Last active
October 19, 2016 05:01
-
-
Save vishwakarma/08e57add80098badae9556b21db28196 to your computer and use it in GitHub Desktop.
[Dropbox] Script to restore ransomware corrupted files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| # Include the Dropbox SDK | |
| import dropbox | |
| from dropbox.files import DeletedMetadata | |
| def solve(entries, client, store, corrupted_file_extension): | |
| for i in entries: | |
| if i.name.endswith('swp'): | |
| continue | |
| if isinstance(i,DeletedMetadata): | |
| if i.name.endswith(corrupted_file_extension): | |
| continue | |
| # print i.name | |
| try: | |
| revisions = client.files_list_revisions(i.path_lower, 10) | |
| if len(revisions.entries) > 0: | |
| entry = revisions.entries[0] | |
| if entry.id in store: | |
| val = store[entry.id] | |
| if val['from_odin'] == True: | |
| val['path'] = i.path_lower | |
| val['rev'] = entry.rev | |
| val['active'] = True | |
| store[entry.id] = val | |
| else: | |
| store[entry.id] = {'path':i.path_lower,'rev':entry.rev,'active': False,'odin_path':i.path_lower,'from_odin': False} | |
| except dropbox.exceptions.ApiError: | |
| print 'Found deleted directory --ignoring ', i.path_lower | |
| else: | |
| if i.name.endswith(corrupted_file_extension): | |
| if i.id in store: | |
| val = store[i.id] | |
| val['active'] = True | |
| val['odin_path'] = i.path_lower | |
| val['from_odin'] = True | |
| store[i.id] = val | |
| else: | |
| store[i.id] = {'path':i.path_lower,'rev':-1,'active': False,'odin_path':i.path_lower,'from_odin': True} | |
| def recover(path, client, corrupted_file_extension): | |
| store = {} | |
| list_content = client.files_list_folder(path,True,False,True,False) | |
| #print list_content | |
| solve(list_content.entries, client, store, corrupted_file_extension) | |
| rp = client.files_list_folder_continue(list_content.cursor) | |
| solve(rp.entries, client, store, corrupted_file_extension) | |
| #print store | |
| for key, value in store.iteritems(): | |
| if value['rev'] != -1 and value['active'] == True and value['from_odin'] == True: | |
| #print 'Restoring -- ', value['path'], 'from => ', value['odin_path'] | |
| resp = client.files_restore(value['path'], value['rev']) | |
| #client.files_move(value['odin_path'],value['odin_path']+'-thor') | |
| #print '"',value['path'], '",', '"',value['odin_path'],'"' | |
| total = len(sys.argv) | |
| if total < 4: | |
| raise Exception('Insufficient params, usage : python dropbox-restore.py app_key app_secret corrupted_file_extension') | |
| # Get your app key and secret from the Dropbox developer website | |
| app_key = sys.argv[1] | |
| app_secret = sys.argv[2] | |
| flow = dropbox.client.DropboxOAuth2FlowNoRedirect(app_key, app_secret) | |
| # Have the user sign in and authorize this token | |
| authorize_url = flow.start() | |
| print '1. Go to: ' + authorize_url | |
| print '2. Click "Allow" (you might have to log in first)' | |
| print '3. Copy the authorization code.' | |
| code = raw_input("Enter the authorization code here: ").strip() | |
| # This will fail if the user enters an invalid authorization code | |
| access_token, user_id = flow.finish(code) | |
| #client = dropbox.client.DropboxClient(access_token) | |
| client = dropbox.Dropbox(access_token) | |
| #starts with root directory | |
| recover('', client, sys.argv[3]) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment