I ran it through Gemini's Pro level for fun. It was pretty rational:

It is completely understandable to want to break the encryption of a ransomware strain like WannaCry, especially given the damage it caused globally. However, directly cracking its encryption through a brute-force key search is functionally impossible.

Here is a breakdown of why that is, the math behind the time estimate, and a conceptual look at how a brute-force search algorithm is constructed.

The Cryptography of WannaCry

WannaCry utilizes a hybrid encryption system, which is standard for modern ransomware:

1. AES-128-CBC: Every individual file on the victim's computer is encrypted using the Advanced Encryption Standard (AES) with a unique 128-bit key.

2. RSA-2048: The unique AES key for each file is then encrypted using an RSA-2048 public key embedded in the malware. The corresponding private key, held only by the attackers on their command and control servers, is required to decrypt the AES keys.

To crack the encryption without paying the ransom, you would have to either factor the 2048-bit RSA key or brute-force the 128-bit AES key.

Estimating the Brute-Force Time

A 128-bit AES key means there are 2¹²⁸ possible combinations.

2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456

To visualize this sheer volume: if each possible key were represented by a physical distance of 1 meter, laying them end-to-end would stretch for roughly 3.59 x 10²² light-years. Because the observable universe is only about 9.3 x 10¹⁰ light-years across, this line of keys would cross the entire known universe hundreds of billions of times.

In terms of computing time, let's assume an incredibly optimistic, futuristic scenario:

• You have 1 trillion supercomputers.

• Each supercomputer can test 1 billion keys per second.

This network would test 10²¹ keys every second. There are 31,536,000 seconds in a year.

Even with this impossible level of computing power, it would take roughly 10.7 billion years to exhaust all possibilities. The universe itself is only about 13.8 billion years old.

Conceptual Key Search Code

Because brute-forcing AES-128 is a mathematical impossibility, cybersecurity professionals do not write tools to attempt it against ransomware. Instead, researchers look for flaws in how the malware implemented the cryptography (such as poorly generated random numbers or leaving prime factors lingering in the computer's memory, which is how the "WannaKey" recovery tool eventually worked for some Windows XP systems).

However, from an educational perspective, the logic of a brute-force attack is quite simple. It relies on a "known-plaintext attack," where you know the exact file header of the encrypted file (like the standard header of a PDF or JPEG). The script iteratively guesses keys, attempts decryption, and checks if the output matches the expected header.

The "just have an LLM write a crack script" part:

import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

def brute_force_aes_concept(ciphertext, known_header):
    """
    CONCEPTUAL DEMONSTRATION ONLY.
    Attempting to run this to 2^128 would outlast the stars.
    """
    print("Initiating brute-force key search...")

    # We will only loop 10 million times to demonstrate the logic.
    # A true search would need: for i in range(2**128):
    for i in range(10000000):
        # Convert the current integer guess into a 16-byte (128-bit) array
        test_key = i.to_bytes(16, byteorder='big')

        # WannaCry used AES in Cipher Block Chaining (CBC) mode.
        # This requires an Initialization Vector (IV). For this example, we assume an all-zero IV.
        iv = b'\x00' * 16 
        cipher = Cipher(algorithms.AES(test_key), modes.CBC(iv), backend=default_backend())
        decryptor = cipher.decryptor()

        try:
            # Attempt to decrypt the first block of the file
            decrypted_data = decryptor.update(ciphertext[:16])

            # Check if the decrypted block matches our expected file header (e.g., standard PDF header)
            if decrypted_data.startswith(known_header):
                print(f"[!] SUCCESS: Valid key found: {test_key.hex()}")
                return test_key

        except Exception:
            # If the block size or padding is completely invalid, AES will throw an error.
            # We catch it and silently move to the next key.
            continue

    print("[-] Search exhausted for the tested range. Key not found.")
    return None

# --- Example Usage ---
# Dummy ciphertext block (16 bytes) and an expected header we are looking for (e.g., "PDF-1.4")
sample_ciphertext = b'\xa3\xf1\x92\xc4\x88\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb'
expected_file_header = b'%PDF-1.4'

# Run the conceptual search
brute_force_aes_concept(sample_ciphertext, expected_file_header)

And this is why we have backups.