zip with password bug - Githubissues

gchq / CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

https://gchq.github.io/CyberChef

Apache License 2.0

29.43k stars 3.29k forks source link

zip with password bug #671

Open oDaruma opened 5 years ago

oDaruma commented 5 years ago

I have used the zip function with a password to encrypt a file, however, zip succeeded but the password was not matched when decoding.

n1474335 commented 5 years ago

Can you provide some example data please? This seems to work for me: https://gchq.github.io/CyberChef/#recipe=Zip('file.txt','','secret','Deflate','MSDOS','Dynamic%20Huffman%20Coding')Unzip('secret',false)&input=VGVzdA

oDaruma commented 5 years ago

HI, if you don't use the unzip and save the output to download.zip, then the output file cannot naturally unzip by any external unzip program.

Any password that i put could be wrong

On Thu, 17 Oct 2019 at 00:43, n1474335 notifications@github.com wrote:

Can you provide some example data please? This seems to work for me: https://gchq.github.io/CyberChef/#recipe=Zip('file.txt','','secret','Deflate','MSDOS','Dynamic%20Huffman%20Coding')Unzip('secret',false)&input=VGVzdA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gchq/CyberChef/issues/671?email_source=notifications&email_token=AEJE5HGWTTAWJXSDQQYHB3LQO5ACBA5CNFSM4I7UKV52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBNFEVI#issuecomment-542790229, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEJE5HHK7LJI2UMBAUI6HDDQO5ACBANCNFSM4I7UKV5Q .

n1474335 commented 5 years ago

Yes, I'm seeing that too. I think this is due to the difference between encrypting each file in the archive separately and encrypting the archive itself. We should make this a user choice.

mubix commented 4 years ago

Having the same issue :/

slw07g commented 4 years ago

Experienced the same issue. unzipping it may work inside of CyberChef, but when I try to use any other tool to unzip a file that I zipped+encrypted with cyberchef, the unzipping fails.

For example, try unzipping the file CyberChef generates with Windows built-in unzip and 7-zip.

Interestingly, when I uploaded a file to a sandbox which handles encrypted zips, the sandbox was able to unzip the file with no issue.

mikecat commented 3 years ago

This issue looks like due to a bug in zlib.js. Due to the bug, CRC information is not correctly set to the encryption header. Therefore, tools that check this information will reject the correct password as incorrect unless the information happens to become the same as what is expected. This check is not directly related to the encryption, so tools that don't check this will be able to decrypt correctly.

I reported the bug: Bug in zip encryption · Issue #83 · imaya/zlib.js

d-Rickyy-b commented 2 years ago

I also came across this issue. zlib.js seems to be abandoned since it's last change was five years ago.