User Tools

Site Tools


Sidebar

projects

  • uxi0 (due 20150128)
  • arc0 (due 20150204)
  • pbx0 (due 20150211)
  • pbx1 (due 20150225)
  • udr0 (due 20150311)
  • udr1 (due 20150318)
  • udr2 (due 20150408)
  • EoCE - bottom of Opus (due 20150514 by 4:30pm)
haas:spring2015:unix:projects:udr0

Corning Community College

CSCS1730 UNIX/Linux Fundamentals

~~TOC~~

Project: UNIX DATA RECOVERY (udr0)

Errata

Typos and bug fixes:

  • It would appear that there were 2 typos that could have caused confusion (yet more than a few people have seemed to compensate for the typos and continue to work through the project). The first is the address for the table of contents… I erroneously had put down the wrong thing. The TOC starts at address 0x1ced3; I have updated the project page accordingly. (20150304)
  • There was also a typo IN the original TOC in the memory dump file, which has been corrected (it erroneously stated an incorrect address of the TOC, this has been corrected (also to 0x1ced3)), Grab another copy of the memory dump to be entirely up to date. (20150304)

Objective

Use your UNIX skills and tools at hand to enable you to solve a problem in the realm of raw data management and data recovery.

Background

As a side job to help you through school, you've become employed at a local microblogging and meme archival firm as their head UNIX IT lead. Your run-of-the-mill tasks include setting up single-purpose web pages and web-browsable images to aid the researchers in tracking the evolution of memes.

Everything was going fine, until one day a researcher, with freshly obtained meme from a multi-seeded bittorrent transfer, experienced a hard drive failure.

Preservation of this meme is downright critical to on-going research, and with seconds to spare before the system locks up, you manage to do a memory dump of the region of RAM containing the downloaded meme data, and transfer it to another system before it becomes unresponsive.

The last thing you see on the screen before the system locks up is a hex address of the table of contents and its octal length:

  • address (in hex): 0x1ced3
  • length (in octal): 127

Hard drive replaced and OS reinstalling on the researcher's computer, your task is now of equal importance: pick out the file fragments from the raw memory dump, and assemble them all into one file, meeting specifications laid out by the researchers and chief meme archivist.

The air is thick with anticipation.

This is the moment you've been working towards your whole life.

You pause and do a quick tai chi exercise to calm the mind and gather some inner energy. Eyes closed. Deep breath in. Deep breath out. Your eyes snap open and shine with a fierceness and determination that would make any obfuscated data quiver.

It is go time.

Obtain the file

This week's project is located in the spring2015/udr0/ directory of the UNIX Public Directory, in a file called: memdump.ram

There is a companion file called dectohex.c that may be of some value, directly or indirectly.

Make a copy of these into your home directory somewhere and set to work.

NOTE: Hopefully it has been standard practice to locate project files in their own unique subdirectory, such as under src/unix/, where you can then add/commit/push the results to your repository (you ARE regularly putting stuff in your repository, aren't you?)

Process

The file you seek has been broken up into separate parts, each potentially encoded or encapsulated in some way.

To make matters more interesting, the file fragments are located in a raw memory dump, which you'll have to perform some minor data recovery techniques on to get them out and further massage them.

There is a table of contents index located within this memory dump… it is of the following format:

-toc-filename:offset,length;filename2:offset,length;...;-toc-

To make things more interesting, the offset is stored as a hexadecimal value.

The length is recorded in octal.

You will likely want to convert these values to decimal before using various tools.

Luckily, you know where to get the table of contents from memory. From there, you can reconstruct the means to access the remaining file fragments.

Useful tools

You may want to become familiar with the manual pages of the following tools (in addition to tools you've already encountered):

  • dd(1)
  • netpbm(1)
  • pnmscale(1)

Additionally, looking through any companion files provided in this project may offer you some unique value.

Submission

Successful completion will result in the following criteria being met:

  • Resulting image has been scaled approximately 2x to a resolution of 414×418
  • Image has been converted to PNG format and named meme0531.png
  • Image has been placed in your Lab46 webspace, in a unix/udr0/ directory which is searchable to the web server (world search); image is world readable.
    • All parent directories need to also be world searchable in order to function
      • Setting all permissions could result in your home directory being accessed by third parties. ONLY set the minimum required permissions.
    • Aside from user permission, group should have no permissions set.
    • ONLY the indicated permission for world should be set for impacted files.
    • Be sure you can view said image in a web browser.
  • When all is said and done, you will submit 2 files:
    • info.txt, which contains:
      • line 1: the full URL to view your file in a web browser
      • line 2: the phrase encountered when viewing this image
      • lines 3-: the command lines you used to undertake this project (you can exclude initial copying and end submission commands).. be sure to mention offsets/lengths/sizes of things.
    • meme0531.png, which should conform to the resolution and format specifications above, and be correctly reassembled.

Submit

Please submit as follows:

lab46:~/src/unix/udr0$ submit unix udr0 info.txt meme0531.png
Submitting unix project "udr0":
    -> info.txt(OK) 
    -> meme0531.png(OK) 

SUCCESSFULLY SUBMITTED
lab46:~/src/unix/udr0$ 
haas/spring2015/unix/projects/udr0.txt · Last modified: 2015/03/04 10:56 by wedge