42 Kilobytes Unzipped Make 4.5 Petabytes

Posted by Martin in Knowledge, Security  Tags: , , , , ,

27

Jul



In 2001 reports about Zip Bombs or Zip of Death attacks made the round on the Internet and I thought it would be nice to write about one shiny harmless example of that technique. On first glance the file 42.zip is a normal compressed file with the size of 42 Kilobytes. Many users who run a virus scanner will probably run into troubles downloading that file to their computer.

It still looks like a normal 42 Kilobyte archive after the download but the surprise begins when the user tries to unpack that file. What they did was basically pack a 4.3 Gigabyte file consisting only of zeros. That packed file was replicated 16 times and packed again, and again, and again, and again. Or, to use their own words:

The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.

You could basically unpack the 42 Kilobyte file into 4.5 Petabyte of uncompressed data if your hard drive storage space would be enough to do that.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

18 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Mike says:

This is an very old hack, it has been used in the past to take down old Microsoft Exchange 5.5 servers.

Rarst says:

It’s even more fun when that is not joke but seriously unoptimized program. I had encountered app once that had some extra data packed in 10Kb zips… Which unpacked to 100+Mb each.

Angelo R. says:

Decompression bombs have been around for a while. A lot of anti-virus programs wouldn’t recognize what it was, and if you tried to scan it, they would actually freeze up.

Votre says:

At least I’d hope it would lock up an AV scan. Anything that crowbars my scanner is not something even I’d be dumb enough open.

Pete says:

The latest news is always in gHacks, really! The best of bleeding-edge technology.

Denny says:

eh … so … Gigabytes or Petabytes ?!?

I would love to see home PC capable of storing 4 Petabytes (or at least one).

Cyberbite says:

This is Madness!!!

TTHHISS is… Size Attack. :p

Pavan Kumar says:

Never heard of such things before… Thanks for the info…

Angelo R. says:

A lot of people will actually use hex editors, to edit the file AFTER it has been zipped up, this helps keep the filesize small when you’re creating it.

http://en.wikipedia.org/wiki/Run-length_encoding

That should be of an interested further reading for people who would like to.

TechBender says:

A simple concept, but interesting.

Instructions for Unzipper
1. Write a 1.
2. Write a billion billion billion 0s
3. Write another 1.
4. Rinse and repeat

Pure genius.

rhmelis says:

When clicking on the 42.zip link, Avast warns me that it is an Multi:ArchiveBomb :)

Angelo R. says:

@rhmelis: That’s actually pretty awesome. I wasn’t sure if a lot of major Anti-Virus programs actually did catch them or not.

Dante says:

I just tried to download it. McAfee did not catch it. Avira did.

Bit bombs and other dangers | Dayvan Cowboy says:

[...] Clever hack: a 42 kb .zip file that decompresses unto your hearts’ content. [...]

b says:

“I just tried to download it. McAfee did not catch it.”

Not a surprise there — I’m sure most of their budget goes to advertising and scare tactics, rather than actual development.

Angelo R. says:

When I was testing them a few months ago, neither did Norton and CA

不可思议从42kb文件解压出4.5PB | paikia.com says:

[...] 来源: unforgettable.dk via ghacks.net [...]

Create huge fake file 10 TB maximum with Huge fake file creator at Technix Update - All About Computer Tips and Tricks, Vista Tips, Hacking Tutorials, Firefox Tips says:

[...] days back, I read a post about how 42 Kilobytes Unzipped Make 4.5 Petabytes. I was amazed to know how this 42 kilobytes of file resulted in a 4.5 Petabytes of [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.