Solved

Hidden folder on a CD/DVD! (How to creating Super folders ! )

Posted on 2011-09-04
11
1,758 Views
Last Modified: 2012-05-12
Hi experts!
I have 2 questions about 2 strange Folders I saw. Answering each question will have 250 point!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick?
I want to know how to create such a folder!
It's very useful.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) I have a flash memory security software that creates a non-deletable folder called autorun.inf!
this autorun.inf folder prevents viruses to write their own inf file to the disk! A nice idea!
But how it works is important:
inside the autorun.inf folder exist a directory called"immunity." and can not be modified in anyway.
When I want to enter it I see the below error. (See the attached file)
It seems to be some kind of shortcut! (but not a regular one)
I want to know how to create such a folder too!
folder-unavailable.JPG
0
Comment
Question by:Arman Khodabande
  • 6
  • 4
11 Comments
 
LVL 41

Expert Comment

by:Jackie Man
Comment Utility
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB. M- it is multi-sesssion DVD and the only visible session is having content of 400mb.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick? <- it is not a trick. When your friend burn the first session with the content of (3.8GB - 400mb) but does not finalize the burning. Instead, when you start another burning of data, another session has been created on the DVD. Afterwards, the burning of the DVD is finalized, and only 400mb of the second session is visible.
I want to know how to create such a folder!
It's very useful.

In short, ISOBUSTER is to locate whether there is another session of data being burnt but have not been finailized.

0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Just curious.  What does the following command reveal when you have your USB Flash Drive inserted?:

dir /a /s "I:\*.*"
0
 
LVL 10

Author Comment

by:Arman Khodabande
Comment Utility
I've tried the Dos things already !
However Dir command with that switches outputs this:


 Directory of i:\

09/05/2011  12:10 PM    <DIR>          AUTORUN.INF
               0 File(s)              0 bytes

 Directory of i:\AUTORUN.INF

09/05/2011  12:10 PM    <DIR>          .
09/05/2011  12:10 PM    <DIR>          ..
09/05/2011  12:10 PM    <DIR>          zhengbo.                   Note: ( Some versions of that usb disk security make immunity. instead of zhengbo. )
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)      31,471,616 bytes free
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Hmmm.  I was wondering if there were any blank spaces after the dot at the end of "zhenbo." or "immunity." that may have been created in the same way as pranksters can create un undeletable folder using the Alt + ???? keyboard combinations that write non-printable characters.

There was also a trick where you could create and name a new folder "My Computer." (or some other file name) and suffix it with the curly braced {GUID} for a special system folder or NameSpace, and everything after the name including the dot would disappear.  The new "folder" would then take on the attributes and behaviour of whatever that {GUID} referred to in the registry. It doesn't work in anything after Windows 98 though.  It takes on the attributes and new icon, but the full file name, eg. "My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}" remains visible.

I can't be sure, but I have a feeling from memory that some of the first USB Autorun.inf viruses MAY have hidden them in a fake "Recycle Bin" folder that might fool the average person into thinking it should display on a Flash Drive as it does in fixed hard drives.
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Maybe I'm wrong about that and the malware just created a real but hidden "RECYCLER" folder and a sub-folder with a fake SID number (eg. S-1-5-21-etc-etc-etc-1003) and therein had a "Desktop.ini" file that made it display the Recycle Bin icon.

Anyway, I went off on the hunt for the "USB Disc Security" program so that I could try and find out how it created the folders, but all I could get were those pesky small "download initialiser" programs that fetch the real software plus other "offer" software to annoy the user by installing.

I gave up looking, but from what I can see by reading into "How To" pages advising users how to get rid of the "zhengbo." folder, it would seem to me that the USB security may be dependent on the "USB Disc Security" program actually being present on the computer.  Again I may be wrong though.  What happens if you insert the USB Flash Drive into another computer without that software?

As far as the DVD issue is concerned, I surmise that what you see on a DVD in Windows Explorer, and also via an "ISO" viewer, is not what is really on the Disc.  In much the same way as a bootable CD has an "image" that shows as an *.IMG or *.BIN file in some Disc Image applications, and an Audio CD shows 1KB *.CDA files that aren't really files but just shortcuts representative of where on the CD each Track starts and ends.
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Are there any spaces after the dot in "zhengbo." when you redirect the dir output to a text file and double-quote the names?

From the command window:
 
for /f "tokens=* delims=" %A in ('dir /a /b /s "I:\*.*"') do @echo "%A">>c:\Dir_Of_I.txt

Open in new window

From a batch file:
 
for /f "tokens=* delims=" %%A in ('dir /a /b /s "I:\*.*"') do @echo "%%A">>c:\Dir_Of_I.txt

Open in new window

Double-Quoting the lines would obviously show a space if present before the closing quotes.

If so, then scrolling over and copying the file name directly from a Command Window and pasting it back into a suitable command line often does the trick for those invisible characters that appear to be spaces.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 10

Assisted Solution

by:Arman Khodabande
Arman Khodabande earned 0 total points
Comment Utility
I knew all about what you said about creating that system folders (with GUID codes) and recycler folders on usb memories!
That kind of folders (Even the folders created using Alt+??? keys) can be deleted easily!
And in response to what you said about spaces, I should say that here we don't have any spaces!
I used the command and I upload the results! As you see no space there!

That "USB disk security" software is an award winning software, however this function (to put an autorun.inf folder) existed only in some versions of it and doesn't exist in new versions!
And FYI :  I've created a super folder by myself which imitates that autorun.inf of that software!
The trick I used to do this was :
1) Creating an Autorun.inf folder on the drive.
2) Create one of those prohibited folders on windows which represent low level system devices ! (con, prn, nul) (Did you know this? you can not create this folders in windows normally!)
3) You're done ! This folder can not be deleted or modified!

But I want to know the trick behind this immunity. or zhengbo. folder ?! I always look for challenges like this!
P.S. How are we able to make that invisible folder on cd or dvd?
I'll post the image file of that cd soon. to make you wonder! The cd is not here as I type these words!
0
 
LVL 10

Author Comment

by:Arman Khodabande
Comment Utility
Excuse me I forgot to attach the file.
Dir-Of-I.txt
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Thanks kpax.
Yes, I had forgotten about using the "low level system devices" trick.
A screenshot of the disc will be useful, because I too "always look for challenges like this" ;-)
0
 
LVL 10

Accepted Solution

by:
Arman Khodabande earned 0 total points
Comment Utility
Hi again!
I was able to find the answer to that hidden directory on DVD!

Regardless of "Hidden attributes" of folders, ISO images have their own "Hiding" way!

I found this when I opened the image file of that DVD with UltraISO !
As you see that folder is grayed out in the view pane. and a star is in front of it!
I right clicked on the folder and I was able to Hide / Unhide it !
I attached the screenshot.
As you see "Data folder" on the DVD is not hidden but it's hidden! The ISO image settings don't allow it to be seen!
This link also is useful!
http://club.myce.com/f59/how-set-file-dir-hidden-attribute-iso-image-223613/

Now the immunity. Secret remains !
cd-attributes.bmp
data-properties.bmp
hide.JPG
0
 
LVL 10

Author Comment

by:Arman Khodabande
Comment Utility
Anyone?

Where did you go Mr BillDL?
0
 
LVL 10

Author Closing Comment

by:Arman Khodabande
Comment Utility
I solved it myself.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

VALIDATING DATES One method of validating dates is to jam the date into the DATE command and see if it accepts it by examining the system's errorlevel value. A non-zero result indicates failure. A typical example might look something like the fol…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now