Zip bomb can compress 4.5 million GB of data into a 46MB file

Using ZIP files is a handy way to compress information, thereby simplifying storage, movement, and data replication on a large scale. This method is not new and has been used for decades, but the practical issues of life of 5.25-inch and 3.5-inch floppy disks make storing zip files with a floppy disk a gamble. when it comes to long-term data preservation processes.

1. Basic measurement units in computers

For many years, people have created the so-called 'zip bomb' - a term related to nested architectures of a layer that, when decompressed to the last layer, the size of the data set will be larger. a lot of. Also after decompressing into large files, the zip bomb may prevent the computer from processing large amounts of data that suddenly appear in memory, or the data will not be able to be stored on the hard drive, even causing the computer to stop working. An unidentified file, called 42.zip, has appeared and floated on the network for many years, can be 'packaged' up to 4.5PB (equivalent to 4.5 million GB or 45,000TB) of data. in the appearance of an archive of about 42KB in size with this zip bomb method. Anti-virus software as well as the current decompression application often prevents zip bomb operation by "denying" the instance to the decompression layer after the recursive data layer.

Computer science researcher David Fifield developed his own zip bomb to further improve their data compression capabilities. The file size of David Fifield is much larger, requiring a base file weighing about 46MB to expand into a 4.5PB repository - but the main advantage is that it does not rely on recursion to achieve its compression level. .

1. Archive Extractor - Free online decompression tool with over 70 different file formats

The reason why the zip bomb uses recursion is nothing more than the DEFLATE algorithm used in the ZIP parser that can achieve higher compression rates than 1032: 1. If you want to compress more than that, of course you have to repeat the compression process. David Fifield has discovered a method that can overcome this limit, and our personal blog is as follows:

'This article shows how to build a non-recursive zip bomb with a compression ratio that exceeds the DEFLATE limit of 1032. It basically works on the principle of stacking files inside the zip container, to reference one 'kernel' has highly compressed data in multiple files without making many copies of it. The zip bomb output size will increase with a quadratic coefficient according to the input data size, ie, the compression ratio will become even better when this 'bomb' is larger. This structure depends heavily on the features of both DEFLATE and zip, it cannot be migrated directly to other file formats or compression algorithms. In addition, it is also compatible with most zip parsers, some exceptions are parsers that can be analyzed in one turn without prior references to the central directory. zip file 'center.

1. 5 UWP applications compress and decompress, compact, free for Windows 10

To be able to apply the method to practice, the researcher had to reconsider how data was stored in zip files and choose how to deploy Deflate to best suit.

Fifield has used bulk_deflate, a custom compression program, which is used to compress a repeating byte sequence, as it can pack more 'solid' data than zlib, info_ZIP or Zopfli. However, he also recommends that bulk_deflate may not work as expected in certain usage cases. Besides bulk_deflate, Fifield also had to use a zip standard extension called ZIP64 to create a file with more than 281TB of output data. With ZIP64, you can create a very large and extremely efficient 'zip bomb'.

There are also many other interesting information shared by this researcher on his personal blog, which can be included as a guide on how to create a zip bomb, a correct modifying method for basic standards, and an evaluation. Use compression algorithms other than Deflate to solve the same idea. For example, Bzip2 can also be used to create zip bombs, although not very effective.

1. ZIP bomb can protect websites from hackers

Some antivirus applications can now detect recursive zip bombs and can also detect the method that Fifield has used. But he thinks the zip bomb protection is not too complicated. A 'zip bomb' can be considered equivalent to a DoS attack targeting a single target. This is an attack method that has been around since the early days of the Internet (the first zip bomb was uploaded to the internet in 1996). Future research on this topic is an interesting technical story, even if the possibility of a massive attack with the zip bomb at the moment is quite low.