10

Is renaming folders & files and changing file types an effective solution for file security of a PC?

I am an application programmer and have an extensive background in it. I have written a robust program that renames folders and files and also changes file types. It does not compromise the integrity of the file, although I have been able to do that as well and change it back.

I am just wondering, how secure this is. I know that if for example I change: test.jpeg to test.txt, if someone were to simply change it back, my security is compromised. I've obviously made it more complex than this, but is there a loophole? Is there a way to check PC logs for file changes or some other way a pro would decipher this. As I said, my program that 'encrypts' these files is very robust, I highly doubt anyone but myself would be able to understand / compromise it.

Some of the security vulnerabilities I do know about:

  • A user could simply rename all of the files and thus have beaten the security

    To solve this I would add a header line to files so that even if the file was renamed it could no be read by the program.

  • For images a user could check the system thumbnails

    To counter this I clear all temporary files upon encrypting files.

  • PC backups that contain the non-encrypted file

    Know and control your backups.

Any other ways to crack this security?

A further note to this, this security solution was thought of after having CryptoVirus attack my server. Awfully impossible to reverse the changes that that virus made. I thought why not apply the same methodology to my file security.

Another note is that I am building upon Windows 7, with thoughts to expanding to other Windows platforms.

unor
  • 1,769
  • 1
  • 19
  • 38
Cody Brown
  • 227
  • 2
  • 7
  • 7
    You might be interested in [magic numbers](http://en.wikipedia.org/wiki/Magic_number_%28programming%29). – user10008 Dec 09 '14 at 14:12
  • 1
    Still continuing to watch this awesome video posted by @user288447 . I would like to clarify that I am not encrypting / stealing anything from my employer or hiding explicit pictures on my work computer! I was trying to protect some backups after my experience with CryptoLocker. After I started this process I got curious and wanted to build something robust. This is more of a curiosity / skill building exercise. It seems that fundamentally this methodology is flawed and won't hide / protect anything from an experienced IT forensic specialist and that the code of a file still carries markers. – Cody Brown Dec 09 '14 at 14:57
  • 21
    How is this even supposed to make anything more "secure" in the first place? If you're worried about people stealing your backups, why not just encrypt them? – Ajedi32 Dec 09 '14 at 15:02
  • 2
    A CryptoVirus will encrypt the data, you are obfucating file names (metadata, not data). This is not the same methodology. – Guillaume Dec 09 '14 at 15:46
  • 11
    I can't fathom why you would do all this, rather than just simply encrypt the files with a well known encryption algorithm. – stackErr Dec 09 '14 at 16:52
  • 2
    @stackErr I was interested in seeing if I could encrypt files. My thought being that changing something simple could do the trick, I then realized that it may be a flawed approach. When I asked the question here and saw the responses I realized it was a far more flawed approach than I had realized. I'm now looking into some of the suggestions provided below and feeling much better about it. _I'm also watching a bunch of Defcon 21 videos._ – Cody Brown Dec 09 '14 at 17:04
  • 1
    @CodyBrown I am also watching a bunch of Defcon videos :P! – stackErr Dec 09 '14 at 17:09
  • 3
    Check [this DefCon video](https://www.youtube.com/watch?v=NG9Cg_vBKOg) to see that no, it doesn't help. Basically, the inner filetype won't match the extension, so your file gets the first in the list of suspicious files. – Francisco Presencia Dec 09 '14 at 23:36
  • 1
    If you add a header line to your files, the attacker can just remove the header line, and then rename the file back. – user253751 Dec 10 '14 at 05:09
  • 1
    If you're looking for a simple form of encryption *for learning purposes* (please remember it's only *harder* to break; it's still very easily breakable) think about choosing a number from 1 to 255, then XOR'ing every byte in the file with that number. – user253751 Dec 10 '14 at 05:10
  • 3
    There is an entire Def Con 21 talk done by forensic analysts describing cases of failed data-hiding. They even go over a case they did involving this exact method. https://www.youtube.com/watch?v=NG9Cg_vBKOg – cremefraiche Dec 10 '14 at 06:19

4 Answers4

45

What you are doing is no kind of encryption, it is just obfuscation. It relies on security by obscurity. It may be enough to hide your files from an amateur/casual observer, but anyone analyzing the files in a hex editor is going to be able to rebuild and access them.

Effectively your method is about equal in complexity to attempting file undeletion, for which there are a host of tools available to anyone versed in digital forensics.

By contrast, the CryptoLocker malware you mentioned uses valid public-key cryptography, which is probably a method you should consider.

Digital Chris
  • 836
  • 9
  • 11
14

With most file formats it is not difficult to identify the original filetype without knowing the original extension. A JPEG file, for example, always begins with the HEX sequence FFD8FF. Seeing that sequence at the beginning of a file tells you that it is very likely a renamed JPEG image.

There are tools available which detect many common file formats automatically by looking for telltale signs like this. On Linux, the command line tool file can do this. Most Linux distributions provide it out-of-the-box.

You might want to ask on Linux and Unix Stackexchange about how to use this tool to fix the file extensions of a large number of files at once.

Community
  • 1
Philipp
  • 48,867
  • 8
  • 127
  • 157
  • I am on Windows, not Linux, so I'm not worried about there vulnerabilities. I should have noted that in the question. How would you encrypt something to hide these HEX sequences. These files are mostly Documents, Databases and Pictures. – Cody Brown Dec 09 '14 at 14:51
  • 7
    @CodyBrown The `file` tool doesn't rely on anything Linux-specific. The same basic techniques work on any OS; Linux makes them less of a hassle to perform, but using it on Windows is as simple as copying over a magic number database. Image formats have standard magic numbers, as do old MS office document formats; the new formats are ZIP files (standard magic number) where it's clear what they are when they're extracted. – cpast Dec 09 '14 at 18:09
  • 7
    @CodyBrown 1. Just because you are using Windows doesn't mean that your attacker does, 2. similar tools are also available on Windows, 3. removing all hints of the format from the file content would result in no program being able to open them anymore and 4. it isn't an effective data protection scheme anyway because it's just security through obscurity. Better encrypt your data with a strong encryption algorithm. – Philipp Dec 09 '14 at 18:33
  • 12
    Unix having a tool to identify the file type based on it's contents rather than it's extension is not a VULNERABILITY... It's a fact of life. The contents of the file betray it's type. – aychedee Dec 09 '14 at 22:08
  • 1
    IIRC Metasploit has a utility to change the header of a file to fool such utilities\ – Jesvin Jose Dec 10 '14 at 13:11
12

This is in no way shape form of fashion secure. It's akin to taking money from out of the mattress and placing it in the cookie jar. Let's illustrate what you said in five steps

hades$ ls -ltha example.jpg 
-rw-r--r--@ 1 hades  wheel   586K Dec  8 11:28 example.jpg

hades$ md5 example.jpg 
MD5 (example.jpg) = a7ecc5e48db6cbfd609b9c6c6ca9b21f

hades$ mv example.jpg secret.txt

hades$ md5 secret.txt 
MD5 (secret.txt) = a7ecc5e48db6cbfd609b9c6c6ca9b21f

hades$ file secret.txt 
secret.txt: JPEG image data, JFIF standard 1.01
  1. Show the file
  2. Checksum the file for validation here
  3. Move the file (rename)
  4. Double check the checksum for comparison
  5. Use the Unix file command to tell me what kind of file this is

If your goal is to protect your files, why focus on HUNDREDS perhaps THOUSANDS of files when you could focus on securing ONE system. The cost associated with running even a remotely close "security" application is lost time waiting for it to encrypt, and then decrypt.

munkeyoto
  • 8,682
  • 16
  • 31
  • Good example thanks @munkeyoto . While I agree, protecting your PC and the connections it uses is a much better way of protecting files. Like I said in my comments this is a sort of skill building experience. I really am realizing that this method may protect these files from basic users any advanced IT users would be able to crack it no problem. It seems like the best idea is to use a public / secret key to encrypt the actual file hex. – Cody Brown Dec 09 '14 at 15:05
5

A youtube video from Defcon 21: http://youtu.be/NG9Cg_vBKOg?t=6m19s

The guy being investigated simply changed the extensions of the files (eg. from test.jpeg to test.txt). However when the crypto guys look at it their tool detects that the extensions don't match the files and these files are the first to be examined more closely by a human.

user288447
  • 555
  • 3
  • 9
  • 2
    First off that video was hilarious and informative. It's very interesting to know that by using this method as file security I may actually be doing the opposite in attracting a hacker to the file / sector. I would also really like to point out that I am not renaming naughty preggy video's. – Cody Brown Dec 09 '14 at 14:16