back

Defeating (Not)Petya's Cryptography

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:54:44
Language
English
Abstract
In this presentation we will outline our findings about (Not)Petya's crypto flaws and how we were able to exploit them to decrypt infected computers.

At the end of June 2017, a malware outbreak plagued Ukraine and other parts of the world. The threat, quickly dubbed NotPetya after striking similarity to Petya had been discovered, encrypted infected systems at boot-level.

A deeper analysis of NotPetya's cryptography revealed several rookie mistakes that enabled us to recover the encrypted hard drives. This talk gives some insights into NotPetya's flawed cryptography and how we were able to exploit them to eventually decrypt the infected hard drives.

Talk ID
8724
Event:
34c3
Day
1
Room
Saal Borg
Start
9 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Sebastian Eschweiler
Talk Slug & media link
34c3-8724-defeating_not_petya_s_cryptography

Talk & Speaker speed statistics

Very rough underestimation:
120.1 wpm
652.5 spm
120.5 wpm
652.9 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
120.1 wpm
652.5 spm
keyfilesstreammftfilenotpetyaplaintextniceimplementationbytesencryptedbasicallysalsatalkdecryptsebastianthingapproachrecordscodevariabledatarecordattackmegabyteschecksystemproblem20byteremainderencryptbitlengthsizemickilobyte16-bitslidebitshistogramnumberrecoveroffsetcounterworkrememberthreesectortype
Sebastian Eschweiler:
120.5 wpm
652.9 spm
fileskeystreamfilemftplaintextnotpetyaniceimplementationbytesencryptedsalsatalkbasicallythingcoderecordsdecryptrecordvariabledataapproachattackproblemremainderencryptsystembitcheck20byte16-bitsizekilobyteslidecounteroffsetthreesectorrememberbitstypemegabytesrecoverhistograminterestingactualsideanalyzecipher