42 Kilobytes Unzipped Make 4.5 Petabytes

In 2001 reports about Zip Bombs or Zip of Death attacks made the round on the Internet and I thought it would be nice to write about one shiny harmless example of that technique. On first glance the file 42.zip is a normal compressed file with the size of 42 Kilobytes. Many users who run a virus scanner will probably run into troubles downloading that file to their computer.

It still looks like a normal 42 Kilobyte archive after the download but the surprise begins when you try to unpack that file. What they did was basically pack a 4.3 Gigabyte file consisting only of zeros. That packed file was replicated 16 times and packed again, and again, and again, and again. Or, to use their own words:

The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.

You could basically unpack the 42 Kilobyte file into 4.5 Petabyte of uncompressed data if your hard drive storage space would be enough to do that. It is usually not enough to do just that, so you either need to browse the file in your archiver of choice, or believe what the creator of the file has posted about the file on the website.

The zip file is password protected, probably to avoid that it gets flagged during download by an antivirus program.

Update: Most modern antivirus programs should detect the file these days and block it from being extracted on the system. If you want to test your antivirus solution download the file to your system and try to extract it. Watch what happens and let us know how it turns out for you.

Read also:  Netgear releases first final firmware updates for router security issue
Advertisement
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to 42 Kilobytes Unzipped Make 4.5 Petabytes

  1. Mike July 27, 2008 at 4:44 pm #

    This is an very old hack, it has been used in the past to take down old Microsoft Exchange 5.5 servers.

    • Anonymous September 11, 2014 at 1:10 pm #

      O RLY

  2. Rarst July 27, 2008 at 5:21 pm #

    It's even more fun when that is not joke but seriously unoptimized program. I had encountered app once that had some extra data packed in 10Kb zips... Which unpacked to 100+Mb each.

  3. Angelo R. July 27, 2008 at 5:42 pm #

    Decompression bombs have been around for a while. A lot of anti-virus programs wouldn't recognize what it was, and if you tried to scan it, they would actually freeze up.

  4. Votre July 27, 2008 at 7:09 pm #

    At least I'd hope it would lock up an AV scan. Anything that crowbars my scanner is not something even I'd be dumb enough open.

  5. Pete July 27, 2008 at 7:12 pm #

    The latest news is always in gHacks, really! The best of bleeding-edge technology.

  6. Denny July 27, 2008 at 11:37 pm #

    eh ... so ... Gigabytes or Petabytes ?!?

    I would love to see home PC capable of storing 4 Petabytes (or at least one).

  7. Cyberbite July 28, 2008 at 1:49 am #

    This is Madness!!!

    TTHHISS is... Size Attack. :p

  8. Pavan Kumar July 28, 2008 at 3:43 am #

    Never heard of such things before... Thanks for the info...

  9. Angelo R. July 28, 2008 at 5:43 am #

    A lot of people will actually use hex editors, to edit the file AFTER it has been zipped up, this helps keep the filesize small when you're creating it.

    http://en.wikipedia.org/wiki/Run-length_encoding

    That should be of an interested further reading for people who would like to.

  10. TechBender July 28, 2008 at 10:28 am #

    A simple concept, but interesting.

    Instructions for Unzipper
    1. Write a 1.
    2. Write a billion billion billion 0s
    3. Write another 1.
    4. Rinse and repeat

    Pure genius.

  11. rhmelis July 28, 2008 at 1:50 pm #

    When clicking on the 42.zip link, Avast warns me that it is an Multi:ArchiveBomb :)

  12. Angelo R. July 28, 2008 at 4:41 pm #

    @rhmelis: That's actually pretty awesome. I wasn't sure if a lot of major Anti-Virus programs actually did catch them or not.

  13. Dante July 28, 2008 at 5:21 pm #

    I just tried to download it. McAfee did not catch it. Avira did.

  14. b July 29, 2008 at 7:58 pm #

    "I just tried to download it. McAfee did not catch it."

    Not a surprise there -- I'm sure most of their budget goes to advertising and scare tactics, rather than actual development.

  15. Angelo R. July 30, 2008 at 1:01 am #

    When I was testing them a few months ago, neither did Norton and CA

  16. 0somo1 May 9, 2010 at 9:12 am #

    i want one aswell share ? nerd

  17. 0somo1 May 9, 2010 at 9:12 am #

    nortAN FAILS BREEWWWWWW

  18. Snapp December 7, 2010 at 11:02 pm #

    ESET didn't catch it either :/

  19. Weegee July 14, 2013 at 12:27 am #

    "It is usually not enough to do just that"
    Correction: It is NEVER enough to do that. I cannot find any hard drives bigger than 5TB (Terabyte). 1024 Terabytes equal 1 Petabyte. 1024 Petabytes is 1 Exabyte. If there's 4 Petabytes, that would require a shitton of more space than the current maximum. Sure big ass companies have way bigger custom hard drives, but still they are nowhere near the size of 4 PB.

    • uasfaouigaioasoid August 21, 2013 at 4:55 pm #

      You can put like 1000 drives to raid? Pls dont try to be smart when u aren't...

      • Brian January 29, 2014 at 2:16 am #

        1000 * 5TB is still only going to be just under 5PB..

  20. quatzar January 27, 2014 at 6:08 pm #

    linux mint no anti virus
    Downloaded
    opened fine can see directory tree
    extract asked for pass then just made the parent directory \42
    checked the process - ark using 0% resources...

    extract here does nothing not even ask for password.

  21. Trixy January 27, 2014 at 6:34 pm #

    Microsoft Security Essentials doesn't see anything wrong with this file, either.

  22. fokka January 27, 2014 at 8:03 pm #

    um, so when unpacking the first level of the zip, you're still in the kilobytes, right? you just got 16 tiny zips instead of one.

    also martin, now you know what reddit frontpage feels like! ;)

    • Martin Brinkmann January 27, 2014 at 8:23 pm #

      Ah, that's the reason why everything is slower than usual :)

      • Caspy7 January 27, 2014 at 10:19 pm #

        And why suddenly people are commenting on a 5+ year old entry.

      • Anonymous January 28, 2014 at 2:12 am #

        Reddit...

  23. scodger January 27, 2014 at 8:59 pm #

    I love this video describing a petabyte in real terms.
    http://archive.org/details/10000000000000000BytesArchived?start=1735

  24. matthias January 27, 2014 at 9:38 pm #

    If you know the algorithm well enough that you can predict how it will zip a given file of XYZ sequence of bytes into a file of ABC bytes, then you should be able to reverse the process and hand code a zip file of ABC bytes that will hypothetically unzip to whatever XYZ sequence you want.

  25. Aaron January 27, 2014 at 9:44 pm #

    Bitdefender did not catch it either... It even went as far as stating that it cannot be scanned because it is password protected. Good thing they have a file shredder.

  26. K January 27, 2014 at 11:10 pm #

    Could someone explain to me why Windows starts choking when I extract one of the archives? Disk space isn't an issue. WinRAR finishes without any issue. Some Windows service start using an entire core of CPU and eat all available memory.

    So if I extract this on a USB, w/o a password, and plug it into a workstation, I would crash it?

    Recursion gone wrong?!

  27. Alex January 28, 2014 at 1:18 am #

    Microsoft System Center Endpoint Protection went full red when I tried extracting this. I pasted in all the information it told me about it.

    Name: DOS:Win32/ZipBomb.A
    Alert Level: Severe
    Status: Active
    Category: Trojan Denial of Service
    Description: This program can be used to perform a denial of service attack.
    Recommended action: Remove this software immediately.
    Items: (Insert Very Long LIst of Files here)

  28. BlueRaja January 31, 2014 at 11:21 pm #

    How about this one:
    http://swtch.com/r.zip
    It's a zip-file that contains itself, so its uncompressed size is "infinite." It's a zip-quine!

  29. Randy January 7, 2015 at 11:56 pm #

    BitDefender 2015 blocked MY access to 42.zip, yet started to extract it itself, claiming to disinfect it. Even several restarts after deleting the file did not stop it, I'm now battling constant low RAM errors ;.;

Leave a Reply