0

Recently, I watched a video about writing a code to decode the title and contents of the file from decimal numbers into strings. However, it is written in python2 so I decided to rewrite the code in python3. Unfortunately, I am having trouble in decoding the contents of the picture.

This is the original code in python2:

#!/usr/bin/env python

import os

directory = '1262404985085867488371'

def decrypt(number): 
    return hex(int(number))[2:].replace("L","").decode("hex")


os.chdir(directory)
for i in os.listdir('.'):
    try:
        print(decrypt(i))
        c = open(i).read()
        open(decrypt(i),'w').write(decrypt(c))
        #o.write(decrypt(c))

    except:
        print("FAILED WITH",i)

And this is the code written in python3:

#!/usr/bin/env python3

import os

directory = '1262404985085867488371'

def decrypt(number): 
    hex_num = hex(int(number))[2:].replace("L","")
    return  bytes.fromhex(hex_num).decode("ascii")


os.chdir(directory)
for i in os.listdir('.'):
    try:
        print(decrypt(i))
        c = open(i).read()
        open(decrypt(i),'w').write(decrypt(c))
        #o.write(decrypt(c))

    except:
        print("FAILED WITH",i)

Can anyone help me to have a look how can I solve this problem? This is the problem about:

My computer got infected with ransomware and now none of my documents are accessible anymore! If you help me out, I'll reward you a flag! https://static.tjctf.org/7459b0c272ba30c9fea94391c7d7051d78e1732c871c3a6f27070fcb34f9e734_encrypted.tar.gz

Basically, I have tried by changing the ascii into utf-8 and open the file with the mode in "wb" or "rb" but neither of them works...

AppleByte
  • 9
  • 3
  • do you get any errors? if so, please include them. – chickity china chinese chicken Aug 15 '18 at 04:39
  • If you can include any other information so we can reproduce the problem would be helpful, for example [create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve) – chickity china chinese chicken Aug 15 '18 at 04:41
  • the edit to your code capitalizing `directory` variable does *not* improve code formatting. python syntax encourages lower-case variables. – chickity china chinese chicken Aug 15 '18 at 04:50
  • @davedwards Alright. Thanks. This is my first time using stack overflow so I am not too familiar on the syntax yet. Btw, I have reedited to provide the source of my problem. – AppleByte Aug 15 '18 at 04:58
  • 1
    no worries, thanks. but that link is protected by username and password, so we cannot see what you see, the picture, or the problem description or contents. – chickity china chinese chicken Aug 15 '18 at 05:08
  • Alright. Let me try to post the questions and the link over here!! – AppleByte Aug 15 '18 at 05:12
  • ok, just be sure not to post any private or secure information. thanks. – chickity china chinese chicken Aug 15 '18 at 05:12
  • Ok. This is just a computer security challenge competition held by a high school that is opened to public through online. – AppleByte Aug 15 '18 at 05:15
  • I don't know much about the problem you are facing, but when I extracted that `tar.gz` file you linked to, there is a file `HAHAHA.txt` which includes `"All your files have been encrypted with a uncrackable algorithm. You are now screwed forever."`. Do you really think this is a safe challenge? I would be very careful. especially since your question includes `"My computer got infected with ransomware "` – chickity china chinese chicken Aug 15 '18 at 05:20
  • Yeaa definitely. Basically the title of the files and the contents of the files have been encrypted into decimal numbers. And my code is aimed to decode it to strings. – AppleByte Aug 15 '18 at 05:23
  • Ok cool, just making sure. – chickity china chinese chicken Aug 15 '18 at 05:23
  • There is 1 video writeup for the challenge. https://www.youtube.com/watch?v=m9FuGso8BE8 – AppleByte Aug 15 '18 at 05:24
  • Hm, interesting. It doesn't produce any errors for me, so far I only get empty files. It seems like it's related to [Decode Hex String in Python 3](https://stackoverflow.com/questions/3283984/decode-hex-string-in-python-3), or [Convert(decode) hex string to ASCII or any other understandable format](https://stackoverflow.com/questions/29547104/convertdecode-hex-string-to-ascii-or-any-other-understandable-format), but I can't solve it yet, will keep trying and update with any success. – chickity china chinese chicken Aug 15 '18 at 06:38
  • Yeaa, it does not produce any error for me also. Basically, I got empty files when I compiled using the python3 code but I got the image files when I compiled using the python2 code. I am thinking maybe the problem is on the writing the byte object or whatever into a file because the decrypt function actually works fine with the name of the file. It only fails during writing the conversion into the contents of the file.I have tried to debug my code and I found out the problem is on this line when the decrypt function is called with the c as the argument. open(decrypt(i),'w').write(decrypt(c)) – AppleByte Aug 15 '18 at 07:41
  • Maybe it is because of the newline or what from the read() function and I tried to replace newline with empty string but it still doesnt work loll... – AppleByte Aug 15 '18 at 07:55

1 Answers1

1

I'm going to jump the gun here and since you did not include any examples and\or errors I will guess you got this kind of error:

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd7 in position 0: ordinal not in range(128)

This is caused by a file\directory with a unicode name, which in turn triggers this exception when you try to decode with ascii as in decode("ascii").

Instead, try decoding with "utf-8".

bergerg
  • 985
  • 9
  • 23
  • Actually I have tried with that before but it still doesn't work. I am thinking maybe it has something to do with the byte object. – AppleByte Aug 15 '18 at 05:03
  • 1
    That's great so if you tried something already, include it in the question so we can focus our help instead of taking wild guesses :P – bergerg Aug 15 '18 at 05:04