DF GPT homework

Homework 1: MBR and GPT Analysis Due Date: March 13, 2024, 11:59 pm ■ Done By: Individuals ■ Submission: Individually on Gradescope (automatic grading) ■ For Homework 1, you will write a program that analyzes the Master Boot Record (MBR) and GUID Partition Table (GPT) of forensic disk images. Sample raw images and resources for you to use while programming are available here. ■ Download sample raw images and resources We assume you use an x86-64 architecture-based computer for this project. Your program, which must be an executable called boot_info, must take as input the path to a raw image with option -f (files) and offset values with option -o (explained in point 5 below), like so: ./boot_info -f sample.raw -o 123 78 257 1. Before opening the raw image (sample.raw), your program should first calculate MD5 and SHA-256 hash values. The hash values should be stored as MD5-[filename.raw].txt and SHA-256-[filename.raw].txt and should contain only the hash values (case-insensitive), not any other text. For example, if the name of the raw image file is Sparky.raw then your authentication module needs to generate MD5-Sparky.raw.txt and SHA-256-Sparky.raw.txt before opening the raw image. As long as the hash value uses upper- or lower-case letters, it doesn’t matter since we will use an insensitive check when grading. You can check the correct hash value from the “hash_info” folder in the shared link. 2. Next, make sure to open the image in read-only mode to maintain its integrity, then identify the partitioning scheme, distinguishing between MBR and GPT. 1 3. Following that, proceed to locate and extract the partition tables from both MBR and GPT. 4. For MBR output, the MBR type is required to generate partition information, including the hexadecimal value and corresponding type, the start sector address (in LBA), and the size of each partition in decimal. This information should be presented in the following format: (07) HPFS/NTFS/exFAT , 2056320, 208845 Note: For the partition types, You can download the common partition type here. ■ Download the common partition type: csv or json This is the one instance where I will allow students to share information for homework solutions: If a more digitally ingestible version (e.g., JSON) of the partition types were to be distributed among the class, I would accept its use as not violating the academic integrity policy. However, the usual rules apply for citations, etc. As usual, please feel free to ask clarifying questions on Discord. 5. For each partition your program discovers listed in the MBR, a randomly generated offset value will be given in the argument while calling your program. Locate and read in the boot record of the partition (first sector) and output the hexadecimal values of 16 bytes from that offset of the boot record and the ASCII values of the bytes (if the value is not printable, print “.”) as follows: Partition number: 1 16 bytes of boot record from offset X: 67 66 72 65 65 6D 61 6E 67 66 72 65 65 6D 61 6E ASCII: g f r e e m a n g f r e e m a n Note: The above is only illustrative. The given hex values are not valid in a regular boot record. 6. For GPT output, in the same way, boot_info should take a raw image and calculate hash values. Also, search the hexadecimal values for the starting LBA and ending LBA addresses on the disk of each partition. (The random offset values are irrelevant in this case.) 2 So, invoking your program will output data in the following format: (This is not the real value, your output must be different) $./boot_info -f mbr_sample.raw -o 123 76 258 (07), HPFS/NTFS/exFAT , 2056320, 20884534 (07), HPFS/NTFS/exFAT , 2265165, 20884523 (07), HPFS/NTFS/exFAT , 2474010, 20884513 Partition number: 1 16 bytes of boot record from offset 123: aa 66 72 65 65 6D 61 6E ea 66 72 65 65 6D 61 6a ASCII: . f r e e m a n . f r e e m a j Partition number: 2 16 bytes of boot record from offset 076: bb 66 72 65 65 6D 61 6E be 66 72 63 60 6D 64 6b ASCII: . f r e e m a n . f r c ` m d k Partition number: 3 16 bytes of boot record from offset 258: cc 66 72 65 65 6D 61 6E ec 66 72 62 65 67 67 6c ASCII: . f r e e m a n . f r b e g g l $./boot_info -f gpt_sample.raw -o 123 76 258 Partition number: 1 Partition Type GUID : 12345AF12345CA1109876554321AEDF9 Starting LBA address in hex: 0x100 ending LBA address in hex: 0x1234f starting LBA address in Decimal: 256 ending LBA address in Decimal: 74575 Partition name: EFI system partition Partition number: 2 Partition Type GUID : 12345AF12345CA1109876554321AEDF9 Starting LBA address in hex: 0x100 ending LBA address in hex: 0x1234f starting LBA address in Decimal: 256 ending LBA address in Decimal: 74575 Partition name: EFI system partition //Similarly, display all 5 values for all other partitions // If a partition’s GUID is all 0s (unused), you can skip it and check the next partition. The above is only illustrative. The given values are not related to the image used in the assignment. 3 Note: It isn’t necessary for you to include partition entries if the partition type is 0x00 in MBR. For an explanation of this exclusion, please see the first entry in this table: https://en.wikipedia.org/wiki/Partition_type#List_of_partition_IDs Implementation Your program must work on Ubuntu 18.04 64-bit or later version with the default packages installed. You may find it helpful to set up a virtual machine to do your development. VirtualBox is a free and open-source VM system. If you wish to use packages that are not installed on Ubuntu by default, please submit a file with your code named packages, with a list of packages that you would like installed before calling make. Each line of packages must be a valid package name, one package per line. The submission system will automatically install all the dependencies that the package lists. For example, if you were going to write your assignment in Haskell, you could install the GHC compiler with the following package file: ghc ghc-dynamic In order to test your program, you can use the auto-grader in Gradescope. Yon can access Gradescope on Canvas (left menu). Submission Instructions You will need to submit your source code, along with a Makefile and README. The Makefile must create your executable, called boot_info when the command make is run. Your README file must be plain text and should contain your name, ASU ID, and a description of how your program works. How to make and write Makefiles: du/~newhall/unixhelp/howto_makefiles.html 4 Example of Makefile for python: all: cp your_code.py boot_info chmod +x boot_info clean: rm boot_info Submission: Gradescope Bonus assignment: Up to +3 Points If you have additional ideas for enhancing the analytical capabilities of this program, please feel free to suggest, implement, and submit your code, along with the corresponding output screens and a summary of your work. A dedicated submission section for this purpose is available on Gradescope. We won’t use automated grading for this, but review and grade your submission manually by the course team. ● Submission: You can see the “Bonus section for HW 1” on Gradescope – Report (no limit on the number of pages) Add the sharable link for the code (zip file) to the report 5

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.