# Tragic Magic

`Tragic Magic` is a forensics challenge involving a corrupted image file. We are provided with a file named `flag.png` and a hint suggesting that the file transfer protocol might have messed up the binary data.

## Information Gathering

We start by trying to identify the file type using the `file` command:

```bash
$ file flag.png
flag.png: data
```

The `file` command simply says "data", which means it doesn't recognize the file signature (magic bytes).

## Analysis

Let's inspect the first few bytes of the file using `xxd`:

```bash
$ xxd -l 16 flag.png
00000000: 5550 4e47 4141 1a0a 0000 000d 4948 4452  UPNGAA......IHDR
```

We can clearly see the strings `PNG` and `IHDR` in the ASCII representation. `PNG` is part of the standard file signature, and `IHDR` is the mandatory first chunk of any valid PNG file. This confirms beyond any doubt that the file is intended to be a PNG image.

However, the "Magic Bytes" (the 8-byte file signature) at the very beginning are incorrect.

**Valid PNG signature:**  
`89 50 4E 47 0D 0A 1A 0A` (`.PNG....`)

**Our file signature:**  
`55 50 4E 47 41 41 1A 0A` (`UPNGAA..`)

The signature has been partially corrupted:
- `89` became `55` ('U')
- `0D 0A` (Windows newline) became `41 41` ('AA')

This matches the hint about an "optimal ASCII protocol" mangling the binary data.

## Solution

We need to repair the file header so image viewers can recognize it.

1.  Open `flag.png` in a hex editor.
2.  Locate the first 8 bytes.
3.  Replace them with the standard PNG signature: `89 50 4E 47 0D 0A 1A 0A`.
4.  Save the file.

Alternatively, we can use `printf` to overwrite the header via the command line:

```bash
printf "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A" | dd of=flag.png bs=1 count=8 conv=notrunc
```

After fixing the header, the file is recognized correctly:

```bash
$ file flag.png
flag.png: PNG image data, 1024 x 512, 8-bit/color RGBA, non-interlaced
```

Opening the restored image reveals the flag written in the pixels:
`{flag: corrupted_png_header}`