Saturday, 3 June 2017

How to super-hide E2B files from Windows Explorer

A simple way to hide an ISO, .imgPTN or other payload files on an E2B drive is to simply set the Hidden attribute (right-click - Properties - tick Hidden - OK). But you knew that already right?...

But what if the user has 'Show hidden files' enabled in Explorer? He will still be able to see the files - so how can we prevent this?

Well, to make the file super-hidden (hidden+system), simply make sure the filename starts with a ~ symbol (as well as having the Hidden attribute set).

e.g. \_ISO\LINUX\~kali.iso

Explorer will not show the file, even if the user has 'Show hidden files' enabled (you may need to press F5 to refresh Explorer after you have changed the name, before it will disappear).

The user (and you) will still be able to see the file if  'Hide protected operating system files' is unticked however, but using ~ is easier than using the attrib +h +s command on the command line because you can add a ~ using Explorer.

WARNING: DO NOT USE SWITCH_E2B.exe on a ~xxx.imgPTN file - it will corrupt the drive! This bug is fixed in SWITCH_E2B v1.0.16.

Of course, this won't stop linux or the  dir /ah command from listing the files, but it is a simple tweak and will fool most Windows users.

Reference: Raymond Chen from here.