In today’s edition of Stupid Geek Tricks (where we show off little-known tricks to impress your non-geek friends), we’ll learn how to hide data in a text file that can’t be seen by anybody else unless they know the name of the secret compartment.
Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams, which allow you to store data “behind” a filename with the use of a stream name. It’s not detectable while browsing the file system, or anywhere within Windows… you can only access it with the “secret key” which is really just the name of the stream.
You can think of these extra streams as secret compartments within the file that can only be accessed if you know the “secret code,” which in this case is just the name of the stream.
This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.
Note: This only works on a drive formatted with NTFS.
In order to use this feature, you’ll have to open a command prompt and use the following syntax:
You can use anything after the colon as a secret word, the key is that there can’t be any spaces between the first filename and the colon.
If you didn’t specify .txt on the end, Notepad will automatically add it, and ask if you want to create a new file, even if SomeFile.txt already existed, because SecretSquirrel!.txt doesn’t already exist.
Now you can enter in whatever data you want here and save the file:
When you look at the file, it will still be the exact same size as before:
You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:
You can use the command line again to add a second hidden “compartment” with a different name:
You can add whatever other information to this file that you’d like:
None of these hidden files will affect the other, or change the main file. Just remember, you have to use the command line to access the hidden data.
Note: Once you create a hidden stream, that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.
Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.
For instance, in my scenario we’d use the following syntax:
As you can see, the names of the streams are shown, which would allow you to easily access them.
If you’re using Windows 7, you can simply use the /R argument to the DIR command to see the streams:
You can use the same Streams.exe command to delete all streams from a file, although I don’t think you can delete just a single stream. Use the following syntax:
streams.exe -d SomeFile.txt
As you can see in the screenshot, the streams are now removed from the file.
You can add data to a hidden stream by using a number of commands, or really anything that can pipe input or output and accept the standard FileName:StreamName syntax. For instance, we could use the echo command:
echo “Neat!” > SomeFile.txt:Test
You can see with the streams command in the example above that we now have a hidden stream on the file.
You can read data from the stream by piping data into the more command, using this syntax:
more < FileName:StreamName
In my example the actual command was this:
more < SomeFile.txt:SecretSquirrel!.txt
As you can see, the secret data that we added is outputted to the console.
Of course, this isn’t a secure way to hide data—for that you should use TrueCrypt. It’s just one of those things that can be fun to use and might come in handy here or there.
Learning is fun, isn’t it?