zipography 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1827f4d1fd43192ac37e029981ab04de876a87d8a9e91b044873d671de1738cc
-  data.tar.gz: c2de37c58542aca50915c71712cda9f420cc2dded28cf95a9af1c369465774f7
+  metadata.gz: 1d865aef5a55e1a953eb86bbbdb97d2e1f78a9c9eb77e81b7954cf37f9d154d6
+  data.tar.gz: 5616046d45ccc02435baa0c99e7b1fc799faca97e2daa2762c5f8b98fe17ccd3
 SHA512:
-  metadata.gz: 960794c6d6a3cdb205c54e4b9ef1c38d840ca061e6fd547340c1122c88310312a19f2ff40e481a01d365bc8e76076fe01ee6d8a1fe25e243ce7e086c271fd24a
-  data.tar.gz: 381072f98336e90d7dc953821a7c5812cf736b09a0f19216915acdd5c82a498e7fb1f4e4c911c2519f8222484a26305fbd1becac4ee9fa15907adc61c2a00b66
+  metadata.gz: 89a240e96e8f953a1a9072e53b90ba2a4a27896170d3382ad0fbfa8e5e532360feee56184ac047c3e09ad77f36b7742c167b9100e3224eaa7c5de8a14e6942eb
+  data.tar.gz: cbf032cfcfa94752a5cac53f4f0ad5bf2de13e3a842b6a001df36fc8e177ce4706893707e8ee83979e58bcaa9d13d1b3cf376b9eab8a9bc4930aeb9578e2b582

data/README.md

@@ -9,11 +9,17 @@ file managers (Windows Explorer), the blob is invisible.
 Limitations:
 
 * single blob only (but you can just add another .zip as a blob);
-* doesn't work w/ zip64 files (this means 4GB max for an archive+blob
-  combo);
-* corrupts zip spec v6.2+ files that use *central directory*
-  encryption;
-* memory hungry, for it's just a toy, not a serious spy tool.
+* doesn't work w/ zip64 files (this means ~4GB max for an archive+blob
+  combo).
+
+## How does it work?
+
+A blob is injected after a file section right before the 1st *central
+directory header*. After that, a pointer in an *end of central
+directory* record is updated to compensate the shift of the *central
+directory header*.
+
+<img src='doc/zip.svg'>
 
 ## Usage
 
@@ -32,7 +38,9 @@ Inject a picture into the archive:
 
     $ zipography-inject orig.zip blob1.png > 1.zip
 
-It it visible? No:
+(On Windows, use `-o 1.zip`, instead of a redirection.)
+
+Is it visible? It isn't:
 
 ~~~
 $ bsdtar tf 1.zip
@@ -51,7 +59,7 @@ Check if we have the picture in the archive:
 $ zipography-info 1.zip
 Payload size:    18313
 Adler32:         0x6812d9f
-Version:         1
+Blob version:    1
 Valid:           true
 ~~~
 
@@ -64,15 +72,6 @@ $ xdg-open !$
 
 <img src='test/blob1.png'>
 
-## How does it work?
-
-A blob is injected after a file section right before the 1st *central
-directory header*. After that, a pointer in an *end of central
-directory* record is updated to compensate the shift of the *central
-directory header*.
-
-<img src='doc/zip.svg'>
-
 ## License
 
 MIT.

data/lib.rb

@@ -1,80 +1,186 @@
+require 'optparse'
 require 'zlib'
 require 'bindata'
 
 module Zipography
-
-  HEADER_SIZE = 9               # bytes
-  class HiddenBlob < BinData::Record
+  class Eocd < BinData::Record
     endian :little
 
-    uint32 :checksum
-    uint32 :len
-    uint8 :version, initial_value: 1
+    uint32 :signature, asserted_value: 0x06054b50
+    uint16 :disk
+    uint16 :disk_cd_start
+    uint16 :cd_entries_disk
+    uint16 :cd_entries_total
+    uint32 :cd_size
+    uint32 :cd_offset_start
+    uint16 :comment_len
+    string :comment, :read_length => :comment_len,
+           onlyif: -> { comment_len.nonzero? }
   end
 
-  def checksum s; Zlib.adler32(s); end
+  class IOReverseChunks
+    include Enumerable
 
-  def blob_make file
-    payload = File.read file
-    header = HiddenBlob.new len: File.stat(file).size,
-                            checksum: checksum(payload)
-    [payload.force_encoding('ASCII-8BIT'), header.to_binary_s].join
-  end
+    def initialize io, bufsiz: 4096, debug: false
+      @io = io
+      @fsize = io.stat.size
+      @bufsiz = bufsiz > @fsize ? (@fsize/2.0).ceil : bufsiz
+
+      @seek = -@bufsiz
+      @io.seek @seek, IO::SEEK_END
 
-  class MyZip
-    def initialize file
-      @file = file
-      @buf = File.read file
-      @eocd = end_of_central_dir
-      @first_cdh = first_central_dir_header
+      @debug = debug
+      $stderr.puts "#{@io.path}: seek=#{@seek}, bufsiz=#{@bufsiz}" if @debug
     end
+    attr_reader :io, :fsize
+
+    def each
+      idx = 0
+      while (chunk = @io.read(@bufsiz))
+        return if chunk.size == 0
 
-    def first_central_dir_header
-      @buf.index [0x02014b50].pack('V')
+        yield chunk
+        idx += 1
+
+        return if @seek == 0
+
+        @seek = -@bufsiz*(idx+1)
+        begin
+          @io.seek @seek, IO::SEEK_END
+        rescue Errno::EINVAL
+          @bufsiz = -(@bufsiz*(idx+1) - @fsize - @bufsiz)
+          @seek = 0
+          @io.seek @seek
+        end
+
+        $stderr.puts "#{@io.path}: seek=#{@seek}, bufsiz=#{@bufsiz}" if @debug
+      end
     end
+  end
 
-    def end_of_central_dir
-      pos = @buf.rindex [0x06054b50].pack('V')
-      fail 'not a zip file' unless pos
-      pos
+  def file_rindex file, substring
+    my_rindex = ->(s1, s2) { s1.rindex s2.dup.force_encoding('ASCII-8BIT') }
+
+    r = nil
+    File.open(file, 'rb') do |io|
+      iorc = IOReverseChunks.new io
+      prev_chunk = ''
+      bytes_read = 0
+
+      r = iorc.each do |chunk|
+        bytes_read += chunk.size
+
+        if (idx = my_rindex.call(chunk, substring))
+          break iorc.fsize - bytes_read + idx
+        end
+
+        if my_rindex.call(chunk, substring[0])
+          two_chunks = chunk + prev_chunk
+          if (idx = my_rindex.call(two_chunks, substring))
+            break iorc.fsize - bytes_read + idx
+          end
+        end
+
+        prev_chunk = chunk
+      end
     end
 
-    # start of central dir offset
-    def offset
-      @buf.slice(@eocd+16, 4).unpack('V').first
+    r
+  end
+
+  def eocd_position file
+    file_rindex(file, [0x06054b50].pack('V')) || fail("#{file}: not a zip")
+  end
+
+  def eocd_parse file, pos
+    File.open(file, 'rb') do |f|
+      f.seek pos
+      r = Eocd.read f
+      fail "no support for zip64 format" if r[:cd_offset_start] == 0xFFFFFFFF
+      r
     end
+  end
 
-    # very crude: instead of an intelligent parsing of eocd, modifying
-    # an offset, replacing eocd, we just change the offset. this won't
-    # fly for zip64 files
-    def repack data
-      [
-        @buf.slice(0, @first_cdh),
-        data,
-        # just before the offset of start of central dir
-        @buf.slice(@first_cdh, (@eocd+16) - @first_cdh),
-        # inject new offset
-        [offset + data.bytesize].pack('V'),
-        # the rest
-        @buf.slice(@eocd+16+4, @buf.size)
-      ]
+  HIDDEN_BLOB_VERSION = 1
+  HIDDEN_BLOB_HEADER_SIZE = 9           # bytes
+
+  class HiddenBlobHeader < BinData::Record
+    endian :little
+
+    uint32 :checksum
+    uint32 :len
+    uint8 :version, initial_value: HIDDEN_BLOB_VERSION
+  end
+
+  def adler32_file file, bufsiz: 1 << 16
+    r = nil
+    File.open(file, 'rb') do |f|
+      while (chunk = f.read bufsiz)
+        r = Zlib.adler32 chunk, r
+      end
     end
+    r
+  end
+
+  def blob_write file, dest
+    blob_size = File.stat(file).size
+
+    header = HiddenBlobHeader.new len: blob_size, checksum: adler32_file(file)
+    IO.copy_stream file, dest
+    dest.write header.to_binary_s
 
-    def blob
-      payload = ''
-      header = {}
-      File.open(@file) do |f|
-        f.seek(offset-HEADER_SIZE)
-        header = HiddenBlob.read f
-        f.seek(offset-HEADER_SIZE-header.len)
-        payload = f.read header.len
+    blob_size + header.num_bytes
+  end
+
+  def adler32_file_slice file, start, length, bufsiz: 1 << 16
+    r = nil
+    File.open(file, 'rb') do |f|
+      f.seek start
+      bytes_read = 0
+      idx = 0
+      finito = false
+      while (chunk = f.read bufsiz)
+        bytes_read += chunk.bytesize
+
+        if bytes_read > length
+          if idx == 0
+            chunk = chunk.byteslice(0, length)
+          else
+            chunk = chunk.byteslice(0, chunk.bytesize - (bytes_read - length))
+          end
+          finito = true
+        end
+        r = Zlib.adler32 chunk, r
+        break if finito
+        idx += 1
       end
-      { header: header, payload: payload }
     end
+    r
+  end
+
+  def adler2hex i; "0x" + i.to_i.to_s(16); end
 
-    def payload_valid? blob
-      blob[:header][:checksum] == checksum(blob[:payload])
+  def options usage, argv_size
+    opt = {}; op = OptionParser.new do |o|
+      o.banner = "Usage: #{File.basename $0} #{usage}"
+      o.on("-o FILE", "output") do |arg|
+        opt[:output] = File.open arg, 'wb'
+      end
     end
+    op.parse!
+
+    abort op.help if ARGV.size < argv_size
+    opt[:output] || $stdout
   end
 
+  def hbh_validate header
+    header[:len] <= 2**32 - 70 &&
+      header[:version] > 0 && header[:version] <= HIDDEN_BLOB_VERSION
+  end
+
+  def cd_offset_start_overflow zip_file, offset
+    max = (2**32)-1
+    actual = offset + File.stat(zip_file).size + HIDDEN_BLOB_HEADER_SIZE
+    actual - max
+  end
 end

data/zipography-extract

@@ -3,6 +3,20 @@
 require_relative './lib'
 include Zipography
 
-z = MyZip.new ARGV[0]
-blob = z.blob
-z.payload_valid?(blob) ? $stdout.write(blob[:payload]) : exit(1)
+output = options 'file.zip [-o blob]', 1
+
+eocd = eocd_parse ARGV[0], eocd_position(ARGV[0])
+
+File.open(ARGV[0], 'rb') do |f|
+  f.seek eocd[:cd_offset_start] - HIDDEN_BLOB_HEADER_SIZE
+  header = HiddenBlobHeader.read f
+
+  # validate
+  exit 1 unless hbh_validate header
+  start_location = eocd[:cd_offset_start] - HIDDEN_BLOB_HEADER_SIZE - header.len
+  checksum = adler32_file_slice ARGV[0], start_location, header.len
+  exit 1 unless checksum == header[:checksum]
+
+  f.seek start_location
+  IO.copy_stream f, output, header.len
+end

data/zipography-info

@@ -3,10 +3,25 @@
 require_relative './lib'
 include Zipography
 
-z = MyZip.new ARGV[0]
-blob = z.blob
+eocd = eocd_parse ARGV[0], eocd_position(ARGV[0])
 
-puts "Payload size:    #{blob[:header][:len]}"
-puts "Adler32:         0x" + blob[:header][:checksum].to_i.to_s(16)
-puts "Version:         #{blob[:header][:version]}"
-puts "Valid:           #{z.payload_valid?(blob)}"
+header = File.open(ARGV[0], 'rb') do |f|
+  f.seek eocd[:cd_offset_start] - HIDDEN_BLOB_HEADER_SIZE
+  HiddenBlobHeader.read f
+end
+
+puts "Payload size:    #{header[:len]}"
+puts "Adler32:         " + adler2hex(header[:checksum])
+puts "Blob version:    #{header[:version]}"
+
+unless hbh_validate header
+  puts "Error:           incompatible version or invalid payload size"
+  exit 1
+end
+
+checksum = adler32_file_slice ARGV[0], eocd[:cd_offset_start]-HIDDEN_BLOB_HEADER_SIZE-header.len, header.len
+
+if checksum != header[:checksum]
+  puts "Error:           invalid checksum #{adler2hex(checksum)}"
+  exit 1
+end

data/zipography-inject

@@ -3,8 +3,28 @@
 require_relative './lib'
 include Zipography
 
-abort "Usage: #{File.basename __FILE__} old.zip blob > new.zip" if ARGV.size < 2
+output = options 'orig.zip blob [-o new.zip]', 2
 
-z = MyZip.new ARGV[0]
-data = blob_make ARGV[1]
-z.repack(data).each {|buf| $stdout.write buf }
+# 0. get EOCD
+eocd_pos = eocd_position ARGV[0]
+eocd = eocd_parse ARGV[0], eocd_pos
+
+# 1. check a would-be zip size
+oo = cd_offset_start_overflow ARGV[1], eocd[:cd_offset_start]
+fail "`#{ARGV[1]}` is too big: #{oo} extra byte(s)" if oo > 0
+
+File.open(ARGV[0], 'rb') do |f|
+  # 2. Copy everything before CDH
+  IO.copy_stream f, output, eocd[:cd_offset_start]
+
+  # 3. Inject our blob
+  blob_size = blob_write ARGV[1], output
+
+  # 4. Copy CDH
+  f.seek eocd[:cd_offset_start]
+  IO.copy_stream f, output, eocd_pos - eocd[:cd_offset_start]
+
+  # 5. Add an updated EOCD
+  eocd[:cd_offset_start] += blob_size
+  output.write eocd.to_binary_s
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zipography
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Alexander Gromnitsky
 autorequire: 
 bindir: "."
 cert_chain: []
-date: 2020-08-22 00:00:00.000000000 Z
+date: 2020-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata