TAMUctf 2021 Recovery

I needed to copy a flag from my home computer to the mainframe at work, so I used a floppy drive. It looks like a few bytes in the file got corrupted, so I deleted the file thinking it would be fine, but my friend says that’s not enough to prevent hackers from recovering the data.

First I tried to get it with fls and icat, no luck.

Get Unproprietary Git.

python3 ~/altsci/unproprietary/unproprietary/find_compress1.py --magic -l 2069000 floppy.img
found 1116160 gif

python3 ~/altsci/unproprietary/unproprietary/skipto.py floppy.img 1116160 >flag.gif

gwenview flag.gif 

gimp flag.gif 

12:58 < Javantea> okay I got the gif and it's corrupt
12:58 < Javantea> but I bet I can get the data out of it

okteta flag.gif 

Using the file format I learned from Wikipedia GIF

I swapped ba00 with 0e00

That shows us the image. I think I can use that..

But I really want the image data to be changed..

31A 	03 00 05 00 	(3, 5) 	Image width and height in pixels

That did it.

found the 0e00 ba00 and swapped them.

The image shows the solution:

gigem{0u7_0f_516h7_0u7_0f_m1nd}