- Experience how to navigate an unfamiliar legacy system.
- Learn about DOS and its connection to its contemporary, the Windows Command Prompt.
- Discover the significance of file signatures and magic bytes in data recovery and file system analysis.
After the machine is up.
Open AC2023.BAK using the MS-DOS Editor and the command
EDIT C:\AC2023.BAK.
As you can see, the current bytes are set to XX. According to the troubleshooting section we've read, BUMASTER.EXE expects the magic bytes of a file to be 41 43. These are hexadecimal values, however, so we need to convert them to their ASCII representations first.
Go back to the MS-DOS Editor window, move your cursor to the first two characters, remove XX, and replace it with AC. Once that's done, save the file by going to "File > Save".
Now, you can run the command
BUMASTER.EXE C:\AC2023.BAK
Questions:
- How large (in bytes) is the AC2023.BAK file?
ANSWER
12,704
- What is the name of the backup program?
ANSWER
backupmaster3000
- What should the correct bytes be in the backup's file signature to restore the backup properly?
ANSWER
41 43
- What is the flag after restoring the backup successfully?
ANSWER
THM{0LD_5CH00L_C00L_d00D}