➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-09-12 06:38 by Amir, last changed 2022-04-11 14:59 by admin.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| poc.py | Amir, 2020-09-12 06:49 | |||
| encrypted.zip | Amir, 2020-09-12 06:50 | |||
| Messages (2) | |||
|---|---|---|---|
| msg376783 - (view) | Author: Amir Mohamadi (Amir) * | Date: 2020-09-12 06:49 | |
Zipfile.testzip sometimes works perfectly with wrong password. refer to poc.py I've a zip file with password '76453' and when I try a wrong password with extractall:
myzip.setpassword('10006050')
myzip.extractall()
it raises a Bad CRC-32 exception. but when I try testzip instead of extractall:
myzip.setpassword('10006050')
myzip.testzip()
no exception is raised
|
|||
| msg376813 - (view) | Author: Eric V. Smith (eric.smith) *  |
Date: 2020-09-12 22:40 | |
I believe what testzip is doing is validating the structural integrity of the file, which appears can be tested without decrypting the contents. Although it is odd that if you don't call setpassword, even with the wrong password, testzip will raise a RuntimeError. See https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption for a few scant details. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:35 | admin | set | github: 85938 |
| 2020-09-12 22:40:34 | eric.smith | set | nosy:
+ eric.smith messages: + msg376813 |
| 2020-09-12 06:50:14 | Amir | set | files: + encrypted.zip |
| 2020-09-12 06:49:58 | Amir | set | files:
+ poc.py messages: + msg376783 |
| 2020-09-12 06:38:10 | Amir | create | |