When you open/unzip a file, your computer will usually “trust” the file. After all, this is only unfolding the package, the content of the package is executed, so there is nothing that can go wrong during the unfolding, right?

And that’s mostly true, the only thing that can go wrong is that the unfolding might take some time and some resource. But that’s to be expected, if the user want to unfold a big file, they should expect it to take a lot of time.

Here, come the first kind of trap you can do: a file which appears to be small but is compressed in some way to it takes a surprisingly high amount of time and resource to open/unzip.

.zip bombs are the extreme case of this trap. Peoples have found way to build a .zip file which is extremely small, but when opened/unfolded take so much time and resources that it might crash your computer.

How is it done? Simply put, a zip file contain a small set of explanation on how to recreate the file, it is well known that even with a small set of rules, you can describe very big things. A good comparaison to what is happening in a .zip file is the tale of the Wheat on a Chess board:

>As a reward for his service to the king, the advisor asked something very simple: “I’d like grain of wheat, as dictated by my favourite game: chess. On the first square, please place one grain of wheat, on the second 2, and the third double for a total of 4, on the fourth double again, and continue to double up until the last of the 64 squares. I will be content with that amount of wheat.” Surprised by such a simple request, the King agreed, but little he knows that he would need to sell his Kingdom and much more to provide that much wheat.