Multiple "roots" on a disk
Using this method, you can use invisible Unicode characters to create directories that apparently have no name. We can use this together with a weakness in how both Windows and Linux handle directory names, to present the subdirectories of a drive such that they all look like the root of the drive themselves.
Directories in Linux and Windows systems support having Unicode names, but do not mind the special case where the directory name is made up of only invisible characters. Ordinary ASCII spaces (&#x0020;) are not allowed as directory names, but other than that, the choice is free of several invisible characters (see below).
This approach makes it possible to have several directories all looking like the same.
2 Properties of a sub-subdirectory
3 Inside the subdirectory
4 Hidden files not shown
Of course, we must keep in mind that "power users" are able to show hidden files in the systems, but most ordinary computer users do not.
Any characters that have no visible content, such as the Right-Left (or Left-Right) Override, discussed below: &#x202d; and &#x202e; can be used. Also, any combination of these.
Converts text or data into bitmap pictures.
This program can be used for steganography, or for presentation of what’s possible with bitmaps. When the program is run, the user selects what input-file or string of text to use. The textual contents are moved into a bitmap (.bmp). The file is now readable in a text editor as well as an ordinary graphics editor. In the text editor, the (not that well) hidden text is revealed, and in a graphics editor, the file is presented as a random looking number of pixels.
Running the program
java -jar Bitmapper output.bmp [-s text | -f input.txt]
It turns out that appending two simple Unicode characters to a file name one can override the direction that the text is presented, thus letting it look as if a file has a different extension than it really has. This is a problem with regard to phishing spam and malware, which appear from time to time.
Email clients will in many cases do not present the file name as it should (examples below from SquirrelMail and One.com webmail respectively), and the file will thus be perceived by the recipient as a harmless file. The structure of the file name after RLO/LRO modification will be: [name].[ext1].[ext2] where ext1 is the original extension with the opposite letter orientation, and ext2 is another, seemingly harmless file extension. The program shows how to make the name change easily with a java program.
Example: file.pdf becomes file.pdf.doc after the change (Actually file.fdp.doc, where fdp is presented opposite way by the two Unicode characters. Note that the operating system will still detect this file as a PDF, and in the example of an executable file, this will also be executable after modification. It is merely the way it is presented to the user that has changed).
http://klevjers.com/dev/RLO/RLO.java -- Source code
http://klevjers.com/dev/RLO/RLO.jar -- Java program
http://klevjers.com/dev/RLO/poc.zip -- Package
Running the program
java -jar RLO.jar
People are hassled by spam all the time. Many people have, out of sheer carelessness or ignorance written their email address in clear somewhere on the internet. There are web crawlers run by spammers that collect these addresses by identifying them, usually through searching for an ‘@’ or additional information suggesting that a text string is an email address. Shown here is a simple applet giving web users the opportunity to present (in HTML code) their email address without it being identifiable by such a crawler. The applet produces three examples of what’s possible, none of which are perfect, but surely show the possibilities. The solution includes base64 encoding of the email address. Example 1 is contained in an iframe tag, usually used to embed web content such as minisites inside other HTML sites. Example 2 simply produces a link, where the text of the link should be anything else than the address, preferrably ‘email’. Example 3 is an svg contained in an iframe, and requires a newer web browser.