TheDcoder Posted June 19, 2015 Share Posted June 19, 2015 Hello Experts ,I did an interesting experiment today: What I did is make a text.txt file & archived it in a text.7z file... Then I combined those two files (text.txt & text.7z) using this command:copy /b text.txt+text.7z text.binIt made a file called text.bin... I tried to open it using 7z and guess what? IT WORKED! Q. What is this process called?I need some more intel on this process... That would help me create my own file format Thanks in Advance, TD P.S Do you ask why did I post it in dev chat? Because the GH & S section is only for AutoIt TheSpannish 1 EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion Link to comment Share on other sites More sharing options...
TheSpannish Posted June 19, 2015 Share Posted June 19, 2015 Wow I like the discover! So if you can like copy some files in only 1 and then extract? Codding its just my life! :thumbsup: Link to comment Share on other sites More sharing options...
jvanegmond Posted June 19, 2015 Share Posted June 19, 2015 Steganography. github.com/jvanegmond Link to comment Share on other sites More sharing options...
TheDcoder Posted June 19, 2015 Author Share Posted June 19, 2015 @Manadar That sounds more like cryptology... I am sure the term start with "Binary". Binary Combination maybe ? EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion Link to comment Share on other sites More sharing options...
Developers Jos Posted June 19, 2015 Developers Share Posted June 19, 2015 You simply concatenate 2 file into a new file.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
guinness Posted June 19, 2015 Share Posted June 19, 2015 I concur with what Manadar suggested. UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
TheDcoder Posted June 19, 2015 Author Share Posted June 19, 2015 @Jos Yeah, I know but I was wondering how the archive is still valid ... EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion Link to comment Share on other sites More sharing options...
TheDcoder Posted June 19, 2015 Author Share Posted June 19, 2015 @guinness Oh, I have decided the name for it, its Binary Steganography EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion Link to comment Share on other sites More sharing options...
jchd Posted June 19, 2015 Share Posted June 19, 2015 It's called "relying on unspecified behavior". tweakster2010 1 This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
iamtheky Posted June 19, 2015 Share Posted June 19, 2015 (edited) It is not 'called' anything. It is quite literally combining two files. Open the .bin in notepad and you can see the plain text of the .txt file preceding the characters indicating the start and the end of a 7z file. And if you changed the order you would see your text at the end. The trick, if any, is that .7z only opens the first archive.So, zip up a second text file and call it text2.7z so your command is now text.txt+text.7z+text2.7z. The contents of the text2 file will appear at the end of the .bin file when opened in notepad, but you will only see the contents of text.7z when you view archive.Its certainly not any decent stego as it trips just about every indicator that additional data is present. you are just creating a garbage container that you will have to manage unpacking, and lucked into an application that behaves in a fashion that tolerates it. Edited June 19, 2015 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
jvanegmond Posted June 22, 2015 Share Posted June 22, 2015 (edited) @TheDcoder @boththose it's still just steganography. The method doesn't matter for the definition, but this is one of the most common ones because it doesn't require any tools. I could live with calling it "binary concatenation" but considering the purpose is to hide something in another file, it's steganography.@jchd Zip files are backwards. The header is at the back of the file which includes content length. I'm not aware of any specification that says that you're not allowed to preamble any data but it's certainly not "unspecified" behavior. How it works is specified exactly. This trick is often combined with other files which have a header + content length in the beginning, such as most image formats. Then the file works as a regular image and as an archive.Some reading materials: 1, 2. Edited June 22, 2015 by Manadar github.com/jvanegmond Link to comment Share on other sites More sharing options...
jchd Posted June 22, 2015 Share Posted June 22, 2015 Yes I've know for ages that the header and more is (starts) at the end, but while I don't really care to waste time checking this point, I'm unsure that this is explicitely specified in the 7z format. It just happens that it's much, much easier to put the dictionnaries and header after everything is packed and one knows what to write.If an AV, OS or something decides that the possibility of hiding malware in such file is no more allowable and if the spec doesn't explicitely say it's OK, then many things can break down. It has already happened many times.As I said I'm not going to dive in the sources, but the only text vaguely ressembling a 7z file format spec doesn't explicitely allow leading container: http://cpansearch.perl.org/src/BJOERN/Compress-Deflate7-1.0/7zip/DOC/7zFormat.txt This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
iamtheky Posted June 22, 2015 Share Posted June 22, 2015 (edited) hide something in another file, it's steganography.The data is not hidden, its not even obfuscated. Its just joined to some other stuff, rename the file to .7z and it works fine. Edited June 22, 2015 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
TheSaint Posted June 22, 2015 Share Posted June 22, 2015 A .bin file, from my recollection, is much like a .zip file or an .iso file (rar etc) ... basically a package format.So in a sense, I imagine you are adding the content of a zip type file to another zip type file, and then adding the text file as additional content ... all zipped ... or if you like, compressed/inserted into a container. Make sure brain is in gear before opening mouth! Remember, what is not said, can be just as important as what is said. Spoiler What is the Secret Key? Life is like a Donut If I put effort into communication, I expect you to read properly & fully, or just not comment. Ignoring those who try to divert conversation with irrelevancies. If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it. I'm only big and bad, to those who have an over-active imagination. I may have the Artistic Liesense to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage) Link to comment Share on other sites More sharing options...
spudw2k Posted July 13, 2015 Share Posted July 13, 2015 (edited) Steganography.I disagree. Steganography is used to intentionally embed "hidden" data into existing data, without compromising/altering the "intended experience" of the original data; for example, hiding data in the alpha channel of a graphic that doesn't utilize transparency. True, concatenating two files into one is a decent way to "hide" data from an average user, but it is a far different technical exercise than steganography. I agree with Jos. From a tech perspec, it's just concatenation of data.But from a user perspec, it's obscurity. Edited July 13, 2015 by spudw2k grammar Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now