Advent of Cyber 2023 Day-5

A Christmas DOScovery: Tapes of Yule-tide Past


3 min read

Advent of Cyber 2023 Day-5

The backup tapes have finally been recovered after the team successfully hacked the server room door. However, as fate would have it, the internal tool for recovering the backups can't seem to read them. While poring through the tool's documentation, you discover that an old version of this tool can troubleshoot problems with the backup. But the problem is, that version only runs on DOS (Disk Operating System)!

Thankfully, tucked away in the back of the IT room, covered in cobwebs, sits an old yellowing computer complete with a CRT monitor and a keyboard. With a jab of the power button, the machine beeps to life, and you are greeted with the DOS prompt.

Frost-eau, who is with you in the room, hears the beep and heads straight over to the machine. The snowman positions himself in front of it giddily. "I haven't used these things in a looong time," he says, grinning.

He hovers his hands on the keyboard, ready to type, but hesitates. He lifts his newly installed mechanical arm, looks at the fat and stubby metallic fingers, and sighs.

"You take the helm," he says, looking at you, smiling but looking embarrassed. "I'll guide you."

You insert a copy of the backup tapes into the machine and start exploring.

Day 5 of AoC works with MS-DOS and also teaches some stuff about magic bytes and reverse engineering.

First of all, start the provided VM. After boot up, you will have a split-screen view of a Windows 10 machine.

Launch the DOSBox-X executable to proceed.

After launching, we are greeted with a welcome screen.

Run the cls command to clear the screen. After running the dir command, we see

In particular, we see the AC2023.BAK file and also the answer to our first task, the size of the file in bytes: 12,704.

Now we are told about the software to recover the corrupt backup, so navigate to C:\TOOLS\BACKUP\ folder using cd command and run the dir command.

We see the executable and a README file. Doing type README.txt won't do us much good as the file is long and all the text won't fit on the screen. Hence do edit README.txt to see the "head" of the file, which gives us the answer to our second task BackupMaster3000 !

Also on reading the rest of the file, we get to know that the first two bytes of the backup should by 41 43. The bytes with ASCII values 41 and 43 are A and C respectively. So to recover the backup, we can try to fix the magic bytes.

Open the backup file (C:\AC2023.BAK) by doing [Alt] f o and then navigating to it. Also, check the "open binary" option. Alternatively, close the editor and then open the file from the shell.

Now simply do [insert] A C to overwrite the first two bytes with "AC". Then exit the editor with saving by doing [Alt] f x y

Now on running BUMASTER.EXE C:\AC2023.BAK, we are greeted with the answer to the third task, our flag THM{0LD_5CH00L_C00L_d00D}