Rating:

The first thing to check, is to see if the zip file is even corrupted in the first place.

`$ unzip zipper.zip`

`Archive: zipper.zip`

`warning: filename too long--truncating.`

`: bad extra field length (central)`

From this we can deduce that most likely the filename length is corrupted. The first thing to try is zip with the FF flag to fix our zip. Unfortunately that does not work. Let's take a look at this zip with zipdetails.

`$ zipdetails zipper.zip`

`0000 LOCAL HEADER #1 04034B50`

`0004 Extract Zip Spec 14 '2.0'`

`0005 Extract OS 00 'MS-DOS'`

`0006 General Purpose Flag 0002`

` [Bits 1-2] 2 'Fast Compression'`

`0008 Compression Method 0008 'Deflated'`

`000A Last Mod Time 4A9299FC 'Tue Apr 18 19:15:56 2017'`

`000E CRC 532EA93E`

`0012 Compressed Length 00000046`

`0016 Uncompressed Length 000000F6`

`001A Filename Length 2329`

`001C Extra Length 001C`

`Truncated file (got 206, wanted 9001):`

It looks like our filename length is set to 9001. To fix this we'll need to open up our zip file in a hex editor and manually change this value. Via the specification we know that the filename length and extra length are both two bytes long. First we need to manually count the length from the start of the filename field to the start of the extra field. When looking at a normal zip archive, I noticed that the filename ends right before the ascii characters for UT. The distance between the start of the filename field and UT is 0x8 long. Now I manually set the filename length to 0x0800, note that it is not 0x0008 due to the endien required. The filename is currently garbage so I replaced all 8 bytes of it with the letter a. Upon saving this file and trying the same process as before, I get the same error except it is with a different section of the zip file. After repeating the same steps as before, zipdetails appears to be broken. The unzip utility now is reporting a bad offset.

`$ zipdetails zipper.zip`

`0000 PREFIX DATA`

`Done`

`$ unzip zipper.zip`

`Archive: zipper.zip`

`file #1: bad zipfile offset (lseek): 1633771520`

Since we resolved the issues with the filenames, I decided that it was time to give zip -FF another go. Unlike before, zip actually was able to repair enough of the archive to be able to extract the key.