Tags: forensics
Rating:
It looks like the PNG file that holds our flag has been corrupted. My computer isn't able to recognize the file type, maybe it has something to do with how the file type is recognized...
(Attachments: files/flag.png)
Looks like a broken magic number problem. We can fix the magic number using a hex editor. I'm going to be using xxd to make a hexdump of the file, edit the hex using vim, and then do a reverse hexdump to get back the original, fixed file.
A PNG's magic number is 89 50 4E 47 0D 0A 1A 0A. Let's see what our broken file's is.
$ xxd flag.png | head -n 1
00000000: aaaa aaaa aaaa aaaa 0000 000d 4948 4452 ............IHDR
Yup, looks like it's missing. Let's first make a hexdump of it.
$ xxd -p flag.png > flaghex
Now let's edit the first line using vim to insert the correct magic number.
Now let's do a reverse hexdump.
$ xxd -r -p flaghex > newflag.png
And open it up.
