Comments

You must log in or register to comment.

enderverse87 t1_itrdgs6 wrote

They aren't actually compressing something that already exists, they're creating a file that tricks the decompresser into creating a lot of files out of nowhere.

Like imagine you have instructions for creating a book, and the instructions read, "put a 1 on each page, and print a million pages"

You don't actually have to have an existing million page book to write those instructions, the decompresser/book maker will follow those instructions anyways. The (instructions for making a book/zip file) is really tiny, but the end result is huge.

40

Gnonthgol t1_itrdor5 wrote

A compressed file is a description for the decompression tool as to how to generate the original content. If the decompression tool follows the descriptions in the compressed file step by step it will end up with the exact same data as the compression tool got as input. A zip bomb however is not made by any compression tool. Someone made the "compressed" file by hand creating instructions that would be impossible to follow without consuming infinite amounts of CPU, memory and storage.

5

explainlikeimfive-ModTeam t1_itre2if wrote

Please read this entire message


Your comment has been removed for the following reason(s):

  • ELI5 does not allow guessing.

Although we recognize many guesses are made in good faith, if you aren’t sure how to explain please don't just guess. The entire comment should not be an educated guess, but if you have an educated guess about a portion of the topic please make it explicitly clear that you do not know absolutely, and clarify which parts of the explanation you're sure of (Rule 8).


If you would like this removal reviewed, please read the detailed rules first. **If you believe it was removed erroneously, explain why using this form and we will review your submission.

2

Mental_Cut8290 t1_itre7ol wrote

It's basically a code telling itself to write more code, so the initial instructions don't need to be large at all.

Simple example:

1 Set "number" equal to 0

2 Set "number" equal to (number+1)

3 Save number in new file named "(number)"

4 Go to step 2

So in this entirely fake program, the idea is it will start with a variable =0. It will then change that variable to 1. Then it will make a save file called "1." Then it will change the variable to 2, and make a save file called "2." And it just keeps repeating, adding one more and then creating a new file in your computer. This would eventually take up every single bit of free memory and it will never stop running.

0

RhynoD t1_itreqyh wrote

It's not possible for an already made file like that to exist. Unzipped zip bombs can be many thousands of petabytes, which are themselves a thousand terabytes each. Most computers have a few terabytes of storage at most (which is the point of the zip bomb) and even if they did, unzipping files that big would potentially take years (also the point of the zip bomb).

If you started with an actual file to compress it would take up that much space and take that long to compress. You'd zip bomb yourself.

16

enderverse87 t1_itreu8p wrote

Only if it's something simple, like you could compress an incredibly large blank white image down really tiny. And then you could edit the zip file to say there's actually a million of them in there.

But for the most part that's not going to work as well.

2

Partnumber t1_itrfukf wrote

At a very basic level, compression just takes the existing data and finds a shorter way of writing it. Let's say I had a list like:

Apple

Apple

Apple

Banana

I could compress the list, rewriting it as

3 Apple

1 Banana

And the same amount of data takes up less space. But it still takes up some amount of space. And the amount of space it takes up is directly related to the format of the list.

Apple

Apple

Banana

Apple

For instance would have to be compressed into

2 Apple

1 Banana

1 Apple

Which takes up more space, even compressed. So any meaningful data you have has a lower limit on how small it can be and still be useful. A zip bomb would be like sitting down and maliciously making a list that, when compressed, says

99999 Apple

The compression is very small but the output is very large.

TLDR: You can construct a file that compresses into a miniscule file size, but most real files that contain usable information won't.

11

nulano t1_itrrejg wrote

Different tools will have different limits, but some antiviruses consider anything with a compression ratio greater than 90% to be a zip bomb. It isn't difficult to make such a file, just a 4KB file filled with zeroes will have around 178 bytes when zipped, which is a 96% compression ratio. And you can easily do this yourself.

However, this file is not really large enough to be malicious. To be malicious, you'd have to use a larger file. For example, a 1GB zip with that compression ratio would take up 23GB when unzipped, which could easily be seen as malicious depending on the content.

If you want to create an even larger zip bomb, you probably won't have enough space on your system to compress a file, but you would just manually modify the zip structure so that instead of saying 4000 zeroes it says 40000000000000 zeroes. This would give you a compression ratio very close to 100%.

0

kanakamaoli t1_its1h5l wrote

You don't have to compress the results of the bomb, just the means to make the bomb.

For example, you write an instruction for the computer to calculate pi to 1 million places. You don't need to calculate pi yourself and compress the million characters. The zip file telling the computer to calculate pi is much smaller than 100 digits of pi.

1