SEARCH

How-To Geek

Stupid Geek Tricks: Hide Data in a Secret Text File Compartment

In today’s edition of Stupid Geek Tricks (where we show off little-known tricks to impress your non-geek friends), we’ll learn how to hide data in a text file that can’t be seen by anybody else unless they know the name of the secret compartment.

Note: This article was originally written a couple of years ago, but we’ve updated and polished it for Windows 7, and we’re sharing it with all the new readers again.

Here’s How it Works

Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams, which allow you to store data “behind” a filename with the use of a stream name. It’s not detectable while browsing the file system, or anywhere within Windows… you can only access it with the “secret key” which is really just the name of the stream.

image

You can think of these extra streams as secret compartments within the file that can only be accessed if you know the “secret code,” which in this case is just the name of the stream.

This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.

Note: This only works on a drive formatted with NTFS.

Hiding Data in a Secret Compartment

In order to use this feature, you’ll have to open a command prompt and use the following syntax:

notepad SomeFile.txt:SecretWordHere.txt

You can use anything after the colon as a secret word, the key is that there can’t be any spaces between the first filename and the colon.

image

If you didn’t specify .txt on the end, Notepad will automatically add it, and ask if you want to create a new file, even if SomeFile.txt already existed, because SecretSquirrel!.txt doesn’t already exist.

image

Now you can enter in whatever data you want here and save the file:

image

When you look at the file, it will still be the exact same size as before:

image

You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:

image

You can use the command line again to add a second hidden “compartment” with a different name:

image

You can add whatever other information to this file that you’d like:

image

None of these hidden files will affect the other, or change the main file. Just remember, you have to use the command line to access the hidden data.

Note: Once you create a hidden stream, that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.

Detecting Files with Streams

Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.

For instance, in my scenario we’d use the following syntax:

streams.exe SomeFile.txt

image

As you can see, the names of the streams are shown, which would allow you to easily access them.

If you’re using Windows 7, you can simply use the /R argument to the DIR command to see the streams:

image

Deleting Streams

You can use the same Streams.exe command to delete all streams from a file, although I don’t think you can delete just a single stream. Use the following syntax:

streams.exe -d SomeFile.txt

image

As you can see in the screenshot, the streams are now removed from the file.

Adding to Hidden Streams from the Command Line

You can add data to a hidden stream by using a number of commands, or really anything that can pipe input or output and accept the standard FileName:StreamName syntax. For instance, we could use the echo command:

echo “Neat!” > SomeFile.txt:Test

image

You can see with the streams command in the example above that we now have a hidden stream on the file.

Reading a Stream From the Command Line

You can read data from the stream by piping data into the more command, using this syntax:

more < FileName:StreamName

In my example the actual command was this:

more < SomeFile.txt:SecretSquirrel!.txt

image

As you can see, the secret data that we added is outputted to the console.


Of course, this isn’t a secure way to hide data—for that you should use TrueCrypt. It’s just one of those things that can be fun to use and might come in handy here or there.

Learning is fun, isn’t it?

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 11/16/14
  • Harley Bellwood

    So I followed this step by step, dumb question...where is the text document saved to? I can't find it. I can open it with the command but I'm not seeing the actual notepad file.

  • Jacob Zinicola

    You won't because it's, in a sense, "hidden" within the file that you created it under. The only way to see it is to know that it's there and use the appropriate command syntax, or to use special utilities (e.g.: SysInternals' Streams.exe, or NirSoft's Alternate StreamView) that specifically look for data in the ADS.

    Also, be careful trying to move the file between computers. certain file systems or transfer utilities either don't recognize or specifically strip ADS information from files.

  • Don Gateley

    The secret isn't so well kept but I can see using this to support what used to be called a generation dataset (IBM System/360) where a single file can contain all back levels of the file under one name and provide access to only the latest version using the file name directly.

    Possibly the original intended use case. I've often wondered what happened to this useful concept. Thanks.

    A GUI app to support this generation usage in a clean way would be very, very cool.

  • Tralfamadore

    You mention using TrueCrypt as a way to really hide things. Good call.There has been some controversy as to whether TrueCrypt has been compromised.In short--it has not. But the original website indicates that the developers have abandoned it.However, it has not been abandoned by the community of users and is available to be downloaded and will continue to be supported and developed.http://opencryptoaudit.org/https://www.grc.com/misc/truecrypt/truecrypt.htm

Enter Your Email Here to Get Access for Free:

Go check your email!