picoCTF Recovering From the Snap

This one was fun. I hadn’t ever played around with recovering deleted files.

There used to be a bunch of animals here, what did Dr. Xernon do to them?

This level starts off with the file animals.dd.

A few things I checked on. It looks like this is a disk image. I mounted the image and there are 4 files, but nothing that would indicate a flag or anything.

initial cut at the file

I knew that .dd files were used in disk images, and a quick search lead me to some software called ‘testdisk’

Huh ok, let’s try ‘P’
This looks promising
arrowed down, then will press ‘c’

From here you select the directory you want to save the recovered file to.

This is the flag file

Pretty cool.

Leave a Reply