23 – Recovering from the snap

There used to be a bunch of animals here, what did Dr. Xernon do to them?

  1. Download the animals.dd file

    At first I wasn’t sure what a .dd file was so googled that, found out it is a disk image.

    reverse engineering.stackexchange.com/questions/19496/what-to-do-with-dd-files

    So I mounted the disk image in Linux and found the images of the animals

    Looked at the hint and is said the some files have been deleted from the disk image, but are they really gone?

    So I looked into how to recover deleted images from disk image.

    Came across the first tool from cgsecurity.org this is a open source data recover application

    Downloaded and installed, had to read through the docs quickly to make sense of it.

  2. cgsecurity have a couple of application to play with I tried photorec first this need to be ran from terminal

cd Downloads/
ls
cd test disk-7.2-WIP
ls -a
chmod +x photorec_static
./photorec_static

Need permission to run

sudo ./photorec_static
  1. Loaded and a heap of Disk /dev/loop# rows appeared first I started entering ones that where close to 10mb as that was the animal.dd file size and couldn’t work out what was going on, then I noticed the [Next] button and that kept scrolling through the list and found one which was 10mb

    Clicked [Proceed]

    Clicked [Search]

    Clicked [Other]

    Clicked [Whole]

    Then you need to save the output file to a directory of choice by pressing C

    Quick the program and navigated to the output folder.

    Noticed a new folder called 

    recap_dir.1 > Opened > A found some new images one being the flag

picoCTF{th3_5n4p_happ3n3d}
%d bloggers like this: