Hide Files on Linux: A Hacker’s Guide

TL;DR

Hiding files on Linux isn’t about making them invisible to skilled users, but rather disguising them so they aren’t easily found during casual browsing or simple searches. This guide covers several methods, from basic dotfiles to more advanced techniques using steganography and alternative data streams. Remember that these are not foolproof; a determined investigator will likely find hidden files.

Hiding Files on Linux

1. Dotfiles (Easy)
   • Files starting with a dot (.) are hidden by default in most file managers.
   • To hide a file named ‘secret.txt’, rename it to ‘.secret.txt’.
   • To view these files, you need to show hidden files in your file manager (usually Ctrl+H) or use the command line with ls -a.

   mv secret.txt .secret.txt

2. Hidden Directories
   • Similar to dotfiles, directories starting with a dot are hidden.
   • Create a directory named ‘.hidden_directory’ and place your files inside.

   mkdir .hidden_directory

3. Disguising File Extensions (Easy)
   • Change the file extension to something innocuous, like a text or image file. For example, rename ‘important.pdf’ to ‘important.txt’.
   • This won’t hide the file itself, but it might make someone less likely to open it if they see an unexpected extension.

   mv important.pdf important.txt

4. Steganography (Medium)
   • Hides a file within another, seemingly harmless file (like an image or audio file).
   • Using Steghide: A common steganography tool. You’ll need to install it first (e.g., sudo apt-get install steghide on Debian/Ubuntu).
   • Embed the secret file into a cover image:

   steghide embed -cf cover.jpg -ef secret.txt -p "your_password"

   • Extract the hidden file:

   steghide extract -sf cover.jpg -p "your_password"

5. Alternative Data Streams (Medium)
   • NTFS-specific, but can be used on Linux if you have access to an NTFS partition. Allows storing data in unused space within a file.
   • Requires the ntfs-3g package installed.
   • Using ‘streams’: A utility for managing alternative data streams. Install with sudo apt install streams (Debian/Ubuntu).
   • Attach a hidden file to an existing file:

   streams -a attach cover.jpg secret.txt

   • List the streams attached to a file:

   streams -l cover.jpg

   • Extract the hidden stream:

   streams -d extract cover.jpg secret.txt

6. Mounting an Image as a Loop Device (Advanced)
   • Create a file to act as your virtual disk image.
   • Format the image with a filesystem (e.g., ext4).
   • Mount the image as a loop device.
   • Store files within this mounted filesystem.

   dd if=/dev/zero of=secret.img bs=1M count=100  # Create 100MB image

   mkfs.ext4 secret.img # Format the image

   sudo mount -o loop secret.img /mnt/secret # Mount it

7. Using a Hidden Partition (Advanced)
   • Create an encrypted partition on your hard drive and hide it using tools like LUKS. This is the most secure method, but also the most complex. Requires careful planning and execution to avoid data loss.

Important Considerations:

• These methods are not foolproof. A thorough forensic analysis can often uncover hidden files.
• Always use strong passwords when encrypting or embedding files.
• Be aware of the limitations of each method before using it.
• Regularly back up your data, especially if you’re experimenting with advanced techniques like alternative data streams or loop devices.