m0rph3us1987/HIP7CTF_Writeups
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added writeups

Browse Source
This commit is contained in:
m0rph3us1987
2026-03-08 12:22:39 +01:00
parent a566ea77d1
commit a79656b647
43 changed files with 6940 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
tragic_magic.md Normal file
View File

@@ -0,0 +1,64 @@
# Tragic Magic
`Tragic Magic` is a forensics challenge involving a corrupted image file. We are provided with a file named `flag.png` and a hint suggesting that the file transfer protocol might have messed up the binary data.
## Information Gathering
We start by trying to identify the file type using the `file` command:
```bash
$ file flag.png
flag.png: data
```
The `file` command simply says "data", which means it doesn't recognize the file signature (magic bytes).
## Analysis
Let's inspect the first few bytes of the file using `xxd`:
```bash
$ xxd -l 16 flag.png
00000000: 5550 4e47 4141 1a0a 0000 000d 4948 4452 UPNGAA......IHDR
```
We can clearly see the strings `PNG` and `IHDR` in the ASCII representation. `PNG` is part of the standard file signature, and `IHDR` is the mandatory first chunk of any valid PNG file. This confirms beyond any doubt that the file is intended to be a PNG image.
However, the "Magic Bytes" (the 8-byte file signature) at the very beginning are incorrect.
**Valid PNG signature:**
`89 50 4E 47 0D 0A 1A 0A` (`.PNG....`)
**Our file signature:**
`55 50 4E 47 41 41 1A 0A` (`UPNGAA..`)
The signature has been partially corrupted:
- `89` became `55` ('U')
- `0D 0A` (Windows newline) became `41 41` ('AA')
This matches the hint about an "optimal ASCII protocol" mangling the binary data.
## Solution
We need to repair the file header so image viewers can recognize it.
1. Open `flag.png` in a hex editor.
2. Locate the first 8 bytes.
3. Replace them with the standard PNG signature: `89 50 4E 47 0D 0A 1A 0A`.
4. Save the file.
Alternatively, we can use `printf` to overwrite the header via the command line:
```bash
printf "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A" | dd of=flag.png bs=1 count=8 conv=notrunc
```
After fixing the header, the file is recognized correctly:
```bash
$ file flag.png
flag.png: PNG image data, 1024 x 512, 8-bit/color RGBA, non-interlaced
```
Opening the restored image reveals the flag written in the pixels:
`{flag: corrupted_png_header}`