Corrupting NTFS With A Single Shortcut
Do Not Try This At Home … Or Anywhere For That Matter
Starting with Windows 10 1803 and continuing to this day is a simple and rather uncouth trick to corrupt a NTFS disk and prompt a reboot, which may not successfully launch. It is a single line which can be delivered via a variety of methods includinga a ZIP archive, batch files, or even an shortcut and in the case of the shortcut you don’t need to launch it; it’s mere existence is enough to trash your drive.
The reason why C:\:$i30:$bitmap will crash a machine is a mystery for now, but it does work on even up to date machines, so don’t go playing with it. Launching that command or creating the shortcut will first trigger a pop up warning that The file or directory is corrupted and unreadable followed immediately by prompts to reboot. Upon reboot CHKDSK will do it’s best to recover your corrupted file system but as many of us know, that is not guaranteed to resolve the issue.
At this time the security researcher Jonas L, who first discovered this bug back in August has neither been successful at determining why the corruption occurs nor does it seem the researcher has been able to gain much traction at Microsoft; the bug works on even a fully updated system. There is much speculation as to the cause as the filename is not invalid and actually part of the file system which is why it can do this, however the registry entry and tracing tool which would prove this hypothesis is not showing the expected behaviour.
So for now, resist the temptation unless you are on a VM you have backed up and be careful with those strange zip files! Make sure you have the fix for your SSD too as this time you may need to run this tool.
In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.
More Tech News From Around The Web
- Apple Testing Vapor Chamber Thermal Tech For Next-Gen iPhone, Kuo Says @ Slashdot
- Qualcomm pays $1.4bn to acquire ex-Apple and AMD Arm server chip engineers (and the biz they set up) @ The Register
- Ford Halts Focus Car Plant for Full Month Due To Chip Shortage @ Slashdot
- Flash in the pan: Raspberry Pi OS is the latest platform to carve out vulnerable tech @ The Register
Copied from someone’s post:
the whole thing is a whole lot of nothing.
It’s essentially an NTFS bug that trigger/set hard-drive “dirty” flag, which usually means Windows will schedule chkdsk on next start up.
It is a bug, as explained here (https://www.youtube.com/watch?v=PtHTqmp-Jt8), as marking a disk as “dirty” normally requires elevated priviledges/admin.
I’d suppose it would be an addition to the collection of “tools” those phone/website scammers could use that make it looks impressively legitimate.