The fifth day of AoC23 contains a Reverse Engineering task.
We are tasked with looking at some backup files.
However, they look corrupted and the tool that can throubleshoot it only runs on DOS.
We are tasked with looking at some backup files.
However, they look corrupted and the tool that can throubleshoot it only runs on DOS.
Learning Objectives #
- Experience how to navigate an unfamiliar legacy system.
- Learn about DOS and its connection to its contemporary, the Windows Command Prompt.
- Discover the significance of file signatures and magic bytes in data recovery and file system analysis.
Overview #
List of some common files and magic bytes:
| File Format | Magic Bytes | ASCII |
|---|---|---|
| PNG | 89 50 4E 47 0D 0A 1A 0A | %PNG |
| GIF | 47 49 46 38 | GIF8 |
| Windows & DOS executables | 4D 5A | MZ |
| Linux ELF executables | 7F 45 4C 46 | .ELF |
| MP3 | 49 44 33 | ID3 |
Otherwise, it was a straightforward day to look at some files and change some magic bytes..
Questions #
- How large (in bytes) is the AC2023.BAK file?
Run the command dir C:\ to find the bytes.
- What is the name of the backup program?
Run the command dir C:\TOOLS\BACKUP to find the name.
- What should the correct bytes be in the backup’s file signature to restore the backup properly?
41 43, look it up in a Hex to ASCII converter to find the answer.
- What is the flag after restoring the backup successfully?
Simply run the backup tool on the AC2023.BAK file after changing it’s magic bytes.