Homework Help is Here – Start Your Trial Now!
Engineering
Cybersecurity
3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones above for your own segments.img 2. Find the offsets for your table for segmentsing by using axd-a sesmentsims | grep -C2 -E "^\\** The grep command searches for occurrences of at the beginning of the line and shows two lines of context above and below any matches. For example, you might get $ xxd -a segments.ing | grep -C2 -E "^\\*" eeeeeese: eese esse esse esse esse esse esse sese 00001000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 0...+.0..t=7.\. 000a1010: ebaf 0d75 0f4d ff00 0254 6aa5 aad1 4b47 ...u.M......KG e00b83f0: c444 Be4a eaec 2ade 2aec 55d5 c554 e496 .D......... ee0b8400: 0000 eeee esse esse esse esse eeee eese 00144200: ffd8 ffee 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF...... .....Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 6362 e8be ..2....Cfv?c... 0017a200: 00se cose e000 cose cose esce ecce cose 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c (P..SH:....9N)F< 00188610: 11e2 c921 11de 4883 e653 1899 6c37 49df .....H..S..171. 001b2fb0: 5762 aec5 5fff d9ee esse esse esse esse Wb.. 001b2fc0: eeee eeee eeee eeee esse esse esse esse e02673f0: eeee esse esse eeee eeee esse eeee eese offset 0xa1000 up to and including Oxb83ff offset 0x144200 up to and including 0x17a1ff offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.ing of=x1 bs=1 skip=$(( exa1000)) count=$(( @xb8400 - 0xa1000)) $ dd if segments.ing of x2 bs=1 skip=$((0x144200)) count=$((ex17a200 - 0x144200)) $ dd if=segments.ing of=x3 bs=1 skip=$((0x180600)) count=$((@x1b2fb7 - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286=523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.jug, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments.img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) PART part 1 32256 63*512 part 2 20480 40*512 part 3 47264 92*512 + 160 0 32256 32256+2048052736 32255 52735 99999 Then the file segments.ing might have length 131072 bytes and be composed as follows: zeroes zeroes PART LENGTH (bytes) START OFFSET IN segments.img (bytes) 6144 part 2 6144 = 12*512 20480 = 40*512 10240 = 20*512 47264-92*512 + 0 26624 (6144+20480) 36864 (= 26624 + 10240) 160 352 = 512-160 84128 (-36864 + 47264) part 3 zeroes for padding zeroes part 1 zeroes 1024020*512 32256 63*512 = 4096 = 8*512 84480 (84128+352) 94720 (= 84480 + 10240) 126976 (94720 + 32256) In the tables above, the end offsets are inclusive. END OFFSET IN segments.img (bytes) 6143 26623 (6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (= 36864 + 47264-1) 84479 (= 84128 + 352) 94719 (84480+10240-1) 126975 (= 94720 + 32256-1) |131071 = (126976 +4096-1) The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512-160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments.img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments.ing that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img

3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones above for your own segments.img 2. Find the offsets for your table for segmentsing by using axd-a sesmentsims | grep -C2 -E "^\\** The grep command searches for occurrences of at the beginning of the line and shows two lines of context above and below any matches. For example, you might get $ xxd -a segments.ing | grep -C2 -E "^\\*" eeeeeese: eese esse esse esse esse esse esse sese 00001000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 0...+.0..t=7.\. 000a1010: ebaf 0d75 0f4d ff00 0254 6aa5 aad1 4b47 ...u.M......KG e00b83f0: c444 Be4a eaec 2ade 2aec 55d5 c554 e496 .D......... ee0b8400: 0000 eeee esse esse esse esse eeee eese 00144200: ffd8 ffee 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF...... .....Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 6362 e8be ..2....Cfv?c... 0017a200: 00se cose e000 cose cose esce ecce cose 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c (P..SH:....9N)F< 00188610: 11e2 c921 11de 4883 e653 1899 6c37 49df .....H..S..171. 001b2fb0: 5762 aec5 5fff d9ee esse esse esse esse Wb.. 001b2fc0: eeee eeee eeee eeee esse esse esse esse e02673f0: eeee esse esse eeee eeee esse eeee eese offset 0xa1000 up to and including Oxb83ff offset 0x144200 up to and including 0x17a1ff offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.ing of=x1 bs=1 skip=$(( exa1000)) count=$(( @xb8400 - 0xa1000)) $ dd if segments.ing of x2 bs=1 skip=$((0x144200)) count=$((ex17a200 - 0x144200)) $ dd if=segments.ing of=x3 bs=1 skip=$((0x180600)) count=$((@x1b2fb7 - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286=523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.jug, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash. Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments.img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) PART part 1 32256 63*512 part 2 20480 40*512 part 3 47264 92*512 + 160 0 32256 32256+2048052736 32255 52735 99999 Then the file segments.ing might have length 131072 bytes and be composed as follows: zeroes zeroes PART LENGTH (bytes) START OFFSET IN segments.img (bytes) 6144 part 2 6144 = 12*512 20480 = 40*512 10240 = 20*512 47264-92*512 + 0 26624 (6144+20480) 36864 (= 26624 + 10240) 160 352 = 512-160 84128 (-36864 + 47264) part 3 zeroes for padding zeroes part 1 zeroes 1024020*512 32256 63*512 = 4096 = 8*512 84480 (84128+352) 94720 (= 84480 + 10240) 126976 (94720 + 32256) In the tables above, the end offsets are inclusive. END OFFSET IN segments.img (bytes) 6143 26623 (6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (= 36864 + 47264-1) 84479 (= 84128 + 352) 94719 (84480+10240-1) 126975 (= 94720 + 32256-1) |131071 = (126976 +4096-1) The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512-160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments.img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments.ing that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img

icon
Related questions
Question
3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones above for your own segments.img 2. Find the offsets for your table for segmentsing by using axd-a sesmentsims | grep -C2 -E "^\\** The grep command searches for occurrences of at the beginning of the line and shows two lines of context above and below any matches. For example, you might get $ xxd -a segments.ing | grep -C2 -E "^\\*" eeeeeese: eese esse esse esse esse esse esse sese 00001000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 0...+.0..t=7.\. 000a1010: ebaf 0d75 0f4d ff00 0254 6aa5 aad1 4b47 ...u.M......KG e00b83f0: c444 Be4a eaec 2ade 2aec 55d5 c554 e496 .D......... ee0b8400: 0000 eeee esse esse esse esse eeee eese 00144200: ffd8 ffee 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF...... .....Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 6362 e8be ..2....Cfv?c... 0017a200: 00se cose e000 cose cose esce ecce cose 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c (P..SH:....9N)F< 00188610: 11e2 c921 11de 4883 e653 1899 6c37 49df .....H..S..171. 001b2fb0: 5762 aec5 5fff d9ee esse esse esse esse Wb.. 001b2fc0: eeee eeee eeee eeee esse esse esse esse e02673f0: eeee esse esse eeee eeee esse eeee eese offset 0xa1000 up to and including Oxb83ff offset 0x144200 up to and including 0x17a1ff offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.ing of=x1 bs=1 skip=$(( exa1000)) count=$(( @xb8400 - 0xa1000)) $ dd if segments.ing of x2 bs=1 skip=$((0x144200)) count=$((ex17a200 - 0x144200)) $ dd if=segments.ing of=x3 bs=1 skip=$((0x180600)) count=$((@x1b2fb7 - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286=523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.jug, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash.
Transcribed Image Text:3. The first two parts are guaranteed to have length divisible by 512. 4. You are given the size (in bytes) of the JPEG file. 5. You are given the SHA256 hash of the JPEG file. HINTS: 1. Make tables of your own like the ones above for your own segments.img 2. Find the offsets for your table for segmentsing by using axd-a sesmentsims | grep -C2 -E "^\\** The grep command searches for occurrences of at the beginning of the line and shows two lines of context above and below any matches. For example, you might get $ xxd -a segments.ing | grep -C2 -E "^\\*" eeeeeese: eese esse esse esse esse esse esse sese 00001000: 4fc1 999c 612b 8c4f d71c 743d 37fc 5c06 0...+.0..t=7.\. 000a1010: ebaf 0d75 0f4d ff00 0254 6aa5 aad1 4b47 ...u.M......KG e00b83f0: c444 Be4a eaec 2ade 2aec 55d5 c554 e496 .D......... ee0b8400: 0000 eeee esse esse esse esse eeee eese 00144200: ffd8 ffee 0010 4a46 4946 0001 0201 0096 00144210: 0096 0000 ffel lala 4578 6966 0000 4d4d JFIF...... .....Exif..MM 0017a1f0: c8e6 32af fe5f c4dd 4366 763f 6362 e8be ..2....Cfv?c... 0017a200: 00se cose e000 cose cose esce ecce cose 00180600: 2850 bcb2 2448 3abb 90a3 ef39 4e7d 463c (P..SH:....9N)F< 00188610: 11e2 c921 11de 4883 e653 1899 6c37 49df .....H..S..171. 001b2fb0: 5762 aec5 5fff d9ee esse esse esse esse Wb.. 001b2fc0: eeee eeee eeee eeee esse esse esse esse e02673f0: eeee esse esse eeee eeee esse eeee eese offset 0xa1000 up to and including Oxb83ff offset 0x144200 up to and including 0x17a1ff offset 0x180600 up to and including 0x1b2fb6 (and this one appears to be the last part since its length is not divisible by 512) 3. Extract (separately) the three parts of the JPEG file from segments.jpg to files x1, x2, and x3 using dd $ dd if=segments.ing of=x1 bs=1 skip=$(( exa1000)) count=$(( @xb8400 - 0xa1000)) $ dd if segments.ing of x2 bs=1 skip=$((0x144200)) count=$((ex17a200 - 0x144200)) $ dd if=segments.ing of=x3 bs=1 skip=$((0x180600)) count=$((@x1b2fb7 - 0x180600)) Now you have the three parts of the JPEG file. You should check that the sum of their lengths 221184+95232+207286=523702 is the same as the size you are given for the JPEG file. $ ls -1 x* -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang -rw-r--r-- 1 huang huang 221184 Sep 28 18:18 x1 95232 Sep 28 18:19 x2 207286 Sep 28 18:20 x3 4. Finally you can use the cat command to create the JPEG file by gluing together the bytes from x1, x2, x3. However you do not know the order in which the bytes went into segments.jug, so you will have to try different combinations until you find a working JPEG file. Here is the order that works for the data above (this copies all bytes from x2 and then from x1 and then from x3 all into x.jpg): $ cat x2 x1 x3 > x.jpg 5. You can view the result file x.jpg each time you try a combination to see whether you have an intact JPEG file. When you have something that displays correctly, you can run sha256sum x.jpg to verify that the SHA256 hash of your extracted JPEG file matches the expected SHA256 hash.
Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments.img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) PART part 1 32256 63*512 part 2 20480 40*512 part 3 47264 92*512 + 160 0 32256 32256+2048052736 32255 52735 99999 Then the file segments.ing might have length 131072 bytes and be composed as follows: zeroes zeroes PART LENGTH (bytes) START OFFSET IN segments.img (bytes) 6144 part 2 6144 = 12*512 20480 = 40*512 10240 = 20*512 47264-92*512 + 0 26624 (6144+20480) 36864 (= 26624 + 10240) 160 352 = 512-160 84128 (-36864 + 47264) part 3 zeroes for padding zeroes part 1 zeroes 1024020*512 32256 63*512 = 4096 = 8*512 84480 (84128+352) 94720 (= 84480 + 10240) 126976 (94720 + 32256) In the tables above, the end offsets are inclusive. END OFFSET IN segments.img (bytes) 6143 26623 (6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (= 36864 + 47264-1) 84479 (= 84128 + 352) 94719 (84480+10240-1) 126975 (= 94720 + 32256-1) |131071 = (126976 +4096-1) The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512-160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments.img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments.ing that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img
Transcribed Image Text:Task 2: dd Extraction A JPEG file has been split into three parts (of random size) and the parts have been placed into a larger file called segments.img (not necessarily in their original order). Download your personalized assignment files, segments.img, README.txt, and partitions.txt into your Kali Linux VM. Use wget as before. For example, you'd use "wget https://facsrv.cs.depaul.edu/zhuang28/courses/csec450/hw3/1111111/segments.img" (replace 1111111 with your 7-digit DePaul ID) to download your segments.img For example, if the JPEG file has length 100000 bytes, it might be split into three parts as follows (all numbers are in decimal): LENGTH (bytes) START OFFSET IN JPEG FILE (bytes) END OFFSET IN JPEG FILE (bytes) PART part 1 32256 63*512 part 2 20480 40*512 part 3 47264 92*512 + 160 0 32256 32256+2048052736 32255 52735 99999 Then the file segments.ing might have length 131072 bytes and be composed as follows: zeroes zeroes PART LENGTH (bytes) START OFFSET IN segments.img (bytes) 6144 part 2 6144 = 12*512 20480 = 40*512 10240 = 20*512 47264-92*512 + 0 26624 (6144+20480) 36864 (= 26624 + 10240) 160 352 = 512-160 84128 (-36864 + 47264) part 3 zeroes for padding zeroes part 1 zeroes 1024020*512 32256 63*512 = 4096 = 8*512 84480 (84128+352) 94720 (= 84480 + 10240) 126976 (94720 + 32256) In the tables above, the end offsets are inclusive. END OFFSET IN segments.img (bytes) 6143 26623 (6144+20480-1) 36863 (= 26624 + 10240-1) 84127 (= 36864 + 47264-1) 84479 (= 84128 + 352) 94719 (84480+10240-1) 126975 (= 94720 + 32256-1) |131071 = (126976 +4096-1) The lengths of the zeroed areas are random, except that the third part of the JPEG image has 352 (= 512-160) zero bytes after it to "pad" it out to be a multiple of 512 bytes. Your task is to extract the three parts of the JPEG file from segments.img and reassemble them into the original JPEG file. This task mirrors what happens when with trying to extract fragmented files from a filesystem without tool support. However, this task is easier because: 1. All of the bytes in segments.ing that are not from one of the parts of the original JPEG file are guaranteed to be zero. 2. All three parts are guaranteed to be at offsets divisible by 512 within segments.img
Expert Solution
steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer