Home > News content

David Field launched a new "decompression bomb package": 46MB files can expand to 4.5PB

via:cnBeta.COM     time:2019/7/12 13:12:09     readed:158


(Image from: David Fifield, via)ExtremeTech)

After that, he continued to work hard and launched a ZB that appeared to be only 10MB, but could actually expand to 281TB.LGZip Bomb Compression Pack.

In July 2019, David Field published his latest research, a Zbxl. zip bomb compression package that appears to be only 46MB, but can actually expand to 4.5PB.

However, it should be pointed out that because Zip64 is used, the compatibility is poor.

(On July 2, David Field gave a detailed introduction of his ownRecent research results)

The reason why zip decompression bomb package uses recursive algorithm is that the DEFLATE algorithm used in ZIP parser can not achieve a compression rate higher than 1032:1.Interestingly, David Field has found a way to circumvent this limitation.

It says: This paper introduces how to construct a non-recursive decompression bomb package with compression ratio exceeding DEFAATE 1032. It is achieved by resetting the files in the zip container to reference the highly compressed data's'kernel'in multiple files, rather than making multiple copies of it.


The size of input and output of decompression bomb shows quadratic growth. That is, as the bomb gets bigger, the compression ratio becomes stronger. Construction depends on the characteristics of zip and DEFLATE, which can not be directly ported to other file formats or compression algorithms.

In addition, this scheme is compatible with most zip parsers, with the exception of stream parsers. The latter is parsed in one pass without querying the central directory of the zip file beforehand.


To make this approach work, Field must reexamine how data is stored in zip files and choose the appropriate Deflate implementation.

It chooses bulk_deflate, a custom compressor specially designed to compress a series of repeated bytes, which can pack data more intensively than zlib, info_ZIP or Zopfli.


Although bulk_deflate is superior to these solutions, Field points out that it is inefficient in general use cases and that a file containing more than 281TB data output must be created with the help of a zip standard extension called ZIP64.

However, if ZIP64 is used, a decompression bomb package with effective infinite length can be created. For more details, please go to the official website to see.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments