Alternative data streams were originally created to support Macintosh Hierarchical File System way back in the days of NTFS and Windows 2000. Today I will show you trick that allows you to hide plain text, images, and even videos inside a seemingly innocent text file. I'll assume you are on a Windows machine and can open up a command prompt
- To start, open up a command prompt.
- cd into a directory that has a picture and rename that photo to pic.jpg (assuming it is a jpg).
- Next, type
echo Here is some text > file.txt.
- Confirm that the file was created.
- To create a hidden text file, enter
type echo Hidden stuff > file.txt:hidden.txt. Now if you type
diryou will see file.txt but nothing about hidden.txt.
- To view your hidden text type
notepad file.txt:hidden.txt. Now you are able to see the hidden text!
- You can follow the same pattern to hide an image. Enter
type pic.jpg > file.txt:pic.jpg.
- Once you've executed the command, type
- Now you can see the "hidden" photo!
Notice below that the file name is file.txt:pic.
Alternative data streams are a powerful way to manipulate a file. If you want to learn more about ADS and their security implications you can read more here.