Difference between revisions of "Zip bomb"

From TheAlmightyGuru
Jump to: navigation, search
Line 3: Line 3:
 
A '''zip bomb''', also sometimes called by the more generic term '''decompression bomb''', is a compressed file archive that takes advantage of [[compression]] algorithms to store a massive amount of data in a relatively small file. Zip bombs are generally used for malicious purposes, but they can also be used as an teaching tool to demonstrate novel concepts behind [[lossless compression]] and optimization.
 
A '''zip bomb''', also sometimes called by the more generic term '''decompression bomb''', is a compressed file archive that takes advantage of [[compression]] algorithms to store a massive amount of data in a relatively small file. Zip bombs are generally used for malicious purposes, but they can also be used as an teaching tool to demonstrate novel concepts behind [[lossless compression]] and optimization.
  
I don't remember exactly when I learned about zip bombs, but it was sometime in my late 30s. I had toyed with writing hard drive filling programs in my teens, but the concept of tricking virus scanners into doing the dirty work for you was a clever trick.
+
I don't remember exactly when I learned about zip bombs, but it was sometime in my late 30s. I had toyed with writing hard drive filling programs in my teens, but I found the concept of tricking virus scanners into doing the dirty work for you quite clever.
  
 
==Types==
 
==Types==
 
There are two common forms of zip bombs, those which contain a countable number of files, and those that contain recursive files.
 
There are two common forms of zip bombs, those which contain a countable number of files, and those that contain recursive files.
  
Zip bombs which have a countable number of files work by taking advantage of the fact that lossless compression stores patterns. For example, a file which contains a single repeating byte over a million times, can easily be compressed into a files less than 1,000 bytes. Zip bombs of this type take advantage of this by using patterns of patterns to store the same file many times. Thus, when you decompress the archive, you get many huge files of nothing but a single repeating byte. A popular example of a zip bomb of this type is ''42.zip'' which has a file size of only 42,838 bytes, but decompresses to 4,503,599,626,321,920 bytes. It contains a 4.3 GB file repeated over a million times.
+
Zip bombs which have a countable number of files work by taking advantage of the fact that lossless compression stores patterns. For example, a file which contains a single repeating byte over 1,000,000 times, can easily be compressed into an archive around 1,000 bytes. Zip bombs of this type take advantage of this by using patterns within patterns to store the same file many times. Thus, when you decompress the archive, you get a very large number of huge files, all of which contain the same single byte repeated over and over again. A popular example of a zip bomb of this type is ''42.zip'' which has a file size of only 42,838 bytes, but decompresses to 4,503,599,626,321,920 bytes by repeating the same 4.3 GB file over a million times.
  
 
Recursive zip bombs use an interesting trick where the file that is extracted from the archive is identical to the archive itself. Trying to decompress the archive entirely results in an unending loop of decompression. For example, the zip bomb ''r.zip'' is a 440 byte archive, and, when you decompress it, you get a file called ''r.zip'' which is the exact same 440 bytes.
 
Recursive zip bombs use an interesting trick where the file that is extracted from the archive is identical to the archive itself. Trying to decompress the archive entirely results in an unending loop of decompression. For example, the zip bomb ''r.zip'' is a 440 byte archive, and, when you decompress it, you get a file called ''r.zip'' which is the exact same 440 bytes.
  
 
==Purpose==
 
==Purpose==
Like most forms of information, zip bombs can be used for education and misconduct. Zip bombs are educational because, in order to create them, a person must first learn all about how the lossless compression works. However, they are generally used for malicious reasons.
+
Like most forms of information, zip bombs can be used for education and misconduct. Zip bombs are educational because, in order to create them, a person must learn and understand how the lossless compression works. However, they are typically used for malicious reasons.
  
Since they decompress to greater amounts of data than most hard drives can store, zip bombs can be used as a prank to very rapidly fill up a person's hard drive. This type of prank has been around since the early days of computing and can be created with only a couple lines of [[BASIC]] code. The trouble was always, such a program requires the victim to actually run the program, something even a novice user is wary to do. However, archive files are typically viewed as harmless because they're not actually run, only viewed, but it is precisely for this reason they can be such a nuisance.
+
Since they decompress to greater amounts of data than most hard drives can store, zip bombs can be used to very rapidly fill up a hard drive. This type of prank has been around since the early days of computing and can be created with only a couple lines of code. The trouble is, the program must be run by the victim, and even a novice is wary to run an unknown program. However, archive files are typically viewed as harmless because they're not actually run, only viewed, but it is precisely for this reason they can be such a nuisance.
  
Zip bombs are primarily used to occupy virus scanners. A proper virus scanner will scan the contents of zip archives in order to make sure they don't contain malicious software, but, due to the nature of zip bombs, the virus scanner may take days to scan a zip bomb, or it may never finish if it's scanning a recursive zip bomb. While the virus scanner is hung up on the zip bomb, other malicious software can go unnoticed and infect the computer, or the user might get fed up with the virus scanner hogging all the resources, and uninstall it.
+
Zip bombs are primarily used to occupy virus scanners. A proper virus scanner will scan the contents of compressed archives in order to make sure they don't contain malicious software, but, due to the nature of zip bombs, the virus scanner may take days to scan a zip bomb, or it may never finish if it's scanning a recursive zip bomb. While the virus scanner is hung up on the zip bomb, other malicious software can go unnoticed and infect the computer, or the user might get annoyed with the virus scanner hogging all their resources, and uninstall it.
  
Modern virus scanners are now essentially immune to zip bombs because they include algorithms to detect recursive zip files or zip files with nothing but repeating content.
+
Modern virus scanners are now essentially immune to zip bombs because they include algorithms to detect recursive zip files or zip files with nothing but repeating content, so they're no longer the threat they once were.
  
 
==Download==
 
==Download==
This download contains two popular zip bombs, "42" and "r." 42 extracts to 4.5 petabytes of data and r is a recursive archive which decompresses to itself. Each file is password protected with the zip bomb's name to prevent accidental decompression.
+
This download contains two popular zip bombs, "42" and "r." 42 extracts to 4.5 petabytes of data and r is a recursive archive which decompresses to itself. Each file is password protected with the zip bomb's name in order to prevent accidental decompression.
  
 
* [[Media:ZipBombs.zip|Download]] ([[:File:ZipBombs.zip|Info]]) - Zip bombs "42" and "r."
 
* [[Media:ZipBombs.zip|Download]] ([[:File:ZipBombs.zip|Info]]) - Zip bombs "42" and "r."

Revision as of 17:08, 2 October 2019

A zip bomb creates huge files from tiny archives.

A zip bomb, also sometimes called by the more generic term decompression bomb, is a compressed file archive that takes advantage of compression algorithms to store a massive amount of data in a relatively small file. Zip bombs are generally used for malicious purposes, but they can also be used as an teaching tool to demonstrate novel concepts behind lossless compression and optimization.

I don't remember exactly when I learned about zip bombs, but it was sometime in my late 30s. I had toyed with writing hard drive filling programs in my teens, but I found the concept of tricking virus scanners into doing the dirty work for you quite clever.

Types

There are two common forms of zip bombs, those which contain a countable number of files, and those that contain recursive files.

Zip bombs which have a countable number of files work by taking advantage of the fact that lossless compression stores patterns. For example, a file which contains a single repeating byte over 1,000,000 times, can easily be compressed into an archive around 1,000 bytes. Zip bombs of this type take advantage of this by using patterns within patterns to store the same file many times. Thus, when you decompress the archive, you get a very large number of huge files, all of which contain the same single byte repeated over and over again. A popular example of a zip bomb of this type is 42.zip which has a file size of only 42,838 bytes, but decompresses to 4,503,599,626,321,920 bytes by repeating the same 4.3 GB file over a million times.

Recursive zip bombs use an interesting trick where the file that is extracted from the archive is identical to the archive itself. Trying to decompress the archive entirely results in an unending loop of decompression. For example, the zip bomb r.zip is a 440 byte archive, and, when you decompress it, you get a file called r.zip which is the exact same 440 bytes.

Purpose

Like most forms of information, zip bombs can be used for education and misconduct. Zip bombs are educational because, in order to create them, a person must learn and understand how the lossless compression works. However, they are typically used for malicious reasons.

Since they decompress to greater amounts of data than most hard drives can store, zip bombs can be used to very rapidly fill up a hard drive. This type of prank has been around since the early days of computing and can be created with only a couple lines of code. The trouble is, the program must be run by the victim, and even a novice is wary to run an unknown program. However, archive files are typically viewed as harmless because they're not actually run, only viewed, but it is precisely for this reason they can be such a nuisance.

Zip bombs are primarily used to occupy virus scanners. A proper virus scanner will scan the contents of compressed archives in order to make sure they don't contain malicious software, but, due to the nature of zip bombs, the virus scanner may take days to scan a zip bomb, or it may never finish if it's scanning a recursive zip bomb. While the virus scanner is hung up on the zip bomb, other malicious software can go unnoticed and infect the computer, or the user might get annoyed with the virus scanner hogging all their resources, and uninstall it.

Modern virus scanners are now essentially immune to zip bombs because they include algorithms to detect recursive zip files or zip files with nothing but repeating content, so they're no longer the threat they once were.

Download

This download contains two popular zip bombs, "42" and "r." 42 extracts to 4.5 petabytes of data and r is a recursive archive which decompresses to itself. Each file is password protected with the zip bomb's name in order to prevent accidental decompression.

Links

Link-Wikipedia.png