Saturday, December 19, 2009

I’m no dummy (but I know how to make one…)

A number of weeks ago I was participating in an internal pilot project.

One of the parameters being measured and tested was how file transfers of a certain size were processed.

To do this, we had to send a file over 4 MB through the software application being tested.  No file was provided. No file source was suggested.

Now I don’t know about you, but the thought of willy-nilly picking just any old file off my system and sending it into the black-hole of the testing endpoint just didn’t sit well with me on numerous levels.  Sure I had lots to pick from.

A simple search with the free Nirsoft tool SearchMyFiles would have allowed me to filter down my system for files between a certain range.  Then do I pick an application file? Maybe an MS Office file?  If I send the right one might it leak some content I would rather not?  Or would the file-type itself maybe cause some kind of variance in the testing/results?

Instead, I just used a utility to generate a file of a specific size filled with garbage.  Didn’t matter what I called it (Bad_HAL.txt), or what it actually did (nothing). It was just a garbage file of a specific size.

Sweet Free Dummy File Generators

These things are dead-useful for system admin work and particularly, testing of file transfers across networks or devices without fear of information leakage. 

Here’s a brief round up of a few nice and free dummy file generators:

  • At almost the very bottom of this Coding Snacks list from DonationCoder.com I found the “DFC: Dummy File Creator” application from programmer seedling.  Written way back in 09 of ‘05, it proves that good code stands the test of time..  just 328 kB this is tiny any good in a GUI package. Download the “portable” zip version with no installer.  Enter the file size you want (in bytes, Kbytes, Mbytes, or Gbytes), specify a fill pattern (if desired), and press the “OK” button.  You will then be asked to provide a name for the file and a location to put it.  Bam. Done.
  • Dummy File Generator - (freeware) – according to the developer, Boris Toll,  “Mit dem Dummy File Generator ist es möglich Dateien mit beliebiger Größe zu erstellen. Die Standardauswahl enthält Byte, KByte, MByte und GByte. Dieses Programm ist vorallem für Netzwerk und Performance Tests hilfreich.” or with a bit of Google translation help, “ With the dummy file generator, it is possible to create files with any size. The default selection includes byte, KB, megabytes and gigabytes. This program is especially helpful for network and performance testing.”  Yep.  Good German coding at its best. Not convinced? Let Killer Tech Tips blog give you a visual walkthrough in their post Create Dummy Files.  Really tiny at just 23 kB in the single exe file, its extremely portable!  Set your size format (in bytes, Kbytes, Mbytes, or Gbytes), provide the size, and create your file.  You don’t get the option to specify a custom fill pattern, however.
  • Dummy File Creator – (freeware) – MyNikko. Download either the MSI-based installer or the “portable” zip version with no installer (my preference). The GUI exe weighs in at just 56 kB while the command-line version is just 16 kB. Dummy lets you either generate a single file or multiple files as defined in a user-created batch list.  Specify the path and name of the file output, the size and “create”!  The sample batch list is great as it allows you to pre-define the name/location of your files, the size, and a randomization switch.  The web page has all the information you need for both versions. Awesomely clever little utility.
  • NOD32 Dummy File Creator Utility 1.0 -- (freeware) – download source at Softpedia. Weighing in at 327 kB, it has a very pleasant GUI interface. Set your file size, your file fill string, set the attributes for the file (archive, hidden, readyonly, system), and create your file.  What is particularly groovy about this tool is that it feeds off a “DFC.INI” file located in the same place as the executable.  It comes with a sample one but any geek should be able to figure out the format.  Once you do you could automagically generate a whole set of different dummy files, types, etc, at a predetermined size.  Why such a tool from a A/V vendor? I think the reason is by creating locked-down dummy files of specific names, when the malware attempts to drop itself onto those locations, it can’t as the locked files already exist.  It’s a technique I used quite successfully with some auto-respawning malware in the past.

And then there is Microsoft’s FSutil

I’m guessing here it stands for FileSystemUTILity..at least it makes sense to me to remember it that way.

It appears to be present in XP, Vista, and Windows 7 (and the corresponding server editions as well)

It must be launched from an administrator-elevated command prompt session.

Please bear in mind that it is really a powerful tool that “…you can use to perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume” according to Microsoft.

But it is of note to this post as it contains the ability to create a dummy file.  (Though truth be told, using this utility to do so is a bit like using the Death Star to swat a fly.)

Documentation of changes in it from XP to Vista to Win7 are a bit hard to come by.  This link outlines the XP subcommands.

ITsVISTA rounded up the Vista changes, including the additional subcommands of repair (self healing management), resource (Transactional Resource Manager management), and transaction (Transaction management).

On my Win7 system I see it also contains all the XP and Vista noted subcommands and now adds 8dot3name (8dot3name management).

To view help for the available subcommands at the command prompt, type fsutil, type the subcommand, and then type help (that is, fsutil subcommand help).

However what we want is to make a dummy file.

C:\Windows\system32>fsutil file createnew help
Usage : fsutil file createnew <filename> <length>
   Eg : fsutil file createnew C:\testfile.txt 1000

So we would type the following fsutil file createnew D:\dummy_file.txt 512

C:\Windows\system32>fsutil file createnew d:\dummy_file.txt 512
File d:\dummy_file.txt is created

That just created a new file named “dummy_file.txt” on the root of the D drive at a size of 512 bytes.

See these kinda related coolnesses of fsutil:

See.  It’s easy to be a dummy.

Cheers!

--Claus V.

2 comments:

H. Carvey said...

Claus, you know who could've used this? Clifford Stoll, in "The Cuckoo's Egg". ;-)

Claus said...

@ Keydet89 - thanks for the comment!

For those bothering to read the comments and not sure about the reference: The Cuckoo's Egg (book) - Wikipedia.

Quoting:

"In order to entice the hacker to stay on the line long enough to be backtracked from Bremen, Stoll set up an elaborate hoax (known today as a honeypot), inventing a new department at LBL that had supposedly been newly formed because of an imaginary SDI contract. He knew the hacker was mainly interested in SDI, so he filled the "SDInet" account (operated by the imaginary secretary Barbara Sherwin) with large files full of impressive-sounding bureaucratese. The ploy worked, and the Deutsche Bundespost finally located the hacker at his home in Hanover."

Dummy files can be deployed in a variety of scenarios and purposes. Having the ability to do so quickly, particularly from the Windows system itself (FSutil) is useful information to keep handy for the one day you really need that capability.

Happy Holidays!

--Claus V.