Read File Sectors


When trying to repair operating systems and files which have gone hiccup there is a need to examine data on files.  I have found that some files are just too big to comfortably examine in a hex editor.

With Passwords becoming increasing vulnerable to the latest cracking tools the user cannot rely on producing long passwords that are easy to remember.  The user need to hide potential passwords in big files or use big files to give a potential password.  If the password is hidden in a big file it becomes difficult to access unless some means is available to access the required data which is too complex to remember.  Online banking in use by many people and the constant need to construct difficult to remember passwords favours the use of big files for password construction.  When doing online banking it is important that the password is not remembered by the internet browser. 


When practising the tutorials it is worth using a Ramdisk. Ramdisks leave no activity trace when the machine is switched off.  SSD disks are not privacy secure.  Modern hard disks use SSD mechanisms for caching purposes and thus pose a security weakness.

In /etc/fstab write entry tmpfs /home/username/ram tmpfs defaults,noatime,mode=1777,size=20MB 0 0
creates ramdisk in directory /home/username/ram
Use Wine to run program "e_crypt7" program

Google for ramdisk software.  Free Basic ramdisk software to create 100MB of ramdisk is likely to be available at no cost.  Need to check that ramdisk software has no hidden problems attached to it.  Appropriate Antivirus and rootkit checking software is needed.  Website http://www.dataram.com/ is worth looking at.

The biggest advantage of a ram disk is the ability to have very fast loading and writing times. It also allows one to experiment without fear of doing damage to a hard disk.  It also allows one to try things out as possible approaches to security without leaving any trace.  Modern file systems use journaling which can leave traces of data on hard disks that a person may not want left.  A ram disk loses of traces of its file system when the computer is switched off.





Read File Sectors
6 Read File Sectors
  • File sizes can vary from 0 bytes to many Gigabytes in size
  • Computer memory is limited and when it comes to large files only a small part of a large file can be held in memory at a time
  • By determining where you load from and keeping the amount loaded small it is possible to examine a large file with ease
  • Use to examine file contents at known positions
  • Use to change file contents at known positions
  • Use to store long random passwords which are impossible to remember in a safe place.




6 Read File Sectors


  1. Download file "d.t"
  2. Download file "truecrpt password.txt"

Computes use binary arithmetic.  Humans use decimal arithmetric. 

Storage media consist of sectors and clusters where a file system and operating system is concerned.  There are many files systems available.  NTFS, ext2, ext3, ext4 FAT16 and FAT32 are examples.  Many programs in DOS, Windows, UNIX and Linux had File editors which used Hexidemimal notation.  A character uses 2 bytes (256 bits) FF in Hexidecimal notation.  Using Hexidecimal to describe the value of a character in a file enabled all characters to be examined.  Many ASCII characters cannot be displayed.  Hence the use of Hexidecimal.

The sectors of a file do not necessarily correspond to sectors of a storage medium that a file is stored on.  The program function described below uses sectors of 512 bytes and displays the decimal value equivalents.

The is a lot of difference in understanding when using hexidecimal every day and when using it on occasion.  Using hexadecimal occasionally I find it easier when decimal equivalent values are present.  To understand how a file system works it is useful to look at the contents of the file and the sector that a file can partially occupy.

A file when it partially occupies a sector leaves the un-occupied part of the sector as slack space.  Sometimes a file occupies a full sector.  When the file is reduced in size data is left in the slack space.  In non sensitive data this does not matter.  When handling sensitive data the data left in slack space after editing should be removed.  A person learning about file systems may not understand about slack space and storage sector by sector or how NTFS handles small files unless they have some means of seeing the data for themselves.  This program function can act as an educational tool to help understand file data storage.



  • By Mouse
  1. Click on "Utilities"
  2. Click on "Obtain Selected Datas"
  3. Click on "6 Read File Sectors"
  • By Keyboard
  1. Type "ALT+U"
  2. Type "O6"
Image
A
A) Button to get a file to load
(B) Sector size of Hard disk set to 512 bytes
(C) Name of "Loaded file"
(D) Size of "Loaded file"
(E) Total number of Sectors in "Loaded file"
(F) Cluster size of Hard disk that "Loaded file" came from
(G) Number of Clusters "Loaded file" occupied on Hard disk
(I) Sector of "Loaded file" that reading starts from
(J) List of half sectors that have been loaded into memory from Sector location in (I)
(K) One Byte is 256 bits FF in Hexadecimal. Locations tend to be in Hexadecimal hence the locations numbered "00" to "0F"
(L) The "F" button (L) sets the focus in the (Q) window.  Cursor Selections only show up in a window that has focus.
(M) The "F" button (M) sets the focus in the (T) window.  Cursor Selections only show up in a window that has focus.
(N)This is the sector of the "Loaded file" that data is read from
(O)The number of complete sectors of data that "Loaded file" occupies.  This is different than the number of sectors that a file may occupy on a storage medium (E).
(P) Rows "0 to 15" or "16 to 31" depending on sector value in list (J)
(Q) contents of "loaded file" at a particular location.
  • location is determined by row and column.
  • row value in hexidecimal is given in (R)
  • row value in decimal is given in (S)
  • column in hexidecimal is given in (K)
  • location = R+K in hexidecimal
(R) hexidecimal location values at start of row in (Q)
(S) decimal values at start of row in (Q)
(T) ASCII characters for HEX Bytes displayed in (Q)
  • Not all ASCII characters can be displayed
  • some HEX bytes do not have an ASCII character that can be displayed
  • HEX bytes 00, 05, 0D, 0A are replaced by a dot
(U) Rows "0 to 15" or "16 to 31" depending on sector value in list (J). Same value as that in (P) to help line up the eyesight along a row
(V) List of commands that are available
though double clicking item in list or by single clicking item and then clicking on button (W)
  • Read Sector(s)
    • read data from "loaded file" amount dependent on value in (w)
  • Clear Sector(s)
    • clears contents of (I) (J), (N), (P), (Q), (R), (S), (T), (U), (a). (b), (c), (d), (e),  (g), (h), (i), (j), (k), (m), (za), (zb), (ze), (zf), (zg), (zh)
  • Write to File
    • writes the contents of data loaded from "loaded file" loaded into memory into a file
    • file has short name, date, time information in its full name with extension "sector"
  • Data to ClipBoard
    • writes the contents of data loaded from "loaded file" loaded into memory onto clipboard
    • without Byte values in Hexidecimal
    • includes name of file and file size
  • HEX to ClipBoard
    • writes the contents of data loaded from "loaded file" loaded into memory onto clipboard
    • Includes Byte values in Hexidecimal
    • includes name of file and file size
  • Locate HEX string
    • searches for HEX bytes in (zq) in data already loaded into memory of "loaded file"
    • Puts HEX bytes into (ze)
    • Puts number of HEX bytes in (zf)
    • puts characters HEX bytes represents in (zg)
    • puts number of characters in (zi)
    • If HEX bytes found then locations where the HEX bytes were found are listed in list box (m)
  • HEX String in File
    • searches for HEX bytes in (zq) thoughout all of "loaded file"
    • Puts HEX bytes into (ze)
    • Puts number of HEX bytes in (zf)
    • puts characters HEX bytes represents in (zg)
    • puts number of characters in (zh)
    • If HEX bytes found then locations where the HEX bytes were found are listed in list box (m)
  • Finds To ClipBoard
    • Puts the location of searched for HEX bytes for "Locate HEX string" or "HEX String in File" that is listed in list box (l) on the clipboard
  • Modify Contents
    • modify the contents of the data from "loaded file" that is loaded into memory
    • The modifications can be saved to "loaded file" on disk
  • Save to ClipBoard
    • save the contents of  (Q), (R), (S), (T) to clipboard
    • This is 256 bytes of HEX character information
(W) button to process item selected in list (V)
(X) This takes HEX characters selected in Edit box (Q) and places them in Edit box (zq)
  • The selected HEX character string have spaces removed,  "end of line" and "new line" markers removed before being placed in Edit box (zq)
  • number of HEX characters placed in (zr)
  • conversion of HEX characters to ASCII characters placed in (zs)
  • number of charactrers in (zs) placed in (zt)
(Y) This takes HEX characters selected in Edit box (Q) and places them on the clipboard as characters.
  • The selected HEX character string have spaces removed,  "end of line" and "new line" markers removed before being converted to characters and placed on clipboard.
  • Useful for password purposes
(Z) This takes HEX characters selected in Edit box (Q) and can send to another Window as characters.
  • The selected HEX character string have spaces removed,  "end of line" and "new line" markers removed before being converted to characters which can be sent to another Window
  • A useful facility if there is concern about keyboard or clipboard loggers intercepting passwords
  • Useful for password purposes
(a) to (l), (t) and (u) are empty until a HEX string location is clicked in list box (m).  Example of such strings are shown in Image E.  Part of Image E is shown below

  • String "AABB" in (ze) was searched for in the file "G\d.t".
  • It was found several times in the file "G\d.t".
  • Where each string was found was placed in list (m)
  • The highlighted item "54 326" in list (m) is record of Sector 54 and location 326 bytes from the start of sector 54
(a) is the number of bytes from beginning of file where start of string "AABB" was found
(b) is the number of bytes in hexidecimal from beginning of file where start of string "AABB" was found
(c) 54 is the number of sectors from the beginning of file for "AA" in string "AABB"
(d) 20 is number of rows of 16 from beginning of sector 54
(e) 06 is the column position where the string "AABB" starts. (00) is first column
(f) is a button which locates the cursor on the "AA" in string "AABB"
(g) is the number of bytes from beginning of file where start of string "AABB" was found
(h) is the number of bytes in hexidecimal from beginning of file where start of string "AABB" was found
(i) 54 is the number of sectors from the beginning of file for "BB" in string "AABB"
(j) 20 is number of rows of 16 from beginning of sector 54
(k) 07 is the column position where the string "AABB" ends. (00) is first column
(l) "E" is a button which locates the cursor on the end of string at "BB" in string "AABB"
(m) is a list of locations for string "AABB" with "54 326" selector.  When clicked the sector to read from 54 is placed in (za) and its position in decimal 27,648 is placed in (zb).  Row 20 (row starts from 0) is the row for 326 and the sector number list is 0.5 in list (J)
(s) The button (s) can move the function display  up or down depending if the word in the button says "Up" or "Down".
  • The function display takes up room and the user may want to move the Window in order to view other windows.
(t) 21 is the number of times string "AABB" was found in file "G/d.t"
(u) 1 is the selection number in list (m)




(n) Has the file slack space can be "yes" or "no".
  • File "G/d.t" has no slack space. Images B to E. Top image at side for example
  • File "G:\Configuration.xml" has slack space. Image F. Bottom image at side for exaple
(o) Size of slack space
(p) Sector slack space is located in
(q) row slack space starts. (row stats from 0)
(r) column slack space starts. (column starts from (0)
(v) "start" button loads 200 sectors or maximum available sectors from start of file
(x) reads sector in (I) adds 200 sectors and then or loads 200 sectors or maximum available sectors from sector position
  • example if (I) has 54 then loads 200 sectors from from position 254 if file contains more than 454 sectors
(y) reads sector in (I) subtracts 200 sectors and then or loads 200 sectors or maximum available sectors from sector position
  • example if (I) has 254 then loads from position sector 54
  • example if (I) has 54 then loads from position sector 0
(z) goes to last sector subtracts 200 then loads 200 sectors
  • example file "G/d.t" has total sectors of 2,048 in (E) 200 sectors are read from sector position 1,848
(za) is sector to read when "Read Sector(s) is selected in list (V) and "Read Sector(s) (W) button is clicked
(zb) is the position of Sector (za) in bytes
(zc) is the neatest sector value of position value typed in (zd)
(zd) postion value to obtain nearest readable sector



  • An example of a loaded file particulars is show in "image B" below.
  • Another example of a loaded file particulars is shown in "image C" below
  • Image B
    •  Has 2048 complete sectors (O)
    •  Occupies 2048 complete sectors ((E) on storage medium
    • Data read from sector 0
  • Image C
    • uses same file as that used in Image B
    • Data read from sector 201 hexidecimal 19200 (decimal 102,912)
  • Image D
    • Has 4 Complete sectors (O)
    • Occupies 8 completesectors (E) on storage medium
    • Data read from sector 4.5
    • contents of slack space can be seen after "9DE+0C" (2,524 decimal 2,525-1 as location 0 is start of file)
  • Image E
    • uses the same file as that used in Image B
    • Data read from sector 36 hexidecimal 19200 (decimal 102,912) 











(ze) The string "AABB" is the string that has been searched for and a list of positions of this string is in listed in list (m)
(zf) 4 is the number of characters in the string "AABB" in (ze)
(zg) "Ēģ" is the ASCII characters of the hexadecimal characters "AABB" in (ze)
(zh) is the number of characters of string "Ēģ" in (zg)
(zi) will clear any string in (zk)
(zj) will copy a hexadecimal string in (zm) to (zq)
(zk) will take an ASCII string
  • place the number of characters in (zl)
  • place the hexadecimal equivalent string in (zm)
  • place the number of characters of hexadecimal equivalent string in (zm) in (zn)
(zl) to (zn) described above
(zo) will clear any hexadecimal string in (zq)
(zq) will take a hexadecimal string
  • place the number of characters in (zr)
  • place the ASCII string of hexidecimal string in (zs)
  • place the number of characters of ASCII string in (zs) in (zt)
  • When the "Locate Hex String" or Hex String in File" is selected in (V) and the (W) button is pressed the hexadecimal string in (zs) is used





Image
B

Image
C


Image
D

Image E


Image F.