Forum Discussion
Reverse Engineering
RE: Immersive Care: Ep.5 – Reverse Engineering
Feel like I'm missing something obvious here. I have decompiled the ransomware and can see the xorIT command, but not sure how to find the secret key?
xorIT.<locals>.<genexpr>
Read the python-exe-extractor tool output carefully as it will give you a hint on further steps you need to undertake to decompile
6 Replies
- LN1
Bronze II
nevermind solved. thanks
- KieranRowley
Community Manager
Excellent! Well done 👍
Could you give us a hint as to how to help your fellow community members who might find this post in the future?
- LN1
Bronze II
Read the python-exe-extractor tool output carefully as it will give you a hint on further steps you need to undertake to decompile
- KieranRowley
Community Manager
Hi LN1
Welcome to The Human Connection!
Please can you provide some more details of the steps you have already taken so that your fellow community members are able to assist you
- LN1
Bronze II
decompiled the ransomware and found the commands used to generate the ransom note and to encrypt .txt files. Tried looking into initialisation of variables but couldn't find anything. Noticed a secret_key string within the decompiled file, but unsure where this is located.