分析HEADER,明确加密算法
老样子,Total Commander,使用内置Lister以hex形式打开加密后的文件。
看到:
00000000 504b 0304 1400 0100 0800 6d51 6647 03ae
查看参考资料2,得知文件头的格式如下:(参考资料2 4.3.6 Overall .ZIP file format)
[local file header 1] [encryption header 1] [file data 1] [data descriptor 1] . . . [local file header n] [encryption header n] [file data n] [data descriptor n] [archive decryption header] [archive extra data record] [central directory header 1] . . . [central directory header n] [zip64 end of central directory record] [zip64 end of central directory locator] [end of central directory record]
分析:
0x04034b50 (Must read in little-endian) 定义为文件头标签,即让OS知道这是个zip文件
文档4.3.7部分
local file header signature 4 bytes (0x04034b50)
version needed to extract 2 bytes
general purpose bit flag 2 bytes
0x00010014
由参考资料2可知,0x0014为最低的解压软件版本(20),即至少需要 PKzip 2.0可以解压。
0x0001表示这是一个加密过的压缩文件。
参考资料2 4.4.3.2:
1.0 - Default value 1.1 - File is a volume label 2.0 - File is a folder (directory) 2.0 - File is compressed using Deflate compression 2.0 - File is encrypted using traditional PKWARE encryption 2.1 - File is compressed using Deflate64(tm) 2.5 - File is compressed using PKWARE DCL Implode 2.7 - File is a patch data set 4.5 - File uses ZIP64 format extensions 4.6 - File is compressed using BZIP2 compression* 5.0 - File is encrypted using DES 5.0 - File is encrypted using 3DES 5.0 - File is encrypted using original RC2 encryption 5.0 - File is encrypted using RC4 encryption 5.1 - File is encrypted using AES encryption 5.1 - File is encrypted using corrected RC2 encryption** 5.2 - File is encrypted using corrected RC2-64 encryption** 6.1 - File is encrypted using non-OAEP key wrapping*** 6.2 - Central directory encryption 6.3 - File is compressed using LZMA 6.3 - File is compressed using PPMd+ 6.3 - File is encrypted using Blowfish 6.3 - File is encrypted using Twofish