← Back to Home

OverTheWire Bandit: Level 12 → Level 13

Technical Note

Context

This level is a test of patience. We have a file that isn’t just one file, but a nest of compressed archives. Think of it like Russian Matryoshka Dolls. You open the outer layer, only to find another compressed file inside, and then another…

We will also learn to create a safe workspace (/tmp) to avoid messing up the original files.

Goal

The data.txt file is a Hexdump. We must first convert it back to a binary file, and then decompress it layer by layer until we reach the password.

Solution

Step 1: Create a Workspace

Since we might not have write permissions in the home directory, or just to keep things clean, let’s create a folder in /tmp:

mkdir /tmp/my_space
cp data.txt /tmp/my_space/
cd /tmp/my_space

Step 2: Reverse the Hexdump

data.txt is currently a text dump. To convert it back to a compressed binary file, we use xxd -r (reverse):

xxd -r data.txt > data.bin

Step 3: The Loop (Identify and Decompress)

Now, we will repeatedly ask the file command what data.bin is and act accordingly. You will need to repeat this process about 7-8 times.

An example flow looks like this:

# Check file type
file data.bin
# Output: data.bin: gzip compressed data...

# Fix extension (.gz)
mv data.bin data.gz

# Decompress
gzip -d data.gz

# Check again
file data
# Output: data: bzip2 compressed data...

# Fix extension (.bz2) and decompress
mv data data.bz2
bzip2 -d data.bz2

# Check again
file data
# Output: data: gzip compressed data...

# Fix extension (.gz) and decompress
mv data data.gz
gzip -d data.gz

Note: This process will repeat about 8-9 times. Always check the type with file and act according to the table below:

Cheatsheet: How to handle each type?

You will encounter 3 main types. Apply the logic based on the file data output:

Output (file)Action (Rename & Decompress)
gzip compressed datamv data data.gz then gzip -d data.gz
bzip2 compressed datamv data data.bz2 then bzip2 -d data.bz2
POSIX tar archivemv data data.tar then tar -xf data.tar

Continue this loop until the file type says “ASCII text”. The format will change unpredictably (gzip -> bzip2 -> tar -> gzip…).

Finally:

cat data81 (or whatever the final filename is)
# The password is...

Key Takeaways

  1. xxd -r: Reverts a hexdump text back to a binary file.
  2. File Extensions: While irrelevant to the OS, utilities like gzip and bzip2 require specific extensions (.gz, .bz2) to function.
  3. file Command: Identifies the true nature of a file by reading its Magic Bytes/Header.
  4. Decompression Tools:
    • gzip -d: Decompresses .gz.
    • bzip2 -d: Decompresses .bz2.
    • tar -xf: Extracts .tar archives.
← Previous Post
OverTheWire Bandit: Level 11 → Level 12
Next Post →
OverTheWire Bandit: Level 13 → Level 14