Change background image
  1. What's up? I see you're viewing as a Guest. How about registering, it only takes like 2 minutes. This will enable you to do more on our forum and stay updated.

[TUT]Truely Hidden Files

Discussion in 'PC General' started by 3nvisi0n, Sep 13, 2011.

Thread Status:
This thread is more than 180 days old.
  1. 3nvisi0n

    3nvisi0n The R3v0lu710n Super-Mod

    Okay, so we all know you can set a file property to hidden, or you can use a special blank character to make it difficult to see the file, or whatever other trick you may have read about or found yourself. But today I'm going to explain a little known feature of the NTFS Filesystem(Default for MS).

    Firstly I will say it is hard to find a lot of good information on this method because it uses a poorly documented feature of windows(although you can find several good sources you won't find much officially from Microsoft)

    Just a note: you can't use this to hide your malicious files from antiviruses since most can read these files but it works to hide from the general user.

    Alternate Data Streams
    In an effort to be compatible with the Macintosh Hierarchical File System(HFS) which offers resource branching on things like icons(adding icons and resources without increasing file size by adding them as a separate but closely linked file) Microsft followed and added this also. However it never was popularly used or properly documented so it became a little obscure function never used.

    So what does this mean for hiding files; wCell on a normal NTFS(default for windows) you can attach one of these Alternate Data Streams to a file and this alternate file will be unseen in Windows Explorer or any other method you have to view files(except third-party applications that are specifically written to expose these files)

    This is done by using a : in your filename.
    For example:(in the command prompt)
    echo "Hello World I am an alternate data stream">mytext.txt:hidden.txt
    * the > is a stream redirection operator it redirects the stream from echo to the stream given following > it can be used to write files and such.
    The above would echo into a file hidden.txt which is an alternate data stream on mytext.txt, you would not see this file listed in any directory listing. But this the question is how to open it, well you need the command line for that also, and a program that supports alternate datastreams(Like Notepad for text, and VLC for videos)

    notepad mytext.txt:hidden.txt
    The above would open the hidden file hidden.txt in notepad.

    This can also be used to hide files in directories by cd-ing to the directory you want and then writting the file. For example to attach C:\Users\MYUSER\Documents\mysecret.txt to the C:\Users directory one would:
    cd C:\Users
    typeC:\Users\MYUSER\Documents\mysecret.txt > :mysecret.txt
    Type is like Cat on a linux system it just outputs the contents of a given file and > redirects that output to the given stream.

    Then to access that file again one would
    cd C:\Users
    notepad :mysecret.txt
    Removing Alternate Data Streams
    Well, this is a tricky one in short you can't. You cannot just remove one of these alternate data streams from a file. But there are some tricks.
    1. Move the file to a filesystem that does not support Alternate Data Streams like FAT
    2. Delete the File/Directory and remake it
    3. echo "" > file:altDataStream //This one empties the contents but doesn't delete it

    Apart from those there is no known way to remove an Alternate Data Stream, so this can be a dangerous thing should you attach to the drive root as there would be no way to remove it apart from formatting the drive.

    Other filetypes
    This does work with more than just textfiles although textfiles are the easiest to show. You can do this with any file a slong as you have a wya to open it. You can file a video file and use VLC to open it(I'm not sure about other media applications that support ADS) via:
    type mySecretAVI.avi > sometext.txt:myavi.avi
    vlc sometext.txt:myavi.avi
    Just one thing to note is you almost always need to use the command line to launch these not many applications support using the file open dialog to open them(if you type the name in manually)

    You can find more information on Alternate Data Streams on google, but remember this is a poorly documented feature so its workings might not be as explained by a 3rd party, and it is subject to be changed at anytime.
    1 person likes this.
Thread Status:
This thread is more than 180 days old.

Share This Page