Skip to content
This repository has been archived by the owner on May 15, 2024. It is now read-only.

WinZipAES decryption error calculating CRC check #201

Closed
TPHandford opened this issue Apr 21, 2020 · 3 comments
Closed

WinZipAES decryption error calculating CRC check #201

TPHandford opened this issue Apr 21, 2020 · 3 comments

Comments

@TPHandford
Copy link
Contributor

Issue

  • The files contained in the following WinZipAES encrypted zip-files cannot be extracted using DotNetZip: DNZArchive.zip SevZipArchive.zip.
    • These are files of pseudo-random binary characters compressed with DotNetZip and 7Zip respectively,
    • Both of these archives are encrypted with the password "a"
    • Zip.Extract throws BadStateException("The final hash has not been computed")
  • The behaviour depends on the file contained in the archive - if you extract the file (using a tool other than DotNetZip - e.g. 7Zip) and then recompress using the same tool as it was originally created with (again using Deflate+WinZipAES), you will create a new zip file that DotNetZip cannot extract from.
  • I have encountered several files which do this, but the set of such files is different when encrypting/compressing using 7zip rather than DotNetZip.

What's Causes this?

  • ZlibBaseStream extracts data from a WinZipAesCipherStream in 16kB blocks and inflates it to create the output stream.
  • The final byte extracted from the WinZipAesCipherStream is sometimes (maybe always) redundant - i.e. the full inflated output stream is generated before the inflate algorithm has processed the final byte that came from WinZipAesCipherStream.
  • If the final byte lies in its own block of 16kB (i.e. the WinZipAesCipherStream length is n*16384+1 bytes long for some positive integer n), then ZlibBaseStream will never read the final byte from WinZipAesCipherStream, because it terminates when it has the correct number of bytes in the inflated stream.
  • However, the getter for the property WinZipAesCipherStream.FinalAuthentication (which is used to check the CRC after extraction) requires that the WinZipAesCipherStream has been fully read, and will throw the observed exception if it has not.
  • Note that the data in the WinZipAesCipherStream which must have length n*16384+1 for the bug to occur is the deflated data - the length of which depends on the contents of the file and the deflation algorithm - this is why the bug occurs for different files depending on the tool used to create the zip file.
TPHandford added a commit to TPHandford/DotNetZip.Semverd that referenced this issue Apr 30, 2020
@TPHandford
Issue haf#201 AES decryption crc-check 16kB block boundary bug
e15833a
@TPHandford TPHandford mentioned this issue Apr 30, 2020
Merged
@grantkiwi
Copy link

Hi, any idea when this will be available in nuget? or can I pull this version down. We are seeing this in a few zip files.

darkms added a commit that referenced this issue May 21, 2020
@darkms
Merge pull request #202 from TPHandford/tph-fix201-crc-check
e488022 
Issue #201 AES decryption crc-check 16kB block boundary bug
@darkms
Copy link
Collaborator

darkms commented May 21, 2020

Hi, I've merged the changes and released a new version, you should be able to pick it from nuget now.

@darkms darkms closed this as completed May 21, 2020
@grantkiwi
Copy link

Many thanks for prompt response and nuget build!!
Regards
Grant

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@darkms @grantkiwi @TPHandford