Hide Information in Files

Martin Brinkmann — Mon, 30 Jun 2008 19:24:47 +0000

You might have already ready about Windows Alternate Data Streams (also known as System Forks on other operating systems) which are supported by most Windows operating systems that use NTFS (New Technology File System). Alternate Data Streams can contain any kind of information including textual, visual and executable. Malicious users can take advantage of the fact that the size of the additional content is not added to the size of the file in a directory listing. A 10 Kilobyte image will still show a size of 10 Kilobyte if someone else adds a 1 Megabyte executable to it.

Basically anything can be added to an existing file (and directory) which brings up an interesting method of hiding important data on the system. Say you want to keep your passwords on the computer but do not want to use a text document to have them in the open. Using Alternate Data Streams to hide them from prying eyes could be a relative secure method of storing the password list on the computer.

They are detectable if the right software is being used. Windows Vista users can also use the dir *.txt /R which is further explained at Bart De Smet’s on-line blog.

To add textual information to any file in Windows you could use the command notepad filename:name for example notepad image.jpg:secret. This would open up Notepad and a blank text file at the first run. Any text that is added and saved during that session will the shown if the user opens the text document with the same command at a later time.

Executable files or other binary files can be added with the type command like this: type c:\text.exe > hello.txt:text.exe which can be executed with the start command start .\hello.txt:text.exe.

gHacks Technology News | Latest Tech News, Software And Tutorials » system forks

Hide Information in Files