temisu
commented
7 months ago Very interesting file. Thanks for this
The PX20 bypassing is basically done in a way that it makes a tree-search of the 32-bit keyspace and uses the property of the compressor that wrong bits guessed have early-failure and invalidate a (large) leaf out of the keyspace. This made the keyspace search feasible since it now takes some milliseconds vs. the some minutes/hours that ppcrack can take when they use linear search. I wont have code in my library if it can't be trusted to open a file in a reasonable time...
Of course, with proper kind of input you can force bad behaviour on this code, and that is what we are seeing here. I need to investigate a bit what can be done.
sagamusix
This was found while fuzzing ancient. Not sure if much can be done here, since the file in question appears to be identified as an encrypted file, so ancient appears to brute-force an encryption key. However, given the size of the file (9KB), the time to open the file (ancient eventually gives up) is disproportionate (it took several minutes here). Maybe this can be improved?
fuzzing result.zip