Artifacts for the WOOT '19 paper "A better zip bomb".
David Fifield
david@bamsoftware.com
2019-07-01

The web page for this work is https://www.bamsoftware.com/hacks/zipbomb/.


## zipbomb/ directory

This is a Git export of https://www.bamsoftware.com/git/zipbomb.git at
commit dc4260fe44caadd8de2400659b9efff21dbbbddd, along with pregenerated
sample zip bombs. The "zipbomb" program is Python source code that
generates zip bombs according to parameters. See the Makefile for
examples of how to run it. The "optimize.R" program computes optimal
parameters for zip bombs given certain constraints. "optimize.out" is
pregenerated output of optimize.R. The "ratio" script shows the
compression ratio of a zip file.

DANGER The *.zip files in the zipbomb/ directory are pregenerated zip
bombs. Handle these with caution. They are safe to examine with
"unzip -l" or "zipinfo". Beware of systems that may attempt to unzip
them implicitly.


## compatibility/ directory

This directory contains various anomalous zip files used to make the
compatibility table in Table 2 (https://www.bamsoftware.com/hacks/zipbomb/#compatibility).
See compatibility/README.


## figures/ directory

This directory contains source code and data for generating the figures
in the paper. To generate the figures, you will need R, ggplot2,
data.table, and Asymptote. Enter the figures/ directory and run "make".

The necessary data is precomputed, but you can also generate it yourself
using the scripts in the figures/data/ subdirectory. See
figures/data/README.
