ziptool.py

#!/usr/bin/env python
#-*- coding: utf-8 -*-

import sys
import re
import struct
import json

def findndx(str, data):
	return [m.start() for m in re.finditer(str, data)]

def readLFH(data):
	"""Local file header"""

	lfh_header = "<4sHHHHHIIIHH"
	signature, version, flags, compression, mod_time, mod_date, crc32, compressed_size, uncompressed_size, file_name_length, extra_field_length = struct.unpack(lfh_header, data[:30])
	# lfh_payload = ""
	# lfh_payload += "{}s".format(file_name_length) if file_name_length > 0 else ""
	# lfh_payload += "{}s".format(extra_field_length) if extra_field_length > 0 else ""

	filename = None
	if file_name_length > 0:
		filename = struct.unpack("{}s".format(file_name_length), data[struct.calcsize(lfh_header):struct.calcsize(lfh_header)+file_name_length])

	extra_field = None
	if extra_field_length > 0:
		extra_field = struct.unpack("{}s".format(extra_field_length), data[struct.calcsize(lfh_header)+file_name_length:struct.calcsize(lfh_header)+extra_field_length])

	return {
	"signature":signature,
	"version":version,
	"flags":flags,
	"compression":compression,
	"mod_time":mod_time,
	"mod_date":mod_date,
	"crc32":crc32,
	"compressed_size":compressed_size,
	"uncompressed_size":uncompressed_size,
	"file_name_length":file_name_length,
	"extra_field_length":extra_field_length,
	"filename":filename,
	"extra_field":extra_field
	}

def readEOCDR(data):
	"""End of central directory record"""
	pass

def readCDH(data):
	"""central directory header"""
	pass

def main():
	archiveFile = sys.argv[1]
	data = open(archiveFile, 'rb').read()
	print "Archive size:", len(data), "bytes."

	print "PK56 ZIP-header", findndx("PK\005\006", data)

	print "PK34 LFH", findndx("PK\003\004", data)
	for i in findndx("PK\003\004", data):
		print json.dumps(readLFH(data[i:]), indent=2)

		# print readLFH(data[i:])

	print "PK21 CDH", findndx("PK\002\001", data)
	# print "tEXt", findndx("\x74\x45\x58\x74", data)
	# print "tEXtc", findndx("".join(map(chr, [116, 69, 88, 116])), data)
	# print "zTXt", findndx("".join(map(chr, [122, 84, 88, 116])), data)
	# print "iTXt", findndx("".join(map(chr, [105, 84, 88, 116])), data)

	# print "="* 79
	# for i in findndx("".join(map(chr, [116, 69, 88, 116])), data):
	# 	# keyword, nullchar, textstring = struct.unpack
	# 	x = struct.unpack("200s", data[i:i+200])
	# 	print x


if __name__ == '__main__':
	main()

binwalk magic file for zip LFH:

0      string     PK\3\4    ZIP archive,
>4     uleshort   x         version: "%d",
>6     uleshort   x         flags: %d,
>8     uleshort   x         comp: %d,
>10    uleshort   x         modify time: %d,
>12    uleshort   x         modify date: %d,
>14    ulelong    x         CRC: %d,
>18    ulelong    x         compressed size: %d,
>22    ulelong    x         uncompressed size: %d,
>26    leshort    x         length of file name: %d bytes,
!>26    leshort    x         {strlen:%d}
>28    ulelong    x         extra field size: %d,
>30    string     x         file name: {string}%s