zip 伪加密 Python处理脚本

最新推荐文章于 2025-03-02 18:28:41 发布

xuqi7

最新推荐文章于 2025-03-02 18:28:41 发布

阅读量4.6k

点赞数

分类专栏：杂 ctf

本文链接：https://blog.youkuaiyun.com/xuqi7/article/details/59120054

版权

杂同时被 2 个专栏收录

95 篇文章

订阅专栏

ctf

26 篇文章

订阅专栏

一个zip文件没有设置密码，但是你可以让它看起来有密码

原理
加密标志位在general purpose bit flag中，从后向前数，第一个bit为1，表示有加密
查找zip的加密标志位，将其置为0即可恢复

4.3.7  Local file header:

    local file header signature     4 bytes  (0x04034b50)
    version needed to extract       2 bytes
    general purpose bit flag        2 bytes


4.3.12  Central directory structure:

    [central directory header 1]
    .
    .
    . 
    [central directory header n]
    [digital signature] 

    File header:

    central file header signature   4 bytes  (0x02014b50)
    version made by                 2 bytes
    version needed to extract       2 bytes
    general purpose bit flag        2 bytes


4.4.4 general purpose bit flag: (2 bytes)

    Bit 0: If set, indicates that the file is encrypted.

可以用winhex等16进制编辑器来修改(010Editor可能比较方便)，也可以通过脚本处理回没有伪加密的状态

python处理脚本如下：

# coding:utf8

'''
zip伪加密去除脚本
'''

import sys
import re

def removefade(para1):
	# 读取原zip文件
	zipfile = open(para1,'rb')
	zipfile_content = zipfile.read().encode('hex')
	zipfile.close()

	# 定位加密标志位并清零
	# Local file header
	about_global_enc_flag_re = r'504b0304.{8}'
	match_contents = re.findall(about_global_enc_flag_re, zipfile_content)
	if match_contents:
		print '[*] Modify local file header flag:'
		for match_content in match_contents:
			modified_content = match_content[:12] + hex(int(match_content[12:14], 16) & 0b11111110)[2:].zfill(2) + match_content[14:]
			print '    ' + match_content + ' --> ' + modified_content
			zipfile_content = zipfile_content.replace(match_content, modified_content)
	
	# Central directory header
	about_file_enc_flag_re = r'504b0102.{12}'
	match_contents = re.findall(about_file_enc_flag_re, zipfile_content)
	if match_contents:
		print '[*] Modify central directory header flag:'
		for match_content in match_contents:
			modified_content = match_content[:16] + hex(int(match_content[16:18], 16) & 0b11111110)[2:].zfill(2) + match_content[18:]
			print '    ' + match_content + ' --> ' + modified_content
			zipfile_content = zipfile_content.replace(match_content, modified_content)
	
	# 将处理后内容写入新文件
	newzip = open(para1[:-4] + '_repair.zip','wb')
	newzip.write(zipfile_content.decode('hex'))
	newzip.close()
	print('Done')


if __name__ == '__main__':
	if(len(sys.argv) != 2):
		print('\nusage example:')
		print(' python dzipfade.py a.zip\n')
	else:
		para = sys.argv
		removefade(para[1])

参考网址：

http://blog.youkuaiyun.com/ETF6996/article/details/51946250

https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.2.0.txt