Principles and Applications of hiding objects or folders in Depth

Currently, there are a lot of folder encryption software on the Internet that can encrypt and decrypt folders, and some are said to be cracked or have serial numbers. However, many of these types of software are just installed normally and suddenly cannot be used after a period of time. You are required to register for a payment, or the encrypted folder cannot be unlocked! Real rogue software style!
In fact, the vast majority of encryption software in China cannot be regarded as encryption, but is hidden in some ways. Folders encrypted using these methods can be decrypted without an encrypted password. Therefore, the methods described here can also be used to restore the encrypted folder after the encryption software fails.

1. Use the File Identifier (Class Identifier) Method

Features and recognition: the name of the encrypted folder does not look abnormal, but the folder looks like a recycle bin or network folder and cannot be copied, deleted, or moved. However, you can run the Dir command in DOS to view the folder name, or use
When viewing WinRAR and ACDSee software, you will find that the real name of the folder is the original name added with a name similar to {208d2c60-3aea-1069-
A2D7-08002B30309D} such a string, for example, the original folder is "myfiles", but is actually "myfiles. {208d2c60-3aea-
1069-a2d7-08002b30309d} ", which makes it look like a recycle bin. After it is opened, it is also the content of the recycle bin. The following string is the Class Identifier of the recycle bin.

Principle: in windows, there are multiple fixed Class Identifiers that represent system files. They are not displayed in windows at the end of the folder, but are visible in DOS. When trying to open such files
The system automatically calls the corresponding program for processing (for example, when disguised as Notepad, the text editor is called to open the file [Folder]). If the file cannot be implemented, an error is returned instead of opening the folder.
Encryption: Rename the folder to be encrypted, and add a vertex and corresponding identifier at the end.
Decryption: Change the folder name to the normal format in DOS or by using WinRAR or ACDSee.
Common File Identifier:
My computer {20d04fe0-3aea-1069-a2d8-08002b30309d}
My document {2017d8fba-ad25-11d0-98a8-0800361b1103}
Dial-Up Network {992cffa0-f557-101a-88ec-00dd010ccc48}
Control Panel {21ec2020-3aea-1069-a2dd-08002b30309d}
Scheduled task {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Printer {2227a280-3aea-1069-a2de-08002b30309d}
Notepad {1fba04ee-3024-11d2-8f1f-440f87abd16}
Network Neighbor {208d2c60-3aea-1069-a2d7-08002b30309d}
Recycle Bin {645ff040-5081-101b-9f08-00aa002f954e}
Briefcase {85bbd920-42a0-1069-a2e4-08002b30309d}
Body {BD84B380-8CA2-1069-AB1D-08000948F534}
The Web Folder {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
Wav file {00020c01-0000-0000-c000-000000000046}
Excel file {00020811-0000-0000-c000-000000000046}
Outlook {00020d75-0000-0000-c000-000000000046}
IE {871c5316-42a0-1069-a2ea-08002b30309d}
Win media player {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Web Publishing Wizard {96e000037-59f3-11d0-ad1f-00aa00a219aa}

2. Use special characters (//./
)
Feature and recognition: the name of the encrypted folder does not look abnormal. However, when you try to open the folder, the system prompts that the folder cannot be found. When you double-click it under WinRAR, it automatically jumps to the root directory of the current partition, the folder cannot be accessed, copied, deleted, or moved.

Principle: in fact, this is a Windows system bug. In Windows, only common characters are allowed. However, this restriction only exists.
In "Resource Manager", but in "command prompt", you can break through these restrictions and create some files and folders containing special characters or paths, these files and folders cannot be typed in "Resource Manager ".
And cannot be deleted. The operation can only be performed in the "command prompt. For example, "copy E:/mypics //./E:/My/myfiles
". This will create a "myfiles" folder, but cannot view its content.
Encryption: copy the folder to be encrypted in DOS to a new location (as shown above) or rename it ("Ren E:/mypics //./E:/My/myfiles
")
Decryption: in DOS, change the folder name to the normal format ("Ren //./E:/My/myfiles
Mypics ").

3. Use special characters (..)
Features and recognition: the name of the encrypted folder ends with a dot, for example, "myfiles.". The folder cannot be accessed, copied, deleted, or moved.
Principle: Same as above; Windows does not allow the end of a vertex. In this case, the following vertex is removed. However, when a folder has two dots at the same time, the system only displays one vertex. When operating on this file, you will be prompted that the specified file cannot be found and cannot be opened.
Encryption: Rename the folder "Ren E:/mypics/E:/system ../" under DOS ../". In this way, the "System." folder appears in windows.

Decryption: use the "DIR/X" command in DOS to display files, which are similar to "<dir>
System ~ 1 system. Use the name (system ~ 1) to rename: "Ren
System ~ 1 myfiles ". In this way, "system." is changed to the normal form of "myfiles", you can view the folder content.

In fact, you can combine several methods to achieve better hiding effect. For example, you can move a folder to a folder encrypted by method 3, and then to a folder encrypted by method 2, use method 1
The folder is disguised as a recycle bin in the root directory, and hidden and system properties are added. Then, the original folder (which is already empty) is disguised as a web folder in method 1. This method is used by software such as the folder encryption wizard.
You can use the encryption method to encrypt the data quickly. You can use the method to decrypt the data layer by layer without the password used for encryption.