Zip files debuted about thirty years ago, and ever since, they have been rather popular amongst typical computer users and occasionally those with malicious intent. Those who want to use the wonder of file compression for evil often create “zip bombs” or “compression bombs,” which can turn a small file into a monstrous one once you open it, taking up a sizable chunk of storage. You can imagine the inconvenience.
Programmer and engineer David Fifield has changed the game regarding the zip bomb by taking a “non-recursive” approach towards compression, Vice reports. When Fifield decompresses the files, they “overlap” rather than getting bigger as each layer is opened up. This made the compression rate much higher, allowing him to pack 4.5 Petabytes into a 46-megabyte file.
“’Non-recursive’ means that it does not rely on a decompressor’s recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression,” reads the summary on his website. “The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format.”
Finding a zip bomb in the real world is rather uncommon, especially since modern antivirus software is rather astute when it comes to picking up on malicious files. To find Fifield’s zip bomb, all the software has to do is recognize the overlapping files. And the zip bomb itself isn’t particularly heinous. The worst damage that it’s likely to cause is temporarily freeze up your computer or cause your antivirus software to time out. Still, Fifield hopes his findings will aid in research and future development.
“I hope that one of the benefits is more awareness among developers of the hazards of processing complex archive formats like Zip,” he added. “It helps to have some concrete outputs: code reviewers, customers, and users will at least be able to point to this research and ask, does it handle this correctly?”