zipdump & PKZIP Records

    Published: 2024-11-10. Last Updated: 2024-11-10 15:14:06 UTC
    by Didier Stevens (Version: 1)
    0 comment(s)

    In yesterday's diary entry "zipdump & Evasive ZIP Concatenation" I showed how one can inspect the PKZIP records that make up a ZIP file.

    My tool zipdump.py can also inspect the data of PKZIP file records, and decompress it (not decrypt it).

    To select the data of a PKZIP file record, use option -s data. Here we also use option -a to do a hex-ascii dump of the data:

    When option -d is used (to perform a binary dump), only the raw data is send to stdout, no other metadata:

    And when option -s decompress is used, the data is decompressed (only INFLATE is supported):

    These options could also be helpful for corrupt ZIP files.

     

    Didier Stevens
    Senior handler
    blog.DidierStevens.com

    Keywords:
    0 comment(s)

      Comments

      Login here to join the discussion.


      Diary Archives