With impending exams threatening to destroy what little sanity I have left, I take a few moments to find satisfaction in the knowledge that even the best sometimes get it wrong. The past is littered with disasters that resulted from human oversight, the Titanic being a prime example. I wonder if it is unfair of me to draw a parallel between WordPress 2.5 and the doomed sea vessel?
While the latest incarnation of WordPress comes with a flashy new interface, the ability to automatically update plugins over the web and lots of nice developer tidbits, it
is was slow … as … ASS! I’ve installed wp-cache but this does little to help alleviate the page load stress on each request. Let’s hope 2.5.1 is around the corner 🙂
In other news, I’m drafting some articles on web development, Facebook applications, EXE loaders as alternatives to patching and if I get time – some notes from my adventure with YDL on my PS3!
This tutorial will explore the potential for using ‘Alternate Data Streams’ (ADS) to store information on an NTFS partition. All of the steps detailed below can be accomplished directly from within Windows.
Files act as pointers to physical data on a storage medium; they are a convenience, a way of managing information on a computer as discrete units. It should be this fantastically simple – one pointer for one file – but it seems Microsoft had other ideas…
Macintosh computers use a different file system to Windows computers. It was decided that NTFS should be able to emulate some aspects of the Mac file system to improve file compatibility. As a result, it is possible to ‘attach’ data to a file in a way that is not visible to users (oh dear!).
Getting your hands dirty
- Load up a command-prompt Window (Start->Run->’cmd’).
- Create a file to run this demonstration on. In the console type:
echo Hello, World! > test.txt.
(The file ‘test.txt’ now contains 16 bytes of information. This is the default data stream)
- In the console, enter
type test.txt to show the information in ‘test.txt’.
- Let’s hide some data! In the console type
echo I am hidden! > test.txt:hidden.txt. Notice the colon (:) – this is very important!
- If you repeat step 3, you should only see ‘Hello, World!’ printed to the console. Check the properties of the file using Windows Explorer and you’ll arrive at the same conclusion, the file still contains only 16 bytes. You could even enter in
type test.txt:hidden.txt to try and see the text in ‘hidden.txt’, but it will return an error. Where is the hell has the information you just entered gone?
- To reveal the contents of ‘hidden.txt’, type
more < test.txt:hidden.txt in the console, et voila – the magically disappearing information has made a miraculous reappearance!
- The file ‘hidden.txt’ is now linked with ‘test.txt’. You could say that ‘test.txt’ is acting as a pointer to two data streams. Furthermore, if you copy ‘test.txt’ to another folder – ‘hidden.txt’ is copied with it!
The above is a basic demonstration of how ADS can be used to store hidden information. The article at governmentsecurity.org goes on to explore how an executable could be hidden within a file too. I’ve written a small batch file that attaches a user-defined message to itself (using ADS) and presents it using notepad. To remove the hidden file, you can either try the method suggested at gov.sec. or just delete the batch file itself!
ads_demo.rar – extract and run.