# Rensenware Archive

> **An archival collection of the original Rensenware malware and its official companion utilities.**
>
> This archive exists for **historical preservation, malware research, and documentation purposes only.**

---

# ⚠️⚠️⚠️ EXTREMELY IMPORTANT WARNING ⚠️⚠️⚠️

# **DO NOT RUN ANY OF THESE PROGRAMS ON YOUR MAIN COMPUTER.**

## **ONLY USE THEM INSIDE A DISPOSABLE VIRTUAL MACHINE.**

Even though this archive includes multiple recovery tools created by the original author, **there is NO GUARANTEE they will recover your files.**

**If `rensenware.exe` crashes, freezes, is forcefully closed, or otherwise fails before decryption completes, the AES encryption key and IV are NOT saved locally.**

That means:

* **Your files may become permanently unrecoverable.**
* **No recovery tool can recreate missing encryption keys.**
* **There is no "master key."**
* **There is no universal decryptor.**

The included tools only work under very specific circumstances and **cannot undo lost encryption keys.**

## **Assume that running the original Rensenware executable will permanently destroy every file it encrypts.**

**Do not experiment on anything you care about.**

**Use a throwaway virtual machine with disposable files only.**

---

# About Rensenware

Rensenware is one of the internet's strangest pieces of malware history.

Created in 2017 by Korean developer **Kangjun Heo (허강준; alias "0x00000FF")**, it is technically ransomware, but instead of demanding money, cryptocurrency, or personal information, it requires the victim to achieve a score of over **200 million points** in **Touhou 12: Undefined Fantastic Object** on **Lunatic difficulty** before it will decrypt the victim's files.

Despite the absurd premise, the original release performs **real AES encryption** against user files. The joke is entirely in the ransom demand, the encryption itself is genuine.

The project quickly spread across the internet, becoming infamous both for its unusual design and for demonstrating how dangerous "joke malware" can become once released publicly.

After realizing people were actually infecting their computers, the author removed the original source code from GitHub and published a public apology.

As the author wrote:

> "I made it. I made it for joke, and just wanted to laugh with people who like Touhou Project Series... At the point of the distribution, the tragedy was beginning."

The author later stated that they removed the encryption/decryption source code from GitHub because they no longer wanted the project to be treated as a joke after real users began losing data.

This archive preserves both the original malware and the official recovery utilities released afterward.

---

# Archive Contents

---

## rensenware.exe

The original ransomware.

After execution it searches for a wide variety of common file types and encrypts them using AES.

Instead of requesting money, it monitors the running process of **Touhou 12** and waits until the player reaches the required score.

Only then does it decrypt the encrypted files.

### Included for

* Malware history
* Research
* Digital preservation
* Reverse engineering

**Not recommended for execution under any circumstances outside an isolated VM.**

---

## rensenware_forcer.exe

Official recovery utility created by the original author.

This utility exists because the author realized many people could not realistically achieve the required Touhou score.

It works by modifying the memory of a running Touhou 12 process, instantly changing the score high enough for Rensenware to approve decryption.

Requirements:

* Running copy of Touhou 12
* Original, unmodified Rensenware

---

## rensenware_forcer_enhanced.exe

Updated version of the official forcer.

Functionally identical to the original except it allows the user to choose the score value written into Touhou 12's memory.

Requirements:

* Running Touhou 12 process
* Original Rensenware

---

## th12.exe

The final evolution of the recovery utilities.

Unlike the previous forcers, this executable **does not require Touhou 12 to be installed or running.**

Instead, it creates a fake ("decoy") Touhou process that satisfies Rensenware's requirements automatically.

If successful, Rensenware immediately proceeds with decryption.

### Notes

This utility can occasionally fail with an error while creating the decoy process.

If that happens:

1. Close the terminal.
2. Run `th12.exe` again.
3. Repeat until the decryption success message appears.

This behavior appears normal.

For users recovering encrypted files, **this is generally the preferred recovery utility.**

---

## rensenware_forcer_debug.exe

Included **only for archival purposes.**

This appears to be a developmental or debugging build of the final `th12.exe` utility.

Although the console output resembles the final version, this build appears defective or incomplete.

Possible explanations include:

* Built for an earlier version of Rensenware
* Intended for internal testing
* Different runtime assumptions
* Simply unfinished

Regardless of the cause, **it is not recommended for actual recovery attempts.**

---

## rensenware_protection.exe

Preventative utility released by the original author.

Unlike the recovery tools, this program is designed to be run **before** Rensenware is ever executed.

It creates two hidden pseudo key/IV files on the desktop.

When Rensenware starts, it detects these files and skips generating new encryption keys, preventing the normal encryption process from occurring.

### Important

This utility is preventative only.

It **cannot decrypt files** that have already been encrypted.

It must be run **before** Rensenware.

---

# Why were these tools released?

Following the unexpected spread of Rensenware, the author publicly apologized for the project and released several utilities to help victims recover their files.

These recovery programs were never intended to make Rensenware "safe."

Instead, they were emergency tools created after the author realized people had trusted and executed the malware on real systems.

---

# Preservation Notes

This archive is intended to preserve an unusual piece of internet history.

Although Rensenware is malware, it also represents an interesting moment in software culture:

* A joke project that escaped its creator's expectations
* A rare ransomware sample with a video game replacing a monetary ransom
* An example frequently discussed in malware history, reverse engineering communities, and internet preservation circles

Like many historical malware samples, it is preserved here for educational and archival purposes, not for practical use.

---

# Sources

Wikipedia - Rensenware
[https://en.wikipedia.org/wiki/Rensenware](https://en.wikipedia.org/wiki/Rensenware)

Official "cut" source release
[https://github.com/0x00000FF/rensenware-cut](https://github.com/0x00000FF/rensenware-cut)

Author's apology
[https://github.com/0x00000FF/rensenware-cut/blob/master/RANSOMWARE_IS_NOT_A_JOKE_kr.md](https://github.com/0x00000FF/rensenware-cut/blob/master/RANSOMWARE_IS_NOT_A_JOKE_kr.md)

Official recovery utilities
[https://github.com/0x00000FF/rensenware_force](https://github.com/0x00000FF/rensenware_force)

Official protection utility
[https://github.com/0x00000FF/rensenware-protect](https://github.com/0x00000FF/rensenware-protect)

---

# ⚠️ FINAL REMINDER ⚠️

# **NEVER RUN THIS SOFTWARE ON YOUR PRIMARY COMPUTER.**

## **Use a disposable virtual machine only.**

Even with every recovery utility included in this archive, **data loss is still possible if the original Rensenware process crashes or terminates before completing decryption.**

**Treat the original executable as destructive malware, because that is exactly what it is.**

This archive exists to preserve a fascinating chapter of internet history, not to encourage experimentation on real systems.
