Principle: A zip file consists of three parts: compressed source file data area + compressed source file directory area + compressed source file directory end flag.
For the specific meaning, please refer to the blog of the big guy, and the explanation is very detailed. http://blog.csdn.net/wclxyn/article/details/7288994
Instance
Compression source file data area:
50 4B 03 04: This is the header file mark (0x04034b50)
14 00: The pkware version required to decompress the file
00 00: Global mode bit mark (with or without encryption) 2bytes after the header file mark
08 00: Compression mode
5A 7E: Last modified file time
F7 46: Last modified file date
16 B5 80 14: CRC-32 check (1480B516)
19 00 00 00: compressed size (25)
17 00 00 00: uncompressed size (23)
07 00: File name length
00 00: Extended record length
6B65792E7478740BCECC750E71ABCE48CDC9C95728CECC2DC849AD284DAD0500
Compressed source file directory area:
50 4B 01 02: The file header mark of the file in the directory (0x02014b50)
3F 00: pkware version used for compression
14 00: pkware version required to decompress the file
00 00: global mode bit mark (with or without encryption, the key to pseudo-encryption) 4bytes after the directory file mark
08 00: compression mode
5A 7E: last modified file time
F7 46: last modified file date
16 B5 80 14: CRC-32 check (1480B516)
19 00 00 00: compressed size (25)
17 00 00 00: uncompressed size (23)
07 00: file name length
24 00: extended field length
00 00: File comment length
00 00: Disk start number
00 00: Internal file attributes
20 00 00 00: External file attributes
00 00 00 00: local head offset
6B65792E7478740A00200000000000010018006558F04A1CC5D001BDEBDD3B1CC5D001BDEBDD3B1CC5D001
Compressed source file directory end flag:
50 4B 05 06: directory end flag
00 00: current disk number
00 00: directory area start disk number
01 00: total number of records on this disk
01 00: total number of records in the directory area
59 00 00 00 :The size of the catalog area
3E 00 00 00: The offset of the directory area to the first disk
00 00: ZIP file comment length
This detailed introduction of the meaning of each part, the file can be encrypted or decrypted after modifying the full layout mode mark bit value of the compressed source file directory area.
The specific operations are as follows:
Compressed source file data area: 50 4B 03 04: This is the header file mark
Compressed source file directory area:
50 4B 01 02: File header mark in the directory
3F 00: pkware version used for compression
14 00: pkware version
00 required to decompress the file 00: global mode bit mark (with or without encryption, this change is pseudo-encrypted here, change to 09 00 will prompt a password)
Compressed source file directory end mark: 50 4B 05 06: directory end mark
We use winhex to open the compressed package, search for 504B, and click the second 504B (compressed source file directory area)
------------------------------------------------------------------------------------------------------------
After changing the 09 in the global mode bit flag to 00, open the compressed package
Only the second digit of the four digits marked by the global mode has an effect on it. No matter what the other values are, it will not affect its encryption properties!
When the second number is odd ->encrypted When the
second number is even ->unencrypted
So, how to distinguish whether the current zip is really encrypted or pseudo-encrypted?
No encryption
The global encryption of the data area of the compressed source file should be 00 00(after 504B0304 two bytes)
and the global mode bit flag of the compressed source file directory area should be 00 00(after 504B0304 four bytes)
Fake encryption
The global encryption of the compressed source file data area should be 00 00
and the global mode bit flag of the compressed source file directory area should be09 00
True encryption
The global encryption of the compressed source file data area should be 09 00
and the global mode bit flag of the compressed source file directory area should be09 00
