User:Andy Crowd/sandbox/wipe storage

From ArchWiki
Jump to navigation Jump to search

This article is not about wiping of a single file but about wiping the whole partition and/or a storage media. The most important parts is a gathering of the necessary information about storage physical geometry and passing it to the different command line program or other specialized scripts.

Make free disk space full with dd without errors

Fill in all free space with dd without out-of-space errors by creating a single file that is suitable to use in loops:

In this example will be used /tmp/dd.to_del as a destination. If the partition is mounted then df command will show correct values where block size is 1024 and the amount of free blocks is 3357700.

$ df /tmp/ -P
Filesystem 1024-blocks Used      Available    Capacity Mounted on
/dev/sdc3  8754576     4929116   3357700      60%     /tmp

This will do two dd runs, it uses /dev/zero as a source, the first run fill free space up to 99,9% and second will fill in the rest. The array variable contains block size in ${FreeS[0]} and available free blocks in ${FreeS[1]} .

FreeS=($(df -P /tmp/ | awk '{if(index($0,"/") != 0){print $4}else{A=$2;I=index($2,"-")-1;print substr($2,0,I)}}'))
dd if=/dev/zero iflag=fullblock count=$((FreeS[0]-1)) bs="${FreeS[1]}" of=/tmp/dd.to_del

FreeS=($(df -P /tmp/ | awk '{if(index($0,"/") != 0){print $4}else{A=$2;I=index($2,"-");print substr($2,0,I-1)}}'))
dd if=/dev/zero iflag=fullblock count=${FreeS[0]} bs="${FreeS[1]}" >> /tmp/dd.to_del


frag_find - rec by Indigo


Check is any data left after filling haddisk with with zeros you can do with a hexdump utility. In the last line shows only a descriptor that device is ended.

hexdump /dev/sdXY
0000000 0000 0000 0000 0000 0000 0000 0000 0000

Wipe all known partition table descriptions

To remove all traces of the partitions parameters use the wipefs -a /dev/sdX command and to reload/update information about partition tables use the partprobe /dev/sdX.

Wipe free space by creating a file

Example for creation of a single file that takes all available free space.

ZZ=$(df /path_to_mounted_partition -B1 | tail -1 | awk '{print $4}')
dd if=/dev/zero |pv|dd oflag=direct iflag=nocache of=/path_to_mounted_partition/filename count=$((ZZ * 2))

Use rar. Rar removes all created files due an error that makes it halt when data ends without EOF. Pre-test rar

ZZ=$(df . -B1 | tail -1 | awk '{print $4}')
dd if=/dev/urandom bs=512 count=$((ZZ * 2))|pv| rar a -sistdin -p${RANDOM}"$(dd if=/dev/urandom bs=4086 count=1)" -v${RANDOM}m test.tmp

Warning: Do not use on the partitions that has ongoing operations such as a copying or removing files during the file for filling up of all free space is being created to avoid possible errors that will interrupt creation of it.
Note: All file systems has a limitation about how big files can be created.

Anti SSD - destroy free space

# Creates random encrypted files of the random predefined size 

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/random bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero \
| 7z a -si -t7z -v${RANDOM}m -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on -p"$(dd if=/dev/urandom bs=512 count=1)" test.file

Detect if it is a device or a partition of device and wipe

Use info about storages by getting data know by kernel

Uncomment commented to begin wiping of partition/harddrive

Note: You will not be able to mount partition after it has been destroyed and rewritten with other data. And no data will be possible to restore from it.
Tip: You can add a loop around parts thats do rewrites to make sure that no data will be left after wiping and use more then one command with a different openssl encription algorithm.


if [ -b $ZZ ];then
PP=$(echo $ZZ | sed 's/[0-9$]//m')
PyS=$(cat /sys/block/${PP##*/}/queue/physical_block_size)
if [[ "${ZZ}" =~ $CC ]];then
echo The $ZZ Is partition of the': ' $PP
PStart=$(cat /sys/block/${PP##*/}/${ZZ##*/}/start)
PSect=$(cat /sys/block/${PP##*/}/${ZZ##*/}/size)
PSize=$((PyS * PSect))
echo PyS = $PyS , PStart = $PStart , PSect = $PSect , PSize = $PSize

#openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/random bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero \
#    | pv -bartpes $PSize | dd bs=$PyS count=$PSect of=/dev/${PP##*/} seek=$PStart oflag=direct iflag=nocache

## write to partition found on hard-drive
##dd if=/dev/zero bs=$PyS count=$PSect |
##pv -bartpes ${PSize} |
##dd bs=$PyS count=$PSect of=/dev/${PP##*/} seek=$PStart oflag=direct iflag=nocache

echo The $ZZ is a device'!';
DSect=$(cat /sys/block/${PP##*/}/size)
DSize=$((PyS * DSect))
echo PyS = $PyS , DSect = $DSect , DSize = $DSize

#dd if=/dev/zero bs=$PyS count=$DSect| pv -bartpes $DSize | of=/dev/${PP##*/} seek=0 oflag=direct iflag=nocache
else echo Is not a block device'!'

Getting info with fdisk

Prepare necessary info about storage for dd wipe from fdisk -l output

St_info=($(fdisk -l /dev/sda | grep ^'Disk /'));D_Size=${St_info[4]};D_Sectors=${St_info[6]};Physical_Sec_Size=$((St_info[4]/St_info[6]))

With lsblk

Get info with lsblk -b -o SIZE

D_Size=$(lsblk -b -o SIZE  /dev/sda | head -2 | tail -1);
Physical_Sec_Size=$(cat /sys/block/sda/queue/physical_block_size);
D_Sectors=$((D_Size / Physical_Sec_Size))

A basic knowledge about path for info

In the /sys/block/ keeps a warriors information about all known by kernel currently connected block devices but in some cases need to use the partprobe command to update it.


Script by Andy

This is a simple script that uses known by kernel data about all currently connected storage block device to the computer. It reads data by patterns

For the storage disk


For the partition


The start includes offset in the physical sectors from the beginning of the disk where a partition starts. The size includes the size in the physical sectors of a partition or of the disk. To calculate the size in bytes of a partition or a disk you will need to multiply size with the physical_block_size. - on github

The script detects automatically if it is a storage block device or a partition on it passed to it the command line. If you will give a path to partition then it will destroy the partition including all data on it even meta data that used by the file system itself and you will not be able to mount it again without formating first. You can also use it without a command line just by defining path to the disk storage in the PathToDevice variable. To begin wiping you will need to uncomment those parts that contains dd command, they represents in a commented blocks, one that uses openssl for creating patterns and another one uses zero as a pattern by getting input from the /dev/zero device.

Tip: You can add a loop around parts thats do rewrites to make sure that no data will be left after wiping because of some of the harddrives may need more than one run and use more than one command with a different openssl encription algorithm.


Is there an alternative to dev urandom