Many a times you might have wished certain stuff on your CDs and DVDs were private and accessible only to you and no one else. While you could achieve this using WinRAR or any other archiving software that can encrypt your data, it doesn't allow for quick access to the data as you need to decrypt and extract the stuff first. While this might not be much of a problem for a small amount of data, you might get into trouble when you’ve got gigabytes of ones and zeroes to hide. Now I know that for all legitimate purposes your stash of hidden data would never really get this extensive, but the keyword here is ‘legit’. What about the skeletons in your closet? (Read: porn) They need to go somewhere too, right? And you need a much larger cache for them. You *could* just take a hike and encrypt those files anyway but since questionable content has a tendency to amass gigabytes of space, you might get into some serious trouble while extracting the stuff; not to mention about the overhead associated with decryption. Your processor wouldn't be so happy about it.
Oh, and a conspicuous 4GB RAR archive that also happens to be password protected does raise a few eyebrows So what do you do? How do you hide all that illicit data you gathered from your sporadic covert operations?Well, there are many solutions. And you can be inventive and create a new one too or just and find some more off the web and add them to this thread. Here’s what I found:1. CD-Lock2. Multi-Session Hiding3. Modified Disc Image (Hex Edit)(This list is by no means exhaustive and there might be many more innovative ways to hide stuff in optical media. If you catch any, bump this thread with your finds)CD-Lock:This is a fairly easy to use software tool that encrypts your stuff and then decrypts them ‘on-the-fly’ and with speed you won’t believe... literally. This program installs a system level driver and that’s probably what does the trick. I’m not sure whether it’s actually secure though, but for everyday purposes, CD-Lock might just cut it. When I tested it way back (when I was with a P4 and WinXP), it seemed a lot buggy. They’ve probably fixed the bugs by now, but you can never tell. Try it out for yourself and see what you getURL: http://www.cd-lock.com/Multi-Session Hiding:Now this is something I stumbled upon totally by accident. I made a multi-session disc and burnt some data into it. Then one day I went to a cyber cafe, downloaded lots of hacking tools, books, MHT webpages, etc. and other variegated content. I asked the guy who ran the cafe to burn the stuff into the DVD for me (the one I made earlier) and when he was done, I couldn't find the stuff I burnt earlier. They had vanished into thin air (or thin plastic) without leaving a trace. I did some online research and found out that sometimes only the last session that’s burnt onto a disc would show up. This does not mean that the earlier sessions are lost. You can still access them and extract data by using specialized software like IsoBuster or CD/DVD InspectorI haven’t tried achieving this on purpose, but I’m sure it can be done (see IsoBuster screenshots)
Oh, and a conspicuous 4GB RAR archive that also happens to be password protected does raise a few eyebrows So what do you do? How do you hide all that illicit data you gathered from your sporadic covert operations?Well, there are many solutions. And you can be inventive and create a new one too or just and find some more off the web and add them to this thread. Here’s what I found:1. CD-Lock2. Multi-Session Hiding3. Modified Disc Image (Hex Edit)(This list is by no means exhaustive and there might be many more innovative ways to hide stuff in optical media. If you catch any, bump this thread with your finds)CD-Lock:This is a fairly easy to use software tool that encrypts your stuff and then decrypts them ‘on-the-fly’ and with speed you won’t believe... literally. This program installs a system level driver and that’s probably what does the trick. I’m not sure whether it’s actually secure though, but for everyday purposes, CD-Lock might just cut it. When I tested it way back (when I was with a P4 and WinXP), it seemed a lot buggy. They’ve probably fixed the bugs by now, but you can never tell. Try it out for yourself and see what you getURL: http://www.cd-lock.com/Multi-Session Hiding:Now this is something I stumbled upon totally by accident. I made a multi-session disc and burnt some data into it. Then one day I went to a cyber cafe, downloaded lots of hacking tools, books, MHT webpages, etc. and other variegated content. I asked the guy who ran the cafe to burn the stuff into the DVD for me (the one I made earlier) and when he was done, I couldn't find the stuff I burnt earlier. They had vanished into thin air (or thin plastic) without leaving a trace. I did some online research and found out that sometimes only the last session that’s burnt onto a disc would show up. This does not mean that the earlier sessions are lost. You can still access them and extract data by using specialized software like IsoBuster or CD/DVD InspectorI haven’t tried achieving this on purpose, but I’m sure it can be done (see IsoBuster screenshots)
Modified Disc Image (Hex Edit):This is a technique I found about at a forum somewhere on the internet and I tried it out.Things you need:
PowerISO or any ISO burning/creating software (IMGBurn might work too)
A hex editor capable of handling very large file (I used HxD and Tiny Hexer)
WinRAR (optional)In this example, I’ll show you how to hide files in a CD. The same method applies for hiding stuff in DVDs. First of all, you need to decide on a nice and small dummy file to write to the disc. This file will be visible to anyone who reads the disc. The dummy should be small if you want more room for your hidden (or questionable) content.Calculate the size of the dummy file in this way:Questionable Content + Dummy = 700MB (for CDs)Questionable Content + Dummy = 4.7GB /8GB (for DVDs)We need to do this to make sure there’s no free space left on the disk so that it looks as if nothing’s burnt to it e.g. If we burn a 40MB dummy and 200MB hidden stuff, then by looking at the disc you can make out whether something fishy is going on. But if it was fully burnt, you probably won’t see the difference (This is only to ward off nosy friends and relatives. A motivated geek will get if your hidden data if he is suspicious)Ok, now start PowerISO (or any other image creation program) and add the dummy file. Create an ISO image of the disc and then open it in HxD (Tiny Hexer is great but doesn’t handle large files )Now move to the end of the image in the hex edit. Click on the right side of the hex dump where you see all the garbage stuff like numbers, symbols and text. The cursor should be at the end of the file. Now create a marker here so you know this is where your hidden cache starts. Create a marker by typing something in here that you can relate to like [START] or {HIDDEN STUFF START}, etc.Now load the file you want to hide in the hex editor and copy everything from it. Note that you need to copy the ASCII stuff in the right and not the actual HEX data (in layman terms, just copy all the garbage on the right and *not* the numbers and capital letters on the left)Switch back to the hex dump of the ISO image and paste all the stuff there (append it to the file)Now you may insert a file termination marker so you know here’s where your file ends. Enter a marker like [END] or {END OF FILE} etc.You can repeat the above process for any number of files you want to hide, but make sure the size of the image doesn’t exceed the size of the optical media.Oh, and by the way, you might want to add a filename and filetype marker with the start and end tags too as you probably won’t remember them just by looking at its hex dump ;PNow that you’ve appended all your dirty stuff to the ISO image, you can go right ahead and burn it. After you’re done, put the disc back into the tray and check it out. Windows will show the space occupied by the dummy file and your hidden stash will not be seen. Even the disc properties will show no free space left on the disc. Cool, eh? How to extract the stuff back you ask?Just create an image of this disc and throw it into HxD. Look for your markers (search for text-strings)And extract (copy) everything between the [START] and [END] marker. Create a blank file (in HxD) and paste the copied stuff in there and save it with the correct file extension.Tada! You’re done! Happy hiding! Useful Tips:1. When you’re looking for a dummy file with the right filesize, you might not get one that fits the bill. You can try using Windows search for it or use a much better program like Locate for this purpose. Just do a filesize search.2. In Tiny Hexer, you can create macros which can probably help in automating the whole process of extraction from the disc image. If anybody succeeds in doing that then please share your creation.3. Keep in mind that we’re only hiding stuff here, not protecting them so you might want to encrypt your files with WinRAR (I mentioned it in the beginning, didn’t I?) for security purposes but that defeats the whole purpose in the first place, doesn’t it?4. Another useful tip would be to create a virtual encrypted volume using TrueCrypt and then burn it to the disk. It certainly doesn't hide anything but your data is encrypted and you can mount it right from the disc (I think) and use it just like an ordinary CD or DVD. And what's more? If you are forced by someone to reveal the password to the volume, you can even define a fake password that unlocks a hidden volume containing garbage data inside it so the attacker is thrown off-course (Can someone do a nice tutorial on this please?)5. If all this data hiding has piqued your curiosity, you can learn more about the stuff by reading Computer Forensics For Dummies and CD and DVD ForensicsP.S.: I haven't slept in 24 hours and I'm groggy with exhausted now so I'm not adding any screenshots. I might do that in the near future when I get some time or else you'll have to live with it. If you loved/liked/disliked/hated this tutorial, please tell me what you think by rating it using the poll above. Thanks
PowerISO or any ISO burning/creating software (IMGBurn might work too)
A hex editor capable of handling very large file (I used HxD and Tiny Hexer)
WinRAR (optional)In this example, I’ll show you how to hide files in a CD. The same method applies for hiding stuff in DVDs. First of all, you need to decide on a nice and small dummy file to write to the disc. This file will be visible to anyone who reads the disc. The dummy should be small if you want more room for your hidden (or questionable) content.Calculate the size of the dummy file in this way:Questionable Content + Dummy = 700MB (for CDs)Questionable Content + Dummy = 4.7GB /8GB (for DVDs)We need to do this to make sure there’s no free space left on the disk so that it looks as if nothing’s burnt to it e.g. If we burn a 40MB dummy and 200MB hidden stuff, then by looking at the disc you can make out whether something fishy is going on. But if it was fully burnt, you probably won’t see the difference (This is only to ward off nosy friends and relatives. A motivated geek will get if your hidden data if he is suspicious)Ok, now start PowerISO (or any other image creation program) and add the dummy file. Create an ISO image of the disc and then open it in HxD (Tiny Hexer is great but doesn’t handle large files )Now move to the end of the image in the hex edit. Click on the right side of the hex dump where you see all the garbage stuff like numbers, symbols and text. The cursor should be at the end of the file. Now create a marker here so you know this is where your hidden cache starts. Create a marker by typing something in here that you can relate to like [START] or {HIDDEN STUFF START}, etc.Now load the file you want to hide in the hex editor and copy everything from it. Note that you need to copy the ASCII stuff in the right and not the actual HEX data (in layman terms, just copy all the garbage on the right and *not* the numbers and capital letters on the left)Switch back to the hex dump of the ISO image and paste all the stuff there (append it to the file)Now you may insert a file termination marker so you know here’s where your file ends. Enter a marker like [END] or {END OF FILE} etc.You can repeat the above process for any number of files you want to hide, but make sure the size of the image doesn’t exceed the size of the optical media.Oh, and by the way, you might want to add a filename and filetype marker with the start and end tags too as you probably won’t remember them just by looking at its hex dump ;PNow that you’ve appended all your dirty stuff to the ISO image, you can go right ahead and burn it. After you’re done, put the disc back into the tray and check it out. Windows will show the space occupied by the dummy file and your hidden stash will not be seen. Even the disc properties will show no free space left on the disc. Cool, eh? How to extract the stuff back you ask?Just create an image of this disc and throw it into HxD. Look for your markers (search for text-strings)And extract (copy) everything between the [START] and [END] marker. Create a blank file (in HxD) and paste the copied stuff in there and save it with the correct file extension.Tada! You’re done! Happy hiding! Useful Tips:1. When you’re looking for a dummy file with the right filesize, you might not get one that fits the bill. You can try using Windows search for it or use a much better program like Locate for this purpose. Just do a filesize search.2. In Tiny Hexer, you can create macros which can probably help in automating the whole process of extraction from the disc image. If anybody succeeds in doing that then please share your creation.3. Keep in mind that we’re only hiding stuff here, not protecting them so you might want to encrypt your files with WinRAR (I mentioned it in the beginning, didn’t I?) for security purposes but that defeats the whole purpose in the first place, doesn’t it?4. Another useful tip would be to create a virtual encrypted volume using TrueCrypt and then burn it to the disk. It certainly doesn't hide anything but your data is encrypted and you can mount it right from the disc (I think) and use it just like an ordinary CD or DVD. And what's more? If you are forced by someone to reveal the password to the volume, you can even define a fake password that unlocks a hidden volume containing garbage data inside it so the attacker is thrown off-course (Can someone do a nice tutorial on this please?)5. If all this data hiding has piqued your curiosity, you can learn more about the stuff by reading Computer Forensics For Dummies and CD and DVD ForensicsP.S.: I haven't slept in 24 hours and I'm groggy with exhausted now so I'm not adding any screenshots. I might do that in the near future when I get some time or else you'll have to live with it. If you loved/liked/disliked/hated this tutorial, please tell me what you think by rating it using the poll above. Thanks
No comments:
Post a Comment