Post 55 - Memories, ...
Task 11, Day 05, Reverse engineering A Christmas DOScovery: Tapes of Yule-tide Past
Had to skip yesterday, so I’m behind a task, but used an easy question to keep the streak. This seems like it’ll be a stroll down memory lane.
File signatures or magic bytes are specific byte sequences at the beginning of a file to id or verify its content type and format. Often corresponds to ASCII characters for easier human readability. ID pprocess helps applications quickly determine if they can handle to file, helping with functionality and security. Knowing magic bytes can help quickly identify malicious or suspicious activity and choose the right tool for deeper analysis.
Common files and their magic bytes:
| Format | Magic Bytes | ASCII |
|---|---|---|
| PNG | 89 50 4E 47 0D 01 1A 0A | %PNG |
| GIF | 47 49 46 38 | GIF8 |
| Windows/DOS EXE | 4D 5A | MZ |
| ELF EXEs | 7F 45 4C 46 | .ELF |
| MP3 | 49 44 33 | ID3 |
The task
Fix the magic bytes, restore, get the flag.
Recommended room
x64 Assemmbly Crash Course