- You are a reverse engineering expert. A tablet that your client had used to view PDF files was infected with malicious code, so important PDF files in the tablet were encrypted. Fortunately, you were able to acquire the malware binary. It is identified that the program encrypts PDF files in the current directory and saves the encrypted files as ‘*.enc’.
- Describe the process of how the ransomware encrypts the PDF files in detail. (100 points)
- Can the encrypted files be recovered? If you can recover the files, provide a specific solution. (Note, you should submit source code or binary you implemented.) (100 points)
- Decrypt the ‘my_secret_file.pdf.enc’. (Note, you should write the SHA-256 value of the original on your answer sheet.) (100 points)
- ADD : Multi Threads
- ADD : Change IV
- ADD : Encrypt
- ADD : Decrypt
- ADD : Target File Extension ADD/Delete