ARE YOU AWARE OF ZIP BOMB? IF NOT HERE IS INFORMATION ABOUT ZIP BOMB!!!

INTRODUCTION TO ZIP BOMB !!!!

This post is about zip bomb and it's working. You will also get a gist of how petabytes of files are converted into smaller files of kilo or mega bytes. Now I will take you through some things that will really intrigue you. Let's get started straight away.

What's zip bomb?

A zip bomb also known as zip of death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is open employed to disable antivirus software in order to crate opening for traditional types of viruses.

Rather than highjacking the normal operation of a program, the zip bomb allows a program to work as intended, the archive is carefully crafted so that unpacking it i.e if an antivirus scans the zip file for viruses, will require inordinate amount of time, disk space or memory.

But as everything it has certain limitations ofcourse. This zip file is a very tiny zip file most of them are measured in Kilobytes.

Now, you may have lots of questions like

1) Why is it so tiny?

2) Why call it a zip BOMB when it's so tiny?

3) How is it so small?

4) How does it work?

So here are your answers:

1) Why is it so tiny?

Zip bomb is a tiny zip file. Now it is made so tiny to avoid suspicion. It's obvious aint it? You dont want tell the police you are a thief, you make it look different. It is made tiny because of compression of huge amount of data and the reason it being tiny makes using it a "pure hacker like mentality"

2) Why call it a zip BOMB when it's so tiny?

Never judge a book by it's cover. Never underestimate smaller one's. It is called zip bomb or zip of death becasue it contains upto terabytes, petabytes or even exabytes of data.That's the key to clear out malware and hence blocking every obstacle in it's path leaving a straight Asphalt. Now you will certainly want to know, how is it possible to complete such large a files into a zip file of such small size. Don't worry you will get your answers further. A simple example of a zip bomb is the file 42.zip, which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3-gigabyte (4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabytes (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data. This file is still available for download on various websites across the Internet. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear. There are also zip files that, when uncompressed, yield identical copies of themselves.

3) How is it so small?

Nowadays various compression tools make us of term called "looseless compression algorithm". As the name suggests this algorithm strives to compress files without any loss of information, which is very important of course. We dont want to lose any information while we compress files. To show how this zip file works, let me tal about it's simple principle. Computer only understands binary language i.e 0's and 1's. So every file in order to be understood by a computer must in binary i.e 0,1 format. If we take a binary number "0 1 0 0 0 1 1 1" and let's say we have a tool to compress it to a number like "0 1 3 0 3 1"? The same logic apllies here. In the initail binary number there were 3 o's and 3 1's starting from 3rd digit. we just replaced it with 30 and 31. Now this might not be the exact logic that governs the compression but correct upto a certain extent. Thus the zip bomb which will contain only 0's and 1's will work in this way making copies of some files again and again and compressing them into a single zip file resulting it to throw up data of about terabytes, petabyte or exabytes.

Make a text file with only o's and 1's. Make a copy of it. 

Type upto 1000 zeros and just do "Ctrl+a", "Ctrl+c","Ctrl+v". 

Do it until the text file begins to lag. 

The size should be more than 1 Gigabyte. 

Then compress it and see the magic. The compressed file will be arond 1 Megabyte.

4) How does it work?

Zip bomb contains about petabytes of data, this if an antivirus tries to scan it, it will start to decompress it first. But just imagine what will happen if a file of about a kilobyte is decompressed and we get a file of about a few or more petabytes. The answers simple, before the zip file is completely scanned the antivirus will crash, creating a loophole for attackers.