XMF

My files have been encrypted with TFUDE

Recommended Posts

Hi, some files have been encrypted with TFUDE. Unfortunately I don't have the original files. 

The decryptor can not decrypt these files as it does not have my key... (I believe) 

It says "Error:P Unable to decrypt file with ID: vQNCMTRmHSC8q8MHGkO5Ws5CeQLc9bhF24iPX9bF "

Could you assist me with this?

 

Kind regards,

 

Share this post


Link to post
Share on other sites
19 hours ago, XMF said:

Error:P Unable to decrypt file with ID: vQNCMTRmHSC8q8MHGkO5Ws5CeQLc9bhF24iPX9bF

That error just means there's no key for your ID in our database. This is because you have an online ID. Fortunately this is an older variant of STOP/Djvu, and you should be able to recover your files by supplying file pairs via the submission form to help the decrypter "learn" how to decrypt your files. There's more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Yes I have read all that documentation, however I unfortunately don't have originals of the encrypted files. 

(It has encrypted my SD card when I put it in a friends computer)  so it has encrypted the files when I wanted to get them off the card.

 

Share this post


Link to post
Share on other sites

Yes I do have that. Also I have XML files that are created when recording a video. Those are small and easy to upload. However I have tried uploading a pair of those but the uploader said it was not a matched upload of the original and encrypted file

Share this post


Link to post
Share on other sites

You would need for the same variant of STOP/Djvu that encrypted your SD card to also encrypt a file you have an original copy of, and then you could use it as a file pair. Unfortunately I don't have a copy of this variant of STOP/Djvu, so I probably won't be able to do it for you. I'll ask our malware analysts in case they happen to have kept one, however that variant is almost a year old so the odds are fairly low that we still have it around.

Edited by GT500
Actually, that wouldn't work... It's an online ID...

Share this post


Link to post
Share on other sites

Forget that, I just realized it would only work if you did it on the same computer that the files were originally encrypted on.

Did your friend have any files from your camera on their computer that were encrypted?

Share this post


Link to post
Share on other sites
2 minutes ago, XMF said:

Unfortunately neither, the card got totally encrypted as soon as it was put in the computer. 

Well, unless your friend's computer is still infected, then I don't think you'll be able to get a working file pair.

Reinfecting the computer probably wouldn't work, as the command and control server address changes periodically, so it wouldn't be able to connect to the command and control server and wouldn't use the same ID and key that it did before.

Share this post


Link to post
Share on other sites

I do have one JPEG from the same card that is not infected, and I have tonnes of infected jpegs. Although when I upload it, it's mentioned that it's not the exact same file (which is correct)

So I guess there is no solution in that case?

Share this post


Link to post
Share on other sites
20 hours ago, XMF said:

So I guess there is no solution in that case?

The only solution is to try to use file pairs from your friend's computer, specifically other images of the same format, however being JPEG images there's a weird complication where they normally would need to have been saved from the same source (the same camera, the same editing software, etc) in order for that to work.

If there's any way to get around that complication, then I'll let you know, however please note that any answers will be slowed down a bit right now due to holidays.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.