Filename Obfuscation: ASCII to HEX Guide

TL;DR

Converting filenames to hexadecimal (HEX) is a simple form of obfuscation, not strong cyber security. It makes files slightly harder to identify at a glance but offers no real protection against determined attackers. This guide explains how it works and why it’s limited.

Is ASCII to HEX Obfuscation Common?

It’s relatively common in basic attempts to hide file types or content, particularly when sharing files online where simple name changes might be enough to bypass rudimentary filters. However, experienced users can easily reverse the process. It’s often used alongside other techniques, not as a standalone cyber security measure.

How to Convert Filenames to HEX

1. Understand the Concept: Each character in a filename has an ASCII (American Standard Code for Information Interchange) value. Converting to HEX represents these values in base-16 format (using numbers 0-9 and letters A-F).
2. Using Python: This is a quick way to convert filenames.

   import binascii
   filename = "MySecretFile.txt"
   hex_representation = binascii.hexlify(filename.encode('utf-8')).decode('utf-8')
   print(hex_representation) # Output: 4d7953656372657446696c652e747874

3. Using PowerShell: Another convenient option, especially on Windows.

   [System.Text.Encoding]::ASCII.GetBytes('MySecretFile.txt') | ForEach-Object { "{0:X2}" -f $_ } -join ''

   This will output the HEX representation of the filename.

4. Using Online Tools: Many websites offer ASCII to HEX conversion. Search for ‘ASCII to HEX converter’ on your preferred search engine. Be cautious about uploading sensitive filenames to unknown sites.

How to Convert HEX Back to ASCII (Reversing the Process)

1. Using Python:

   import binascii
   hex_string = "4d7953656372657446696c652e747874"
   original_filename = binascii.unhexlify(hex_string).decode('utf-8')
   print(original_filename) # Output: MySecretFile.txt

2. Using PowerShell:

   [System.Text.Encoding]::ASCII.GetString(([byte[]]([char[]] (4d, 79, 53, 65, 63, 72, 65, 74, 46, 69, 6c, 65, 2e, 74, 78, 74)))

   Replace the numbers within the brackets with your HEX string values.

3. Online Tools: Again, search for ‘HEX to ASCII converter’. Exercise caution as before.

Why is this not strong cyber security?

• Easily Reversible: As shown above, converting between ASCII and HEX is trivial with readily available tools.
• File Headers Remain: The filename is just metadata. The file’s actual content (and its header) still reveals the file type. A .txt file converted to HEX will still likely be identified as a text document by examining its contents.
• No Encryption: This method doesn’t encrypt the data, so anyone with access can read it once they convert the filename back.
• Detection by Antivirus/Cyber security Software: Many cyber security tools will scan file content regardless of the filename.

Better Alternatives for File Protection

• Encryption: Use proper encryption software (e.g., VeraCrypt, 7-Zip with strong passwords) to protect sensitive data.
• Steganography: Hide files within other files (images, audio). This is more complex than ASCII to HEX but offers better concealment.
• Strong Passwords & Access Control: Limit access to files and folders using robust passwords and user permissions.