Forum Discussion

LN1's avatar
LN1
Icon for Bronze II rankBronze II
2 months ago

Reverse Engineering

RE: Immersive Care: Ep.5 – Reverse Engineering 

Feel like I'm missing something obvious here. I have decompiled the ransomware and can see the xorIT command, but not sure how to find the secret key?

xorIT.<locals>.<genexpr>

  • LN1's avatar
    LN1
    2 months ago

    Read the python-exe-extractor tool output carefully as it will give you a hint on further steps you need to undertake to decompile

    • KieranRowley's avatar
      KieranRowley
      Icon for Community Manager rankCommunity Manager

      Excellent! Well done 👍 

      Could you give us a hint as to how to help your fellow community members who might find this post in the future?

      • LN1's avatar
        LN1
        Icon for Bronze II rankBronze II

        Read the python-exe-extractor tool output carefully as it will give you a hint on further steps you need to undertake to decompile

  • KieranRowley's avatar
    KieranRowley
    Icon for Community Manager rankCommunity Manager

    Hi LN1 

    Welcome to The Human Connection!

    Please can you provide some more details of the steps you have already taken so that your fellow community members are able to assist you

    • LN1's avatar
      LN1
      Icon for Bronze II rankBronze II

      decompiled the ransomware and found the commands used to generate the ransom note and to encrypt .txt files. Tried looking into initialisation of variables but couldn't find anything. Noticed a secret_key string within the decompiled file, but unsure where this is located.