YOU ARE USING THIS TOOL AT YOUR OWN RISK.

-----------------------------------------------------------------------------------------------------------
Before you start to read this readme, please check if you have the latest version of TeslaDecoder package.
http://download.bleepingcomputer.com/BloodDolly/TeslaDecoder.zip
http://download.bleepingcomputer.com/BloodDolly/changelog.txt

If you have any question you can contact me:
http://www.bleepingcomputer.com/forums/index.php?app=members&module=messaging&section=send&do=form&fromMemberID=950574
-----------------------------------------------------------------------------------------------------------

1. Introduction
 1.1 Quick guide (Decrypting files with the key)
2. Decryption possibilities
 2.1 TeslaCrypt 0.3.4 and older (.ecc)
 2.1 TeslaCrypt 0.3.4a - 2.2.0 (.ecc (0.3.4a+), .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc, .vvv)
 2.3 TeslaCrypt 3.0.0 - 3.0.1 (.xxx, .ttt., .micro), 4.0+ (as original)
3. Listing encrypted files
4. Decoding Tesla's network request
 4.1 Format of network requests
5. Set custom key
6. List of known versions
 6.1 List of known versions (my numbering)
 6.2 List of known versions (their numbering)


===============
1. Introduction
===============
TeslaDecoder is a tool for decryption of encrypted files by TeslaCrypt. This tool can also load and decrypt TeslaCrypt's 0.x data files, decode network requests and found and list encrypted files.
This tool can recover the decryption key for old versions of TeslaCrypt 0.x directly from TeslaCrypt's data files or registry entries (see section 2 and 6) if found or the decryption key (private key) for TeslaCrypt 0.3.4a - 2.2.0 can be recovered using prime factorization (read Instructions.html).

TeslaDecoder can decrypt all versions of encrypted files by TeslaCrypt if YOU HAVE valid private key. It can be used instead of their rubbish decoder after paying the ransom. 


1.1 Quick guide (Decrypting files with the key)
===============================================
There is very small chance of false decrytpion of encrypted files, but I do recommend to backup all the encrypted files before using this tool.

If you have the key you can follow this quick guide to decrypt your files. 

1. Run TeslaDecoder.exe as administrator (needed for hidden/system/personal folders)
2.a Click on "Set key" button, copy/paste or type your key there and choose extension of your encrypted files
2.b The Tesla's private key is predefined when extension of TeslaCrypt 3/4 is choosen
3. Confirm it by clicking on "Set key" button
4. Now you can decrypt your files
 4a. Decrypt Folder - It will decrypt encrypted files in selected folder (I recommend to use this option to test decryption with given or found key)
 4b. Decrypt All - It will search encrypted files on all FIXED and REMOTE drives and try to decrypt them
 4c. Decrypt List - It will decrypt encrypted files listed in selected list file
5. See log for more information (path to log file will be shown in the dialog)


===========================
2. Decryption possibilities
===========================
2.1 TeslaCrypt 0.3.4a (.ecc) and older
======================================
These oldest versions of TeslaCrypt used key.dat file and registry entry to store decryption key until the encryption process was not finished. When all files were encrypted the decryption key was zeroes out, but the recovery key can be used to recover original PrivateKeyBC if present in key.dat file.
TeslaDecoder will try to search known location of key.dat file and the same information in the windows registry. If the file or registry entry is found, TeslaDecoder will check the possibilities for recovering the key.
If decryption key was found in windows registry and you don't have data file, you can save this data file by using "Save data file" button. (This option is not available if decryption key was obtained from network request of TeslaCrypt v2+, because these variants don't use data files) This file can be used to decrypt files from another computer, etc., but encrypted files have to match with decryption key.
If decryption key or recovery key was not found, unfortunately there is no way how to decrypt encrypted files except breaking AES 256 algorithm.

Format of encrypted file (.ecc)
*******************************
offset	size	Description
---------------------------
0x000	 16	    initialization vector for AES (random data)
0x010	  4		Size of original files
<encrypted data>

Format of key.dat
*****************
offset	size	Description
---------------------------
0x000	 34		Bitcoin address
0x022	260		Random bytes
0x126	 16		SYSTEMTIME
0x136	 32		Recovery/partial key
0x177	 32		PrivateKey
0x280	  8 	Time64
0x288	  4		DEADBEAF is set when ShadowCopy was deleted


2.2 TeslaCrypt 0.3.4a - 2.2.0 (.ecc (0.3.4a+), .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc, .vvv)
==============================================================================================
These versions of TeslaCrypt uses ECDH to protect PrivateKeyBC and later PrivateKeyFile.
TeslaDecoder will try to search known location of key.dat/storage.bin file (.ecc, .ezz, .exx only) and the same information in the windows registry. If the file or registry entry is found, TeslaDecoder will check the possibilities for recovering the key.
If decryption key was found in windows registry and you don't have data file, you can save this data file by using "Save data file" button. (This option is not available if decryption key was obtained from network request of TeslaCrypt v2+, because these variants don't use data files) This file can be used to decrypt files from another computer, etc., but encrypted files have to match with decryption key.
If decryption key was not found, please read Instructions.html for detailed information how to recover PrivateKeyBC or PrivateKeyFile.

Format of encrypted file (.ecc, ezz)
************************************
offset	size	Description
---------------------------
0x000	 16	    initialization vector for AES (random data)
0x010	  4	    Size of original files
<encrypted data>

Format of encrypted file (.exx)
*******************************
offset	size	Description
---------------------------
0x000 	200	    FileHeader (OurPublickeyX, SharedSecret)
0x0c8	 16	    initialization vector for AES (random data)
0x0d8	  4	    Size of original files
<encrypted data>

Format of encrypted file (.xyz, .zzz, .aaa, .abc, .ccc, .vvv)
*************************************************************
offset  size    Description
---------------------------
0x000     4     0x0000
0x004    65     PublicKeyBC_octet (public key from generated private key for Bitcoin address in octet form)
0x045   130     SharedSecret1*PrivateKeyBC (Shared Secret of Tesla's public key and generated private key for Bitcoin address * generated private key for Bitcoin address)
0x0c7    65     PublicKeyFile_octet (public key from generated private key for file encryption)
0x108   130     SharedSecret2*PrivateKey2 (Shared Secret of BC's public key and generated private key for file encryption * generated private key for file encryption)
0x18A    16     initialization vector for AES (random data)
0x19A     4     Size of original file
<encrypted data>  AES 256 CBC


key.dat (752B) (.ecc, .ezz)
***************************
offset	size	Description
---------------------------
0x000	 34		Bitcoin address
0x064	 32		PublicKey X coordinate
0x084	128		RecoveryKey in hex; RecoveryKey = SharedSecret * PrivateKey
0x148	 64		64B of pseudorandom data (2nd buffer; used only for randomization of 1024B random buffer)
0x18A	 16		SYSTEMTIME
0x19A	 32		32B of pseudorandom data (1st buffer; this buffer is zeroed out when PrivateKey is generated)
0x1DB	 32		PrivateKey (32B of pseudorandom data (3rd buffer); this buffer is zeroed out when encryption is done and wallpaper is set)
0x2E0	  8		Time64
0x2E8	  4		DEADBEAF is set when ShadowCopy was deleted
0x2EC	  4		Set to 1 when PrivateKey was generated

storage.bin (752B) (.exx)
*************************
offset	size	Description
---------------------------
0x000	 34		Bitcoin address
0x064	 32		PublicKey X coordinate
0x084	128		RecoveryKey in hex; RecoveryKey = SharedSecret * PrivateKey
0x148	 64		64B of pseudorandom data (2nd buffer; used only for randomization of 1024B random buffer)
0x18A	 16		SYSTEMTIME
0x19A	325		325B of pseudorandom data (1st buffer; this buffer is filled 2nd time when encryption is finished and PrivateKey is destroyed)
 0x1B1	  32	         BN_mod_inverse(0,BN_PrivateKey,EC_GROUP.order,BN_CTX) (32B of pseudorandom data (3rd buffer))
0x2E0	  8		Time64
0x2E8	  4		DEADBEAF is set when ShadowCopy was deleted
0x2EC	  4		Set to 1 when PrivateKey was generated


RECOVERY_KEY.TXT/RECOVERY_FILE.TXT (232B) (.ecc, .ezz, .exx, .xyz)
------------------------------------------------------------------
1st line> Bitcoin address
2nd line> PublicKey X coordinate
3rd line> RecoveryKey = SharedSecret * PrivateKey

RECOVERY_FILE.TXT (250B) (.zzz, .aaa, .abc)
-------------------------------------------
1st line> Bitcoin address
2nd line> PublicKey X coordinate
3rd line> RecoveryKey = SharedSecret * PrivateKey
4th line> %IDhex%

Format of recovery file (.ccc, .vvv)
------------------------------------
1st line> Bitcoin address
2nd line> PublicKey X coordinate
3rd line> RecoveryKey = SharedSecret * PrivateKey
4th line> %IDhex%
5th line> Distribution ID


2.3 TeslaCrypt 3.0.0 - 3.0.1 (.xxx, .ttt., .micro), 4.0+ (as original)
======================================================================
These versions of TeslaCrypt doesn't use only ECDH to protect PrivateKeyMaster and PrivateKeyFile, but uses combination of ECDH, SHA256 and AES.
Currently there is no way how to recover any of private keys for these versions. I recommend to backup all encrypted files, recovery file and wait for a solution.


Format of encrypted file (.xxx, .ttt., .micro, as original)
*******************************
offset  size    Description
---------------------------
0x000     8     0x0000000000000000
0x008     8     %IDHEX%
0x010     8     0x0000000000000000
0x018   128	PublicKeyRandom1_octet|AES_PrivateKeyMaster (97 used)
0x098    65     PublicKeySHA256Master_octet
0x0D9     3     0x000000
0x0DC   128     PublicKeyRandom2_octet|AES_PrivateKeyFile (97 used)
0x15C    16     initialization vector for AES
0x16C     4     Size of original file
<encrypted data>  AES 256 CBC


Format of recovery file (.xxx, .ttt., .micro, as original)
----------------------------------------------------------
<AES256CBC, AES_key=7ABE8BA3A5FC704269791F472E7961F729B73F99B92CE2487CB263094C163968, IV=0>
1st line> Bitcoin address
2nd line> PublicKeyRandom1_octet|AES_PrivateKeyMaster in hex
3rd line> %IDhex%
4th line> Distribution ID


recover.bin, desctop.ini... (264) (TeslaCrypt 4.1+)
---------------------------------
offset  size    Description
---------------------------
0x000     8     %IDHEX%
0x008    35     BitcoinAddress
0x02B    13     Padding (0x00)
0x038   128	PublicKeyRandom1_octet|AES_PrivateKeyMaster (97 used)  
0x0B8    65     PublicKeySHA256Master_octet
0x0F9     7     Padding (0x00)
0x100     8     _time64


==========================
3. Listing encrypted files
==========================
TeslaDecoder can search for encrypted files and create a list of found files. Single folder or all drives can be selected and then examined. When listing is performed, TeslaDecoder will check all files in the selected folder or on all mapped drives and try to find encrypted files by TeslaCrypt regardless of extension (except .ecc and .ezz files, where extension has it's role). Because every file is examined it will take longer than pure decryption process.

When the list file is created it can be used for decryption as a source of paths for decryption process.
The path can points to a single file or a folder. When target location is a folder and the list file is used for decryption all files in that folder are decrypted if possible.

Any unicode txt file with full paths on each line can be used as a list file.


Example:
C:\Dir\file.jpg.mp3
C:\Dir2
D:\Dir3\Dir4\Dir5\file.jpg


===================================
4. Decoding Tesla's network request
===================================
TeslaCrypt sends 2 network requests to Tesla's servers. The first request with "subject=Ping" in parameters contains decryption/private key ("key=" parameter)*. The second request with "subject=Crypted" has always "key=--", so only the first request can be used to decrypt your files.

Decoding request can be used to load custom key (obsolete). If you want to load your custom key you can paste string in the following format as input string for decoding request:
key=<key_in_hex>&addr=<Bitcoin_address>&version=<real_Tesla_version_number>

example:
addr=1L55vdCjbQtcYYrrUzmx4NLJWFaMTPMrzb&key=B4B1ABEFC066AF7500A27C573B801D8F487161A7D9484439C25F61C1B07971D4&version=2.2.0

Key - is hexadecimal representation of 256 bit long number. (it can be PrivateKeyBC, PrivateKEySHA256BC or PrivateKeyFile)
Bitcoin_address - starts with 1 and can be 26-35 character long (can be found in ransom note) and must match with key parameter.*
real_Tesla_version_number - must be set, because it depends on version if key parameter represents decryption key or private bitcoin address key. Table is located below.

*Note for v2.1.0+:
Because of the change that was made in v2.1.0 and above the entered key parameter in custom input can be loaded even if it doesn't match with entered bitcoin address. This is only true for custom input in request decoding function. (so encrypted request of these versions will not be laoded if key parameter doesn't match bitcoin address) TeslaDecoder then tries to verify entered private key with public keys located in the header encrypted files. If match is found the file is decrypted with that key.


================================
5. Set custom key for decryption
================================
The easiest way how to set custom decryption key to TeslaDecoder is by using Set key feature. You have to just put your key in hexadecimal format there and pick the extension of your encrypted files.
TeslaCrypt uses hierarchical key structure and TeslaDecoder accept any of the key in this hierarchy and compute keys on lower levers up to PrivateKeyFile.

For example keys used by TeslaCrypt 2:
All 4 keys are supported (hierarchical order):
- TeslaPrivateKey - Tesla's private key (It is a master key of Tesla's creators) This key unlock all encrypted files.
- PrivateKeyBC - Private key used for calculation of bitcoin address. This key is generated first and it unlocks all files encrypted by infected computer regardless of number of restarts.
- PrivateKeySHA256BC - SHA256 of PrivateKeyBC, this key still unlock all files encrypted by infecterd computers, but you can't access generated bitcoin address. Tesla guys send this key after payment.
- PrivateKeyFile - This key is generated each time TeslaCrypt is executed. It means that your encrypted files can have different PrivateKeyFile key. This key is directly used as encryption/decryption key for AES 256 CBC.

All keys are hierarchical related, so TeslaDecoder will try to use entered key as the highest possible key and goes down if fails.
BE VERY CAREFULL USING THIS FEATURE ON ECC AND EZZ FILES. THESE OLD VARIANTS OF TESLACRYPT DO NOT HAVE HEADER SO TESLADECOER CAN'T VALIDATE THE KEY BEFORE USING IT, BUT IT WILL VALIDATE THE PADDING.


=========================
6. List of known versions
=========================
6.1 List of known versions of Tesla/AlphaCrypt: (my internel version numbering based on data file changes)
=========================================================================================================

Version 1:
----------
File extension: .ecc
Location of data file on disk: %appdata%\key.dat [648 bytes]
Location of recovery file: N/A
Location of data file in registry: not used
Location of log file: %appdata%\log.html
Data file protected: No
Decryption key offset: 0x177
Partial key offset: 0x136
Info: If decryption key was zeroed out, but partial key was found in key.dat, TeslaDecoder can recover original decryption key. This process can take several hours on slow computers. Encrypted files are not paired with data file. Decryption key can be also obtained from Tesla's request that was sent to server.

Version 2:
----------
File extension: .ecc
Location of data file on disk: %appdata%\key.dat [656 bytes]
Location of recovery file: N/A
Location of data file in registry: not used
Location of log file: %appdata%\log.html
Data file protected: No
Decryption key offset: 0x177
Partial key offset: 0x136
Info: If decryption key was zeroed out, but partial key was found in key.dat, Tesladecoder can recover original decryption key. This process can take several hours on slow computers. Encrypted files are not paired with data file. Decryption key can be also obtained from Tesla's request that was sent to server.

Version 3:
----------
File extension: .ecc/.ezz
Location of data file on disk: %appdata%\key.dat [752 bytes]
Location of recovery file: %mydocuments%\RECOVERY_KEY.TXT
Location of data file in registry: [HKCU\Software\Microsoft\Windows\CurrentVersion\SET] [752 bytes]
Location of log file: %appdata%\log.html
Data file protected: No
Decryption key offset: 0x1DB
Info: If decryption key was zeroed out, the decryption key can be recoveres using prime factorization or using private key of TeslaCrypt's authors. Encrypted files are not paired with data file. Decryption key can be also obtained from Tesla's request that was sent to server. Decryption key can be recovered using prime factorization - please read Instructions.html.

Version 4:
----------
File extension: .ezz/.exx
Location of data file on disk: %localappdata%\storage.bin [752 bytes]
Location of recovery file: %mydocuments%\RECOVERY_FILE.TXT
Location of data file in registry: [HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\storage] [752 bytes]
Location of log file: %localappdata%\log.html
Data file protected: AES 256 can be used
Decryption key offset: between 0x19A and 0x2C0
Info: If decryption key was zeroed out, the decryption key can be recoveres using prime factorization or using private key of TeslaCrypt's authors. Encrypted .exx files are paired with data file. Decryption key can be also obtained from Tesla's request that was sent to server. Decryption key can be recovered using prime factorization - please read Instructions.html.

Version 5/5+:
-------------
File extension: .xyz/.zzz/.aaa/.abc/.ccc/.vvv
Location of data file on disk: not used
Location of recovery file: %mydocuments%\RECOVERY_FILE.TXT, %mydocuments%\Recovery_File_%random%.txt, %mydocuments%\recover_file_%random%.txt
Location of data file in registry: [HKCU\Software\%random%] (data stored here cannot be used for decryption without Tesla's private key)
Location of log file: not used
Data file protected: N/A
Decryption key offset: N/A
Info: This version doesn't use any data files and decryption key is not stored on computer. Decryption key can be obtained from Tesla's request that was sent to server. (Not possible since TeslaCrypt v2.1.0) Decryption key can be recovered using prime factorization - read Instructions.html.

Version 6: (v2.1.1)
----------
File extension: original
Location of data file on disk: not used
Location of recovery file: %mydocuments%\recover_file_%random%.txt
Location of data file in registry: not used
Location of log file: not used
Data file protected: N/A
Decryption key offset: N/A
Info: This version doesn't use any data files and decryption key is not stored on computer. Decryption key can be recovered using prime factorization. Decryption key can be recovered using prime factorization - please read Instructions.html.

Version 7:
----------
File extension: .xxx/.ttt/.micro/.mp3/as original
Location of data file on disk: not used
Location of recovery file: %mydocuments%\recover_file_%random%.txt, %mydocuments%\recover.txt or any txt file located in %mydocuments% (they were changing the name very often)
Location of data file in registry: [HKCU\Software\%IDhex%]  (data stored here cannot be used for decryption without Tesla's private key or RandomPrivateKey1)
Location of log file: not used
Data file protected: N/A
Decryption key offset: N/A
Info: The decryption key is predefined in the TeslaDecoder. Please read section 1.1.

Version 8:
----------
File extension: as original
Location of data file on disk: (since 4.1) %mydocuments\recover.bin, %mydocuments%\desctop.ini, %mydocuments%\desctop._ini
Location of recovery file: %mydocuments%\-HELP-file.txt,%mydocuments%\+recover+file.txt or any form of this strings and letters
Location of data file in registry: [HKCU\Software\%IDhex%]  (data stored here cannot be used for decryption without Tesla's private key or PrivateKeyRandom1), N/A (since 4.1)
Location of log file: not used
Data file protected: AES
Decryption key offset: N/A
Info: The decryption key is predefined in the TeslaDecoder. Please read section 1.1.


6.2 List of known versions of Tesla/AlphaCrypt: (Their version numbering)
=========================================================================
.ecc 0.2.5 - 0.3.6b
.ezz 0.3.7 - 0.3.7b
.exx 0.4.0 - 0.4.1a
.xyz 1.0.0, 1.0.1
.zzz 2.0.0 - 2.0.4a
.aaa 2.0.4b - 2.0.5a
.abc 2.0.5a, 2.0.5b, 2.1.0
as original 2.1.1 (probably only test version, because they went back to version 2.1.0)
.ccc 2.1.0a, 2.1.0b, 2.1.0c, 2.1.0d, 2.2.0
.vvv 2.2.0
.xxx/.ttt./.micro 3.0.0
.micro/.mp3 3.0.0a
.mp3 3.0.1, 4.0
as original 4.0+
