My own ransomware to use my cryptographic knowledges and test Golang for the first time
Contact me
·
Report Bug
·
Request Feature
Table of Contents
Recently, I learned cryptography at my university and I wanted to learn Golang. I tried to create this ransomware and this is very basic.
Objectives:
- Learn Golang syntax.
- Use AES-256 in Golang
- Try reversing my own ransomware
Do not use this program for illegal purposes ! I am not responsible for the actions of third parties. Also do not run this program on your machine, use a VM instead.
You have 4 modules : attacker, encrypter, decrypter and fileutils.
attacker is the server program to receive the AES key.
encrypter is obviously the dangerous program. I repeat, do not launch it on your machine.
decrypter decrypt the files with the AES key.
fileutils retrieves all the file paths to be encrypted/decrypted.
- attacker
It is just a simple HTTP server made with the Golang package net/http. It receives the AES key in hexadecimal and it stores it into the sqlite database named key.db. It generates an onion service to receive data via Tor.
- encrypter
First, it generates an random 256 bits key and send it to the server. By default it is a POST request made with net/http package to onion address via Tor (Bine API). After it retrieves all the content of files in directory defined in .env (you can also change it). Finally it encrypt all the content of files and replace it.
- decrypter
Similarly to encrypter, it retrieves all the files but it decrypt with the key passed in STDIN and replace files contents.
- fileutils
Retrives all the files for encrypter and decrypter. By default it is C:\Users\ on Windows and /home/ on Linux. But I redefined the value of dir with a testing directory in .env file.
- First, clone the project :
git clone https://github.com/FreezingKas/basic-ransomware-golang.git
- And change the .env file :
ADDRESS=example.onion
DIR=/tmp/test
ADDRESS is used to build encypter.go. This is the address of the server where the keys will be sent. Change this to the address generated by attacker.go. DIR is used to build encrypter.go and decrypter.go. This is the directory that will be encrypted.
- Build attacker.go :
cd attacker
go build attacker.go
./attackerIt launches the HTTP server on a onion service. You can now receive AES keys from encrypter.go.
- Build encrypter.go
cd encrypter
go build encrypter.go
./encrypterObviously, a victim will not build this program itself. After encryption, I have to ask for money but i didn't implement it for the moment. Don't forget to change ADDRESS in .env.
- Build decrypter.go
cd decrypter
go build decrypter.go
./decrypterThe program will ask for the key in command-line and the objectives is to make it simple for a victim to enter the AES key.
- Create a server to receive keys.
- Implement function to retrieve files.
- Implement encrypter.
- Implement decrypter.
- Implement GUI with a threat message and ask for Bitcoin.
- Implement AES from scratch.
- Create a database to store keys.
- AV Evasion
- Use .env for IP adress + port and test directory
- Send key via Tor
See the open issues for a full list of proposed features (and known issues).
Contributions are greatly appreciated, I am still a beginner in Golang. I am not an expert yet. Also I am not a great ransomware creator, so any suggestions are welcomed.
Distributed under the MIT License. See LICENSE.txt for more information.
FreezingKas - @Maxence_Jng - [email protected]
Project Link: https://github.com/FreezingKas/basic-ransomware-golang
- Choose an Open Source License
- Basic README Template
- Img Shields
- StackOverflow (as usual)
- pauvretimo (for the nice logo)