Puzzle #5 File Signatures
The challenges in this puzzle focus on how a computer decides what software to use when opening a file. There are 7 challenges, each requires you to successfully open a file to answer the question. Solutions for challenges #1–4 are provided below and solutions for the Advanced #5–7 challenges will be posted next week. To really learn from this puzzle, it is strongly recommend to use a Windows computer.
Download Puzzle5Files.zip and extract it to a Windows computer folder. Then for each file (1) figure out what software to use to open it successfully and (2) using the info in the files, answer the questions:
1. File01 — Q: What will you need ?
2. File02 — Q: How many penguins?
3. File03 — Q: What does my binary add up to?
4. File04 — Q: What’s for sale?
ADVANCED — Each one of these files also has a flag hidden inside
5. File05 — Q: What has black dots?
FLAG:
6. File06 — Q: What’s a matryoshka?
FLAG:
7. File07 — Q: Who’s there?
FLAG
SOLUTION Background: To a computer, a file is stored as just a series of 0s and 1s. To open the file, you need to use the right program to get something meaningful. The Windows operating system looks at the file extension to decide which application to launch when a file is opened. For instance, a file ending with .docx should be opened with Microsoft Word. Or a file ending with .mp3 should be opened with software like VLC Media Player. But what happens if you give Windows the wrong extension?
So how can we decide what type of file we have if there is no extension or the extension is incorrect? We can use the File Signature.
Every file has a file header which is at the start of the file and a file footer which indicates the end of the file. Most file formats store the filetype information in the first few bytes of the file. They are known as the “magic bytes” or the file signature. The file signature is a hexadecimal number that is always used to identify that specific file type.
To see the file header, use a hex editor application which will show the contents of the file as it is stored in hexadecimal format. Some popular hex editors are HxD (Windows), GHex (Linux) and HexEdit(online) When a file is viewed using a Hex Editor, the magic number will appear at the very beginning — i.e in the file header. In the case of jpeg, the file signature is ‘0xFFD8’. This website is a reference on file signatures and formats, but you can find lots of others online.
Linux and Mac ignore file extensions and use the file signature to identify filetype. In terminal, the command file * will provide a list of all files in the directory including a description of the filetype. In the image, the ls command is used to list the names of all files in the Desktop directory. Then the file * command results in a list of files with their filetype information.
SOLUTION and demo for challenges #1 to #4: For each file listed: (1) download it onto a Windows computer (2) open it with a Hex Editor and (3) find the magic number. Match the magic bytes with the info in a file signature reference to identify the filetype extension. Rename each file to include the identified extension, then open the file. ALL files will open successfully if you have the right extension.
1. File01.wav — Q: What will you need ? A bigger boat
2. File02.jpg — Q: How many penguins? Three
3. File03.zip — Q: What does my binary add up to? 165
4. File04.docx — Q: What’s for sale? Baby shoes
Watch the video for a detailed explanation of these solutions. And check next week for the solution to Advanced File Signature challenges #5 to #7 😉
