How To Work With Magic Numbers in Linux -2

H

Okay, so we are going to continue our article from the previous post. So, if you haven’t read our previous post on magic numbers, then read before going through this post.

How to extract zip files from the output using the magic numbers and offset?

#1. Find Beginning Offset of the File

If you want to extract zip files from the output, then you have to first locate the beginning offset of the file you want to extract. In our case, we are wishing to extract the zip file from the PNG file. We are first going to look for the zip header. As we have discussed in the previous article, we are going to use this command – xxd output.png | grep “PK”. For zip file offset is going to be 00001c90.

#2. Calculate Number of Bits from the Offset

Now, we have to calculate the number of bits from the offset from where zip file starts. It can be calculated manually, you can observe the offset number if you try to calculate yourself 00001c95.

#3. Convert Hex Value to Decimal

This function can be performed by opening python IDLE. You have to type python in the Linux terminal. We can now convert the value into decimal. In python IDLE, we just have to put 0x to the beginning of the value found in the previous step.

#4. Use this Command

‘dd if=*input file* bs=1 skip=*value
calculated in step 3* of=*output file name*’

In this command, “if” stands for an input file. “Skip” refers to the number of bits that we have skipped to reach the file from which we have to extract the information. “Bs” denotes to a number of bites which needs to read at a time and “of” describes the output files.

#5. File Extraction

Now, we can open the zip file in the terminal to extract the file name from it.

nautilus ./

How to corrupt Files by changing its magic number?

By making a slight change in the magic number of the file, you can make a file useless, that’s because no other tool or software can read the file if the magic number of the file has been changed. A file can be corrupted by the following methods.

#1. Install Hex Editor

To corrupt a file, you have to download Hex editor. It is a very popular tool which can be easily downloaded using this command;

sudo apt-get install hexedit

You can open download hex file by;

hexedit image.png

#2. Change your File

To change the bytes of a file using hex edit, you have to simply move your cursor on the file bite and type your desired name. For the sake of this article, we can change the magic numbers from 89 50 to 00 00. To save and exit, press Ctrl X and then Y.

How to repair file using a magic number?

Okay, now taking the example of the file which we have corrupted above, we will try to repair the same by using the magic number. Now, if you try to open the PNG file which we have earlier corrupted, then you will get “ could not load” or “not a PNG file” errors. This is proof that a system looks at the magic number before opening a file. Knowing that the PNG magic numbers start with 89 50, we can change the bytes back to their original value.

This article is our humble take on magic numbers and their importance. If you liked our two series article, then don’t forget to comment and like our post.