for the victim outside and we have also seen that for every file it is of different key, so for that we have to make it private which is not possible for us to gift it in the processing speed because you know that there is a limitation in the opposition's Kripa group IMO and we have seen that the big ransomware and the way Ghagra is, Saunth, all these

people are doing the physics of click key, hence it is very difficult to do them, apart from this, if any strong random key is being generated and apart from this, they cannot generate any random key, then right now you cannot delete it because your notification depends on it, so we will save battery, key and wear which is our focus of this presentation, it was presented in August 2019, like, share And on the right hand side you can see that this is its start routine. Come inside it, here we saw that all his taxation is his father and brother. Simple Amazon and that sample which is depending on that I was using, so you will not be able to do any tech to Middle East side effect

to it and because it decrypts the code on the slide and then executes it. Now we see here there is some option and it looks at the data, after that it works on traction and after that when this trick is tied up Roya second Reddy, if you treat the code in the beginning then there is difficulty in advancing the code because it is less than complete. After that it is getting tight, so it does not help you in that living side, it defeats you a little. In my channel, not only from Surya, but by adding confidence to them, we will use it after giving question, so still okay my dominance 122 is finalized last two so

this race view action dot CO. These are different varieties, if we look at it, then there is a variant of the extension of the dot, we will see symmetric Krishna or these were used and the demand for semi-skimmed skin was Lagna Likexi all variants depending on the infrastructure they are effective, we are seeing the sample present here, that attraction has come here so that if you want to do LIC later, then you can download it from here and like and for this, now we will see how it is being generated, so I have shown you the complete code so that you get the real feel, so here you will see that a function is being called

and in a loop here and this function which is called and this one reception here, you will see in two rectangles, RTSC this instruction which is called read time counter, this is a dual scooter which maintains when the CPU has started and this is the roti brand value, so mostly your dandruff is used in this section by people to do random boxes and updates And after that, when you take a look at this data, there is some division and some more multiplication going on to make it under 22. And all this is thirty eight nine times, we will combine it and this hole, so look here, what is happening with this is in a buffer, so 38th

x x ray, this is the feature, its total, today how did we generate it, you can see this dumper here and they generated this, after that they did some explanation for the industry, if any of you have seen this IS, this salwar se infection standard, then you will see that there is depression in it because in debit city also the group belongs to asset, so what they do is they explain it with some more data, yes, for this they have hotspotted some values, see here, this is half taken and then there was some data of forces there, after that what they did was that they edited the cigarette that I have created from this data which

they generated, which in the sample is already hotspot code, this is mixed pensioner You can also say this and after that he converted it to Sonth which was 38.2 sak, okay, after that what I have observed here is first you look at the data of Sonth Hacks, its Aishwarya Setal, this print is a special print, I have simply edited it carefully, so I am trying to create a new table here and many childhood readers, we will see that it can be used further or these tips, bye bye, I have made more interesting here, you will see that in this rectangle, the last one you have a drink replication, which is the infection function, then this data is again

encrypted by the same expression function, Sonth Plus and ATM Difficile, so I have created a new table which will be Jhajjar reference table for encryption, which we will see later, so if I look at it, it is a little difficult with these things, then I am looking at Ad Agra here, yes, what is the data here, I am getting a relation, you will see that English Hatkoti Temple This is it, after that the coastal bike jata falls here, now after that its 10th and the data present first prayer song random key will be painted here and this text will be multiplied by 1000 from the first month but and this next fifty plus attend end of the new roy will be increased

with the main query function and then a final table is formed this final table will be used again with encryption rhythm to encrypt files so first we will read this is its function yes yes so this function I have used is not that much advanced that function so I have divided it into two-three steps so that for your handling you will see in this one, well in this the plain text is read in take away and white and the side effects you will get exactly at 22, the plain text has been divided into advice 2 register save here this is a 3D which will be our main player so first you will see this x which is one this The pendant

table that we saw last, its size is 1000, this one and above that, this rally, this value of Sai here is getting net which is the second for it's audible that tissue cells and so this is the first step which you will see that it depends on the first and after that the last step is in it, the country which died in average and this is the step and after that the exchange will be that the idiots will be whatsapped about it, this person is quiet and here you can see that this whole process is one sided, it will do it sixteen times, I will give you get more no more and decrypt ballan so water this will happen six times, after that what

is there in the chalky side effects and white, you will see this x and index here the data is being returned again in an array and similarly this will repeat for the entire file and we will see that Ansari file will be encrypted and after that we have this tweet file, in the last we are watching the trailer Yes, we are looking at the oil, we are seeing that this is being made, so first you will see that by hitting zero seven six one you will get the market porn lock friends if it is in the inserted file and it is also checked first that no file has been opened before, so if you hit it and find it at a position which

I have written in my Twitter that which puja will be there, then it means it is encrypted, we will fold it, after this there is some balance, this is optional, it is of the trailer and after this its size is how much encryption has been done and this is the key which friends dish red meat and after that which is panned in the encrypted file, so you are seeing the image that when you reversed it, you saw the entire encryption of its rate saver in parts, now we saw that 13 was generated, after that there was a special table, a question was asked about it and after that the file which is written, the content will be written, it closed the file

and after that it is totally like a link, so now we will analyze it, now when we reverse it, the worst thing is For ransomware, you have to follow a similar format. You have to see where the Jio net is being used, what input is it and what is it generated there and what is being done with that generated key. If that pimpl clicks on the group, then it is the same with the generated key that it increases it by half with its key and it destroys its key at that time and it is very less in trend, so you cannot reproduce it again, so it is a very strong impression, but here we saw that no public key was used,

rather an explained key was generated and that is a special gift code, after that it was re- entered and after its inspection, the online survey had written that key inside the encrypted file of the file key, so now we will sunrise it, see what is this, we have non-believers and what is unknown with me, and this happens that the train is stopped, after that the pad key The data has been prepared and he prepared a special table and Shivaji wrapped the file and wrote the data key to the file and after that generated a file now we will see which cross are the non variables here told that if we want to delete it ourselves then

what are the possibilities so first of all we will see that the random key rate is not there with us because we found it lying inside the encrypted file because he tightened it there this time we will see that the prepared explanation table of the stomach is there because it is inside the sample and we saw that inside the sample he did not destroy it so even if he destroys it then from somewhere or the other he will decrypt that juice explanation table and if you put it then the research book will remain accessible so hence it is important to reverse it now and see where is the young pension table juice so you will find it somewhere inside the mine so

this is the non after this it will increase the file there are two algorithms that are in the question at this time The unknown one will go back to the delete function, how will we delete it because all these things are questions, so if we call this function as these foreign words function increase description, it is requested that you take your 153, after that, if you call the function as banana, then it will go above the banana and reverse half so that we get this moment again, so this is a small example, so on the left side we will see that for your benefit, I have explained it a little bit, what is the pimpl f5

function, and after that, ours which we call plaintextf and airplanetext five simple that its lemon one, whatever is from it, the function which is above it is implemented, after that, if there is a cyber attack on the alarm number, if you give text on the site, then you have to point to that function that we got four back, so this is called these WhatsApp function Indore or Universal Udham and description, when you have the encryption function and then you can easily create a decryption function from it, how will that be, you will see on the website that you have this original code And on the top right side there is a pattern decryptor which I have written and here you will get the full

ticket, so you will see that you have to go step by step through the tabs like this, first of all you find the text on the site here, you include it, add updates, here first you find interest and you go down and see some operations and after that you see that save in a side effect, now see if you have found that effect and you go up, now you will see what all sections you have followed, that you need it and you get it, first of all you will see that here is the price of 108, after exchanging the thing here you can do is to open those pimples, when you see that there is a texture, you have to do it

because there is an airplane text in tears, now this sir is unknown at the moment, so it means that you have to whiten it first, now how it is finalized depends on its 108 value, so the value of 108 is available to us first because the data that you have here We have a text here, it is George only, it means we have this bowl, that value is available, so on the right side you will see it becomes scientist and this is the size, you will calculate it in the same way as on the back side, you just have to follow those steps because this reference table, now the reference table always remains SIM, if you do

not have reference table for some time then the values ​​will change, that is recycled reference which you will depend on, there is a medical unfit value and encrypted value, you also have this side effect in the first step, so you calculated all this in the first step and I will not go into this detail, you can see how to give it eyes, this is happening as a very script, so after that now you just have to do this encrypted divide, divide, indexed in it, which is totally reversible fast and with the result, you will get its original value by inverse function, then again you will multiply it by 1000 With the encrypted value, you will get the divide to see this main lead

explain tax here and similarly, first of all the district governor was free and in the factory it was that you added one from the editable and here you will add the plated rows from that channel and you will get a value and you have to repeat this step 1628 and you will get the data model because it was symmetric and it was also non-symmetric, half explanation table will win and question question and with, so you have created a decryptor issue from it, hello how to do this also digital zone gram mishri, if you want to tighten it then you will get it here, you can download it from there, now I will give you a demo of how this dipper will work and

whether the values ​​that we enter are correct, whether the profile that we get back in print or not,

this video of the economic is

good, so here you can see the type third, this is the contact So this is for the contest, so now you have to see that there is an exchange file of dot there, there is a joint entry of tile, so you have to use tricks on your degree on this and if the

picture is deleted from here and the action will be tip, so now we will see by calculating the time with it, 54, we will see whether the decryption of this channel file is of the new moon miller of the government or not, and whether it is in education, now we will see that the depression jammer pass made of the integrated file is only 40, so we deleted the file which is one hundred person, by trying half an inch saver, so these are some options, you can see that one are you, really you can read this in Python or any language and it will copy the delivery files from the manifest, you can also delete that exam time

168