Google云端硬盘文件 - 批量管理版本

Question

我试图寻找一个解决方案,但是还没有能够这样我认为我会开始一个新的问题.

我想要做的是还原在特定日期编辑过的文件,以恢复到之前的版本.原因是我的计算机上发现了一个恶意软件,它已经加密了我的所有文件.由于我在桌面上运行了Google云端硬盘应用程序,恶意软件加密了这些文件,谷歌云端硬盘已将其同步到云端......所以目前我在Google云端硬盘中有一堆损坏的文件.

我可以进入每个文件手动"管理修订版"并将其恢复为工作版本,但由于文件数量的原因,这需要花费数小时的时间.

我已经完成了有关可能会被使用的Google Drive API的阅读,但我不是专家程序员,所以我想问一下是否有人有任何建议/知道解决此问题的最佳方法.

干杯,阿尔弗雷德

Answer 1

这并不难.我假设文件在相关日期都被感染(因此被编辑),并且自那以后它们都没有被编辑过.如果是这种情况,那么您可以使用https://developers.google.com/drive/v2/reference/files/list并使用https://developers.google.com/drive/web/search-parameters指定这些文件modifiedDate.

然后,您可以检索修订Feed https://developers.google.com/drive/v2/reference/revisions/list,我猜您在恶意软件日期之前正在寻找最新版本.

然后,您将获取内容并使用它来创建新文件,可能在新的"未加密"文件夹中.或者,您可以尝试使用https://developers.google.com/drive/v2/reference/revisions/delete删除加密的修订版,从而在其之前公开未加密的修订版.NB我还没有尝试过这种方法.

如果您之前从未创建过Drive App,那么您将获得很多乐趣.预算2-3天进行阅读并使其正常运行.作为骨架,您可能需要查看https://github.com/pinoyyid/drive-untrash.我写这篇文章是为了快速解开所有用户的文件.因此,不同的使用情况,但通过更换q=untrashed与q=modifiedDate=yyyy-mm-dd和替换untrash用get_revisions, delete top_revision,这是从你想要的不是一个百万英里的路程.

NB.有点显而易见,但在黑客修订之前确保你有一个备份副本.

Answer 2

我们受到了 cerber 勒索软件的攻击，它感染了我们的 Google 驱动器。我能够创建一个 Python 脚本，使用 Google Drive API 来返回驱动器上的转速。此处复制了该代码，仅供参考。不要按原样使用它。请注意代码顶部的免责声明。希望它能让您开始走上完全康复的道路。

另请注意，为了使用 Google Drive，您必须使用受感染的帐户登录，并通过访问https://console.developers.google.com生成 client_secret.json 文件。将文件放在与此脚本相同的目录中。

运行脚本：%python script_name.py

# This file CHANGES the drive. USE IT AT YOUR OWN RISK. I'M NOT RESPONSIBLE FOR ANY LOSE.
# It removes the revisions of cerber2 encrpted files
# It also renames the file back to what it was before the cerber2 infection
# You will probably have to run it multiple times because it only removes one rev each time.
# Good luck! Hope you get back to a state you were before the infection.
#

from __future__ import print_function
import httplib2
import os
import json

from apiclient import discovery
import oauth2client
from oauth2client import client
from oauth2client import tools

try:
    import argparse
    flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args()
except ImportError:
    flags = None

# If modifying these scopes, delete your previously saved credentials
# at ~/.credentials/drive-python-quickstart.json
#SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
SCOPES = 'https://www.googleapis.com/auth/drive'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Drive API Python Quickstart'


def get_credentials():
    """Gets valid user credentials from storage.

    If nothing has been stored, or if the stored credentials are invalid,
    the OAuth2 flow is completed to obtain the new credentials.

    Returns:
        Credentials, the obtained credential.
    """
    home_dir = os.path.expanduser('~')
    credential_dir = os.path.join(home_dir, '.credentials')
    if not os.path.exists(credential_dir):
        os.makedirs(credential_dir)
    credential_path = os.path.join(credential_dir,
                                   'drive-python-quickstart.json')

    store = oauth2client.file.Storage(credential_path)
    credentials = store.get()
    if not credentials or credentials.invalid:
        flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
        flow.user_agent = APPLICATION_NAME
        if flags:
            credentials = tools.run_flow(flow, store, flags)
        else: # Needed only for compatibility with Python 2.6
            credentials = tools.run(flow, store)
        print('Storing credentials to ' + credential_path)
    return credentials

def main():
    """Shows basic usage of the Google Drive API.

    Creates a Google Drive API service object and outputs the names and IDs
    for up to 10 files.
    """
    credentials = get_credentials()
    http = credentials.authorize(httplib2.Http())
    service = discovery.build('drive', 'v3', http=http)

    results = service.files().list(
      corpus="domain",
      spaces="drive",
      pageSize=1000,
      orderBy="folder,modifiedTime desc,name",
      q= "name contains 'DECRYPT MY FILES'",
      fields="nextPageToken, files(id, name)"   
        ).execute()
    items = results.get('files', [])
    if not items:
        print('No files found.')
    else:
        print('Files:')
        for item in items:
                deleteFile = service.files().delete(fileId=item['id']).execute()
                print("file deleted " + item['name'])


    results = service.files().list(
      corpus="domain",
      spaces="drive",
      pageSize=1000,
      orderBy="folder,modifiedTime desc,name",
      #q="modifiedTime > '2016-09-04T12:00:00'",
      q= "name contains 'cerber2'",
      fields="nextPageToken, files(id, name)"   
        ).execute()
    items = results.get('files', [])
    if not items:
        print('No files found.')
    else:
        print('Files:')
        for item in items:
                details = service.files().get(
                    fileId=item['id'],
                    fields="lastModifyingUser,name").execute()
                #print(details)
                if(details['name'].endswith("cerber2")):
                    print('-------------------------File-------------------------------')
                    print(details)
                    revs = service.revisions().list(fileId=item['id'],fields="kind,revisions").execute()
                    allrev = revs['revisions']
                    print('==checking old revs==')
                    if(len(allrev) > 1):   
                        #print(json.dumps(allrev,indent=4))                    
                        lastRev = allrev[-1]
                        if(lastRev['originalFilename'].endswith("cerber2")):
                          try:
                            print("removing lastrev of file " + details['name'] + " " + lastRev['id'])   # delete the lastRev
                            revDel = service.revisions().delete(fileId=item['id'],revisionId=lastRev['id']).execute()
                            print(revDel)
                          except:
                            print("trying to remove earlier rev") # in case there are two revs with same time stamp, Google does not return the last rev as the last structure and the script fails
                            lastRev = allrev[-2]
                            if(lastRev['originalFilename'].endswith("cerber2")):
                              try:
                                print("removing lastrev of file " + details['name'] + " " + lastRev['id'])   # delete the lastRev
                                revDel = service.revisions().delete(fileId=item['id'],revisionId=lastRev['id']).execute()
                              except:
                                print("Please handle this file yourself. Unable to remove revisions " + details['name'])
                        else:
                          print("lastRev name does not seem infected " + lastRev['originalFilename'])
                          file = {'name': lastRev['originalFilename']}
                          # Rename the file.
                          updated_file = service.files().update(fileId=item['id'],body=file,fields='name').execute()
                          print("Renamed")
                    else:
                        lastRev = allrev[0]
                        print("rename " + details['name'] + " id=" + item['id'] + " to " + lastRev['originalFilename'])
                        file = {'name': lastRev['originalFilename']}
                        # Rename the file.
                        updated_file = service.files().update(fileId=item['id'],body=file,fields='name').execute()
                        print("Renamed")






if __name__ == '__main__':
    main()


#set PYTHONIOENCODING=utf-8  : You may need to set this in case file names have chars that cannot be printed on the console