Stupid Geek Tricks: Hide Data in a Secret Text File Compartment
In today’s edition of Stupid Geek Tricks (where we show off little-known tricks to impress your non-geek friends), we’ll learn how to hide data in a text file that can’t be seen by anybody else unless they know the name of the secret compartment.
How it Works
Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams, which allow you to store data “behind” a filename with the use of a stream name. It’s not detectable while browsing the file system, or anywhere within Windows… you can only access it with the “secret key” which is really just the name of the stream.
You can think of these extra streams as secret compartments within the file, that can only be accessed if you know the “secret code”, which in this case is just the name of the stream.
This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.
Note: This only works on a drive formatted with NTFS.
Hiding Data in a Secret Compartment
In order to use this feature, you’ll have to open a command prompt and use the following syntax:
notepad SomeFile.txt:SecretWordHere.txt
You can use anything after the colon as a secret word, the key is that there can’t be any spaces between the first filename and the colon.
If you didn’t specify .txt on the end, Notepad will automatically add it, and ask if you want to create a new file, even if SomeFile.txt already existed, because SecretSquirrel!.txt doesn’t already exist.
Now you can enter in whatever data you want here and save the file:
When you look at the file, it will still be the exact same size as before:
You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:
You can use the command line again to add a second hidden “compartment” with a different name:
You can add whatever other information to this file that you’d like:
None of these hidden files will affect the other, or change the main file. Just remember you have to use the command line to access the hidden data.
Note: Once you create a hidden stream, that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.
Detecting Files with Streams
Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.
For instance, in my scenario we’d use the following syntax:
streams.exe SomeFile.txt
As you can see, the names of the streams are shown, which would allow you to easily access them.
Deleting Streams
You can use the same Streams.exe command to delete all streams from a file, although I don’t think you can delete just a single stream. Use the following syntax:
streams.exe -d SomeFile.txt
As you can see in the screenshot, the streams are now removed from the file.
Adding to Hidden Streams from the Command Line
You can add data to a hidden stream by using a number of commands, or really anything that can pipe input or output and accept the standard FileName:StreamName syntax. For instance, we could use the echo command:
echo “Neat!” > SomeFile.txt:Test
You can see with the streams command in the example above that we now have a hidden stream on the file.
Reading a Stream From the Command Line
You can read data from the stream by piping data into the more command, using this syntax:
more < FileName:StreamName
In my example the actual command was this:
more < SomeFile.txt:SecretSquirrel!.txt
As you can see, the secret data that we added is outputted to the console.
Conclusion
This isn’t a secure way to hide data… for that you should use TrueCrypt. It’s just one of those things that can be fun to use and might come in handy here or there.
Learning is fun, isn’t it?
Daily Email Updates
You can get our how-to articles in your inbox each day for free. Just enter your name and email below:
| Similar Articles | Featured Wiki Articles |
|
|
| Latest Software Reviews | Quick Linux Tips |
| Geek Arcade | Popular Forum Threads |
EXCELLENT. Truly, a stupid geek trick, but one I much appreciated learning. Many thanks.
Well, this can be best used to store your username and passwords and then hide it and nobody will know.
Anyways nice trick !
@ Nakodari – Except your network admin who knows how to look to detect streams
ADS is also used by:
1. Windows XP SP2 and up to store Internet Explorer zone information on downloaded files so it can apply more security then normal to files downloaded from the internet. Usually by blocking access to some files and displaying popups when running others.
2. Windows XP files summery tab to store metadata for some file types.
Support was removed in Windows Vista due the fact that if the file was sent to a non-NTFS file system that data would be lost. Which includes USB flash drives and sending data over the internet.
There is a shell extension at http://www.jsware.net/jsware/sviewer.php5 for viewing the ADS in Windows XP.
Not sure about Windows Vista. The jsware site have anti-vista information on it so if it doesn’t work then it probably won’t be fixed to work with Vista.
@jd2066
Great followup! I wasn’t aware of that shell extension.
I am using office 2007 on Vista. Most everytime I click on a word or office program, two come up. There are also other times where I have to bring up word or excel and open files from the open files within the program. How can I make this stop and start running normal?
Thanks,
Bryon
@Bryon K. Altenbach: You should post your question on the site forums.
Few people watch these comments so you are unlikely to get an answer here.
Cool neat trick, I guess it will server my purpose becuae non of my friend are that tech savy, I can hide my files this way
Just a few observations if you’re going to use this:
If you store important data (eg passwords) in the ADS, be sure to protect the “host” file from accidental deletion – if the host goes, so do all the ADS’s. Put some important looking data in the host – you don’t want to have an empty file sitting out there that would be prone to deletion. Put the file in an obscure location. Give your host file a name that makes it look like it shouldn’t be messed with. You’re not restricted to using TXT as the extension for either the host file or the ADS…you could easily create important.dll:serial.# Even better, use a copy of a real dll as the host: copy winsock.dll to winsock-recovery.dll, then add you ADS to that. Annyone scanning the machine will probably stay away from that file, and even if they look at the contents, it;ll look like a valid DLL (cuz it is).
You can also use the ‘type’ command with output redirection to append long items to your ADS. First, create your host file (host.dll). Now create a second text file with all your “hidden” data (hideme.txt). Now run “type hideme.txt > host.dll:secretstuff.txt”, then delete hideme.txt.
Fun stuff…thanks for sharing, Geek.