LockCrypt勒索软件解密技术详解<\/h1>

1. LockCrypt勒索软件概述<\/h2>
LockCrypt（又称EncryptServer2018）是2017年中发现的勒索软件家族，至今仍然活跃。该勒索软件使用了一种定制的加密方法，而非标准的Windows API加密方式。<\/p>

2. 加密机制分析<\/h2>

2.1 加密流程概述<\/h3>

LockCrypt的加密过程分为两个阶段：<\/p>

第一阶段<\/strong>：使用长度为12500字节的循环密钥进行初步加密<\/li>

第二阶段<\/strong>：使用长度为25000字节的循环密钥进行进一步加密<\/li> <\/ol>
2.2 加密函数等效Python代码<\/h3>
def<\/span> grouper<\/span>(iterable, n, fillvalue=<\/span>None<\/span>): <\/span><\/span> """将可迭代对象分组为大小为n的组"""<\/span> <\/span><\/span> args =<\/span> [iter(iterable)] *<\/span> n <\/span><\/span> return<\/span> itertools.<\/span>izip_longest(fillvalue=<\/span>fillvalue, *<\/span>args) <\/span><\/span> <\/span><\/span>def<\/span> rol<\/span>(val, n, width): <\/span><\/span> """模拟x86 rol指令"""<\/span> <\/span><\/span> return<\/span> (val <<<\/span> n) &<\/span> ((1<\/span> <<<\/span> width) -<\/span> 1<\/span>) |<\/span> \ <\/span><\/span> ((val &<\/span> ((1<\/span> <<<\/span> width) -<\/span> 1<\/span>)) >><\/span> (width -<\/span> n)) <\/span><\/span> <\/span><\/span>def<\/span> encrypt<\/span>(key, plain): <\/span><\/span> size =<\/span> len(plain) -<\/span> 2<\/span> <\/span><\/span> enc =<\/span> io.<\/span>BytesIO(plain) <\/span><\/span> <\/span><\/span> # 第一阶段<\/span> <\/span><\/span> key_cyclic =<\/span> grouper(itertools.<\/span>cycle(key), 4<\/span>) <\/span><\/span> for<\/span> _ in<\/span> xrange(0<\/span>, size &<\/span> (~<\/span>0x3<\/span>), 2<\/span>): <\/span><\/span> # 获取下一个密钥dword<\/span> <\/span><\/span> k =<\/span> ""<\/span>.<\/span>join(key_cyclic.<\/span>next()) <\/span><\/span> k =<\/span> struct.<\/span>unpack("<I"<\/span>, k)[0<\/span>] <\/span><\/span> <\/span><\/span> # 获取下一个数据dword<\/span> <\/span><\/span> d =<\/span> enc.<\/span>read(4<\/span>) <\/span><\/span> d =<\/span> struct.<\/span>unpack("<I"<\/span>, d)[0<\/span>] <\/span><\/span> <\/span><\/span> # 执行XOR并写回数据<\/span> <\/span><\/span> e =<\/span> k ^<\/span> d <\/span><\/span> e =<\/span> struct.<\/span>pack("<I"<\/span>, e) <\/span><\/span> enc.<\/span>seek(-<\/span>4<\/span>, os.<\/span>SEEK_CUR) <\/span><\/span> enc.<\/span>write(e) <\/span><\/span> enc.<\/span>seek(-<\/span>2<\/span>, os.<\/span>SEEK_CUR) <\/span><\/span> <\/span><\/span> # 第二阶段<\/span> <\/span><\/span> enc.<\/span>seek(0<\/span>, os.<\/span>SEEK_SET) <\/span><\/span> key_cyclic =<\/span> grouper(itertools.<\/span>cycle(key), 4<\/span>) <\/span><\/span> for<\/span> i in<\/span> xrange(0<\/span>, size &<\/span> (~<\/span>0x3<\/span>), 4<\/span>): <\/span><\/span> # 获取下一个密钥dword<\/span> <\/span><\/span> k =<\/span> ""<\/span>.<\/span>join(key_cyclic.<\/span>next()) <\/span><\/span> k =<\/span> struct.<\/span>unpack("<I"<\/span>, k)[0<\/span>] <\/span><\/span> <\/span><\/span> # 获取下一个数据dword<\/span> <\/span><\/span> d =<\/span> enc.<\/span>read(4<\/span>) <\/span><\/span> d =<\/span> struct.<\/span>unpack("<I"<\/span>, d)[0<\/span>] <\/span><\/span> <\/span><\/span> # 循环左移5位<\/span> <\/span><\/span> e =<\/span> rol(d, 5<\/span>, 32<\/span>) <\/span><\/span> # XOR操作<\/span> <\/span><\/span> e =<\/span> e ^<\/span> k <\/span><\/span> # 交换字节顺序<\/span> <\/span><\/span> e =<\/span> struct.<\/span>pack(">I"<\/span>, e) <\/span><\/span> # 写回数据<\/span> <\/span><\/span> enc.<\/span>seek(-<\/span>4<\/span>, os.<\/span>SEEK_CUR) <\/span><\/span> enc.<\/span>write(e) <\/span><\/span> <\/span><\/span> return<\/span> enc.<\/span>getvalue() <\/span><\/span> <\/span><\/span>def<\/span> encrypt_file<\/span>(key, file): <\/span><\/span> # 密钥长度为25000字节<\/span> <\/span><\/span> # 跳过前4个字节<\/span> <\/span><\/span> file.<\/span>seek(4<\/span>, os.<\/span>SEEK_SET) <\/span><\/span> # 加密文件的前1MB内容（减去4字节）<\/span> <\/span><\/span> plain_data =<\/span> file.<\/span>read(0x100000<\/span> -<\/span> 4<\/span>) <\/span><\/span> enc_data =<\/span> encrypt(key, plain_data) <\/span><\/span> file.<\/span>seek(4<\/span>, os.<\/span>SEEK_SET) <\/span><\/span> file.<\/span>write(enc_data) <\/span><\/span> # 文件其余部分保持不变<\/span> <\/span><\/span><\/code><\/pre>2.3 加密过程关键点<\/h3> 每个明文位与3个密钥位进行XOR运算<\/li> 如果撤销第二阶段中的位移操作，两个阶段都可以描述为使用25000字节循环密钥的流加密<\/li> 前4个字节保持不加密<\/li> 只加密文件的前1MB内容，其余部分保持不变<\/li> <\/ol> 3. 解密方法<\/h2> 3.1 恢复流密钥(Stream Key)<\/h3> 要解密文件，首先需要恢复流密钥：<\/p> key_len =<\/span> 25000<\/span> <\/span><\/span> <\/span><\/span>def<\/span> ror<\/span>(val, n, width): <\/span><\/span> """模拟x86 ror指令"""<\/span> <\/span><\/span> return<\/span> ((val &<\/span> ((1<\/span> <<<\/span> width) -<\/span> 1<\/span>)) >><\/span> n) |<\/span> \ <\/span><\/span> (val <<<\/span> (width -<\/span> n) &<\/span> ((1<\/span> <<<\/span> width) -<\/span> 1<\/span>)) <\/span><\/span> <\/span><\/span>def<\/span> recover_stream_key<\/span>(plain, enc, idx): <\/span><\/span> assert<\/span> len(plain) ==<\/span> len(enc) <\/span><\/span> assert<\/span> len(plain) >=<\/span> 4<\/span> +<\/span> idx +<\/span> key_len <\/span><\/span> <\/span><\/span> plain =<\/span> io.<\/span>BytesIO(plain) <\/span><\/span> enc =<\/span> io.<\/span>BytesIO(enc) <\/span><\/span> assert<\/span> plain.<\/span>read(4<\/span>) ==<\/span> enc.<\/span>read(4<\/span>) <\/span><\/span> <\/span><\/span> plain.<\/span>seek(idx &<\/span> (~<\/span>3<\/span>), os.<\/span>SEEK_CUR) <\/span><\/span> enc.<\/span>seek(idx &<\/span> (~<\/span>3<\/span>), os.<\/span>SEEK_CUR) <\/span><\/span> <\/span><\/span> stream_key =<\/span> io.<\/span>BytesIO() <\/span><\/span> for<\/span> i in<\/span> xrange(0<\/span>, key_len +<\/span> (idx %<\/span> 4<\/span>), 4<\/span>): <\/span><\/span> # 读取下一个明文dword<\/span> <\/span><\/span> p =<\/span> plain.<\/span>read(4<\/span>) <\/span><\/span> p =<\/span> struct.<\/span>unpack("<I"<\/span>, p)[0<\/span>] <\/span><\/span> <\/span><\/span> # 读取下一个加密dword并撤销位移操作<\/span> <\/span><\/span> e =<\/span> enc.<\/span>read(4<\/span>) <\/span><\/span> e =<\/span> struct.<\/span>unpack(">I"<\/span>, e)[0<\/span>] <\/span><\/span> e =<\/span> ror(e, 5<\/span>, 32<\/span>) <\/span><\/span> <\/span><\/span> # XOR明文和规范化后的加密dword<\/span> <\/span><\/span> k =<\/span> p ^<\/span> e <\/span><\/span> k =<\/span> struct.<\/span>pack("<I"<\/span>, k) <\/span><\/span> <\/span><\/span> # 将流密钥dword写入恢复的流密钥<\/span> <\/span><\/span> if<\/span> i ==<\/span> 0<\/span>: <\/span><\/span> stream_key.<\/span>write(k[idx %<\/span> 4<\/span>:]) <\/span><\/span> elif<\/span> i <<\/span> key_len: <\/span><\/span> stream_key.<\/span>write(k) <\/span><\/span> else<\/span>: <\/span><\/span> stream_key.<\/span>write(k[:-<\/span>idx %<\/span> 4<\/span>]) <\/span><\/span> <\/span><\/span> stream_key =<\/span> stream_key.<\/span>getvalue() <\/span><\/span> assert<\/span> len(stream_key) ==<\/span> key_len <\/span><\/span> return<\/span> stream_key <\/span><\/span><\/code><\/pre>3.2 使用流密钥解密文件<\/h3> def<\/span> decrypt<\/span>(stream_key, enc): <\/span><\/span> size =<\/span> len(enc) -<\/span> 2<\/span> <\/span><\/span> plain =<\/span> io.<\/span>BytesIO(enc) <\/span><\/span> stream_key_cyclic =<\/span> grouper(itertools.<\/span>cycle(stream_key), 4<\/span>) <\/span><\/span> <\/span><\/span> for<\/span> i in<\/span> xrange(0<\/span>, size &<\/span> (~<\/span>3<\/span>), 4<\/span>): <\/span><\/span> # 读取下一个流密钥dword<\/span> <\/span><\/span> sk =<\/span> ""<\/span>.<\/span>join(stream_key_cyclic.<\/span>next()) <\/span><\/span> sk =<\/span> struct.<\/span>unpack("<I"<\/span>, sk)[0<\/span>] <\/span><\/span> <\/span><\/span> # 读取下一个加密dword并撤销位移操作<\/span> <\/span><\/span> e =<\/span> plain.<\/span>read(4<\/span>) <\/span><\/span> e =<\/span> struct.<\/span>unpack(">I"<\/span>, e)[0<\/span>] <\/span><\/span> e =<\/span> ror(e, 5<\/span>, 32<\/span>) <\/span><\/span> <\/span><\/span> # XOR规范化后的加密dword与流密钥dword以恢复明文dword<\/span> <\/span><\/span> p =<\/span> e ^<\/span> sk <\/span><\/span> p =<\/span> struct.<\/span>pack("<I"<\/span>, p) <\/span><\/span> plain.<\/span>seek(-<\/span>4<\/span>, os.<\/span>SEEK_CUR) <\/span><\/span> plain.<\/span>write(p) <\/span><\/span> <\/span><\/span> return<\/span> plain.<\/span>getvalue() <\/span><\/span> <\/span><\/span>def<\/span> decrypt_file<\/span>(stream_key, file): <\/span><\/span> assert<\/span> len(stream_key) ==<\/span> key_len <\/span><\/span> # 跳过前4个字节<\/span> <\/span><\/span> file.<\/span>seek(4<\/span>, os.<\/span>SEEK_SET) <\/span><\/span> # 解密文件的前1MB内容（减去4字节）<\/span> <\/span><\/span> enc_data =<\/span> file.<\/span>read(0x100000<\/span> -<\/span> 4<\/span>) <\/span><\/span> plain_data =<\/span> decrypt(stream_key, enc_data) <\/span><\/span> file.<\/span>seek(4<\/span>, os.<\/span>SEEK_SET) <\/span><\/span> file.<\/span>write(plain_data) <\/span><\/span> # 文件其余部分保持不变<\/span> <\/span><\/span><\/code><\/pre>3.3 恢复原始密钥(Original Key)<\/h3> 要完全解密文件，需要恢复原始密钥：<\/p> def<\/span> k_for_i<\/span>(i): <\/span><\/span> """返回与流密钥位i相关的原始密钥位索引"""<\/span> <\/span><\/span> i_dword =<\/span> i >><\/span> 5<\/span> # dword索引<\/span> <\/span><\/span> i_offset =<\/span> i %<\/span> 32<\/span> # dword中的位索引<\/span> <\/span><\/span> i =<\/span> i +<\/span> key_bitlen <\/span><\/span> <\/span><\/span> k =<\/span> [] <\/span><\/span> k.<\/span>append((i_dword <<<\/span> 6<\/span>) +<\/span> i_offset) <\/span><\/span> <\/span><\/span> if<\/span> i_offset <<\/span> 16<\/span>: <\/span><\/span> k.<\/span>append(k[0<\/span>] -<\/span> 16<\/span>) <\/span><\/span> else<\/span>: <\/span><\/span> k.<\/span>append(k[0<\/span>] +<\/span> 16<\/span>) <\/span><\/span> <\/span><\/span> k.<\/span>append((i_dword <<<\/span> 5<\/span>) +<\/span> ((i_offset +<\/span> 5<\/span>) %<\/span> 32<\/span>)) <\/span><\/span> <\/span><\/span> return<\/span> [x %<\/span> key_bitlen for<\/span> x in<\/span> k if<\/span> x >=<\/span> 0<\/span>] <\/span><\/span> <\/span><\/span>def<\/span> gen_equations<\/span>(idx): <\/span><\/span> """生成原始密钥和流密钥之间的转换方程"""<\/span> <\/span><\/span> A_i_j_s =<\/span> [] <\/span><\/span> for<\/span> i in<\/span> xrange(idx <<<\/span> 3<\/span>, (idx <<<\/span> 3<\/span>) +<\/span> key_bitlen): <\/span><\/span> A_i_j_s.<\/span>append(k_for_i(i)) <\/span><\/span> return<\/span> A_i_j_s <\/span><\/span><\/code><\/pre>使用SageMath解决线性方程组：<\/p> # 设置参数<\/span> <\/span><\/span>stream_key_idx =<\/span> 25000<\/span> # 恢复的流密钥索引<\/span> <\/span><\/span>stream_key_path =<\/span> "key-stream-idx-25000.bin"<\/span> # 流密钥文件路径<\/span> <\/span><\/span>original_key_path =<\/span> "key.bin"<\/span> # 原始密钥输出路径<\/span> <\/span><\/span> <\/span><\/span>import<\/span> itertools <\/span><\/span>import<\/span> struct <\/span><\/span> <\/span><\/span>def<\/span> grouper<\/span>(iterable, n, fillvalue=<\/span>None<\/span>): <\/span><\/span> args =<\/span> [iter(iterable)] *<\/span> n <\/span><\/span> return<\/span> itertools.<\/span>izip_longest(fillvalue=<\/span>fillvalue, *<\/span>args) <\/span><\/span> <\/span><\/span>def<\/span> str2bits<\/span>(s): <\/span><\/span> """将字符串转换为位列表"""<\/span> <\/span><\/span> bits =<\/span> [] <\/span><\/span> for<\/span> dword in<\/span> grouper(s, 4<\/span>): <\/span><\/span> dword =<\/span> ""<\/span>.<\/span>join(dword) <\/span><\/span> dword =<\/span> struct.<\/span>unpack("<I"<\/span>, dword)[0<\/span>] <\/span><\/span> bits +=<\/span> [(dword >><\/span> i) &<\/span> 1<\/span> for<\/span> i in<\/span> xrange(32<\/span>)] <\/span><\/span> return<\/span> bits <\/span><\/span> <\/span><\/span>def<\/span> bits2str<\/span>(bits): <\/span><\/span> """将位列表转换为字符串"""<\/span> <\/span><\/span> s =<\/span> [] <\/span><\/span> for<\/span> dword_bits in<\/span> grouper(bits, 32<\/span>): <\/span><\/span> dword =<\/span> 0<\/span> <\/span><\/span> for<\/span> i, bit in<\/span> enumerate(dword_bits): <\/span><\/span> dword =<\/span> dword |<\/span> (bit <<<\/span> i) <\/span><\/span> s.<\/span>append(struct.<\/span>pack("<I"<\/span>, dword)) <\/span><\/span> return<\/span> ""<\/span>.<\/span>join(s) <\/span><\/span> <\/span><\/span># 读取流密钥<\/span> <\/span><\/span>with<\/span> open(stream_key_path) as<\/span> f: <\/span><\/span> stream_key =<\/span> f.<\/span>read() <\/span><\/span>assert<\/span> len(stream_key) ==<\/span> 25000<\/span> <\/span><\/span> <\/span><\/span># 将流密钥转换为位向量<\/span> <\/span><\/span>stream_key_bits =<\/span> str2bits(stream_key) <\/span><\/span>Y =<\/span> vector(GF(2<\/span>), 200000<\/span>, stream_key_bits) <\/span><\/span> <\/span><\/span># 创建方程矩阵<\/span> <\/span><\/span>A_i_j_s =<\/span> gen_equations(stream_key_idx) <\/span><\/span>A =<\/span> matrix(GF(2<\/span>), 200000<\/span>, sparse=<\/span>True<\/span>) <\/span><\/span>for<\/span> i, A_i_j in<\/span> enumerate(A_i_j_s): <\/span><\/span> for<\/span> j in<\/span> A_i_j: <\/span><\/span> A[i, j] =<\/span> 1<\/span> <\/span><\/span> <\/span><\/span># 解方程恢复原始密钥<\/span> <\/span><\/span>X =<\/span> A.<\/span>solve_right(Y) <\/span><\/span>key_bits =<\/span> [int(x) for<\/span> x in<\/span> X.<\/span>list()] <\/span><\/span>key =<\/span> bits2str(key_bits) <\/span><\/span> <\/span><\/span># 保存原始密钥<\/span> <\/span><\/span>with<\/span> open(original_key_path, 'wb'<\/span>) as<\/span> f: <\/span><\/span> f.<\/span>write(key) <\/span><\/span><\/code><\/pre>4. 解密步骤总结<\/h2> 恢复明文数据<\/strong>：<\/p> 获取至少25010字节的未加密文件或明文文件<\/li> 建议在另一台机器上安装相同版本的勒索软件，比较加密DLL文件和原始文件<\/li> <\/ul> <\/li> 恢复流密钥<\/strong>：<\/p> 安装Python 2.7<\/li> 使用recover_stream_key.py<\/code>脚本恢复流密钥（建议使用idx=25000）<\/li> <\/ul> <\/li> 恢复原始密钥<\/strong>：<\/p> 安装SageMath<\/li> 使用SageMath Jupyter Notebook执行上述代码（耗时20分钟到几小时）<\/li> <\/ul> <\/li> 解密文件<\/strong>：<\/p> 使用decryptor.py<\/code>脚本解密加密的文件<\/li> <\/ul> <\/li> <\/ol> 5. 注意事项<\/h2> 前2个加密字节（原始文件的字节4:6）只与2个密钥位进行XOR运算，因此：<\/p> 解密剩余字节需要使用idx≥2的流密钥<\/li> 解密前2个字节需要使用idx=0的流密钥<\/li> <\/ul> <\/li> 如果原始文件长度≠2 (mod 4)，在encrypt()<\/code>函数中明文的长度len(plain)≠0 (mod 4)，因此在第一阶段最后一个循环中只对文件结尾的1-2个字节进行解密。这些字节的明文位只与1个密钥位进行XOR运算，因此无法直接解密。<\/p> <\/li> 如果已知文件长度n≥m，可以解密长度为m的文件。<\/p> <\/li> <\/ol>

LockCrypt勒索软件解密技术详解<\/h1>

1. LockCrypt勒索软件概述<\/h2> LockCrypt（又称EncryptServer2018）是2017年中发现的勒索软件家族，至今仍然活跃。该勒索软件使用了一种定制的加密方法，而非标准的Windows API加密方式。<\/p>

2. 加密机制分析<\/h2>

3. 解密方法<\/h2>

1. LockCrypt勒索软件概述<\/h2>
LockCrypt（又称EncryptServer2018）是2017年中发现的勒索软件家族，至今仍然活跃。该勒索软件使用了一种定制的加密方法，而非标准的Windows API加密方式。<\/p>