Homework Help is Here – Start Your Trial Now!
Engineering
Cybersecurity
Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments. img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img. For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): PART LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) part 1 32256 63*512 part 2 20480 = 40*512 part 3 = 47264 92*512 + 160 32256 32256+20480 = 52736 32255 52735 99999 Then the file segments. img might have length 131072 bytes and be composed as follows: PART LENGTH (bytes) START OFFSET IN segments.img (bytes) END OFFSET IN segments.img (bytes) zeroes 6144 = 12*512 0 6143 part 2 = 20480 40*512 6144 zeroes part 3 10240 = 20*512 47264 = 92*512 + 160 26624 (= 6144+20480) 36864 (= 26624 + 10240) zeroes for padding zeroes part 1 352 512160 84128 (= 36864 + 47264) 26623 (= 6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (=36864 + 47264 - 1) 84479 (84128 +352) 1024020*512 = 32256 63*512 zeroes = 4096 8*512 84480 (84128 +352) 94720 (=84480 + 10240) 126976 (94720 + 32256) = 94719 (= 84480 + 10240 - 1) 126975 (= 94720 + 32256 - 1) 131071 (126976 + 4096 - 1) 1/4 In the tables above, the end offsets are inclusive. The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512 - 160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments. img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments. img that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img. 3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones ove for your own segments.img. 2. Find the offsets for your table for segments. img by using xxd -a segments.img | grep -C2 -E "^\\*". The grep command searches for occurrences of * at the beginning of the line and shows two lines of context above and below any matches. For example, you might get: $ xxd -a segments.img | grep -C2 -E "^\\*" 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 * 000a1000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 000a1010: ebaf 0d75 0f4d ff00 025f 6aa5 aad1 4b47 000b83f0: c444 0e4a ea0c 2ade 2aec 55d5 c554 e496 00008400: 0000 0000 0000 0000 0000 0000 0000 0000 * 0...a+.0..t=7.\. ...u.M... j...KG .D.J..*.*.U..T.. 00144200: ffd8 ffe0 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF.... .Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 63b2 e8b0 ..2....Cfv?c... 0017a200: 0000 0000 0000 0000 0000 0000 0000 0000 * 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c 00180610: 11e2 c921 11de 4803 e653 1899 6c37 49df (P..$H:....9N}F< ....H..S..171. 001b2fb0: 5762 aec5 5fff d900 0000 0000 0000 0000 001b2fc0: 0000 0000 0000 0000 0000 0000 0000 0000 Wb. * 002673f0: 0000 0000 0000 0000 0000 0000 0000 0000 You can deduce that parts are at: 。 offset Oxa1000 up to and including Oxb83ff 。 offset 0x144200 up to and including Ox17a1ff 。 offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.img of=x1 bs=1 skip=$(( 0xa1000)) count=$(( 0xb8400 $ dd if=segments.img of=x2 bs=1 skip=$((0x144200)) count=$((0x17a200 $ dd if=segments.img of=x3 bs=1 skip=$((0x180600)) count=$((0x1b2fb7 - 0xa1000)) 0x144200)) - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286 = 523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.img, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 3: Create Partition Table Zero out your 1GB hard drive /dev/sdb. Now use fdisk to create an MBR partition table with three partitions: 1. Partition 1 has size (N * 20MiB) where N is the length of your first name, e.g., 5 * 20MiB for someone with first name "Alice". 2. Partition 2 has size (N * 20MiB) where N is the length of your last name, e.g., 8 * 20MiB for someone with last name "Aardvark". 3. Partition 3 uses the remainder of the disk. Use echo part1 > /dev/sdb1, etc. as in the first Volumes lecture to write into each partition. Now edit the file partitions.txt to include your explanation of how a hexdump of the partition table (the first 512 bytes of the hard drive) relates to the partitions that have been created. You must include a hexdump of the partition table and indicate the meaning of the bytes for partition table entries 1, 2, and 3 as discussed in the Volumes lecture, including partition type, starting LBA address, and size in sectors. You must also include the output of running fdisk -1 on your hard drive. Submissions without the hexdump of the partition table or without fdisk -1 output will receive 0 points. You can include hexdumps of more parts of your disk in your explanation if you like. 2/4 file:///C:/Users/user/AppData/Local/Temp/cc348db2-949b-423a-a556-fea803a54886_hw3.html.zip.886/hw3.html 4/4

Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments. img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img. For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): PART LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) part 1 32256 63*512 part 2 20480 = 40*512 part 3 = 47264 92*512 + 160 32256 32256+20480 = 52736 32255 52735 99999 Then the file segments. img might have length 131072 bytes and be composed as follows: PART LENGTH (bytes) START OFFSET IN segments.img (bytes) END OFFSET IN segments.img (bytes) zeroes 6144 = 12*512 0 6143 part 2 = 20480 40*512 6144 zeroes part 3 10240 = 20*512 47264 = 92*512 + 160 26624 (= 6144+20480) 36864 (= 26624 + 10240) zeroes for padding zeroes part 1 352 512160 84128 (= 36864 + 47264) 26623 (= 6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (=36864 + 47264 - 1) 84479 (84128 +352) 1024020*512 = 32256 63*512 zeroes = 4096 8*512 84480 (84128 +352) 94720 (=84480 + 10240) 126976 (94720 + 32256) = 94719 (= 84480 + 10240 - 1) 126975 (= 94720 + 32256 - 1) 131071 (126976 + 4096 - 1) 1/4 In the tables above, the end offsets are inclusive. The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512 - 160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments. img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments. img that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img. 3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones ove for your own segments.img. 2. Find the offsets for your table for segments. img by using xxd -a segments.img | grep -C2 -E "^\\*". The grep command searches for occurrences of * at the beginning of the line and shows two lines of context above and below any matches. For example, you might get: $ xxd -a segments.img | grep -C2 -E "^\\*" 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 * 000a1000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 000a1010: ebaf 0d75 0f4d ff00 025f 6aa5 aad1 4b47 000b83f0: c444 0e4a ea0c 2ade 2aec 55d5 c554 e496 00008400: 0000 0000 0000 0000 0000 0000 0000 0000 * 0...a+.0..t=7.\. ...u.M... j...KG .D.J..*.*.U..T.. 00144200: ffd8 ffe0 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF.... .Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 63b2 e8b0 ..2....Cfv?c... 0017a200: 0000 0000 0000 0000 0000 0000 0000 0000 * 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c 00180610: 11e2 c921 11de 4803 e653 1899 6c37 49df (P..$H:....9N}F< ....H..S..171. 001b2fb0: 5762 aec5 5fff d900 0000 0000 0000 0000 001b2fc0: 0000 0000 0000 0000 0000 0000 0000 0000 Wb. * 002673f0: 0000 0000 0000 0000 0000 0000 0000 0000 You can deduce that parts are at: 。 offset Oxa1000 up to and including Oxb83ff 。 offset 0x144200 up to and including Ox17a1ff 。 offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.img of=x1 bs=1 skip=$(( 0xa1000)) count=$(( 0xb8400 $ dd if=segments.img of=x2 bs=1 skip=$((0x144200)) count=$((0x17a200 $ dd if=segments.img of=x3 bs=1 skip=$((0x180600)) count=$((0x1b2fb7 - 0xa1000)) 0x144200)) - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286 = 523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.img, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 3: Create Partition Table Zero out your 1GB hard drive /dev/sdb. Now use fdisk to create an MBR partition table with three partitions: 1. Partition 1 has size (N * 20MiB) where N is the length of your first name, e.g., 5 * 20MiB for someone with first name "Alice". 2. Partition 2 has size (N * 20MiB) where N is the length of your last name, e.g., 8 * 20MiB for someone with last name "Aardvark". 3. Partition 3 uses the remainder of the disk. Use echo part1 > /dev/sdb1, etc. as in the first Volumes lecture to write into each partition. Now edit the file partitions.txt to include your explanation of how a hexdump of the partition table (the first 512 bytes of the hard drive) relates to the partitions that have been created. You must include a hexdump of the partition table and indicate the meaning of the bytes for partition table entries 1, 2, and 3 as discussed in the Volumes lecture, including partition type, starting LBA address, and size in sectors. You must also include the output of running fdisk -1 on your hard drive. Submissions without the hexdump of the partition table or without fdisk -1 output will receive 0 points. You can include hexdumps of more parts of your disk in your explanation if you like. 2/4 file:///C:/Users/user/AppData/Local/Temp/cc348db2-949b-423a-a556-fea803a54886_hw3.html.zip.886/hw3.html 4/4

icon
Related questions
Question
Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments. img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img. For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): PART LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) part 1 32256 63*512 part 2 20480 = 40*512 part 3 = 47264 92*512 + 160 32256 32256+20480 = 52736 32255 52735 99999 Then the file segments. img might have length 131072 bytes and be composed as follows: PART LENGTH (bytes) START OFFSET IN segments.img (bytes) END OFFSET IN segments.img (bytes) zeroes 6144 = 12*512 0 6143 part 2 = 20480 40*512 6144 zeroes part 3 10240 = 20*512 47264 = 92*512 + 160 26624 (= 6144+20480) 36864 (= 26624 + 10240) zeroes for padding zeroes part 1 352 512160 84128 (= 36864 + 47264) 26623 (= 6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (=36864 + 47264 - 1) 84479 (84128 +352) 1024020*512 = 32256 63*512 zeroes = 4096 8*512 84480 (84128 +352) 94720 (=84480 + 10240) 126976 (94720 + 32256) = 94719 (= 84480 + 10240 - 1) 126975 (= 94720 + 32256 - 1) 131071 (126976 + 4096 - 1) 1/4 In the tables above, the end offsets are inclusive. The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512 - 160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments. img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments. img that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img. 3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones ove for your own segments.img. 2. Find the offsets for your table for segments. img by using xxd -a segments.img | grep -C2 -E "^\\*". The grep command searches for occurrences of * at the beginning of the line and shows two lines of context above and below any matches. For example, you might get: $ xxd -a segments.img | grep -C2 -E "^\\*" 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 * 000a1000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 000a1010: ebaf 0d75 0f4d ff00 025f 6aa5 aad1 4b47 000b83f0: c444 0e4a ea0c 2ade 2aec 55d5 c554 e496 00008400: 0000 0000 0000 0000 0000 0000 0000 0000 * 0...a+.0..t=7.\. ...u.M... j...KG .D.J..*.*.U..T.. 00144200: ffd8 ffe0 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF.... .Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 63b2 e8b0 ..2....Cfv?c... 0017a200: 0000 0000 0000 0000 0000 0000 0000 0000 * 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c 00180610: 11e2 c921 11de 4803 e653 1899 6c37 49df (P..$H:....9N}F< ....H..S..171. 001b2fb0: 5762 aec5 5fff d900 0000 0000 0000 0000 001b2fc0: 0000 0000 0000 0000 0000 0000 0000 0000 Wb. * 002673f0: 0000 0000 0000 0000 0000 0000 0000 0000 You can deduce that parts are at: 。 offset Oxa1000 up to and including Oxb83ff 。 offset 0x144200 up to and including Ox17a1ff 。 offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.img of=x1 bs=1 skip=$(( 0xa1000)) count=$(( 0xb8400 $ dd if=segments.img of=x2 bs=1 skip=$((0x144200)) count=$((0x17a200 $ dd if=segments.img of=x3 bs=1 skip=$((0x180600)) count=$((0x1b2fb7 - 0xa1000)) 0x144200)) - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286 = 523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.img, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 3: Create Partition Table Zero out your 1GB hard drive /dev/sdb. Now use fdisk to create an MBR partition table with three partitions: 1. Partition 1 has size (N * 20MiB) where N is the length of your first name, e.g., 5 * 20MiB for someone with first name "Alice". 2. Partition 2 has size (N * 20MiB) where N is the length of your last name, e.g., 8 * 20MiB for someone with last name "Aardvark". 3. Partition 3 uses the remainder of the disk. Use echo part1 > /dev/sdb1, etc. as in the first Volumes lecture to write into each partition. Now edit the file partitions.txt to include your explanation of how a hexdump of the partition table (the first 512 bytes of the hard drive) relates to the partitions that have been created. You must include a hexdump of the partition table and indicate the meaning of the bytes for partition table entries 1, 2, and 3 as discussed in the Volumes lecture, including partition type, starting LBA address, and size in sectors. You must also include the output of running fdisk -1 on your hard drive. Submissions without the hexdump of the partition table or without fdisk -1 output will receive 0 points. You can include hexdumps of more parts of your disk in your explanation if you like. 2/4 file:///C:/Users/user/AppData/Local/Temp/cc348db2-949b-423a-a556-fea803a54886_hw3.html.zip.886/hw3.html 4/4
Transcribed Image Text:Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments. img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img. For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): PART LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) part 1 32256 63*512 part 2 20480 = 40*512 part 3 = 47264 92*512 + 160 32256 32256+20480 = 52736 32255 52735 99999 Then the file segments. img might have length 131072 bytes and be composed as follows: PART LENGTH (bytes) START OFFSET IN segments.img (bytes) END OFFSET IN segments.img (bytes) zeroes 6144 = 12*512 0 6143 part 2 = 20480 40*512 6144 zeroes part 3 10240 = 20*512 47264 = 92*512 + 160 26624 (= 6144+20480) 36864 (= 26624 + 10240) zeroes for padding zeroes part 1 352 512160 84128 (= 36864 + 47264) 26623 (= 6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (=36864 + 47264 - 1) 84479 (84128 +352) 1024020*512 = 32256 63*512 zeroes = 4096 8*512 84480 (84128 +352) 94720 (=84480 + 10240) 126976 (94720 + 32256) = 94719 (= 84480 + 10240 - 1) 126975 (= 94720 + 32256 - 1) 131071 (126976 + 4096 - 1) 1/4 In the tables above, the end offsets are inclusive. The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512 - 160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments. img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments. img that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img. 3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones ove for your own segments.img. 2. Find the offsets for your table for segments. img by using xxd -a segments.img | grep -C2 -E "^\\*". The grep command searches for occurrences of * at the beginning of the line and shows two lines of context above and below any matches. For example, you might get: $ xxd -a segments.img | grep -C2 -E "^\\*" 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 * 000a1000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 000a1010: ebaf 0d75 0f4d ff00 025f 6aa5 aad1 4b47 000b83f0: c444 0e4a ea0c 2ade 2aec 55d5 c554 e496 00008400: 0000 0000 0000 0000 0000 0000 0000 0000 * 0...a+.0..t=7.\. ...u.M... j...KG .D.J..*.*.U..T.. 00144200: ffd8 ffe0 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF.... .Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 63b2 e8b0 ..2....Cfv?c... 0017a200: 0000 0000 0000 0000 0000 0000 0000 0000 * 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c 00180610: 11e2 c921 11de 4803 e653 1899 6c37 49df (P..$H:....9N}F< ....H..S..171. 001b2fb0: 5762 aec5 5fff d900 0000 0000 0000 0000 001b2fc0: 0000 0000 0000 0000 0000 0000 0000 0000 Wb. * 002673f0: 0000 0000 0000 0000 0000 0000 0000 0000 You can deduce that parts are at: 。 offset Oxa1000 up to and including Oxb83ff 。 offset 0x144200 up to and including Ox17a1ff 。 offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.img of=x1 bs=1 skip=$(( 0xa1000)) count=$(( 0xb8400 $ dd if=segments.img of=x2 bs=1 skip=$((0x144200)) count=$((0x17a200 $ dd if=segments.img of=x3 bs=1 skip=$((0x180600)) count=$((0x1b2fb7 - 0xa1000)) 0x144200)) - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286 = 523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.img, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 3: Create Partition Table Zero out your 1GB hard drive /dev/sdb. Now use fdisk to create an MBR partition table with three partitions: 1. Partition 1 has size (N * 20MiB) where N is the length of your first name, e.g., 5 * 20MiB for someone with first name "Alice". 2. Partition 2 has size (N * 20MiB) where N is the length of your last name, e.g., 8 * 20MiB for someone with last name "Aardvark". 3. Partition 3 uses the remainder of the disk. Use echo part1 > /dev/sdb1, etc. as in the first Volumes lecture to write into each partition. Now edit the file partitions.txt to include your explanation of how a hexdump of the partition table (the first 512 bytes of the hard drive) relates to the partitions that have been created. You must include a hexdump of the partition table and indicate the meaning of the bytes for partition table entries 1, 2, and 3 as discussed in the Volumes lecture, including partition type, starting LBA address, and size in sectors. You must also include the output of running fdisk -1 on your hard drive. Submissions without the hexdump of the partition table or without fdisk -1 output will receive 0 points. You can include hexdumps of more parts of your disk in your explanation if you like. 2/4 file:///C:/Users/user/AppData/Local/Temp/cc348db2-949b-423a-a556-fea803a54886_hw3.html.zip.886/hw3.html 4/4
Expert Solution
steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer