Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-20-2018, 07:36 AM
|
#1
|
LQ Newbie
Registered: Oct 2017
Posts: 8
Rep:
|
Need Help With Converting from Hex Dump and Decompressing
Hi all,
I was on here earlier asking for help with OverTheWire's Bandit Wargames, designed to help new users sharpen their Linux skills. I toughed my way through 14 levels before finally getting stumped on this one. (link) The goal is to decrypt a given text file which is a hex dump of a file that has been compressed multiple times. I used xxd -r to reverse the hex dump. Then I decompressed it twice with gzip -d. It is still a garbled mess, and I am not sure if I am even on the right track. So that is why I came here. Also, I stopped after two decompressions because I began to get an error message that said data3.gz is not in gzip format. I don't want to keep messing around with that if that's not even what I am supposed to be doing. Any input would be appreciated. Thanks!
http://overthewire.org/wargames/bandit/bandit13.html
Here is the output of what I have done. data.txt is the original file.
Quote:
bandit12@bandit:/tmp/whatever69$ cat data.txt
00000000: 1f8b 0808 d7d2 c55b 0203 6461 7461 322e .......[..data2.
00000010: 6269 6e00 013c 02c3 fd42 5a68 3931 4159 bin..<...BZh91AY
00000020: 2653 591d aae5 9800 001b ffff de7f 7fff &SY.............
00000030: bfb7 dfcf 9fff febf f5ad efbf bbdf 7fdb ................
00000040: f2fd ffdf effa 7fff fbd7 bdff b001 398c ..............9.
00000050: 1006 8000 0000 0d06 9900 0000 6834 000d ............h4..
00000060: 01a1 a000 007a 8000 0d00 0006 9a00 d034 .....z.........4
00000070: 0d1a 3234 68d1 e536 a6d4 4000 341a 6200 ..24h..6..@.4.b.
00000080: 0069 a000 0000 0000 d003 d200 681a 0d00 .i..........h...
00000090: 0001 b51a 1a0c 201e a000 6d46 8068 069a ...... ...mF.h..
000000a0: 6834 340c a7a8 3406 4000 0680 0001 ea06 h44...4.@.......
000000b0: 8190 03f5 4032 1a00 0343 4068 0000 0686 ....@2...C@h....
000000c0: 8000 0320 00d0 0d00 0610 0014 1844 0308 ... .........D..
000000d0: 04e1 c542 9ab8 2c30 f1be 0b93 763b fb13 ...B..,0....v;..
000000e0: 50c4 c101 e008 3b7a 92a7 9eba 8a73 8d21 P.....;z.....s.!
000000f0: 9219 9c17 052b fb66 a2c2 fccc 9719 b330 .....+.f.......0
00000100: 6068 8c65 e504 5ec0 ae02 fa6d 16bc 904b `h.e..^....m...K
00000110: ba6c f692 356e c02b 0374 c394 6859 f5bb .l..5n.+.t..hY..
00000120: 0f9f 528e 4272 22bb 103c 2848 d8aa 2409 ..R.Br"..<(H..$.
00000130: 24d0 d4c8 4b42 7388 ce25 6c1a 7ec1 5f17 $...KBs..%l.~._.
00000140: cc18 ddbf edc1 e3a4 67f1 7a4d 8277 c823 ........g.zM.w.#
00000150: 0450 2232 40e0 07f1 ca16 c6d6 ef0d ecc9 .P"2@...........
00000160: 8bc0 5e2d 4b12 8586 088e 8ca0 e67d a55c ..^-K........}.\
00000170: 2ca0 18c7 bfb7 7d45 9346 ea5f 2172 01e4 ,.....}E.F._!r..
00000180: 5598 673f 45af 69b7 a739 7814 8706 04ed U.g?E.i..9x.....
00000190: 5442 1240 0796 6cc8 b2f6 1ef9 8d13 421d TB.@..l.......B.
000001a0: 461f 2e68 4d91 5343 34b5 56e7 46d0 0a0a F..hM.SC4.V.F...
000001b0: 72b7 d873 71d9 6f09 c326 402d dbc0 7cef r..sq.o..&@-..|.
000001c0: 53b1 df60 9ec7 f318 00df 3907 2e85 d85b S..`......9....[
000001d0: 6a1a e105 0207 c580 e31d 82d5 8646 183c j............F.<
000001e0: 6a04 4911 101a 5427 087c 1f94 47a2 270d j.I...T'.|..G.'.
000001f0: ad12 fc5c 9ad2 5714 514f 34ba 701d fb69 ...\..W.QO4.p..i
00000200: 8eed 0183 e2a1 53ea 2300 26bb bd2f 13df ......S.#.&../..
00000210: b703 08a3 2309 e43c 44bf 75d4 905e 5f96 ....#..<D.u..^_.
00000220: 481b 362e e82d 9093 7741 740c e65b c7f1 H.6..-..wAt..[..
00000230: 5550 f247 9043 5097 d626 3a16 da32 c213 UP.G.CP..&:..2..
00000240: 2acd 298a 5c8a f0c1 b99f e2ee 48a7 0a12 *.).\.......H...
00000250: 03b5 5cb3 0037 cece 773c 0200 00 ..\..7..w<...
bandit12@bandit:/tmp/whatever69$ cat data2.txt
���h��6��@4�bi���h�91AY&SY��������ϟ�����������������9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�
��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�7��w<bandit12@bandit:/tmp/whatever69$ cat data2
���h��6��@4�bi���h������������������9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�
��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�bandit12@bandit:/tmp/whatever69$ cat data3.gz
���h��6��@4�bi���h������������������9��
�mF�h�h44
��B��,0� ��4@�����@2�C@h�� �
�v;�P��;z�����s�!��+�f���̗�0`h�e�^���m��K�l��5n�+tÔhY���R�Br"�<(Hت$ $���K�ɋ�^-K�����}�\,�ǿ�}E�F�_!r�U�g?E�i��9x��TB@�lȲ���BF.hM�SC4�V�F�
��\��WQO4�p�i����S�#&��/�#��[j���<D�uԐ^_�H.�-��wAt
�[��UP�G�CP��&:�2�*�)�\�������H�
�\�bandit12@bandit:/tmp/whatever69$ gzip -d data3.gz > ddd.txt
gzip: data3.gz: not in gzip format
bandit12@bandit:/tmp/whatever69$
|
Last edited by tastyboi; 12-20-2018 at 07:38 AM.
Reason: added output
|
|
|
12-20-2018, 07:51 AM
|
#2
|
LQ Addict
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316
|
Does the file command reveal anything?
|
|
1 members found this post helpful.
|
12-20-2018, 08:15 AM
|
#3
|
LQ Newbie
Registered: Oct 2017
Posts: 8
Original Poster
Rep:
|
Quote:
Originally Posted by berndbausch
|
Tried it on data3.gz. Turns out it was a bzip2 file...
Quote:
bandit12@bandit:/tmp/whatever69$ file data3.gz
data3.gz: bzip2 compressed data, block size = 900k
|
New Output:
Quote:
bandit12@bandit:/tmp/whatever69$ bzcat data3.gz > data4.gz
bandit12@bandit:/tmp/whatever69$ cat data4.gz
���[data4.bin��=H����T,��)C�,D�ތ�K"*�"����*ե�^��k
b�
E)|�8�[E��R�/4-�U'E�tl�`��������ٞ����N�>�Z6�_Yp)u���
#�5���
H��~E�}}�u����S]���uU5L������b=uZ�
�Ya��$Df����D���=�����"�8^W��IG�%��zZv��S�t>�nN��=�Z�����*��ȼz����?&����g���ZВ�y˓۷��W��G2GnG�����畡�O �Rݗ�}k���[�<�
Zw3��y������n��ҺyO~7��ˇ�Y�E�NM6>>Ȟ���z�0s�{�z�;�J��Y�o�!���� ����[F\P
|
|
|
|
12-20-2018, 08:15 AM
|
#4
|
Member
Registered: Jul 2018
Location: Paris
Distribution: Debian
Posts: 900
|
Below are all the different kind of commands you need: - bunzip2
- anything you have to read ASCII test (cat/less/more/vi(m))
- xxd -r
- gunzip
- mv
- file
- tar xvf
NB: I've shuffled the commands so you don't know when to use them
Hint: original file has been compressed around 8 times.
Last edited by l0f4r0; 12-20-2018 at 08:18 AM.
|
|
1 members found this post helpful.
|
12-20-2018, 08:22 AM
|
#5
|
LQ Newbie
Registered: Oct 2017
Posts: 8
Original Poster
Rep:
|
Thank you for mentioning the file command. Now I know what the appropriate utilities are to use are. Thanks again!
Last edited by tastyboi; 12-20-2018 at 08:29 AM.
|
|
|
12-20-2018, 08:23 AM
|
#6
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,470
|
Are we having fun yet?
PS - The password is 8Zj....
|
|
|
All times are GMT -5. The time now is 06:01 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|