FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Is it a good idea to protect files by damaging them.





jmraker
Several years ago I wrote a program probably under linux that tried to protect a file by damaging it and saving the damage into a recovery file. It made all the edits to the original file without creating a copy. It might have used it's own random number generators. The recovery file used the most basic xor encryption (seeded with a random number that wasn't encrypted) to hide it's contents.

The idea was to hide the contents of the file by making it look like it was corrupted/damaged.

It overwrote the first 1024 bytes with one of several file headers in the library of various headers. Like turning an .avi movie into a mp3

Since someone might look at the rest of the file and see signs it wasn't really a mp3 and fix the header it damages the file with random letters (saving the real letters in the recovery file) every so far apart so it's randomly damaged with random letters that it's unplayable.

Lastly it adjusted the filesize smaller or bigger to further protect the file if someone tried to identify the files by their size and then set the modified/accessed/created dates to a past date so it looked like it was never viewed since it was created.

The only way to reverse the damage done was to use the recovery file.
------------------------

Was this a good idea for an alternative to encryption? I only used it on test files and it worked. I know it didn't work too well with human readable files unless it damaged most of the file because it was easy to figure out the damaged letters of words.
dustindallas
It's an interesting concept I haven't heard of. A person with physical access to the PC or device probably would not think of either. I would say it's some thinking out-of-the-box
Peterssidan
Was it a good idea? It depends on what level of protection you want and from who you are trying to protect the file content.

You try to make it look like the file is damaged but how does that improve the protection? I understand that doing this kind of program could be fun but wouldn't it be better to just xor-encrypt the whole file? That way you don't have the problem you mentioned with text files.
Ankhanu
It is clever, but seems to add more places for ACTUAL corruption to occur, rendering the file useless. Not only can the file itself be corrupted, but the decryption file or the encryption/decryption program could become corrupt...
jmraker
Peterssidan wrote:

You try to make it look like the file is damaged but how does that improve the protection? I understand that doing this kind of program could be fun but wouldn't it be better to just xor-encrypt the whole file? That way you don't have the problem you mentioned with text files.


If a file is encrypted it will look like it's encrypted if it's analyzed and there's a chance it can become decrypted. If the repair file is decrypted the only parts that would identify it is it's file header followed by another file's header and a long string of random letters. If they were able to figure out it was a repair file then they'd have to figure out the file it repaired.

I was probably thinking about seized computers and testing out ways to thwart what I imagined what their programs did.

What I figured would be the biggest problems was if 100+ files were damaged eventually you'd need a way to manage the connections between them. The repair file couldn't be named "Secret_104.repair" with a "Secret_104.zip" file in the same directory. And some day you'll need disk space see the files and forget all about how those files are used and they're long gone when you want to repair them.

I made a few encryption test programs back then (before I had access to the internet), like one overkill DOS program that required 3 passwords that seeded several hashes, had 16 random number generators, encrypted the file dozens of ways that included swapping bytes around, shifting bits around and of course a lot of XOR. It had an option to output the encrypted file into ascii like base64 encoding. For it to decrypt the file it had to do many things in reverse. I had a lot of weird self projects before the internet.

One kinda funny story about it: At my first interview as a web developer I had that encryption program on a floppy disk with me. It was modified to work as a CGI program based on what a book said about CGI programs (I had no way to test it). They let me show them my work by putting the disk into their computer and try to execute it but I couldn't get it to work. I got the job and later found out you kinda need a web server. file:///a:/enc.exe doesn't execute files
loveandormoney
There are a lot of ways more easy
to hide information
and
it is more eady for Yourself to find and understand the files.
Related topics
Free Hosting-Availability
htaccess Password Protection
How Spyware Works!!!
[tutor] How to protect images without htaccess using PHP
How about this as a website idea?
Protect your pc from new virus programs..
IP for Virtual domain
protecting a file with htaccess
How to password-protect content?
FAT32 or NTFS?
How to password protect windows directories?
Linux distribution switch
how to get started in IT security....
Trick on XP
Reply to topic    Frihost Forum Index -> Computers -> Software

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.