Hi could someoneplease help me with the below task I need to find the hidden magin number using HxD and i$\text{'}$m not quite sure how.

There are some hidden data in the recovered picture $$Broken$.$pdf$.$ A ZIP file is suspected.

Open the file in HxD and search for the $$magic number$$ to locate the hidden ZIP file. $($Hint:

the $$magic number$$ is specified in $$archive$.$pdf$$ under $$~Desktop$/$Data$-$files$/$week$05/.)$

Use copy and paste in HxD to carve out the hidden file. $($Hint: PDF files normally have a

footer of Hex value $0$xFFD$9$; and you should convert the Oct values of the magic numbers

to Hex values for better clarity.$)$

Extract the contents of the hidden file and briefly describe what the contents are.

Please report your findings by preparing a document, and listing the steps you took with

screenshots. If commands are used, please explain their switches.

This is the archive contents

#$------------------------------------------------------------------------------$

# archive: file$(1)$ magic for archive formats $($see also "msdos" for self$-$

#

extracting compressed archives$)$

#

# cpio, ar$,$ arc, arj, hpack, lha$/$lharc$,$ rar, squish, uc$2,$ zip, zoo, etc.

# pre$-$POSIX "tar" archives are handled in the C code.

# POSIX

$257$

$!$:mime

$257$

$!$:mime

tar archives

string

ustar$\backslash 0$

POSIX tar archive

application$/$x$-$tar # encoding: posix

string

ustar$\backslash 040\backslash 040\backslash 0$ GNU tar archive

application$/$x$-$tar # encoding: gnu

# cpio archives

#

# Yes, the top two "cpio archive" formats $*$are$*$ supposed to just be "short".

# The idea is to indicate archives produced on machines with the same

# byte order as the machine running "file" with "cpio archive", and

# to indicate archives produced on machines with the opposite byte order

# from the machine running "file" with "byte$-$swapped cpio archive".

#

# The SVR$4$ "cpio$(4)"$ hints that there are additional formats, but they

# are defined as "short"s; I think all the new formats are

# character$-$header formats and thus are strings, not numbers.

$0$

short

$070707$

cpio archive

$!$:mime application$/$x$-$cpio

$0$

short

$0143561$

byte$-$swapped cpio archive

$!$:mime application$/$x$-$cpio # encoding: swapped

$0$

string

$070707$

ASCII cpio archive $($pre$-$SVR$4$ or odc$)$

$0$

string

$070701$

ASCII cpio archive $($SVR$4$ with no CRC$)$

$0$

string

$070702$

ASCII cpio archive $($SVR$4$ with CRC$)$

# Debian package $($needs to go before regular portable archives$)$

#

$0$

string

$=!$

debian

$!$:mime application$/$x$-$debian$-$package

$>8$

string

debian$-$split

part of multipart Debian package

$>8$

string

debian$-$binary

Debian binary package

$>8$

string

$!$debian

$>68$

string

$>\backslash 0$

$($format $\%$s$)$

# These next two lines do not work, because a bzip$2$ Debian archive

# still uses gzip for the control.tar $($first in the archive$).$ Only

# data.tar varies, and the location of its filename varies too.

# file$/$libmagic does not current have support for ascii$-$string based

# $($offsets$)$ as of $2005-09-15.$

#$>81$

string

bz$2$

$\backslash$b$,$ uses bzip$2$ compression

#$>84$

string

gz

$\backslash$b$,$ uses gzip compression

#$>136$

ledate

x

created: $\%$s

# other

$0$

$0$

$0$

$0$

$0$

$0$

$!$:mime

archives

long

$0177555$

short

$0177555$

long

$0177545$

short

$0177545$

long

$0100554$

string

$=$

application$/$x$-$archive

very old archive

very old PDP$-11$ archive

old archive

old PDP$-11$ archive

apl workspace

archive

# MIPS archive $($needs to go before regular portable archives$)$

#

$0$

string $=!$

$\_\_\_\_\_\_\_\_\_\_$E

MIPS archive

$>20$

string U

with MIPS Ucode members

$>21$

string L

with MIPSEL members

$>21$

string B

with MIPSEB members$>19$

$>19$

$>22$ string

string

string

$0$ search$/1$

L

B

X

and an EL hash table

and an EB hash table

$--$ out of date

$-$h$-$

Software Tools format archive text

#

# XXX $-$ why are there multiple thingies? Note that $0$x$213$c$6172$ is

# $"!$

current ar archive

# $0$

long

$0$x$213$c$6172$

archive file

#

# and for SVR$1$ archives, we have:

#

# $0$

string

$\backslash$

System V Release $1$ ar archive

# $0$

string

$=$

archive

#

# XXX $-$ did Aegis really store shared libraries, breakpointed modules,

# and absolute code program modules in the same format as new$-$style

# $"$ar$"$ archives?

#

$0$

string

$=!$

current ar archive

$!$:mime application$/$x$-$archive

$>8$

string

$\_\_.$SYMDEF

random library

$>0$

belong

$=65538$

$-$ pre SR$9\mathrm{.}5$

$>0$

belong

$=65539$

$-$ post SR$9\mathrm{.}5$

$>0$

beshort

$2$

$-$ object archive

$>0$

beshort

$3$

$-$ shared library module

$>0$

beshort

$4$

$-$ debug break$-$pointed module

$>0$

beshort

$5$

$-$ absolute code program module

$0$

string

$\backslash$

System V Release $1$ ar archive

$0$

string

$=$

archive

#

# XXX $-$ from "vax", which appears to collect a bunch of byte$-$swapped

# thingies, to help you recognize VAX files on big$-$endian machines;

# with "leshort", "lelong", and "string", that's no longer necessary....

#

$0$

belong

$0$x$65$ff$0000$

VAX $3\mathrm{.}0$ archive

$0$

belong

$0$x$3$c$61723$e

VAX $5\mathrm{.}0$ archive

#

$0$

long

$0$x$213$c$6172$

archive file

$0$

lelong

$0177555$

very old VAX archive

$0$

leshort

$0177555$

very old PDP$-11$ archive

#

# XXX $-"$pdp$"$ claims that $0177545$ can have an $\_\_.$SYMDEF member and thus

# be a random library $($it said $0$xff$65$ rather than $0177545).$

#

$0$

lelong

$0177545$

old VAX archive

$>8$

string

$\_\_.$SYMDEF

random library

$0$

leshort

$01$