zipfile 模块给出不可靠的结果 [英] zipfile module giving unreliable results

问题描述

我使用 zipfile 库对加密的 zip 文件进行了字典攻击.当我开始使用 BIG 词典时，有时会得到误报，即密码可能是wool"，而12630"被认为是正确的.在那种情况下，解密的文件显然包含胡言乱语.

I made a dictionary attack on encrypted zip files, using the zipfile library. When I started using BIG dictionaries sometimes I got false positive results, i.e. password could be "wool" and "12630" was considered correct. In that case the decrypted file contained gibberish obviously.

这不是我的代码中的错误，而是 zipfile 库检查提供的密码是否正确的方式.我设法通过检查解密文件的大小来减少误报，如果它等于 0，则认为它是假的并继续搜索.但我的问题仍然存在，因为当文件包含乱码时，它的大小 > 0.所以我的问题是，有什么方法可以在 Python 中确定文件是否已正确解密或是否包含乱码?

It's not a bug in my code, but in the way the zipfile library checks to see if the provided password is correct. I've managed to decrease the false positives by checking the size of the decrypted file and if it's equal to 0 consider it false and keep searching. But my problem remains, because when the file contains gibberish it's size > 0. So my question is, is there any way I can determine in Python if a file has be decrypted correctly or if it contains gibberish?

附注.是的，我知道使用 zipfile 解密 zip 文件很慢，但正如我之前所说，我这样做是为了掌握 Python.

PS. Yes I know decrypting zip files with zipfile is slow, but as I said earlier I do this in order to get a grip of Python.

这是我的代码:

import zipfile
import os



zfile=raw_input("Please input zip's file name\n")
diction=raw_input("Please input dictionary\n")
found = False
zipf = zipfile.ZipFile( zfile, 'r' )
f = open(diction, 'r')

for line in f:
    pswd = line
    pswd = pswd[:-1]
    zipf.setpassword(pswd)   
    try:
        zipf.extractall()
        if (os.path.getsize(zfile[:-4]) != 0):
            found = True 
            break
    except RuntimeError:
        continue
    except Exception:
        continue
zipf.close()  

This 是我在 python 的错误跟踪器中提交的错误报告.正如您所看到的，他们不认为这是库的错误"，这就是为什么我要求检查文件是否正确解密的替代方法.

This is a bug report i submited in python's bug tracker. As you can see they don't consider it a "bug" of the library, that's why I'm asking for alternatives of checking if the file decrypted correctly.

附注.对于任何关心的人，在上面提供的链接中，他们告诉我这是 zip 文件格式的问题，并且无能为力.所以我想，问题有点答案了.

PS. For anyone that cares, in the link provided above, they told me that it's a problem of the zip file format and that there is nothing that can be done. So I guess, question is kind of answered.

推荐答案

来自 this zipfile 错误报告

From this zipfile bug report

"密码检查方案对 zip 标头使用一字节检查以确保一致性.所以有(接近)1/256 的误报几率，即错误的密码被误认为是好的；然后 ZipFile 类继续解压缩，这就是失败的地方(因为解密"流确实是垃圾)."

"The password-checking scheme uses a one-byte check against the zip header for consistency. So there is a (near) 1/256 chance of false positives, that is of bad passwords mistakenly detected as good; then the ZipFile class proceeds with unarchiving and that's where things fail (because the "decrypted" stream is really junk)."

是否抛出异常?请发布您的代码.

Is any exception thrown? Please post your code.

这篇关于zipfile 模块给出不可靠的结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！