LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-20-2018, 07:36 AM   #1
tastyboi
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Rep: Reputation: Disabled
Need Help With Converting from Hex Dump and Decompressing


Hi all,
I was on here earlier asking for help with OverTheWire's Bandit Wargames, designed to help new users sharpen their Linux skills. I toughed my way through 14 levels before finally getting stumped on this one. (link) The goal is to decrypt a given text file which is a hex dump of a file that has been compressed multiple times. I used xxd -r to reverse the hex dump. Then I decompressed it twice with gzip -d. It is still a garbled mess, and I am not sure if I am even on the right track. So that is why I came here. Also, I stopped after two decompressions because I began to get an error message that said data3.gz is not in gzip format. I don't want to keep messing around with that if that's not even what I am supposed to be doing. Any input would be appreciated. Thanks!

http://overthewire.org/wargames/bandit/bandit13.html

Here is the output of what I have done. data.txt is the original file.
Quote:
bandit12@bandit:/tmp/whatever69$ cat data.txt
00000000: 1f8b 0808 d7d2 c55b 0203 6461 7461 322e .......[..data2.
00000010: 6269 6e00 013c 02c3 fd42 5a68 3931 4159 bin..<...BZh91AY
00000020: 2653 591d aae5 9800 001b ffff de7f 7fff &SY.............
00000030: bfb7 dfcf 9fff febf f5ad efbf bbdf 7fdb ................
00000040: f2fd ffdf effa 7fff fbd7 bdff b001 398c ..............9.
00000050: 1006 8000 0000 0d06 9900 0000 6834 000d ............h4..
00000060: 01a1 a000 007a 8000 0d00 0006 9a00 d034 .....z.........4
00000070: 0d1a 3234 68d1 e536 a6d4 4000 341a 6200 ..24h..6..@.4.b.
00000080: 0069 a000 0000 0000 d003 d200 681a 0d00 .i..........h...
00000090: 0001 b51a 1a0c 201e a000 6d46 8068 069a ...... ...mF.h..
000000a0: 6834 340c a7a8 3406 4000 0680 0001 ea06 h44...4.@.......
000000b0: 8190 03f5 4032 1a00 0343 4068 0000 0686 ....@2...C@h....
000000c0: 8000 0320 00d0 0d00 0610 0014 1844 0308 ... .........D..
000000d0: 04e1 c542 9ab8 2c30 f1be 0b93 763b fb13 ...B..,0....v;..
000000e0: 50c4 c101 e008 3b7a 92a7 9eba 8a73 8d21 P.....;z.....s.!
000000f0: 9219 9c17 052b fb66 a2c2 fccc 9719 b330 .....+.f.......0
00000100: 6068 8c65 e504 5ec0 ae02 fa6d 16bc 904b `h.e..^....m...K
00000110: ba6c f692 356e c02b 0374 c394 6859 f5bb .l..5n.+.t..hY..
00000120: 0f9f 528e 4272 22bb 103c 2848 d8aa 2409 ..R.Br"..<(H..$.
00000130: 24d0 d4c8 4b42 7388 ce25 6c1a 7ec1 5f17 $...KBs..%l.~._.
00000140: cc18 ddbf edc1 e3a4 67f1 7a4d 8277 c823 ........g.zM.w.#
00000150: 0450 2232 40e0 07f1 ca16 c6d6 ef0d ecc9 .P"2@...........
00000160: 8bc0 5e2d 4b12 8586 088e 8ca0 e67d a55c ..^-K........}.\
00000170: 2ca0 18c7 bfb7 7d45 9346 ea5f 2172 01e4 ,.....}E.F._!r..
00000180: 5598 673f 45af 69b7 a739 7814 8706 04ed U.g?E.i..9x.....
00000190: 5442 1240 0796 6cc8 b2f6 1ef9 8d13 421d TB.@..l.......B.
000001a0: 461f 2e68 4d91 5343 34b5 56e7 46d0 0a0a F..hM.SC4.V.F...
000001b0: 72b7 d873 71d9 6f09 c326 402d dbc0 7cef r..sq.o..&@-..|.
000001c0: 53b1 df60 9ec7 f318 00df 3907 2e85 d85b S..`......9....[
000001d0: 6a1a e105 0207 c580 e31d 82d5 8646 183c j............F.<
000001e0: 6a04 4911 101a 5427 087c 1f94 47a2 270d j.I...T'.|..G.'.
000001f0: ad12 fc5c 9ad2 5714 514f 34ba 701d fb69 ...\..W.QO4.p..i
00000200: 8eed 0183 e2a1 53ea 2300 26bb bd2f 13df ......S.#.&../..
00000210: b703 08a3 2309 e43c 44bf 75d4 905e 5f96 ....#..<D.u..^_.
00000220: 481b 362e e82d 9093 7741 740c e65b c7f1 H.6..-..wAt..[..
00000230: 5550 f247 9043 5097 d626 3a16 da32 c213 UP.G.CP..&:..2..
00000240: 2acd 298a 5c8a f0c1 b99f e2ee 48a7 0a12 *.).\.......H...
00000250: 03b5 5cb3 0037 cece 773c 0200 00 ..\..7..w<...
bandit12@bandit:/tmp/whatever69$ cat data2.txt
���h��6��@4�bi���h�91AY&SY��������ϟ���������������׽��9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�

��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�7��w<bandit12@bandit:/tmp/whatever69$ cat data2
���h��6��@4�bi���h����������������׽��9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�

��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�bandit12@bandit:/tmp/whatever69$ cat data3.gz
���h��6��@4�bi���h����������������׽��9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�

��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�bandit12@bandit:/tmp/whatever69$ gzip -d data3.gz > ddd.txt

gzip: data3.gz: not in gzip format
bandit12@bandit:/tmp/whatever69$

Last edited by tastyboi; 12-20-2018 at 07:38 AM. Reason: added output
 
Old 12-20-2018, 07:51 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Does the file command reveal anything?
 
1 members found this post helpful.
Old 12-20-2018, 08:15 AM   #3
tastyboi
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by berndbausch View Post
Does the file command reveal anything?
Tried it on data3.gz. Turns out it was a bzip2 file...
Quote:
bandit12@bandit:/tmp/whatever69$ file data3.gz
data3.gz: bzip2 compressed data, block size = 900k
New Output:

Quote:
bandit12@bandit:/tmp/whatever69$ bzcat data3.gz > data4.gz
bandit12@bandit:/tmp/whatever69$ cat data4.gz
���[data4.bin��=H����T,��)C�,D�ތ�K"*�"����*ե�^��k
b�
E)|�8�[E��R�/4-�U'E�tl�`��������ٞ����N�>�Z6�_Yp)u���
#�5���
H��~E�}}�u����S]���uU5L������b=uZ�
�Ya��$Df����D���=�����"�8^W��IG�%��zZv��S�t>�nN��=�Z�����*��ȼz����?&����g���ZВ�y˓۷��W��G2GnG�����畡�O �Rݗ�}k���[�<�
Zw3��y������n��ҺyO~7��ˇ�Y�E�NM6>>Ȟ���z�0s�{�z�;�J��Y�o�!���� ����[F\P
 
Old 12-20-2018, 08:15 AM   #4
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: Debian
Posts: 900

Rep: Reputation: 290Reputation: 290Reputation: 290
Below are all the different kind of commands you need:
  • bunzip2
  • anything you have to read ASCII test (cat/less/more/vi(m))
  • xxd -r
  • gunzip
  • mv
  • file
  • tar xvf
NB: I've shuffled the commands so you don't know when to use them
Hint: original file has been compressed around 8 times.

Last edited by l0f4r0; 12-20-2018 at 08:18 AM.
 
1 members found this post helpful.
Old 12-20-2018, 08:22 AM   #5
tastyboi
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thank you for mentioning the file command. Now I know what the appropriate utilities are to use are. Thanks again!

Last edited by tastyboi; 12-20-2018 at 08:29 AM.
 
Old 12-20-2018, 08:23 AM   #6
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,470

Rep: Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799Reputation: 2799
Are we having fun yet?

PS - The password is 8Zj....
 
  


Reply

Tags
gzip, kali


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[bash] ASCII to HEX and hex to ascii ////// Programming 17 05-08-2018 10:55 PM
hex output -> output hex jonnyog Programming 6 06-24-2014 10:32 AM
Passable nouveau kernel driver bug (MMIO read of [hex l] FAULT at [hex l]) marbangens Linux - General 1 05-24-2013 02:35 AM
Hex output of a hex/ascii input string mlewis Programming 35 04-10-2008 01:05 PM
hex to ascii and ascii to hex ilnli Programming 7 08-31-2007 12:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration