SEARCH

How-To Geek

Stupid Geek Tricks: Hide Data in a Secret Text File Compartment

In today’s edition of Stupid Geek Tricks (where we show off little-known tricks to impress your non-geek friends), we’ll learn how to hide data in a text file that can’t be seen by anybody else unless they know the name of the secret compartment.

Note: This article was originally written a couple of years ago, but we’ve updated and polished it for Windows 7 and we’re sharing it with all the new readers again.


Here’s How it Works

Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams, which allow you to store data “behind” a filename with the use of a stream name. It’s not detectable while browsing the file system, or anywhere within Windows… you can only access it with the “secret key” which is really just the name of the stream.

image

You can think of these extra streams as secret compartments within the file, that can only be accessed if you know the “secret code”, which in this case is just the name of the stream.

This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.

Note: This only works on a drive formatted with NTFS.

Hiding Data in a Secret Compartment

In order to use this feature, you’ll have to open a command prompt and use the following syntax:

notepad SomeFile.txt:SecretWordHere.txt

You can use anything after the colon as a secret word, the key is that there can’t be any spaces between the first filename and the colon.

 image

If you didn’t specify .txt on the end, Notepad will automatically add it, and ask if you want to create a new file, even if SomeFile.txt already existed, because SecretSquirrel!.txt doesn’t already exist.

image

Now you can enter in whatever data you want here and save the file:

image

When you look at the file, it will still be the exact same size as before:

image

You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:

image 

You can use the command line again to add a second hidden “compartment” with a different name:

image

You can add whatever other information to this file that you’d like:

image

None of these hidden files will affect the other, or change the main file. Just remember you have to use the command line to access the hidden data.

Note: Once you create a hidden stream, that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.

Detecting Files with Streams

Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.

For instance, in my scenario we’d use the following syntax:

streams.exe SomeFile.txt

image

As you can see, the names of the streams are shown, which would allow you to easily access them.

If you’re using Windows 7, you can simply use the /R argument to the DIR command to see the streams:

image

Deleting Streams

You can use the same Streams.exe command to delete all streams from a file, although I don’t think you can delete just a single stream. Use the following syntax:

streams.exe -d SomeFile.txt

 image

As you can see in the screenshot, the streams are now removed from the file.

Adding to Hidden Streams from the Command Line

You can add data to a hidden stream by using a number of commands, or really anything that can pipe input or output and accept the standard FileName:StreamName syntax. For instance, we could use the echo command:

echo “Neat!” > SomeFile.txt:Test

image

You can see with the streams command in the example above that we now have a hidden stream on the file.

Reading a Stream From the Command Line

You can read data from the stream by piping data into the more command, using this syntax:

more < FileName:StreamName

In my example the actual command was this:

more < SomeFile.txt:SecretSquirrel!.txt

image

As you can see, the secret data that we added is outputted to the console.


Of course, this isn’t a secure way to hide data—for that you should use TrueCrypt. It’s just one of those things that can be fun to use and might come in handy here or there.

Learning is fun, isn’t it?

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 11/11/10

Comments (43)

  1. Bush -- not related

    EXCELLENT. Truly, a stupid geek trick, but one I much appreciated learning. Many thanks.

  2. Nakodari

    Well, this can be best used to store your username and passwords and then hide it and nobody will know. ;)

    Anyways nice trick !

  3. sul2005tan

    :) nice trick geek

  4. Your Friendly Neighborhood Computer Guy

    @ Nakodari – Except your network admin who knows how to look to detect streams ;-)

  5. jd2066

    ADS is also used by:
    1. Windows XP SP2 and up to store Internet Explorer zone information on downloaded files so it can apply more security then normal to files downloaded from the internet. Usually by blocking access to some files and displaying popups when running others.
    2. Windows XP files summery tab to store metadata for some file types.
    Support was removed in Windows Vista due the fact that if the file was sent to a non-NTFS file system that data would be lost. Which includes USB flash drives and sending data over the internet.

    There is a shell extension at http://www.jsware.net/jsware/sviewer.php5 for viewing the ADS in Windows XP.
    Not sure about Windows Vista. The jsware site have anti-vista information on it so if it doesn’t work then it probably won’t be fixed to work with Vista.

  6. The Geek

    @jd2066

    Great followup! I wasn’t aware of that shell extension.

  7. Bryon K. Altenbach

    I am using office 2007 on Vista. Most everytime I click on a word or office program, two come up. There are also other times where I have to bring up word or excel and open files from the open files within the program. How can I make this stop and start running normal?

    Thanks,

    Bryon

  8. jd2066

    @Bryon K. Altenbach: You should post your question on the site forums.
    Few people watch these comments so you are unlikely to get an answer here.

  9. Anand.V.V.N

    Cool neat trick, I guess it will server my purpose becuae non of my friend are that tech savy, I can hide my files this way

  10. dcj2

    Just a few observations if you’re going to use this:

    If you store important data (eg passwords) in the ADS, be sure to protect the “host” file from accidental deletion – if the host goes, so do all the ADS’s. Put some important looking data in the host – you don’t want to have an empty file sitting out there that would be prone to deletion. Put the file in an obscure location. Give your host file a name that makes it look like it shouldn’t be messed with. You’re not restricted to using TXT as the extension for either the host file or the ADS…you could easily create important.dll:serial.# Even better, use a copy of a real dll as the host: copy winsock.dll to winsock-recovery.dll, then add you ADS to that. Annyone scanning the machine will probably stay away from that file, and even if they look at the contents, it;ll look like a valid DLL (cuz it is).

    You can also use the ‘type’ command with output redirection to append long items to your ADS. First, create your host file (host.dll). Now create a second text file with all your “hidden” data (hideme.txt). Now run “type hideme.txt > host.dll:secretstuff.txt”, then delete hideme.txt.

    Fun stuff…thanks for sharing, Geek.

  11. robb

    nice tips for those who wants to store all important usernames and passwords in one text file.
    easily hide it.

  12. Tom

    I tried this trick in Vista. It worked, but only sort of. I created the streamed files. But streams is not a recognized command line command. I did however end up with an extra command in my history which gave me a 71 page InfoPath 2003 Training PowerPoint presentation. How utterly magical. Thanks.

  13. Tom

    Oops, I was mistaken I put that there over a year ago. I am sorry please disregard my last comment, except for the part of streams being unrecognized in Vista’s cmd, but working anyway.

  14. wandersick

    Just want to raise a point. For people who use ADS to hide username and passwords, be careful not to transfer the file to non NTFS drives (e.g. USB Flash Drive / Mobile hard drive which could use FAT), or the data would be gone for good. (although it might prompt a warning message, if done through Windows Explorer)

    And regarding the suggestion of hidding data in DLLs such as winsock.dll, which is a standard Windows DLL, seems an imperfect idea, due to the fact it is a standard Windows component, i.e. it could be changed by Windows Update (by means of HotFix patching) at any time, and your data would be lost.

  15. Paradox242

    Tom:

    You don’t have streams.exe on your Vista machine because it is not there by default, rather it’s another great tool made available by Mark Russinovich (I recommend all the other Sysinternals stuff too).

    You can follow the link from from the article to download and install it somewhere in your %PATH%.

  16. bob smith

    cool, bu this is kinda confuzeling.

  17. Mike Mol

    Try using NTFS’s POSIX namespace (i.e. by using NTFS-3g) to create and store files. Filenames with ‘:’ are suddenly allowed. Create a few.

    Then try using that file in Windows.

  18. Steve Hollasch

    Just found out today that the Windows 7 ‘dir’ command has a new /R option that lists the alternate data streams of all files. I’m adding this to my DIRCMD environment variable today.

    Bottom line: DO NOT STORE SENSITIVE INFORMATION IN ALTERNATE DATA STREAMS. They are not a security solution.

  19. Anomaly

    I thought this was a cool geek trick. Kudos!

  20. arjain

    can we copy this? i mean if we copy the real file will the compartment get copuied to a new loaction.

  21. Nawlins Jeaux

    Curious…

    I was wondering -

    @Wandersick commented that “And regarding the suggestion of hidding data in DLLs such as winsock.dll, which is a standard Windows DLL, seems an imperfect idea, due to the fact it is a standard Windows component, i.e. it could be changed by Windows Update (by means of HotFix patching) at any time, and your data would be lost.”

    But, if you read @dcj2′s comment above that one, he recommended adding “-recovery” to the .dll file name. Wouldn’t that stop Windows updates from changing the data in the bogus file? Unless, of course, you copy a .dll file that already had the “-recovery” in the file name?

    I’m no geek. By any means. But, that makes sense to me.

  22. wanderSick

    Oh yes. You are right about that.

  23. trm96

    Hmmmm if the data is not actually part of the file then where (and how) does the data of these streams get stored?

  24. snert

    Gee, I’m learnng to be a real Geek!
    This will be handy if I can remember how.

  25. Yogesh

    I am able to copy file to another location and access the stream over there.
    Is my system malfunctoning???

  26. GeekPod

    I have had a “master” .txt file for years that I keep important data, passwords, credit card numbers, Etc.
    I keep the file in my “pictures” folder and re-name the extension to .jpg-

    This would keep most intruders away. Very few intruders would think about re-naming the file to .txt to access the information-

    The file could also be easily moved to a flash drive without any problem.

  27. Gordon

    Wow, it really is a Stupid Geek Trick. Thanks for letting me know!

  28. ArashiX

    Not the best way to hide data as you already pointed out, but cool nonetheless. Thank you for the trick.

  29. Hariks

    @Bryon K. Altenbach

    Please check the following:
    Excel Options > Advanced >General> At startup, open all files in

  30. BASIT

    really so good trick for hiding

  31. teregosa

    Just be careful not to cross the streams. It would be bad.

  32. Mohammad Elsheimy

    This technique is called File Streams, if you are a programmer, you might like to read about how to implement it programmatically here, in MSDN:
    http://msdn.microsoft.com/en-us/library/aa364404.aspx

  33. Northern Boy

    Would anti-virus programs flag ADS files?

  34. AmonRa

    FAIL !

    old… trick iZ old aZ NFTS FS iZ

  35. siddharth

    Nice one mate !

  36. Jamie

    Never, EVER use this for anything even remotely important. I would have thought people would understand that doing so is a stupid idea given that the article itself tells you how it’s not truly secure, yet according to the comments, people are doing this or similar.

    Use KeePass, TrueCrypt or any other *truly* secure application for important data. Use this for absolutely nothing beyond what it is: a stupid geek trick.

  37. Marble

    Nice trick, thanks ! Learning is so fun ;-)

  38. Inaudible

    @AmonRa – read the article. FTW: “Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams…” – and it’s still a cute geek trick, old or not. A bit like a text-based “easter egg,” like they put in software.

  39. Alex

    Lame: yes
    Useful: unknown
    Lol factor: 4

  40. K.V. Kuntal

    Its really cool!!! Very nice.
    Really useful.
    Thanks.

  41. hmm

    Great place for virus and spyware authors to hide their configs/logs etc… kudos Microsoft.

  42. harry

    Its cool indeed. I used it to store extra information on files of a website, for a “cms” I wrote some years ago. Things like “last edited by” “author” etc.
    I think the stream is saved with the file as I can access it even after the files are moved to a different directory.

  43. Thom McKiernan

    Wow, I’ve been a windows sysadmin for 10 years and I never new about this!
    Nice tip.

Enter Your Email Here to Get Access for Free:

Go check your email!