Dans cet article, nous allons voir comment craquer une archive chiffrée protégée par un mot de passe en utilisant :
- L’attaque à clair connu de Biham et Kocher sur des archives Zip (PKZIP) basées sur la méthode de chiffrement ZipCrypto Store (peut être étendu à ZipCrypto Deflate).
- Une attaque classique par liste de mots sur d’autres archives chiffrées telle que les archives Zip (WinZip) basées sur la méthode de chiffrement AES (128,192,256), 7-Zip ou encore RAR.
Pour réaliser cette attaque, il faut au moins 12 octets de texte en clair connu et au moins 8 d’entre eux doivent être contigus. Plus le texte connu contigu est grand, plus l’attaque est rapide.
Perhaps the most popular (or infamous) example of a shell namespace extension is the Compressed Folders extension, which handles the exploration of ZIP files. [...] Unfortunately, the code hasn’t really been updated in a while. A long while. The timestamp in the module claims it was last updated on Valentine’s Day 1998, and while I suspect there may’ve been a fix here or there since then (and one feature, extract-only Unicode filename support), it’s no secret that the code is, as Raymond Chen says: “stuck at the turn of the century.”
Unfortunately, there are degenerate cases where the ZIP Folders support really is broken. I ran across one of those yesterday. [...] Windows spent well over a minute showing “Calculating…” with no visible progress beyond the creation of a single subfolder with a single 5k file within. Huh? I knew that the ZIP engine beneath ZIP Folders wasn’t well-optimized, but I’d never seen anything this bad before. After waiting a few more minutes, another file extracted, this one 6.5 mb. This is bananas.
After some small reads from the end of the file (where the ZIP file keeps its index), the entire 11 million byte file was being read from disk a single byte at a time:
This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.
$ python3 -m zipfile -e overlap.zip .
Traceback (most recent call last):
...
__main__.BadZipFile: File name in directory 'B' and header b'A' differ.
... and the standard UNIX tool zipinfo
cannot display them !
So here is Python one-liner to extract them, and other useful meta informations:
python -c "import json, sys, zipfile; json.dump([{k: str(getattr(i, k)) for k in zipfile.ZipInfo.__slots__} for i in zipfile.ZipFile(sys.argv[1]).infolist …