Bandit12->13

Level Goal

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work. Use mkdir with a hard to guess directory name. Or better, use the command “mktemp -d”. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Commands useful to solve the level

• cp
• mv
• mktemp
• tar
• gzip
• bzip2
• xxd
• file

Helpful Reading Material

• Gzip
• tar
• Bzip2
• Hexdump
• GNU tar manual

Where to start?

To prepare for our chase, we will follow the instructions and place ourselves in a temporary directory created for the occasion. Then, we will repeatedly uncompress our data using different compression utilities until we get the password string.

Part 1 : Preparing for the extraction

To do so, we will use the mktemp utility, cd into it and cp our data.txt file to our newly created directory.

Hint

Using the 3 links to documentation pages, can you figure out how to move to a temporary directory and copy the data.txt file to it?

Solution

We will run the following command :

cd "$(mktemp -d)" && cp "$HOME"/data.txt .

This will move us to a temporary created directory and copy the file that lies at '/home/bandit12/data.txt' to the directory we're in.
We are now ready to work with this file.

Part 2 : Getting the binary file

Now that we're in a temporary directory (which we had to move to because the user bandit12 can't write to their home directory, we'll come back to file permissions in the later challenges), we can start working with our file. The only information we have about this file is that its the hexdump of a file that has been repeatedly compressed.
Running file on this file doesn't give us much more as it only tells us that the file we're seeing is a text file. We need a utility that can translate back the hexdump of a file to its original form.

Hint

Looking at the hexdump and the xxd man pages, can you figure out a way to revert data.txt back to its original state?

Solution

The command we're going to use is the xxd command. To use it properly and get the original form of the data.txt file, we're going to specify the outfile we want to write to and specify xxd that we want it to operate in reverse mode.
Here is the final command :

xxd -r data.txt outfile

Where outfile may be any name you want to give to your retrieved data.

Part 3 : Figuring out the procedure we're going to follow to extract all the data

Now that we have our binary data, I won't go step by step into the solution because even though there are quite a few steps, they ultimately can be resolved to a sequence of 3 actions. Our goal is to figure out what these 3 actions are.

Hint

By trying to extract our outfile a first time, can you figure out what the sequence of actions is? You might need to use the file utility to achieve that goal.

Solution

Here is the sequence of actions we need to follow to successfully extract all the data that has been compressed :

1. We need to find the compression method of our file by running the file utility on it.
2. Then, we might need to rename the file we're looking to uncompress to a file with the proper extension (as some compression utilities recognize only some specific extensions)
3. We need to extract the file with the right utility and go back to step 1 until we get an ASCII Text file.

If you're stuck at this time, go to the full solution to get the step by step walkthrough.

Full Solution

Running the following sequence of commands :

should fully uncompress the file data.txt. We can now run one last time the file command on our file data8.

file --mime-type -b data8 # should print : text/plain

This shows us that the data8 file contains the password we're looking for, and by running cat on this file, we get something along the lines :

The password is password_string

Bonus : One-Liner Solution

Instead of extracting all these files to another file and renaming that file, we could each time pipe the output of our decompression program to the file utility. That way it would be possible to analyse the output of the program without creating a new file each time. It is very unoptimized for huge files (as you don't know in advance what was the sequence of compressions applied thus meaning you'll have to uncompress the same file a lot of times) but it is worth mentionning as once you have this sequence, it can be very useful to have one command rather than a shell script.

Hint

Using only the man pages of the commands we used in the previous section, can you figure out a way to write a pipeline that does the exact same thing without creating any file?

Solution

The command we're looking for is the following :

xxd -r data.txt | gunzip -c | bunzip2 -c | gunzip -c | tar --to-command='/usr/bin/tar -xO' -x | bunzip2 -c | tar -xO | gunzip -c

You can understand all the options that have been added by reading the man pages of all the utilities involved.

You can now jump to the next level