private void btnRevertSelected_Click(object sender, EventArgs e)
{
foreach (Object item in lstResults.SelectedItems)
{
RestoreFileItem file = (RestoreFileItem)item;
Console.WriteLine("Starting restore of... " + file.current_name);
// Do restore
string fileCachePath = downloadPath + "\\cache\\" + file.fileId + ".bin";
Google.Apis.Drive.v3.Data.File f = service.Files.Get(file.fileId).Execute();
//Download Revision
MemoryStream stream = new MemoryStream();
RevisionsResource.GetRequest dlRevision = new RevisionsResource.GetRequest(service, file.fileId, file.previous_revisionId);
dlRevision.Download(stream);
//service.Files.Get(revision.Id).Download(stream);
System.IO.File.WriteAllBytes(fileCachePath, stream.ToArray());
//Replace revision
//System.IO.FileStream fs = new FileStream(downloadPath + "\\download\\"+ revision.OriginalFilename, FileMode.Open);
FilesResource.UpdateMediaUpload fUpload = service.Files.Update(f, file.fileId, stream, file.current_mimeType);
f.Name = file.previous_name;
f.Id = null;
fUpload.Fields = "name";
var uploadStatus = fUpload.Upload();
if (uploadStatus.Exception != null)
{
MessageBox.Show("Error Uploading File!");
}
}
}
private List <RestoreFileItem> getTargetFiles()
{
List <RestoreFileItem> results = new List <RestoreFileItem>();
/** CODE HERE **/
//Find all files
FilesResource.ListRequest listRequest = service.Files.List();
listRequest.PageSize = 1000; //TODO CHANGE TO VERY LARGE VALUE
listRequest.Q = "name contains 'b4bc'"; //SEARCH FOR RANSOMWARE
listRequest.Fields = "nextPageToken, files(id, name, modifiedTime, mimeType, size, lastModifyingUser(me))";
// List files.
IList <Google.Apis.Drive.v3.Data.File> files = listRequest.Execute()
.Files;
Console.WriteLine("Found " + files.Count + " files...");
if (files != null && files.Count > 0)
{
foreach (var file in files)
{
if (file.Size == null)
{
continue; // Only look at binary files
}
if (file.ModifiedTime < dateModifiedSince_value)
{
continue; // Only look at files recently changed
}
//if (!file.LastModifyingUser.Me.Value) continue; // Only look at files modified by current user (RANSOMWARE)
if (!file.Name.Contains("b4bc"))
{
continue; // Only look for RANSOMWARE pattern 1
}
//Create object for revisionresults
RestoreFileItem result = new RestoreFileItem();
result.fileId = file.Id;
result.current_modifiedDate = file.ModifiedTime.Value;
result.current_name = file.Name;
result.current_mimeType = file.MimeType;
//Check if file has previous revisions...
RevisionsResource.ListRequest revisionListRequest = service.Revisions.List(file.Id);
revisionListRequest.PageSize = 10;
revisionListRequest.Fields = "kind, revisions(id, modifiedTime, originalFilename)";
bool foundValueRevision = false;
try
{
IList <Google.Apis.Drive.v3.Data.Revision> revisions = revisionListRequest.Execute().Revisions;
if (revisions != null && revisions.Count > 1) //At least something to go back to other than current version
{
foreach (var revision in revisions)
{
if (revision.ModifiedTime < dateModifiedSince_value)
{
foundValueRevision = true;
Console.WriteLine("Found valid revision for file " + file.Name + "... revision from date " + revision.ModifiedTime.ToString());
result.previous_revisionId = revision.Id;
result.previous_modifiedDate = revision.ModifiedTime.Value;
result.previous_name = revision.OriginalFilename;
}
}
}
else
{
//NO REVISIONS
continue;
}
}
catch (Exception e) { }
if (foundValueRevision)
{
//Good revision found
string toString = result.current_name + " (" + result.current_modifiedDate.ToString() + ") -> " + result.previous_name + " (" + result.previous_modifiedDate.ToString() + ")";
result.toString = toString;
results.Add(result);
}
}
}
else
{
Console.WriteLine("No files found.");
}
/** END HERE **/
//Save results to disk for sanity
var json = new JavaScriptSerializer().Serialize(results);
System.IO.File.AppendAllText(downloadPath + "\\restorable.lst", "[date]" + dateModifiedSince_value.ToString() + "[/date]" + json);
return(results);
}
