-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes
142 lines (121 loc) · 8.04 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Zip structure explanations:
https://en.wikipedia.org/wiki/ZIP_(file_format)#File_headers
Unzipping tests were done with Ubuntu's unzip comand.
! -> this field should be changed in a more thorough implementation
!! -> this field will throw an error if unchanged
!!! -> this filed must be changed for successful unzipping
File header:
0 4 Local file header signature = 0x04034b50 (read as a little-endian number)
4 2 Version needed to extract (minimum)
6 2 General purpose bit flag
8 2 Compression method
10 2 File last modification time
12 2 File last modification date
14 4 CRC-32 of uncompressed data !!
18 4 Compressed size !!!
22 4 Uncompressed size !!!
26 2 File name length (n) !
28 2 Extra field length (m) (assumed 0)
30 n File name !!!
30+n m Extra field (assumed empty)
Central dir header
0 4 Central directory file header signature = 0x02014b50
4 2 Version made by
6 2 Version needed to extract (minimum)
8 2 General purpose bit flag
10 2 Compression method
12 2 File last modification time
14 2 File last modification date
16 4 CRC-32 of uncompressed data !!
20 4 Compressed size !!!
24 4 Uncompressed size !!!
28 2 File name length (n) !
30 2 Extra field length (m) (assumed 0)
32 2 File comment length (k) (assumed 0)
34 2 Disk number where file starts
36 2 Internal file attributes
38 4 External file attributes
42 4 Relative offset of local file header. !!!
This is the number of bytes between the start of the first disk on which the file occurs, and the start of the local file header. This allows software reading the central directory to locate the position of the file inside the ZIP file.
46 n File name !!!
46+n m Extra field (assumed empty)
46+n+m k File comment (assumed empty)
End of Central dir record
0 4 End of central directory signature = 0x06054b50
4 2 Number of this disk
6 2 Disk where central directory starts
8 2 Number of central directory records on this disk !!!
10 2 Total number of central directory records !!!
12 4 Size of central directory (bytes) !!!
16 4 Offset of start of central directory, !!!
relative to start of archive
20 2 Comment length (n) (assumed 0)
22 n Comment (assumed empty)
Create archive:
./zipbomb --num-files=1 --compressed-size=16 > tmp.zip
Result (xxd):
00000000: 504b 0304 1400 0000 0800 a06c 4805 e21e PK.........lH...
00000010: 38bb 1000 0000 0904 0000 0100 0000 30ed 8.............0.
00000020: c081 0800 0000 c030 d6fb 4b5c 640b 6050 .......0..K\d.`P
00000030: 4b01 0214 0014 0000 0008 00a0 6c48 05e2 K...........lH..
00000040: 1e38 bb10 0000 0009 0400 0001 0000 0000 .8..............
00000050: 0000 0000 0000 0000 0000 0000 0030 504b .............0PK
00000060: 0506 0000 0000 0100 0100 2f00 0000 2f00 ........../.../.
00000070: 0000 0000
File header (31 bytes):
00000000: 504b 0304 1400 0000 0800 a06c 4805 e21e PK.........lH...
00000010: 38bb 1000 0000 0904 0000 0100 0000 30
Kernel (16 bytes):
ed 8.............0.
00000020: c081 0800 0000 c030 d6fb 4b5c 640b 60
Central dir header(47 bytes):
50 .......0..K\d.`P
00000030: 4b01 0214 0014 0000 0008 00a0 6c48 05e2 K...........lH..
00000040: 1e38 bb10 0000 0009 0400 0001 0000 0000 .8..............
00000050: 0000 0000 0000 0000 0000 0000 0030
End of Central dir record(22 bytes):
504b .............0PK
00000060: 0506 0000 0000 0100 0100 2f00 0000 2f00 ........../.../.
00000070: 0000 0000
Create archive:
./zipbomb --num-files=2 --compressed-size=16 > tmp.zip
Result (xxd):
00000000: 504b 0304 1400 0000 0800 a06c 4805 d082 PK.........lH...
00000010: 46ca 3400 0000 2804 0000 0100 0000 3000 F.4...(.......0.
00000020: 1f00 e0ff 504b 0304 1400 0000 0800 a06c ....PK.........l
00000030: 4805 e21e 38bb 1000 0000 0904 0000 0100 H...8...........
00000040: 0000 31ed c081 0800 0000 c030 d6fb 4b5c ..1........0..K\
00000050: 640b 6050 4b01 0214 0014 0000 0008 00a0 d.`PK...........
00000060: 6c48 05d0 8246 ca34 0000 0028 0400 0001 lH...F.4...(....
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0030 504b 0102 1400 1400 0000 0800 a06c .0PK...........l
00000090: 4805 e21e 38bb 1000 0000 0904 0000 0100 H...8...........
000000a0: 0000 0000 0000 0000 0000 0000 2400 0000 ............$...
000000b0: 3150 4b05 0600 0000 0002 0002 005e 0000 1PK..........^..
000000c0: 0053 0000 0000 00
File header (31 bytes):
00000000: 504b 0304 1400 0000 0800 a06c 4805 d082 PK.........lH...
00000010: 46ca 3400 0000 2804 0000 0100 0000 30
Quoted block prefix (5 bytes):
00 F.4...(.......0.
00000020: 1f00 e0ff
File header (31 bytes):
504b 0304 1400 0000 0800 a06c ....PK.........l
00000030: 4805 e21e 38bb 1000 0000 0904 0000 0100 H...8...........
00000040: 0000 31
Kernel (16 bytes):
ed c081 0800 0000 c030 d6fb 4b5c ..1........0..K\
00000050: 640b 60
Central dir header(47 bytes):
50 4b01 0214 0014 0000 0008 00a0 d.`PK...........
00000060: 6c48 05d0 8246 ca34 0000 0028 0400 0001 lH...F.4...(....
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0030
Central dir header(47 bytes):
504b 0102 1400 1400 0000 0800 a06c .0PK...........l
00000090: 4805 e21e 38bb 1000 0000 0904 0000 0100 H...8...........
000000a0: 0000 0000 0000 0000 0000 0000 2400 0000 ............$...
000000b0: 31
End of Central dir record(22 bytes):
50 4b05 0600 0000 0002 0002 005e 0000 1PK..........^..
000000c0: 0053 0000 0000 00