Monday, 16 March 2015

Stupid Geek Tricks: Hide Data in a Secret Text File Compartment

Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams, which allow you to store data “behind” a filename with the use of a stream name. It’s not detectable while browsing the file system, or anywhere within Windows… you can only access it with the “secret key” which is really just the name of the stream.
image
You can think of these extra streams as secret compartments within the file that can only be accessed if you know the “secret code,” which in this case is just the name of the stream.
This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.
Note: This only works on a drive formatted with NTFS.

Hiding Data in a Secret Compartment

In order to use this feature, you’ll have to open a command prompt and use the following syntax:
notepad SomeFile.txt:SecretWordHere.txt
You can use anything after the colon as a secret word, the key is that there can’t be any spaces between the first filename and the colon.
image
If you didn’t specify .txt on the end, Notepad will automatically add it, and ask if you want to create a new file, even if SomeFile.txt already existed, because SecretSquirrel!.txt doesn’t already exist.
image
Now you can enter in whatever data you want here and save the file:
image
When you look at the file, it will still be the exact same size as before:
image
You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:
image
You can use the command line again to add a second hidden “compartment” with a different name:
image
You can add whatever other information to this file that you’d like:
image
None of these hidden files will affect the other, or change the main file. Just remember, you have to use the command line to access the hidden data.
Note: Once you create a hidden stream, that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.

Detecting Files with Streams

Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.
For instance, in my scenario we’d use the following syntax:
streams.exe SomeFile.txt
image
As you can see, the names of the streams are shown, which would allow you to easily access them.
If you’re using Windows 7, you can simply use the /R argument to the DIR command to see the streams:
image

Deleting Streams

You can use the same Streams.exe command to delete all streams from a file, although I don’t think you can delete just a single stream. Use the following syntax:
streams.exe -d SomeFile.txt
image
As you can see in the screenshot, the streams are now removed from the file.

Adding to Hidden Streams from the Command Line

You can add data to a hidden stream by using a number of commands, or really anything that can pipe input or output and accept the standard FileName:StreamName syntax. For instance, we could use the echo command:
echo “Neat!” > SomeFile.txt:Test
image
You can see with the streams command in the example above that we now have a hidden stream on the file.

Reading a Stream From the Command Line

You can read data from the stream by piping data into the more command, using this syntax:
more < FileName:StreamName
In my example the actual command was this:
more < SomeFile.txt:SecretSquirrel!.txt
image
As you can see, the secret data that we added is outputted to the console.

Of course, this isn’t a secure way to hide data—for that you should use TrueCrypt. It’s just one of those things that can be fun to use and might come in handy here or there.
Learning is fun, isn’t it?

No comments:

Post a Comment