A small utility I’m using to play with the WannaCry -encrypted files. It’s not decrypting the files, unless you have the private key. Nothing fancy, nothing gets uploaded, all processing is done in your browser.

Start by dropping a file with the extension .WNCRY on the drop zone below. Don’t have one at hand? Download and use this one .

Header info
typedef struct _wannacry_file_t {
	char     signature[8]; 			// 64-bit signature.
	uint32_t key_length;            // Length of encrypted key.
	uint8_t  key[256]; 				// AES key encrypted with RSA.
	uint32_t unknown;            	// Usually 4 or 3, not sure what it is used for.
	uint64_t data_length;           // Length of file before encryption.
	uint8_t  data;               	// AES-128 ciphertext.
} wannacry_file_t;
File info
Encryption key info
Encrypted payload info


Release dateJuly 15, 2016
Download sourcezip archive