Hiding data on 3.5" using "40 track mode"

Dave Howe DaveHowe at gmx.co.uk
Sat Feb 4 17:26:49 EST 2006 

Travis H. wrote:
> In the FBI's public statement about Hannsen, they relate how he used a 3.5" 
> floppy in "40 track mode" to store data, but if it was read in the ordinay
> way it would appear blank.  IIRC, high-density floppies are 80 tracks per
> inch, and double density were 40 tpi.  So, how do you suppose this trick
> works? The official details are, of course, vague

  It would have to be a guess.

  Back in the 5 1/2" days, we would frequently use a disk on both standard and
1.2mb drives; on the 1.2s, the head was literally half the width of a "standard"
5.25" drive, so you got the occasional problem due to this.

  For "virgin" disks, reading a file written on a 1.2 on a standard was no
problem; writing *any* disk on a standard always worked

  After a bit of use though, a interesting but predictable problem emerged - if
you wrote a file on a standard, then overwrote that file on a 1.2, then only
half the track (the lowest half) would be overwritten; the other half would
retain its original data, and a standard drive attempting to read back the data
would in fact read unreliably.

  Applying this to the problem would seem to suggest that, if you format a
standard 1.44 floppy as a 720, only *alternate* tracks are actually formatted,
and the intervening tracks are left blank.

  If you wrote and installed a special driver, you could read and write those
*alternate* tracks independently of the "formatted" tracks; even in a classic
720 3 1/2" drive, the worst you could expect would be an unreliable read, and
the best would be that you would get a reliable read from the "real" tracks,
ignoring the interleaved alternates. Of course, reading this floppy on a normal
1.44mb drive would show nothing wrong, and read it as being a perfectly usable
720K floppy. of course, *why* you would want to do that is another issue.

  Oh - before I forget, I was thinking about covert channels and cds a few days
ago and realised there is already one - CDs support a special mode called "CD+G"
- this is used making "karaoke" cds to support the video data stream; the vast
majority of pc drives cannot read this data - there are exceptions of course.
however, karaoke players (and many low-end dvd players) CAN, and by design
display them on the screen of the playback device.  This is pretty much STO, but
could conceal a message trivially that normal examination of the cd would not
reveal, but which the recipient could display (again, trivially) using nothing
more than a tv set and cheap mass-produced DVD player.

  Needless to say, you could always write or read data from the low bits of the
audio too, provided you got a reliable read of that data... the software to do
that could be considered suspicous though, while a cd that has a short text
message imbedded in track #12 of a 20 track audio collection would be harder to
detect (but of course for even vague security would have to be treated as a steg
channel and encrypted in addition, with something decodable by hand like a book
code)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list