# [howto] Really Secure erase of hd or partition

## kamikaze04

Hi,

I've been watching some time the way of wiping a hard disk or partition completely safe. I've got some harddisks with financial data of a company, and i want it to be well deleted.

I found this script in the internet, it sounds really well. Now i share it with all of you, for improvements or whatever.

 :Arrow:  Purists will say that the only way of deleting completly sure is burning them or something like that. Well, i don't have NSA or things like that after my data, so i think no other company will waste thousands of $ in trying to recover it with "phisical way".

```

#!/bin/sh

# wipeall.sh

# by Thomas C. Greene (tcgreene@bellatlantic.net)

#

echo " -- This script will wipe your entire HDD (hda)"

echo " -- This is a rough hack with NO WARRANTY"

echo " -- USE AT YOUR OWN RISK!"

echo " -- Did you edit this file according to the README?"

echo " -- Press enter to continue"

read

echo " -- Are you absolutely certain that you want to wipe your entire HDD (hda)?"

echo " -- There will be no salvation if you are mistaken"

echo " -- Press Ctrl+C to exit now while you can"

echo " -- Otherwise..."

echo " -- Press enter to continue"

read

# dd if=/dev/urandom of=/dev/hda

# dd if=/dev/zero of=/dev/hda

echo " -- The wipe is finished"

```

```

#!/bin/sh

# wipefree.sh

# by Thomas C. Greene (tcgreene@bellatlantic.net)

#

echo " -- This script will wipe unused space on select parts of the root partition"

echo " -- This is a rough hack with NO WARRANTY"

echo " -- It will not be completely effective on journaled file systems"

echo " -- USE AT YOUR OWN RISK!"

echo " -- Press enter to continue"

read

dd if=/dev/urandom of=/home/cleanupfile

sync

rm /home/cleanupfile

sync

dd if=/dev/zero of=/home/cleanupfile

sync

rm /home/cleanupfile

sync

#repeat both dd's as many times as paranoic you are

echo " -- The wipe is finished"

```

```

#!/bin/sh

# wipeswap.sh

# by Thomas C. Greene (tcgreene@bellatlantic.net)

# and Conrad Wood (cnw@lemon-computing.com)

#

echo " -- This script will completely wipe the swap partition"

echo " -- This is a rough hack with NO WARRANTY"

echo " -- It will not be completely effective on journaled file systems"

echo " -- USE AT YOUR OWN RISK!"

echo " -- Did you edit this file according to the README?"

echo " -- Running this script from a GUI may cause application or system crashes"

echo " -- Press enter to continue"

read

for device in `swapoff -av |sed -e 's/.*\/dev\///g'` 

do

 echo wiping /dev/$device

 # dd if=/dev/urandom of=/dev/$device

 # dd if=/dev/zero of=/dev/$device

done

```

I paste the README from the original author: 

```

Wipefree.sh can be run safely from an active disk.  It will take considerable time but

should not interfere with running applications.

Wipeall.sh needs to be edited.  Un-comment the commands or it will do nothing. The

lines reading of=/dev/hda are an EXAMPLE which MUST be edited to reflect the device

you wish to wipe. Check /etc/fstab for the correct information and edit as needed.

Wipeall must be run from a different active hard disk, floppy or CD, for obvious

reasons.

Wipeswap.sh needs to be edited.  Un-comment the commands or it will do nothing. It

will automatically detect your swap device (thanks to Conrad Wood). Wipeswap is

best run from the console with nothing else running.  Otherwise application and even

system crashes may result.

```

----------

## tb7653

I'm not sure, but why not just shred the whole disk like this:

```
shred /dev/hda
```

----------

## slycordinator

 *tb7653 wrote:*   

> I'm not sure, but why not just shred the whole disk like this:
> 
> ```
> shred /dev/hda
> ```
> ...

 

shred manpage says:

```
CAUTION:  Note  that  shred relies on a very important assumption: that

       the file system overwrites data in place.  This is the traditional  way

       to  do  things, but many modern file system designs do not satisfy this

       assumption.  The following are examples of file systems on which  shred

       is not effective:

       * log-structured or journaled file systems, such as those supplied with

              AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
```

And it had more listed.

edit:

But other than that shred pretty much IS what is being done by those scripts.

----------

## tb7653

AFAIK the warning about journaled file systems etc is about using shred on a file.

From shreds info page:

 *Quote:*   

>    Generally speaking, it is more reliable to shred a device than a
> 
> file, since this bypasses the problem of file system design mentioned
> 
> above.  However, even shredding devices is not always completely
> ...

 

So it should be quite safe if used on a whole device, since it overwrites the existing filesystem anyway. Furthermore shred overwrites the data per default 25 times.

As you said the scripts seem to be a "simple version" of shred, so the same warnings apply to them.

   Thomas

----------

## slycordinator

 *tb7653 wrote:*   

> As you said the scripts seem to be a "simple version" of shred, so the same warnings apply to them.

 

I fail to see any logic in this statement.

Lets assume there's a program that does a whole bunch of stuff but has problems working with journaled file systems. Lets say another program has a subset of those same features.

How can you possibly then conclude that the second program has the same problems?

----------

## NeddySeagoon

slycordinator,

shred can be used on indiviadual files, where it depends on the underlying filesystem. As the man page says, some filesystems can defeat this.

When used on whole partitions or drives, the underlying filesystem is not used and shred and the scripts are almost equivelent. Shred does more passes.

----------

## Reikinio

Just overwrite the hard-drive a few times using /dev/urandom and you're done.

If you're really paranoid, after overwritting the hard-drive with random crap, cut the hard-drive in pieces, set them on fire, separate the ashes into different plastic bags, throw them away at different locations, and kill yourself... now it's really erased.

Regards,

----------

## kamikaze04

Reikinio:

As i said in my first post, i don't have the need of destroying the harddisk, however i'm really interested in knowing if those scripts erase ALL the data or, for example, if there are bad sectors marked in the hd, the info in that sector would keep intact.

My boss wants every byte in the hd to be erased, and that scripts are my actual solution, but as far as i can see...maybe i'm missing the data in that fucking bad sectors  :Sad: 

Okey, let's see if any guru improves them.

About the number of passes, it really does not matter to my boss/company, just overwriting with zeros and after with random data is enough...

----------

## xming

```
dd if=/dev/urandom of=/dev/$device 
```

will erase all data, every bit of /dev/$device gets overwritten. But, yes there is always a but, the data that was previously on the $device is still recoverable using specialized hardware, there is no way to get the data back by connecting the drive to another PC and try to do an unforamt (sic).

```
dd if=/dev/zero of=/dev/$device
```

 just make hardware recovery easier.

How is this posible? Well no HD is perfect, after you have written all zeros, there is still some residue magnetism around every bit, because the place where the platter gets wirtting is not always the exact same place, with specialized hardware http://en.wikipedia.org/wiki/Magnetometer it is possible to read the bits manually. And overwrite you data with with all 0's or all 1's just makes the manual reading easier.

So I will suggest to overwrite your data at least 3 times with

```
dd if=/dev/urandom of=/dev/$device 
```

xming

----------

## kamikaze04

Thanks for your explanation xming.

Well, i think 0,rand,0,rand,0,rand will be enough for our security needs  :Smile: 

Just for people interested: With 6 passes, i need 6 min/GB to be secured (1 min/GB for each pass)

----------

## NeddySeagoon

kamikaze04,

You cannot get at the data in bad sectors. The drive has mapped them out over its life, so the operating system never sees them. The data is still there but difficult to recover, since you cannot ask the drive to read them any longer.

You would need to erase the bad sector table stored in FLASH memory for that.

If you read the SMART data from the drive (emerge smartmontools) you can see how many bad sectors you have.

Some will have been there when the drive was made.

----------

## gerard27

Why not use bcwipe?

It is available in portage:/app-crypt/bcwipe.

Read the info and you will see that it is guaranteed to make even hardware

reading impossible.

----------

## kamikaze04

wow, i'm gonna read about bcwipe now !!! I will tell about it !

----------

## kamikaze04

Oh yeah, i think it's time to forget my little scripts and begin using that program. 

People interested, read the man, it is quite helpful

Thanks Gerard van Vuuren

----------

## tb7653

Nice, I did not know that program.

But as I see it, it still has the same problems with journaling etc (when wiping files) and bad sectors (mapped out of reach), right? 

@slycoordinator: 

My point is, as Neddy Seagoon already posted: Shred has problems on journaled file systems, because it just overwrites the given file(s) a few times and depends on the os to write those changes over the previous data on the same spot (physically) on the disk. This assumption might just be wrong on files stored on journaled file systems. The script does basically the same so I expect the same problem there. When used on a device, this problem should not occur.

I recommended shred, because 

 I had things like the magnetometer in mind. So overwriting a few times with random data is safer than only once.

It is readily available on (almost) every linux box

But bcwipe seems even safer.

----------

## xming

 *Gerard van Vuuren wrote:*   

> Why not use bcwipe?
> 
> It is available in portage:/app-crypt/bcwipe.
> 
> Read the info and you will see that it is guaranteed to make even hardware
> ...

 

if you want to erase the whole drive there is no dfference between bcwipe and the script. After 35 times of rewriting everything is gone, I mean even your platters  :Wink: 

----------

## furanku

How come that esp. a security tool seem to have some security issues?   :Rolling Eyes: 

```
/var/tmp/portage/bcwipe-1.5_p3/temp/cchV9zhX.o: In function `make_temp_dir':

wipe.c:(.text+0x2ccf): warning: the use of `mktemp' is dangerous, better use `mkstemp'
```

That doesn't really increase my confidence in that tool ...

----------

## xbmodder

you know for freespace destroyer. make it mount an ext3 partition with flags "-t ext2 -o remount,rw,noatime,nomtime"

that fixes journalling

----------

## remix

what about DBAN? it should solve your needs right?

http://software.newsforge.com/article.pl?sid=05/09/14/178204&tid=79&tid=132

http://dban.sourceforge.net/

----------

## Eskarel

The basic issue you're looking at with shred, or bcwipe, or with anything else is files versus partitions/devices.

All of these methods have problems with journalling file systems(ntfs, ext3, etc, though not fat32 or ext2). These systems log all your file writes to a journal which is then added to the disk at a later date in a more optimized file order. This accomplishes a number of things which I'm not going to go into here. For our purposes the basic problem occurs because data can be recovered from the journal as well as from the disk itself.

None of this applies if you perform these actions on the entire disk because the journal will be erased along with everything else and you're going to hit all the bits on the drive/partition.

That said, most of these programs are a waste of time. If you're hiding your files from the feds, this process is way to slow if they come knocking, and if you want real serious security it's terribly tedious.

 I you really want secure you want physical destruction, about 5 minutes with a 5 pound sledge will secure your data far better than 5 hours with one of these programs, of ccourse this means you can't resell the computer or donate it to charity or whatever it is you usually do with them, or at least you can't do this with the hard drive, but if you're serious it's the only way to go. Ya can't pull data of a pile of rubble.

----------

## frostschutz

Using dd once or, if you're paranoid, a multiple-pass shred is completely sufficient. When used on a partition, it will screw up your data for good. About the 'specialized hardware' that can restore overwritten data: Such hardware does not exist. In the past few years, the data density of hard disks increased drastically; you won't find any device that is able to read data with more precision and higher resolution than the hard disk's very own read/write heads, which require a special environment to work - this environment resides inside your hard disk and is destroyed as soon as you open it (dust gets in etc.), making your hard disk unuseable. So the best you can do to analyze a disk's contents in more detail would be to replace the electronics of the drive. And the possibilities here are very limited - if there was a way to reliably read deleted data off a disk, this would actually mean that you can double (triple, quadruple, depending on how many times you may overwrite data without affecting readability) the capacity of any hard disk, which is just plain unrealistic. Even if it was possible to build special hardware like that, it would just not be feasible due to the sheer amount of data you'd have to read, and considering that nowadays there are much more effective ways to hide / distribute data for criminal purposes (encryption, internet etc.).

About bad sectors, the hard disk will prevent you accessing them, so yeah, you cannot overwrite them. Even if you find a way to remove the table that stores remapped sectors (by replacing the electronics for example), you'd probably end up not being able to write these sectors anyway since they would be just marked as bad again. It does not matter though; you should consider any disk that has bad sectors as defective. So re-using that disk for something important is out of the question anyway. You can just as well open it and use it as cool pocket mirror or something.

----------

## Extintor

 *Eskarel wrote:*   

> 
> 
>  I you really want secure you want physical destruction, about 5 minutes with a 5 pound sledge will secure your data far better than 5 hours with one of these programs, of ccourse this means you can't resell the computer or donate it to charity or whatever it is you usually do with them, or at least you can't do this with the hard drive, but if you're serious it's the only way to go. Ya can't pull data of a pile of rubble.

 

Not quite right. I recently attended a speech on data recovery, erasing data and computer forensics held by an employee from Ibas.

He was specific to say that overwriting data is the only way it can't be recovered. 

And yes, they can get data from a pile of rubble. For example from a ship that had been under the water for 6 months, a computer that had been in a fire and harddrives that had been drilled through. 

 *xming wrote:*   

> 
> 
> How is this posible? Well no HD is perfect, after you have written all zeros, there is still some residue magnetism around every bit, because the place where the platter gets wirtting is not always the exact same place, with specialized hardware http://en.wikipedia.org/wiki/Magnetometer it is possible to read the bits manually. And overwrite you data with with all 0's or all 1's just makes the manual reading easier. 

 

The thing with residue magnetism is an urban myth from the time the harddrives were gigantic (think the seventies). 

And even if you can read the information bitwise, is there no chance of getting anything but rubbish.

To kamikaze04:

Boot up with a livecd and do a shred on the entire disk.

This is completely sufficient.

```
gentoo # shred /dev/hda 
```

----------

## Eskarel

All of those examples are of incidental damage. A computer can catch fire without substantially damaging the drives, most hard drive internals are moderately sealed so under the right circumstances they would be in reasonable condition after such a short period of time, and while the drill will be nasty it won't provide substantial damage to the entire platter.

Hit it with a sledge a few times and see if you can get any data off of it, break your CD into tiny bits, see if you can get any data off of it. when I say I pile of rubble, I don't mean a hard drive that's seen hard times I mean a hard drive that is a pile of rubble.

----------

## slick

You are an bad guy and want to sell your (cleaned) harddisk? Take a image of an unwanted CD your found in your mailbox (like advertising) and copy it (in a loop) over the whole cleaned disk until she's full.  Who buy your old harddisk will have a lot of fun to analyse your "important" data  :Wink: 

----------

