分析HEADER,明确加密算法

老样子,Total Commander,使用内置Lister以hex形式打开加密后的文件。
看到:

00000000 504b 0304 1400 0100 0800 6d51 6647 03ae

查看参考资料2,得知文件头的格式如下:(参考资料2 4.3.6 Overall .ZIP file format)

[local file header 1]
[encryption header 1]
[file data 1]
[data descriptor 1]
. 
.
.
[local file header n]
[encryption header n]
[file data n]
[data descriptor n]
[archive decryption header] 
[archive extra data record] 
[central directory header 1]
.
.
.
[central directory header n]
[zip64 end of central directory record]
[zip64 end of central directory locator] 
[end of central directory record]

分析:

local-file-header.webp

0x04034b50 (Must read in little-endian) 定义为文件头标签,即让OS知道这是个zip文件

文档4.3.7部分
local file header signature 4 bytes (0x04034b50)
version needed to extract 2 bytes
general purpose bit flag 2 bytes

0x00010014

由参考资料2可知,0x0014为最低的解压软件版本(20),即至少需要 PKzip 2.0可以解压。
0x0001表示这是一个加密过的压缩文件。

参考资料2 4.4.3.2:

   1.0 - Default value
   1.1 - File is a volume label
   2.0 - File is a folder (directory)
   2.0 - File is compressed using Deflate compression
   2.0 - File is encrypted using traditional PKWARE encryption
   2.1 - File is compressed using Deflate64(tm)
   2.5 - File is compressed using PKWARE DCL Implode 
   2.7 - File is a patch data set 
   4.5 - File uses ZIP64 format extensions
   4.6 - File is compressed using BZIP2 compression*
   5.0 - File is encrypted using DES
   5.0 - File is encrypted using 3DES
   5.0 - File is encrypted using original RC2 encryption
   5.0 - File is encrypted using RC4 encryption
   5.1 - File is encrypted using AES encryption
   5.1 - File is encrypted using corrected RC2 encryption**
   5.2 - File is encrypted using corrected RC2-64 encryption**
   6.1 - File is encrypted using non-OAEP key wrapping***
   6.2 - Central directory encryption
   6.3 - File is compressed using LZMA
   6.3 - File is compressed using PPMd+
   6.3 - File is encrypted using Blowfish
   6.3 - File is encrypted using Twofish
Last modified: 2020-01-23

Author