bzip2 Archive Inflating to 1,400,000x its Size aka Decompression Bomb
HTML-код
- Опубликовано: 12 сен 2018
- Bombs away! 1.4MB becomes 10TB with this crazy efficient compression algorithm involving repeating null bytes.
Hope you enjoyed the video!
Check out this code here:
github.com/engineer-man/youtu...
Join my Discord server to chat with me:
engineerman.org/discord
Check out some code on my GitHub:
github.com/ebrian/engineerman
Tweet me something funny on Twitter:
/ _engineerman
Say hi over at Facebook:
/ engineermanyt
Sincerely,
Engineer Man - Наука
Oooooh. That sounds like a fun thing to do to the school computers.
Also fry it as soon as you extract the files
@@JoeDaStink lol my school computers are all on server, can fry the whone system, but i need some tricks to get into it
@@cleazy3752 Did you tried to do it or not? wanna know
@@darkmoon556 i wanan kniow
@@darkmoon556 no, im on vacation, i'll try the sooner i can, but with all of those crappy switches idk if it'l work
tar is not a compression algorithm, it's just for gathering together many files in one. That's why the file size didn't shrink.
Yeah and it's commonly combined with gzip:
- tar multiple files into one archive file
- gzip that archive file to compress it
@Rex Butt They aren't. Or do you mean .tar.gz, .tgz, .txz files? Those are all a single tar file that is compressed with another algorithm.
hey "tarball" vs archive
my school's IT guy watching me unload a 4000 terabyte zip bomb onto the school's network
iHarrySB haha, I saw that meme too 😎 have a great day, king!
I just saw this meme as well. i wish you two an nice day!😜
Normie alert
jorgeskatefast _ shut up, i enjoy all types of memes.
3 pied Piper employees disliked the video
Silicon Valley good show
This very method was used to crash bulletin boards back in pre internet days. As the BBS would auto unzip to virus scan the file, it would full the hard drive and crash the BBS. Back in the day it was called a ascii bomb, they were easy to create because of stacker.
I remember running stacker on a hard drive to make it 32 meg vice 16
@@mrbrianc Same here, but either my 286 CPU or my harddrive really struggled with disk i/o after that so I ended up reformatting without Stacker because it was slowing things down too much.
I just totally love your videos, short, enough detailed and to the point most importantly great content. Thanks!
Thank you so much for pointing out the "watch" command °_°
Wow, fantastic really, keep the videos coming engineer man
Cheers from Argentina
Thanks!
Great video. Thanks for sharing!
This is pretty much the digital version of the Spring Snake in a Can gag. As soon as you open it...
Fortunately it's a kitten, I'll be in danger if its a pupper
Awesome. the Like button has been inflating to over 200 times its original size.
i almost died lol
@@faradaysage9892 same
You could probably pipe through bzip2 _more than once_ since the data is so redundant. That generally doesn't work with more complex data. As someone else says, you could look into the bzip2 file format to see how to create an archive of zeros without having to use /dev/zero (Or use it and then hack the number to be bigger in the bzip2 file). Also, you might interested in lzma / xz and lrzip for heavy compression. (I have a 270 byte file that expands to 2.75GiB from combining these). Finally, look into archives that have been constructed to contain themselves. You read that right. Or two copies of themselves.
Oh, the quine archives are the most genius thing ever.
Would decompressing to a separate partition, i.e. /tmp, help prevent the rest of the system crashing?
Have you tried editing the bzip2 manually?
You made a large file with the same character. Depending on the algorithm compression and how it recognizes a 'seed' string, all those procedures should compress to a single character. Since it didn't , there must be additional parameters to make these things work. Consider, if a Huffman scheme was properly and scholastically used, all files should have collapsed to a single character. Since it didn't there must be something else going on. Great video! Keep doing it!
The decoding table also takes space in buff man scheme, so I guess most of the compressed file is just those tables.
Please do a playlist on Bash Tutorial for Beginners, because I'm starting to feel like I should be migrating to Linux really soon
This is awesome!
Would be great having an ascii kitten. Lots of them. :) great video.
/\**/\
( o_o )_)
,(u u ,),
{}{}{}{}{}{}
NULLS are NOT DATA!!!
Why the surprise?
If data is all the same, you only need to save one sample of data and how many of them are...
can you give us a practical video on virtual file system and virtual memory in linux..
Please send to India, Tech support guys
Ron White as an Indian I agree ,those scammers deserve to rot in hell
No need... They are already put I. Jail by the Indian authorities.
@@ShivamSingh-bx5lg I am an Indian and I couldn't agree more
never trust internet kittens
No matter how cute or innocent they may appear.
made a 64KB zip bomb which is 41GB uncompressed. It has 40GB.zip with 10 folders , each with 17 250MB .txt files, each compressed to 232B.
you can shrink 10gb to 400 bytes and 100gb to 924 bytes
if you use something like this:
dd if=/dev/zero bs=2G count=5 | zip -q9 | bzip2 -cq9 > 10GB.zip.bz2
Huh, how about that. Even better!
1 Terrabyte is 6288 bytes
@@EngineerMan
That's insane.
what do you code with?
i made a 232B compressed file that becomes 250MB when uncompressed. I did this by pasting like too many zeroes into notepad and wating too long for it to respond.
Could you write the "bomb" by hand instead of waiting for the 6 hours to produce it by actually compressing data?
I'm thinking you probably could. There must be a way to craft it quicker.
It's probably really simple if you have the specification on-hand and a way to edit the bitstream, but with the modern "layers upon layers" compression techniques...
(EDIT: I'm specifically talking about the 'Some bit-level compression, and then a byte-level compression within that' combos these tend to use)
yeah just have Engineer-Man send you the file. :D
I would fall for cute kittens every time
It says Zip is the oldest file type. No wonder why misuse of compression exist. Why they didn't tell not to compress when there is a zip file in a file?
what you used distribution ?
I think it's Xubuntu
wow
avast tagged quite some files on my pc as decompression bombs (even tho many look legit)
Yeah, but why?
"Apparently this has been a known vulnerability for the last 12 years" what's exactly the vulnerability in this case? The compression algorithm is too efficient? :)
Heh. Need less efficient algorithms over here!!!!
Less modern anti virus software would try to decompress the file to scan it. This would however take up so much time (and the AV didn't do parallel scans) that viruses could be installed without being checked by the AV.
you can shrink 10gb to 400 bytes and 100gb to 924 bytes
if you use something like this:
dd if=/dev/zero bs=2G count=5 | zip -q9 | bzip2 -cq9 > 10GB.zip.bz2
@@EngineerMan
One more thing.
Make a python program, that is a while loop. Inside loop make strings of size 100000 (length). Append that to a list. With each iteration of the loop, write that list into a file.
I mean 10TB is not a small size. But as the above program will generate file of infinity size as time goes.
How would the program be run?
I made a bat file that is only 16.0 KB but it can create a text file that is 2 exabytes (2048 petabytes) in size exactly, and any size in between.
wow
So what? You could probably do this with any scripting language in a few lines of code. Engineer man did the same thing with a shell one-liner in the video.
How do you need 2^14 characters for that lol (assuming extended ascii, that is)
I made a zip bomb that’s 80 ish mb when compressed and becomes 37 GB when extracted.
bzip2 with just null/zero characters would be a nice prank... but to do a real test, is to use /dev/urandom
Bzip2 uses what is called the Burrows-Wheeler algorithm. This algorithm compresses trailing 0's and 1's extremely well, while random 1's and 0's might be much less effective.
A file of random data from /dev/urandom shouldn't compress at all with any algorithm... compression algorithms exploit redundancies in the data that allows (grossly simplified) it to predict what a subsequent series of bits will be from a particular sequence of bits. With purely random data, the state of each bit is completely independent of the state of previous bits, so no bit is redundant - in fact, the compressed file will nearly always be _larger_ than the original, to account for the compression scheme's overhead.
okay... I still don't get your point. As a prank, bzip'ping a zero'ed out file and sending it to someone to fill their pc, or using it to bomb a server (if hard/soft limits were removed, for some stupid reason). But for proper testing, random data would be a good start, as at least it would show how well it can compress, if at all... if you know how long it takes to zip lfs and send it to another site for further development and/or qa, you'd understand my point
We were saying there isn't much point in testing it
You can background a running command?! Am I the only one who didn't know that??
Ctrl+Z then type bg and hit enter. You can put it back in the foreground with fg.
Me neither !
You can also use "screen" to switch between terminal windows essentially. A bit more verbose than backgrounding a job
@@DoorThief imma have to say tmux is better if you have a good conf fjle
i love your shit
Can you do this on windows with a tutorial?
I installed a bomb file yesterday, that shit installed also malware, 30 other programs and fake antivirus. I am lucky that I am skilled with conputers and stopped the shit, cleaned the malware out the computer in less than an hour
i have a 10 exobyte zip bomb
I tryed the same bzip2 command to compress a 826 MB iso file, however it only shark 2 MB , now it is 824 MB , how do I make it work? bzip2 is not working as shown in the video.
Please help #Engineer_Man
# Make a video on how to compress any kind of file with bzip2 that will compress any big files into couple of MB or KB, that would be very helpful.
bzip2 is especially good to compress null character, however it's way less powerful on files other than that. Maybe that's your problem.
online school shooters watching this video like
Im not really a linux guy so can someone tell me how to do this on windows?
edit: already found out how
sure, just need to delete system32 and install a proper OS like debian ;)
@@n8style shut up
@@Preinstallable lol which OS did you install?
@@n8style Windows
@@PreinstallableI thought you'd uninstalled that steaming pile for a proper OS?
We like to call it: Depression bomb
bruh that's weak, i've made a decompression bomb of 8kB that decompresses to 32768 yB
How did you do that?
Seriously bad idea to share this or any nefarious how to.
Shame on the mess.