CN100428260C - Minimum invading data hidding method of computer network - Google Patents
Minimum invading data hidding method of computer network Download PDFInfo
- Publication number
- CN100428260C CN100428260C CNB2006101163020A CN200610116302A CN100428260C CN 100428260 C CN100428260 C CN 100428260C CN B2006101163020 A CNB2006101163020 A CN B2006101163020A CN 200610116302 A CN200610116302 A CN 200610116302A CN 100428260 C CN100428260 C CN 100428260C
- Authority
- CN
- China
- Prior art keywords
- file
- hidden
- bunch
- directory entry
- directory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A method for hiding minimum inrush data of computer network includes making user and operation system be not viewed and hiding control information required to restore file in it by revising FAT32 file system and file catalogue list, revising primary cluster address of FAT list file to cut off cluster chain of file in FAT list for avoiding attack of virus and evil program; finding out said control information in file catalogue list and restoring FDT and FAT for finalizing file restoration.
Description
Technical field
What the present invention relates to is a kind of method that is used for network information technology field, the method for the minimum intrusive mood data hidden of specifically a kind of computer network.
Background technology
Data hiding technique is that some significant datas of user are hidden, thereby reaches the destruction that prevents virus and rogue program to a certain extent, the purpose of protection user data.
Through the literature search of prior art is found: China's application (patent) number is the technology of CN02115105.9, be to treat that hidden file merges in another file, for example, redundancy according to image file, the content for the treatment of hidden file is added wherein, or be attached to thereafter, though reach visible scarcely effect, in case but its host's document change or destroyed, may cause the data of hidden file irrecoverable, and the disabled user obtain host's file, and the information that cracks is also than being easier to, and safety of data is not high; China application (patent) number is the technology of CN03118544.4, be to change in the FAT32 file system, treat hidden file directory entry attribute, in File Directory Table, find out the directory entry of file to be hidden, change its attribute into label, operating system then can not show this document, and only reads first label file of each volume, and ignore thereafter label file, this method has certain confusion that may cause operating system; And rogue program still can obtain first bunch of information of hidden file by scanning document catalogue listing item by item, thereby obtains the content of hidden file; China application (patent) number be the technology of CN02155511.7, is to treat that hiding data puts into hidden hard disc sector, in Windows operating system, to create HPA on hard disk that the need hiding data is saved in the characteristic of utilizing HPA among the HPA, and realization is to its protection.The HPA that this method is created, its size can not change, big or small restricted to hidden file; And need avoid operating system and safeguard extra file system, more loaded down with trivial details.
Summary of the invention
The present invention is directed to the deficiencies in the prior art and defective, the method of the minimum intrusive mood data hidden of a kind of computer network is provided, make system under the preservation to the destruction of original file and control information all is very small-scale situation, hide the file in the FAT32 file system, make it inaccessible and invisible, the hidden file size is unrestricted, and it is fast to hide speed, has reached very high security.
The present invention is achieved by the following technical solutions, the present invention includes the hidden file method, recover hidden file method two parts, during hidden file, it is by revising the File Directory Table of FAT32 file system, make it invisible for user and operating system, and file is recovered required control information hide wherein, this all is very small-scale to the destruction of original file and the preservation of control information, so be referred to as " minimum intrusive mood data hiding technique "; First bunch of address of revised file allocation table file cuts off bunch chain of file in file allocation table, can prevent the most virus and the attack of rogue program.When recovering hidden file, only need the comspec of original, can in File Directory Table, find control information, recovery file catalogue listing and file allocation table, file recovers to finish.
Described hidden file method, performing step is as follows:
1) revise the filename for the treatment of hidden file, in the end add 13 characters of native system acquiescence, as " hidefileinfat ", this will add a long filenames directory entry in File Directory Table;
2), isolate the title and the file name of its path, place each layer catalogue according to the full filename for the treatment of hidden file;
3) read the BPB information that roll up at the file place, find logic cluster position of root directory;
4) in the File Directory Table of file system, successively search for the directory entry of each layer catalogue;
5) in the end in one deck catalogue, find the directory entry for the treatment of hidden file;
6) read first bunch number that treats hidden file in the file directory item, attribute, length;
7) in file allocation table, find the relevant position according to first bunch number;
8) from file allocation table, read the content for the treatment of in first bunch of the hidden file;
9), calculate the 1st according to the length of filename) character length put in the long filenames directory entry that adds of step;
10) the 1st) go on foot in the long filenames directory entry that adds and preserve the 6th) go on foot first bunch of content in the file allocation table, attribute, length, the character length of putting in the long filenames directory entry first bunch number that is read;
11) revised file directory entry, attribute are composed and to be 0x0FH (long filenames directory entry), are designated as 0x00000000H first bunch number, and length is 0x00000000H;
12) in file allocation table, find the position for the treatment of first bunch of hidden file;
13) first bunch content is changed into 0xFFFFFFF7H (bad bunch);
14) the full filename of record hidden file.
Described recovery hidden file method, performing step is as follows:
1), isolates the title and the file name of its path, place each layer catalogue according to the full filename of hidden file;
2) read the BPB information that roll up at the file place, find logic cluster position of root directory;
3) successively search for the directory entry of each layer catalogue;
4) in the end in one deck catalogue, find the directory entry of hidden file;
5) the long filenames directory entry that adds when hiding, read hidden file first bunch number, first bunch of content in the file allocation table, attribute, length;
6) incite somebody to action the directory entry attribute of hidden file, first bunch number, length is recovered;
7) in file allocation table, find the position for the treatment of first bunch of hidden file;
8) first bunch content recovery is the value before hiding;
9) revise cryptic filename, remove 13 characters that add at last at filename when hiding, make the destination file catalogue listing remove the long filenames directory entry of artificial increase and decrease.
In the File Directory Table of FAT32 file system, each file all has the directory entry of one 32 byte to be used to describe its title and various attribute.And the realization of long filenames in FAT32 is when creating a long filenames file, and system can add corresponding short filename automatically, and preceding 6 characters of getting long filenames add that " ~ 1 " forms short filename, and extension name is constant.And file directory item skew be the attribute byte of 0xB, and when its value was 0FH, DOS and WIN32 can think that it is illegal and ignore its existence that the present invention makes the file entry attribute into 0x0FH, will can not show like this in operating system.
The file allocation table record storage chained list of data in magnetic disk file, for the reading of data, be extremely important.The present invention has changed first bunch that treats hidden file, cuts off bunch chain of file, makes the scanning document allocation table can not obtain the data of hidden file.
During hidden file of the present invention: add 13 characters of native system acquiescence at the end for the treatment of cryptic filename; To treat the full filename of hidden file, separate by the title and the file name of each layer catalogue; Successively search for the directory entry of each layer catalogue; Finally find the directory entry for the treatment of hidden file; Read attribute, length first bunch number that treats hidden file in the file directory item; Read the content for the treatment of in first bunch of the hidden file; In File Directory Table, hide control information; In the revised file allocation table, treat the value of first bunch of hidden file.
When recovering hidden file:, isolate the title and the file name of its path, place each layer catalogue according to the full filename of hidden file; Successively search for the directory entry of each layer catalogue; Finally find the directory entry of hidden file; Therefrom read control information; The recovery file directory entry; The value of first bunch of file in the recovery file allocation table; 13 last characters of cryptic filename are removed.
The invention has the beneficial effects as follows, the vital document of user's arbitrary format is hidden, and hiding speed is not influenced by file size, and hidden file is all invisible and can not visit to operating system, user and rogue program, concealment effect has permanent, has ensured the safety of user data.The present invention is for the characteristics of hiding data:
1) existing most data hiding technique, the process of hiding is relevant with file size to be hidden, big file hiding efficient is very low, first bunch of file in the process of a file hiding revised file catalogue listing and the file allocation table among the present invention, irrelevant with file size, operating system is not had change, and it is fast to hide speed;
2) to recover needed quantity of information very little for file of the present invention, and part is hidden in the File Directory Table, only need preserve the full filename of hidden file, can recover, easy to maintenance;
3) treat the directory entry of hidden file except that revising, revised first bunch of content of file in the file allocation table again,,, further guaranteed the safety of the content of file even rogue program scanning document catalogue listing can not be found hidden file from first bunch of cut-out document cluster chain;
4) operation of hidden file has permanently, even close the process of the present invention of using, even operating system changes, and also can not cause hiding and lose efficacy.
Description of drawings
Fig. 1 file hiding process flow diagram
Fig. 2 recovers hidden file process flow diagram
Embodiment
Application example of the present invention below is provided:
With file " d: dir1 dir2 example.txt " file hiding.Step is as follows:
1) adds 13 characters " HIDEFILEINFAT " at the end of filename example, former full filename is modified to " d: dir1 dir2 exampleHIDEFILEINFAT.doc ", makes the directory entry of original increase a long filenames directory entry;
2) the full text spare of separate file " d: ", " dir1 " by name, " dir2 ", " exampleHIDEFILEINFAT.doc ";
3) read the BPB information that roll up at the file place, find logic cluster position of root directory;
4) successively search for the directory entry of each layer catalogue;
5) in the end in one deck catalogue, finding the directory entry logic sector number for the treatment of hidden file is 55307312, and side-play amount is 160;
6) read sector, directory entry place, in side-play amount is that the 160+11 place reads file attribute 0x20, read high four 0x0006 of file first bunch number at 160+20,160+21 place, read low four 0x BA60 of file first bunch number at 160+26,160+27 place, reading file size at 160+28,160+29,160+30,160+31 place is 0x0000FB7D;
7) in file allocation table, find the relevant position according to first bunch of number 0x0006BA60;
8) content that reads in first bunch is 0x0006BA61;
9) according to length 20 characters of filename " exampleHIDEFILEINFAT ", obtaining the 1st) the partial document name length put in the long filenames directory entry that adds of step is 0x07;
10) calculate the 1st according to filename length) the long filenames directory entry skew added of step is 160-64=96;
11) at this long filenames write control information, in side-play amount is that 96+2,96+3,96+4,96+5 place write file size 0x0000FB7D, write first bunch of number 0x0006BA60 at 96+6,96+7,96+8,96+9 place, write the partial document name length 0x07 that puts in the long filenames directory entry at the 96+10 place, write file attribute 0x20 at the 96+11 place, write the content 0x0006BA61 in first bunch at 96+15,96+16,96+17,96+18 place;
12) skew of revised file directory entry writes 0x0F (long filenames directory entry) for the 160+11 place, and the relevant position is designated as 0x00000000 for first bunch, and length is 0x00000000;
13) in file allocation table, find the relevant position according to first bunch of number 0x0006BA60;
14) its content is changed into 0xFFFFFFF7 (bad bunch);
15) the full filename of record hidden file.
At this moment, file " d: dir1 dir2 exampleHIDEFILEINFAT.doc " hidden and finished, user and system are all invisible, and other program search File Directory Table and FAT also can't obtain first bunch of information of file, therefore also can't obtain file content.
With hidden file " d: dir1 dir2 example.txt " recover.Step is as follows:
1) separates full text spare " d: ", " dir1 " by name, " dir2 ", " exampleHIDEFILEINFAT.doc " of hidden file;
2) read the BPB information that roll up at the file place, find logic cluster position of root directory;
3) successively search for the directory entry of each layer catalogue;
4) in the end in one deck catalogue, finding the directory entry logic sector number for the treatment of hidden file is 55307312, and side-play amount is 160;
5) read sector, directory entry place, calculate last long filenames directory entry skew according to filename length and be 160-64=96;
6) from this long filenames directory entry, read control information, in side-play amount is that 96+2,96+3,96+4,96+5 place read file size 0x0000FB7D, read first bunch of number 0x0006BA60 at 96+6,96+7,96+8,96+9 place, read the partial document name length 0x07 that puts in the long filenames directory entry at the 96+10 place, read file attribute 0x20 at the 96+11 place, read the content 0x0006BA61 in first bunch at 96+15,96+16,96+17,96+18 place;
7) recovery file attribute, in side-play amount is that the 160+11 place writes file attribute 0x20, write high four 0x0006 of file first bunch number at 160+20,160+21 place, write low four 0x BA60 of file first bunch number at 160+26,160+27 place, writing file size at 160+28,160+29,160+30,160+31 place is 0x0000FB7D;
8) in file allocation table, find the relevant position according to first bunch of number 0x0006BA60;
9) content that writes in first bunch is 0x0006BA61;
10) be 0x07 according to the partial document name length of putting in the long filenames directory entry, " LEINFAT " write;
11) 13 characters " HIDEFILEINFAT " deletion of filename example end being added, former full filename is resumed and is " d: dir1 dir2 example.doc ", makes the long filenames directory entry of the original catalogue of adding when hiding deleted.
At this moment, be hidden file " d: dir1 dir2 example.doc " state before having recovered to hide.
The present invention can hide the file in the FAT32 file system easily, makes it invisible for user and operating system, and can prevent the most virus and the attack of rogue program.To subtract in the process latent retarded velocity uncorrelated with the hidden file size latent, guaranteed very high hiding efficient.
Claims (2)
1, the method for the minimum intrusive mood data hidden of a kind of computer network, it is characterized in that: by the revised file bibliographic structure, and file attribute information is stored in the amended bibliographic structure, reach with little space and run out of into the purpose that file security is hidden.Performing step is as follows:
1) revise the filename for the treatment of hidden file, in the end add 13 characters of native system acquiescence, this will add a long filenames directory entry in File Directory Table;
2), isolate the title and the file name of its path, place each layer catalogue according to the full filename for the treatment of hidden file;
3) read the BPB information that roll up at the file place, find logic cluster position of root directory;
4) in the File Directory Table of file system, successively search for the directory entry of each layer catalogue;
5) in the end in one deck catalogue, find the directory entry for the treatment of hidden file;
6) read first bunch number that treats hidden file in the file directory item, attribute, length;
7) in file allocation table, find the relevant position according to first bunch number;
8) from file allocation table, read the content for the treatment of in first bunch of the hidden file;
9) the 1st) go on foot in the long filenames directory entry that adds and preserve the 6th) go on foot the first bunch of content that from file allocation table, reads, attribute, length first bunch number that is read;
10) revised file directory entry, attribute are composed and to be 0x0FH, are designated as 0x00000000H first bunch number, and length is 0x00000000H;
11) in file allocation table, find the position for the treatment of first bunch of hidden file;
12) change first bunch content into 0xFFFFFFF7H.
2, the method for the minimum intrusive mood data hidden of computer network according to claim 1, it is as follows that it recovers hidden file method performing step:
1), isolates the title and the file name of its path, place each layer catalogue according to the full filename of hidden file;
2) read the BPB information that roll up at the file place, find logic cluster position of root directory;
3) in the File Directory Table of file system, successively search for the directory entry of each layer catalogue;
4) in the end in one deck catalogue, find the directory entry of hidden file;
5) the long filenames directory entry that adds when hiding, read first bunch number, first bunch content, attribute, the length of hidden file, so that recover hidden file;
6) incite somebody to action the directory entry attribute of hidden file, first bunch number, length is recovered;
7) in file allocation table, find the position of first bunch of hidden file;
8) first bunch content recovery is the value before hiding;
9) revise cryptic filename, remove 13 characters that add at last at filename when hiding, make the destination file catalogue listing remove the long filenames directory entry of artificial increase.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006101163020A CN100428260C (en) | 2006-09-21 | 2006-09-21 | Minimum invading data hidding method of computer network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2006101163020A CN100428260C (en) | 2006-09-21 | 2006-09-21 | Minimum invading data hidding method of computer network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1940950A CN1940950A (en) | 2007-04-04 |
CN100428260C true CN100428260C (en) | 2008-10-22 |
Family
ID=37959124
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2006101163020A Expired - Fee Related CN100428260C (en) | 2006-09-21 | 2006-09-21 | Minimum invading data hidding method of computer network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100428260C (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107908967A (en) * | 2017-10-30 | 2018-04-13 | 上海威固信息技术股份有限公司 | A kind of file hiding and restoration methods of Exfat file system |
CN113220953B (en) * | 2021-05-24 | 2022-08-23 | 北京安盟信息技术股份有限公司 | Data filtering method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1434450A (en) * | 2003-01-25 | 2003-08-06 | 华中科技大学 | Files hiding method based on FAT32 disk files system structure |
WO2003083670A1 (en) * | 2002-04-03 | 2003-10-09 | Invisicom, Inc. | Protection of data by hiding the data |
-
2006
- 2006-09-21 CN CNB2006101163020A patent/CN100428260C/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003083670A1 (en) * | 2002-04-03 | 2003-10-09 | Invisicom, Inc. | Protection of data by hiding the data |
CN1434450A (en) * | 2003-01-25 | 2003-08-06 | 华中科技大学 | Files hiding method based on FAT32 disk files system structure |
Non-Patent Citations (2)
Title |
---|
利用文件目录表和文件分配表进行文件隐藏加密. 冯伟,颜峥嵘,韩军.微型机与应用,第1999卷第5期. 1999 |
利用文件目录表和文件分配表进行文件隐藏加密. 冯伟,颜峥嵘,韩军.微型机与应用,第1999卷第5期. 1999 * |
Also Published As
Publication number | Publication date |
---|---|
CN1940950A (en) | 2007-04-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7979404B2 (en) | Extracting data changes and storing data history to allow for instantaneous access to and reconstruction of any point-in-time data | |
KR100550288B1 (en) | Method for recovering data in ext2 file system, and computer-readable storage medium recorded with data-recover program | |
ES2445966T3 (en) | System and procedure for storing redundant information | |
WO2013027231A1 (en) | Backup deduplication storage apparatus and additional data writing method | |
CN1498363A (en) | System and method for restoring computer systems damaged by mallcious computer program | |
WO2002019110B1 (en) | Manipulation of zombie files and evil-twin files | |
US9063664B1 (en) | Method and system for processing checksum of a data stream to optimize deduplication | |
KR20060050742A (en) | Method and system for synthetic backup and restore | |
WO2007021435A2 (en) | Archiving data in a virtual application environment | |
CN101777018A (en) | Copying and snapshot combined Windows system protection method | |
CA2633350A1 (en) | Permanent storage appliance | |
US20090248954A1 (en) | Storage system | |
CN102053879A (en) | Self-recovery real-time file system based on FLASH | |
US9087086B1 (en) | Method and system for handling object boundaries of a data stream to optimize deduplication | |
CN100428260C (en) | Minimum invading data hidding method of computer network | |
US8996586B2 (en) | Virtual storage of portable media files | |
IL284409B1 (en) | Modified Representation of Backup Copy on Restore | |
US20130046741A1 (en) | Methods and systems for creating and saving multiple versions of a computer file | |
CN101349980B (en) | Hard disk data backup and protection method | |
KR101258387B1 (en) | The digital aging system and the management method | |
US7865472B1 (en) | Methods and systems for restoring file systems | |
CN107562898A (en) | A kind of method that recycle bin is created based on KUX operating systems | |
KR100987320B1 (en) | Data processing apparatus and Data procssing method, using FAT file system capable of fast file recovery | |
Berghel et al. | Data hiding tactics for windows and unix file systems | |
Craiger | Recovering digital evidence from Linux systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081022 Termination date: 20110921 |