Find the answer to your Linux question:
Results 1 to 9 of 9
Just curious if there is a good way to completely wipe a hard drive on a Ubuntu computer that I am going to be donating. I am pretty damn sure ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie danbuter's Avatar
    Join Date
    May 2007
    Posts
    108

    Any way to wipe hard drive?


    Just curious if there is a good way to completely wipe a hard drive on a Ubuntu computer that I am going to be donating. I am pretty damn sure the sudo rm... command doesn't work on Ubuntu. (At least to get hidden stuff like old passwords or card numbers) Thanks!
    Dan

  2. #2
    Linux Guru Juan Pablo's Avatar
    Join Date
    Mar 2006
    Location
    /home/south_america/ecuador/quito
    Posts
    2,064
    Yes, boot with a LiveCD and then use this command to fill the hard drive with zeros

    dd if=/dev/zero of=/dev/hda

    I would suggest using a tool to check if the partitions are recoverable at all, try testdisk to see if it finds anything

    TestDisk - CGSecurity
    Put your hand in an oven for a minute and it will be like an hour, sit beside a beautiful woman for an hour and it will be like a minute, that is relativity. --Albert Einstein
    Linux User #425940

    Don't PM me with questions, instead post in the forums

  3. #3
    Super Moderator devils casper's Avatar
    Join Date
    Jun 2006
    Location
    Chandigarh, India
    Posts
    24,729
    I would suggest you to execute this
    Code:
    sudo dd if=/dev/zero of=/dev/hda bs=521 count=1

    if you execute dd with bs and count parameters, It will erase first 512 bytes only which includes Partition Table, Boot Loader and Hard Disk Signatures. There is no need to re-write whole disk. Its not recommended.
    It is amazing what you can accomplish if you do not care who gets the credit.
    New Users: Read This First

  4. #4
    Linux Newbie danbuter's Avatar
    Join Date
    May 2007
    Posts
    108
    Thanks, guys!
    Dan

  5. #5
    Linux Guru Juan Pablo's Avatar
    Join Date
    Mar 2006
    Location
    /home/south_america/ecuador/quito
    Posts
    2,064
    if you execute dd with bs and count parameters, It will erase first 512 bytes only which includes Partition Table, Boot Loader and Hard Disk Signatures. There is no need to re-write whole disk. Its not recommended.
    Are you sure? If you just erase the MBR everything will be recoverable using TestDisk or a similar program
    Put your hand in an oven for a minute and it will be like an hour, sit beside a beautiful woman for an hour and it will be like a minute, that is relativity. --Albert Einstein
    Linux User #425940

    Don't PM me with questions, instead post in the forums

  6. #6
    Super Moderator devils casper's Avatar
    Join Date
    Jun 2006
    Location
    Chandigarh, India
    Posts
    24,729
    Quote Originally Posted by Juan Pablo
    Are you sure? If you just erase the MBR everything will be recoverable using TestDisk or a similar program
    Yes, I am sure about that, if you re-write every byte of first sector, TestDisk could not recover Partition Structure.
    It is amazing what you can accomplish if you do not care who gets the credit.
    New Users: Read This First

  7. #7
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757

    Smile

    hmm..interesting one...deleting MBR alone makes harddisk un-recoverable???
    ...any links or docs on it?...i would love to learn more about this ...
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  8. #8
    Super Moderator devils casper's Avatar
    Join Date
    Jun 2006
    Location
    Chandigarh, India
    Posts
    24,729
    Quote Originally Posted by Lakshmipathi
    hmm..interesting one...deleting MBR alone makes harddisk un-recoverable???
    ...any links or docs on it?...i would love to learn more about this ...
    Check the manual of dd command.
    It is amazing what you can accomplish if you do not care who gets the credit.
    New Users: Read This First

  9. #9
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    Wiping the MBR or formatting the disk is not enough to wipe the data. I've set up a 1MB test image to demonstrate. First of all, scrubbing the MBR doesn't change the data needed to mount a disk, so it can simply be re-mounted.

    Code:
    root@angua:/mnt# df -h | grep test
    /dev/loop0           1003K   21K  931K   3% /mnt/test
    root@angua:/mnt# find ./test
    ./test
    ./test/lost+found
    ./test/quick
    ./test/quick/brown
    ./test/quick/brown/fox.txt
    ./test/hello.txt
    root@angua:/mnt# umount test
    root@angua:/mnt# dd if=/dev/zero of=/dev/loop0 bs=512 count=1
    1+0 records in
    1+0 records out
    512 bytes (512 B) copied, 0.000130744 seconds, 3.9 MB/s
    root@angua:/mnt# mount /dev/loop0 ./test
    root@angua:/mnt# find ./test
    ./test
    ./test/lost+found
    ./test/quick
    ./test/quick/brown
    ./test/quick/brown/fox.txt
    ./test/hello.txt
    Formatting the disk does appear to wipe the data, but a dump of the disk image shows what is left.

    Code:
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000400  80 00 00 00 00 04 00 00  33 00 00 00 da 03 00 00  |........3.......|
    00000410  75 00 00 00 01 00 00 00  00 00 00 00 00 00 00 00  |u...............|
    00000420  00 20 00 00 00 20 00 00  80 00 00 00 00 00 00 00  |. ... ..........|
    00000430  e1 2d 6d 48 00 00 20 00  53 ef 01 00 01 00 00 00  |.-mH.. .S.......|
    00000440  e1 2d 6d 48 00 4e ed 00  00 00 00 00 01 00 00 00  |.-mH.N..........|
    00000450  00 00 00 00 0b 00 00 00  80 00 00 00 30 00 00 00  |............0...|
    00000460  02 00 00 00 01 00 00 00  49 05 65 1e 87 2c 49 ac  |........I.e..,I.|
    00000470  a4 7f d0 0a c1 e7 31 39  00 00 00 00 00 00 00 00  |......19........|
    00000480  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00006000  02 00 00 00 0c 00 01 02  2e 00 00 00 02 00 00 00  |................|
    00006010  0c 00 02 02 2e 2e 00 00  0b 00 00 00 e8 03 0a 02  |................|
    00006020  6c 6f 73 74 2b 66 6f 75  6e 64 00 00 00 00 00 00  |lost+found......|
    00006030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00006400  0b 00 00 00 0c 00 01 02  2e 00 00 00 02 00 00 00  |................|
    00006410  f4 03 02 02 2e 2e 00 00  00 00 00 00 00 00 00 00  |................|
    00006420  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00009800  0c 00 00 00 0c 00 01 02  2e 00 00 00 02 00 00 00  |................|
    00009810  0c 00 02 02 2e 2e 00 00  0d 00 00 00 e8 03 05 02  |................|
    00009820  62 72 6f 77 6e 00 00 00  00 00 00 00 00 00 00 00  |brown...........|
    00009830  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00009c00  0d 00 00 00 0c 00 01 02  2e 00 00 00 0c 00 00 00  |................|
    00009c10  0c 00 02 02 2e 2e 00 00  0e 00 00 00 e8 03 07 01  |................|
    00009c20  66 6f 78 2e 74 78 74 00  00 00 00 00 00 00 00 00  |fox.txt.........|
    00009c30  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    0000a000  54 68 65 20 71 75 69 63  6b 20 62 72 6f 77 6e 20  |The quick brown |
    0000a010  66 6f 78 20 6a 75 6d 70  65 64 20 6f 76 65 72 20  |fox jumped over |
    0000a020  74 68 65 20 6c 61 7a 79  20 64 6f 67 0a 00 00 00  |the lazy dog....|
    0000a030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    0000a400  48 65 6c 6c 6f 2c 20 57  6f 72 6c 64 21 0a 00 00  |Hello, World!...|
    0000a410  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00100000
    The first line followed by the * indicates that the first 0x400 bytes (1KB) are all null so even the original formatting to set up this test didn't write there.

    The blocks at 0x6000 and 0x6400 show the directories set up by the ext2 formatting. It's not readily apparent, but the '01 02 2e' at 0x6006 and '02 02 2e 2e' at 0x6012 are the '.' and '..' directories. This pattern can be searched for to recover directories, and find the data that was in them. 0x6400 repeats this pattern for the contents of the lost+found directory.

    So the formatting deleted the 'quick' directory and the 'hello.txt' filename, but we can see the 'brown' directory at 0x9800, with the same '.' and '..' patterns, and the next block shows the filename fox.txt. The last two blocks are the contents of the test files shown in the first example. Files with predictable headers can be searched for and recovered in this way too, for example jpegs.

    I've watched an expert use off the shelf tools to recover a disk that had been through fdisk. It's also worth noting that the Windows full format is essentially a bad blocks check and does not destroy any more data than a quick format.

    Writing zeros to the *entire* disk would prevent an interested amateur from recovering the data, but I'd write random data several times. A disk wiping utility would be a good idea, but I read news reports based on a report from Glamorgan University that suggested some were ineffective and some just totally useless.

    After that you get into the territory of ghost images recovered by filtering out the main signal and looking at what is left. For example a 1 overwritten with a 0 looks different from a 0 overwritten with a 0. Also, if the write head drifts slightly during a write, then the underlying data may be available on the other edge of the track.


    My advice is that hard disks are reasonably cheap. Bash it with a hammer and build a wind chime out of the bits.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •