实验FAT32-1说明:FAT32-1.img是一个包含FAT32文件系统的磁盘镜像,请使用winhex手工方式读出这个文件系统内的指定文件,并回答其md5 HASH值。
要求:
1、利用WINHEX手工方式读取。
2、不得使用WINHEX模板功能。
3、不得使用WINHEX文件系统解析功能。
4、填写的MD5 HASH值全部为大写,不包括0x头标或H尾标,中间不得有任何间隔符号(包括空格、制表符、’-’等符号),以WINHEX软件运算出的HASH值为准。
实验目的:
1、实现手工方式跟踪一个FAT32文件系统,并读出指定的某个文件。
2、理解多目录块的组合方式。
3、理解多个文件碎片的处理方式。
4、理解DBR、FAT表等文件系统组件。
5、熟练使用WINHEX
题库:
1、实验X中,\FROMBYTE51\28.txt文件的md5 HASH值为___________?
2、实验X中,\FROMBYTE55\8.txt文件的md5 HASH值为___________?
... ...
附:实验环境生成脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
#!/bin/bash
qemu-img create -f raw FAT32-1.img 500M
losetup
/dev/loop0
FAT32-1.img
parted -s
/dev/loop0
mklabel msdos
parted -s
/dev/loop0
mkpart -s primary fat32 128s 100%
mkfs.fat -F 32 -s 8
/dev/loop0p1
mount
/dev/loop0p1
/mnt
for
((i=1;i<=150;i++));
do
mkdir
/mnt/
"FROMBYTE"
$i
for
((ii=1;ii<10;ii++));
do
r2=$(($RANDOM % 32 + 512))
#create file
r3=$(($RANDOM % 32))
for
((iii=1;iii<$r2;iii++));
do
if
[ $r3 -
eq
$iii ] ;
then
# random write "COPY RIGHT"
echo
-n
"*****COPY RIGHT:"
>>
/mnt/
"FROMBYTE"
$i/$ii.txt
r3=$(($RANDOM % 32 + $r3))
else
echo
-n
"www.frombyte.com"
>>
/mnt/
"FROMBYTE"
$i/$ii.txt
fi
done
done
done
for
((i=1;i<=150;i++));
do
for
((ii=1;ii<10;ii++));
do
r2=$(($RANDOM % 512 + 512))
#add padding
r3=$(($RANDOM % 32))
for
((iii=1;iii<$r2;iii++));
do
if
[ $r3 -
eq
$iii ] ;
then
# random write "COPY RIGHT"
echo
-n
"*****COPY RIGHT:"
>>
/mnt/
"FROMBYTE"
$i/$ii.txt
r3=$(($RANDOM % 32 + $r3))
else
echo
-n
"www.frombyte.com"
>>
/mnt/
"FROMBYTE"
$i/$ii.txt
fi
done
done
done
for
((i=65;i<=150;i++));
do
md5sum
/mnt/
"FROMBYTE"
$i/* |
tr
a-z A-Z >>~
/FAT32-1/FAT32-1
.md5
done
cd
umount
/dev/loop0p1
losetup -d
/dev/loop0
|
总过程:
1、按上述脚本生成md5集合FAT32-1.md5,FAT32-1.img镜像
2、通过FAT32-1.md5,生成题库。方法有:
a、利用excel编辑替换的方式生成
b、linux下使用awk 、sed加shell的方式生成
c、利用python生成
示例,使用awk、sed生成题库(为容易看,断行,执行时一行即可,考题里的格式仍有出入,仅做演示,可以针对情况修改)
1
2
3
4
|
sed
-e
's/\/MNT//'
-e
's/TXT/txt/'
FAT32-1.md5
|
awk
'{print
"test2:"
,$2,"
,this
file
MD5 HASH is:0x___.
","
\\\\
"$1"
\\\\easy\\\\.."}' >
test
.txt
|
结果如下(截取部分):
test2: /FROMBYTE95/8.TXT ,this file MD5 HASH is:0x___. \\46D40D302D0CEBCF541086589E9FCCFB\\easy\\..
test2: /FROMBYTE95/9.TXT ,this file MD5 HASH is:0x___. \\D15F6065CDA928F5A581225AD2FA0AD0\\easy\\..
test2: /FROMBYTE96/1.TXT ,this file MD5 HASH is:0x___. \\646E1F87F8458D0423FE9E64EBBD1908\\easy\\..
test2: /FROMBYTE96/2.TXT ,this file MD5 HASH is:0x___. \\0E7C3DCBF868495E43BD6A34CE6D8418\\easy\\..
test2: /FROMBYTE96/3.TXT ,this file MD5 HASH is:0x___. \\681757B565DB23A467CDB527D2D107C8\\easy\\..
test2: /FROMBYTE96/4.TXT ,this file MD5 HASH is:0x___. \\C2FCEEBEE9FD30D107C0D5D57E5785A2\\easy\\..
test2: /FROMBYTE96/5.TXT ,this file MD5 HASH is:0x___. \\09F17DBAACA7AC8277457B5A97B14D66\\easy\\..
test2: /FROMBYTE96/6.TXT ,this file MD5 HASH is:0x___. \\3C63DB19A48086A33A31620346EB5F9B\\easy\\..
test2: /FROMBYTE96/7.TXT ,this file MD5 HASH is:0x___. \\B8FFC3B07E67D85E60B5B71367D75D90\\easy\\..
test2: /FROMBYTE96/8.TXT ,this file MD5 HASH is:0x___. \\12FC052979EAD0BC0C398E275CB6F56D\\easy\\..
test2: /FROMBYTE96/9.TXT ,this file MD5 HASH is:0x___. \\6C2055640D7FA21C6E9F8A31AB3A4C50\\easy\\..
test2: /FROMBYTE97/1.TXT ,this file MD5 HASH is:0x___. \\94791A0E619868560DF475AB96B5AE4D\\easy\\..
test2: /FROMBYTE97/2.TXT ,this file MD5 HASH is:0x___. \\F31D153B05329D5D22B74B06EEAB86A6\\easy\\..
test2: /FROMBYTE97/3.TXT ,this file MD5 HASH is:0x___. \\6B8375017CB05325CA565D586C596BE8\\easy\\..
test2: /FROMBYTE97/4.TXT ,this file MD5 HASH is:0x___. \\58E0129F24A5915D4BA957D90C05892A\\easy\\..
test2: /FROMBYTE97/5.TXT ,this file MD5 HASH is:0x___. \\66E2B4CD85DABA2ECEB810476B982538\\easy\\..
test2: /FROMBYTE97/6.TXT ,this file MD5 HASH is:0x___. \\502514DE713A04FBAFE3A44C8598028C\\easy\\..
test2: /FROMBYTE97/7.TXT ,this file MD5 HASH is:0x___. \\B66025D4FDD12837438ED36903F738A7\\easy\\..
test2: /FROMBYTE97/8.TXT ,this file MD5 HASH is:0x___. \\0F3B53E05AA6955A8377E55403E468F5\\easy\\..
test2: /FROMBYTE97/9.TXT ,this file MD5 HASH is:0x___. \\0A6EFA940D546735505D6847AFD4F9E0\\easy\\..
test2: /FROMBYTE98/1.TXT ,this file MD5 HASH is:0x___. \\E2567294C0EB341E43B1D26FF7372898\\easy\\..
test2: /FROMBYTE98/2.TXT ,this file MD5 HASH is:0x___. \\5624DA049E95F06475A2AF58BED6F050\\easy\\..
test2: /FROMBYTE98/3.TXT ,this file MD5 HASH is:0x___. \\8AB67DCDA00069208F1162C3FEF2BBD5\\easy\\..
改进的方法:用python改写脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/usr/bin/python3
import
os
import
random
import
hashlib
import
struct
r
=
os.system
rc
=
random.choice
ri
=
random.randint
md5
=
hashlib.md5
items
=
[
1
,
2
,
3
,
4
,
5
,
6
,
7
,
8
,
9
,
10
]
r(
"cd ~/FAT32-1"
)
fkaoti
=
open
(
"FAT32-1-kaoti.txt"
,
'w+'
)
r(
"qemu-img create -f raw FAT32-1.img 500M"
)
r(
"losetup /dev/loop0 FAT32-1.img"
)
r(
"parted -s /dev/loop0 mklabel msdos"
)
r(
"parted -s /dev/loop0 mkpart -s primary fat32 128s 100%"
)
r(
"mkfs.fat -F 32 -s 8 /dev/loop0p1"
)
r(
"mount /dev/loop0p1 /mnt"
)
for
i
in
range
(
1
,
151
):
r(
"mkdir /mnt/FROMBYTE%d"
%
i)
for
ii
in
range
(
1
,
11
):
f
=
open
(
"/mnt/FROMBYTE%d/%d.txt"
%
(i,ii),
'w+'
)
for
iii
in
range
(
1
,ri(
500
,
550
)):
if
ri(
1
,
32
)
=
=
1
:
f.write(
"*****COPY RIGHT:"
)
else
:
f.write(
"www.frombyte.com"
)
f.close()
for
i
in
range
(
1
,
151
):
random.shuffle(items)
for
ii
in
items:
f
=
open
(
"/mnt/FROMBYTE%d/%d.txt"
%
(i,ii),
'a'
)
for
iii
in
range
(
1
,ri(
1000
,
1100
)):
if
ri(
1
,
32
)
=
=
1
:
f.write(
"*****COPY RIGHT:"
)
else
:
f.write(
"www.frombyte.com"
)
f.close()
#//对65以后的目录生成MD5 HASH,65之后即不可能存在于第一个目录块(65*32*2 > 4096),考核FAT表对目录的跟踪
for
i
in
range
(
65
,
151
):
for
ii
in
range
(
1
,
11
):
fn
=
"/mnt/FROMBYTE%d/%d.txt"
%
(i,ii)
ff
=
open
(fn,
'r'
)
data
=
ff.read()
ff.close()
fkaoti.write(
"实验FAT32-1中,文件系统中对\"%s\",人工读取内容后计算得到的文件MD5 HASH值为0x___。//%s//容易。。\n"
\
%
(fn,md5(data.encode(
"utf8"
)).hexdigest().upper()) )
fkaoti.flush()
fkaoti.close()
r(
"cd"
)
r(
"umount /dev/loop0p1"
)
r(
"losetup -d /dev/loop0"
)
|
总过程:
将FAT32-1.img和FAT32-1-kaoti.txt做相应处理即可。参考答案不可留在考试系统内。