Fake Delete functionality - General Discussion and Assistance - CHDK Forum supplierdeeply

Fake Delete functionality

  • 10 Replies
  • 4818 Views
Fake Delete functionality
« on: 09 / November / 2010, 07:34:09 »
Advertisements
Hi!

Is it possible to implement a "fake delete" functionality? I'm thinking about detecting a new photo and immediately making a copy of it to (hide it, it could maybe be attached to an existing photo? or inserted using steganography?).
Do you think this is possible?

Ideally, the photos would be copied only if necessary ("on delete"), and hidden even if I put the SD card into a card reader (eg. by marking the sectors as defect - is direct card access possible?).

Thanks for your suggestions!

This has been suggested a few times (on the website and the old bugtracker, http://chdk.kernreaktor.org/mantis/view.php?id=79), but no comments were made on a possible progress in that direction?
« Last Edit: 09 / November / 2010, 07:45:45 by fing »

*

Offline zeno

  • *****
  • 889
Re: Fake Delete functionality
« Reply #1 on: 09 / November / 2010, 09:20:36 »
Doesn't taking raw pretty much do what you want? When you delete the jpeg the raw is still there, but the card appears empty as far as the camera is concerned. The raw photos are only detectable when you plug the card into a card reader.
A570, S100, Ixus 127
Author of ASSIST, STICK, WASP, ACID, SDMInst, LICKS, WICKS, MacBoot, UBDB, CFGEdit

Re: Fake Delete functionality
« Reply #2 on: 09 / November / 2010, 09:26:48 »
Is there a way to further hide the RAW picture so it cannot be easily found on the card?

*

Offline whim

  • ******
  • 2041
  • A495/590/620/630 ixus70/115/220/230/300/870 S95
Re: Fake Delete functionality
« Reply #3 on: 09 / November / 2010, 10:28:35 »
"Delete" on a FAT/FAT32 file system already is a "Fake Delete":
When you delete, "YOURFILE.RAW" will just be renamed "?OURFILE.RAW"
However, since the filesystem now does not 'see' the file anymore, any write operation
on the card after the delete operation increases the chance that
the sectors used by "?OURFILE.RAW" will be overwritten ...

so, if you're gonna use this 'feature' you should:

1) Assure nothing gets written to the card after your delete

2) Make sure you test your 'undelete' program to be functional for your chosen extension,
    try recovery programs like Recuva or PhotoRec

HTH,

wim
« Last Edit: 09 / November / 2010, 10:33:51 by whim »


*

Offline yvesson

  • ***
  • 209
  • A540 SX10IS
    • poll about some pics (not much serious) ^^
Re: Fake Delete functionality
« Reply #4 on: 09 / November / 2010, 10:36:56 »
Hej,
Then maybe it would be possible to have a second protected partition where you could hide the files you wanna hide, and the second partition would just be either light encrypted or hidden like a hidden file ?

*

Offline fudgey

  • *****
  • 1705
  • a570is
Re: Fake Delete functionality
« Reply #5 on: 09 / November / 2010, 10:58:45 »
Since the typical use for a feature like this is borderline illegal (taking photos against someone's will) it AFAIK hasn't really interested any capable developer that would publish their works.

You didn't link to the previous threads, but I believe several solutions have been discussed. Hooking the delete function reliably is probably not easy, especially for the delete-from-rec-mode one. In play mode maybe you could for instance
1) find out where the name&location of the currently displayed photo is stored (this may already be known to us, I can't remember),
2) have CHDK monitor keypresses and once the erase button is pressed, make a copy of the currently shown JPEG. This takes a while, so you'll have to be careful not to actuate the erase before CHDK is done copying (you could have CHDK blink a led once it's finished).

As for where to copy to hide, you could start by trying a normal hidden FAT directory (I don't know if it works, never tried), or just decide that something like CHDK/FONTS/FOOBAR/arial456.fnt is obfuscated enough for you. You can of course destroy the JPEG header while copying if you worry about automated photo transfer software finding your images regardless of their odd location. Or you could leave half of the card unformatted and write there (and keep track of a crude file system yourself) -- I don't know how that's done, but I'd assume it's possible using _WriteSDCard(), see the swap_partitions() function.

Btw, you can't move files, only copy. Copying a RAW file takes quite a bit of time and if you wish that to happen for each shot, that delay comes on top of the already lengthy RAW write time: you probably won't be happy with the speed of your camera. The same applies to more or less any processing (steganography, cryptography) you might want to do to your photos since processor power is quite limited.

Also remember that deletion doesn't delete images, just marks them legal for overwrites in FAT. If you take a photos and someone forces you to delete them, you can easily undelete them on a PC unless you shoot more photos over that disk space.

Another way to hide things is to play with the dual partition / partition swapping / boot method functionality of CHDK. The inactive partition is virtually inaccessible in Windows (but e.g. on Linux all partitions are typically mounted on card insertion).

Re: Fake Delete functionality
« Reply #6 on: 09 / November / 2010, 17:38:45 »
Thanks guys for your answers! The card probably still needs to be written to, so plain undelete doesn't help.

@fudgey: I am thinking about doing this as a student project for university. I have talked to a journalist last week and she would love to see something like that. This weekend I will likely meet with someone from Reports Without Borders and talk about possible use cases, and if they think this is useful. The methods described would be interesting to look into. You're right, performing a copy of each file on shooting probably isn't a good solution - it would be awesome if it were possible to catch delete events. I wanted to make sure there is a way to access the card directly, and possible ways of catching the delete, before suggesting it to RSF.
« Last Edit: 09 / November / 2010, 17:43:09 by fing »

*

Offline fudgey

  • *****
  • 1705
  • a570is
Re: Fake Delete functionality
« Reply #7 on: 10 / November / 2010, 09:24:22 »
I guess a fairly straightforward and yet usable method would be to not try to hook deletion in anyway, but instead to provide an alternative way for triggering erase. E.g. by changing the erase key alt-mode shortcut functionality from "toggle RAW" to "if in REC mode, toggle RAW, else:
1) exit alt
2) press "erase" key
3) copy
4) blink blue led to signal user that it's safe to confirm deletion

This way normal erase would happen unless you press erase in alt mode, and pressing erase in alt mode would look and feel pretty much the same as normal erase.

If you swap 2) and 3), the user can't trigger actual erase before copying has finished but the camera will probably feel sluggish unless using small jpeg size and a fast memory card.


Re: Fake Delete functionality
« Reply #8 on: 10 / November / 2010, 09:43:10 »
"this way normal erase would happen unless you press erase in alt mode"

The whole idea is to make the one using the camera (or having direct access to the memory card) think he has deleted the image, while a backup copy still exists.

*

Offline reyalp

  • ******
  • 13438
Re: Fake Delete functionality
« Reply #9 on: 10 / November / 2010, 13:07:19 »
The whole idea is to make the one using the camera (or having direct access to the memory card) think he has deleted the image, while a backup copy still exists.
I'm assuming this use case is you take pictures of <oppressive authority figure>, they catch you, tell you to delete everything or do the deleting themself.

On camera, the simplest way to do this is to shoot raw/dng with a prefix/suffix combination the camera doesn't recognize, or saving in a directory it doesn't recognize. Then when you delete the jpeg, everything is normal, the image no longer shows in playback, but the raw is still there. Of course, this means you must shoot raw which has many disadvantages. Copying the jpeg after the shot completed should be faster than saving raw, and should be relatively trivial to implement.

If they look directly at the memory card, you have much bigger problems. Probably putting them under some obscure directory name is probably good enough, any serious forensics are going to catch you anyway.

None of this will survive formatting the card, which is the obvious, quick way to delete everything.

It should be kept in mind that trying to do this and getting caught could have very unpleasant consequences for the user. Even in the west, giving false information to an LEO or failing to comply with their instructions is frequently an offense.

Getting reports of actual cases where people had been forced to delete things might shed some light on what approaches would be worthwhile. Maybe your contacts with RSF could help with this.
Don't forget what the H stands for.

 

Related Topics