xyzc's blog

emm...

0%

easy_nbt

Posted on In
Symbols count in article: 1k Reading time ≈ 1 mins.

easy_nbt - bugku challenge

Basic Information about the challenge

Solving process

In this challenge, we got a file named ‘file.zip’, whose content is as follows:

image-20231107004843136

Reminding of the challenge title, we google ‘what is nbt’ and get this:

image-20231107005526565

source: https://wiki.vg/NBT

So firstly we use binwalk to check level.dat and find:

1
2
3
4
5
$ binwalk level.dat

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), last modified: 1970-01-01 00:00:00 (null date)

This file is a gzip!

Change it to a .zip, unzip it and find a file named level .

Open it with a text editor and search flag.

Finally get it!!!😀

image-20231107010235628

Summary

Binwalk

Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

Here is the repository. https://github.com/ReFirmLabs/binwalk

NBT

The Named Binary Tag (NBT) file format is an extremely simple and efficient structured binary format used by the Minecraft game for a variety of things.

Here is wiki of NBT. https://wiki.vg/NBT