Encrypt and decrypt multiple files and directories.

This is a project developed in the cybersecurity bootcamp of 42Madrid.

WARNING:

• This program was written for educational purposes. The responsibility for the use and distribution of the tool lies with the user. Use it at your own risk and enjoy!
• This program was designed to affect only files located in the current user’s ‘~/infection’ directory [for now]. Use caution with files located in that directory, you may not recover them.
• When the files are encrypted, a ‘totem.key’ file is generated, which contains the encryption password. To encrypt several times different files with the same key, do not move this file from its location.
• It is recommended to run the program in a docker container or a virtual machine.

[Don't lose the totem.key]

Subject:

The goal of this project is to make a small program capable of causing big problems.

Although the greatest virtue of ransomware is its ability to spread across networks of hundreds of computers, in this case hundreds of computers, in this case, the program will affect a ‘small’ part of your files.

The program must be developed for Linux or Macos systems, affecting all files located in the /home/$user/infection directory and all files with extensions that were affected by the WannaCry virus. A secure encryption algorithm must be used to encrypt the files and they must be renamed with the extension ‘.ft’ once encrypted.

Project:

The program was developed using the Python programming language and testing was performed in a docker container to avoid risks.

To encrypt the files, the Python cryptography module was used, which implements Fernet that uses the AES encryption algorithm.

The Advanced Encryption Standard, abbreviated to AES, is used to encrypt data and protect it against unauthorized access. The cryptographic method uses a key of varying length for this purpose and is called AES-128, AES-192 or AES-256, depending on the key length used.
It is one of the most secure encryption methods, used publicly and privately by companies, organizations and governments such as the NSA.

The software scans the /infection directory and all subdirectories within it for files matching the extensions to be encrypted. The result of the search is a list of target files and then it proceeds to encrypt each of them.

When the decryption option is executed, a scan of the same path will also be performed in search of files that have been previously encrypted and have not been modified by the user, and then decrypted one by one.

To really see the speed and power of the tool it is recommended to use the ‘–silent’ parameter, which does not generate any output.

Script Options

# Default mode - Encrypt files
- ./stockholm 
# Reverse mode - Decrypt files
- ./stockholm -r + 'pass_key'
# Silent mode
- ./stockholm -s | ./stockholm -r + 'pass_key' -s
# Print version
- ./stockholm -v
# Print help
- ./stockholm -h

Docker test

• Install Docker Desktop and run the app.
• Install make and use the Makefile for buid a container and get a bash:

  make && make exec
  

  # Build image and container
  ->> make
  # Get a bash from container
  ->> make exec
  # Build a new container
  ->> make dock
  # Build image
  ->> make image
  # Remove image and container
  ->> make fclean
  

• In the container, run run_test.sh

  cd; cd test; ./run_test.sh
  

• Unzip the out.zip and run stockholm

  unzip out.zip 
  cd out; ./stockholm
  

Enjoy it!

View the source code here

Project completed

Rating: