WARNING: use at own risk!

use a dedicated computer for shredding harddisk, that has no valuable data stored or attached (in case the operator enters the wrong drive letter = all data gone)

have been warned! WARNING!

this method might not be good for state secrets or military and top secret data!

for top secret data it is better to physically destroy the device

some users (not the one) think it’s fun to shop on eBay for second hand harddisks and look at restoring the data on it and in many cases, this data scavenging actually is successfull (especially if the harddisks come from private sellers and not come from professional refurbishment companies that have to follow strict laws and regulations on wiping harddisks, and might even have specialized software for the job)

if the user wants to securely erase files and directories look at srm and this article.

if the user wants to wipe an entire harddisk (magnetic or ssd), this script will dd one’s harddisk with zeros and random numbers from /dev/random (checkout how /dev/random works, depending on the system it could be very slow)

the script(s) will ask the user if the drive letter entered is correct, and the user should double tripple check with this script.

# create a new script
vim /scripts/shred_harddisk.sh

# for personal use (no logs generated)
#!/bin/bash
# erase all data on harddisk by overwriting with /dev/random

if [ -z "$1" ]
  then
    echo "please pass device like this: /dev/sdb
          TARGET THE WHOLE DEVICE (sdb)
          NOT A PARTITION! (sdb1)
	  WARNING! THIS WILL ERASE ALL DATA
	  BY OVERWRITING THE COMPLETE HARDDISK
	  WITH RANDOM DATA
	  THERE IS NO POSSIBILITY TO BRING BACK
	  THE DATA!!!
          USER ONLY ON DEDICATED COMPUTER
          THAT HAS NO ACCESS TO ANY VALUABLE DATA
          USE AT YOUR OWN RISK!!!
          "
  else
    echo "========== does the user want to erase all data by overwriting device "$1" with random data?"
    echo "
	  WARNING! THIS WILL ERASE ALL DATA OF $1
          BY OVERWRITING THE COMPLETE HARDDISK
	  WITH RANDOM DATA
	  THERE IS NO POSSIBILITY TO BRING BACK
	  THE DATA!!!"

read -p "Continue (y/n)?" choice
case "$choice" in 
  y|Y ) echo "yes";;
  n|N ) echo "no";;
  * ) echo "invalid";;
esac

    sync;
    echo "=== umounting all partitions of" $1
    umount $1*;
    echo "=== start process monitor"
    watch kill -USR1 $(pgrep ^dd) &
    echo "=== overwriting"
    dd if=/dev/urandom of=$1 bs=1M conv=notrunc;
    sync;
fi


# long version (for companies that do refurbishment and need the logs)

#!/bin/bash
echo "=================== secure & fast wipe harddisk script v1.0 by dwaves.org GPLv2 ==================="
echo "it is recommended that you run this script inside a screen session, you can label the session according to the harddisk-3-letter-id, example: screen -S sdd"
echo "please modify the script line 'operator=' to specify who is responsible for deleting the harddisk"

# 4. operator of the machine
operator="operator operator@domain.de";

# change into log dir
cd /root/deleteLogs

harddisk=$1
harddiskID=$2

# list all available harddisks

val=
if [[ -z "$harddisk" ]]
then
lsblk

read -p "what harddisk would you like to wipe? (please enter the 3xletter id):" harddisk
echo " =================== =================== ==================="
fi

val=
if [[ -z "$harddiskID" ]]
then
read -p "my refurbish-workflow of harddisks works like this:
1. you buy second hand pcs
2. you label the pcs with permanent marker with a pcID-number
3. you label every harddisk with pcID:harddiskID number
4. you start this script and pass the pcID:harddiskID number, so you will know in the logs what harddisk was wiped

please enter the harddiskID
:" harddiskID
echo " =================== =================== ==================="
fi

# 2. serial of harddisk
# remove all whitespace: | tr -d ' '
# replace whitespace with underscore: safename="$(echo $filename | sed 's/ /_-_/g')"

hdmodel=$(hdparm -I /dev/$harddisk|grep Model)
hdserial=$(hdparm -I /dev/$harddisk|grep Serial)
filename=$(date +%Y-%m-%d)_$(echo $hdmodel)_$(echo $hdserial)_delete.log
filename="$(echo $filename | sed 's/ /_-_/g')"

# 3. date of deletion
touch "$filename"
echo $(date "+DATE-%Y-%m-%d-TIME-%H-%M-%S")" Log datei angelegt." >> "$filename";

# 2. write serial of harddisk to file
echo "=============== harddisk model & serial =============" >> "$filename";
echo "Self-Labeled-harddiskID:"$harddiskID >> "$filename";
echo $hdmodel >> "$filename";
echo $hdserial >> "$filename";
echo "=====================================================" >> "$filename";

# 4. who operated the machine
echo $operator >> "$filename";

# 5. what way of deletion was taken
echo "method of deletion: debian-dd one pass with zeros, one pass with random data - securely erase files from magnetic media" >> "$filename";

# 1. seriennummer von pc
echo "================= system informations ============" >> "$filename";
dmidecode|grep -A 13 "System Information" >> "$filename";
echo "==================================================" >> "$filename";

# 6. wipe with zeros
echo $(date "+DATE-%Y-%m-%d-TIME-%H-%M-%S")" wipe with zeros" >> "$filename";
dd if=/dev/zero of=/dev/$harddisk bs=4k conv=notrunc count=1024MB >> "$filename";

# 7. wipe again with random data
echo $(date "+DATE-%Y-%m-%d-TIME-%H-%M-%S")" wipe again with random data" >> "$filename";
dd if=/dev/urandom of=/dev/$harddisk bs=4k conv=notrunc
# shred -vfz -n 100 /dev/sda

echo "WIPE "$harddisk" ?";

# wipe -fkq /dev/$harddisk
# Assuming /dev/hda3 is the block device corresponding to the third partition of the master drive on the primary
# IDE interface, it will be wiped in quick mode (option -q) i.e. with four random passes. The inode won't be
# renamed or unlinked (option -k). Before starting, it will ask you to type ``yes''.

echo $(date "+DATE-%Y-%m-%d-TIME-%H-%M-%S")" overwrite-shred harddisk finished: " >> "$filename";

# how to run

chmod u+x /scripts/*.sh
/scripts/shred_harddisk.sh sdd 10.2

# example output:

DATE-2013-09-20-TIME-10-10-27 Log datei angelegt.
=============== harddisk model & serial =============
Self-Labeled-harddiskID:10.2
Model Number: ST34342A
Serial Number: VG561565
=====================================================
Operator Name operator@domain.com
Löschmethode: debian-dd one pass with zeros, one pass with random data - securely erase files from magnetic media
================= system informations ============
System Information
        Manufacturer: FUJITSU SIEMENS
        Product Name: A8NE-FM
        Version: 1.XX
        Serial Number: 123456789000
        UUID: 11111111-1111-1111-1111-111111111111
        Wake-up Type: Power Switch

Handle 0x0002, DMI type 2, 8 bytes
Base Board Information
        Manufacturer: ASUSTek Computer INC.
        Product Name: A8NE-FM
        Version: 1.00
        Serial Number: 123456789000
==================================================
DATE-2013-09-20-TIME-10-10-27 wipe with zeros
2013-09-20_Model_-_Number:_-_ST34342A_Serial_-_Number:_-_VG561565_delete.log (END)

comments:

it’s quiet a challenge… to find some good (not super expensive blancco) software that will help you with refurbishing your harddisks/pcs before selling them.

it is said, that if you overwrite your harddisk in alternating ways with 1 and 0 (first all 1 then all 0 then again 1) then random data from /dev/random that you have a pretty secure way of deleting/erasing.

The german VSIIR-Standard recommends a 7x Pass overwrite.

On a SATA-Harddisk with 250GB this could take you days.

So i said, okay, without wasting enormous amounts of energy, let’s do 3x passes.

one with zeros and one with random data from /dev/random (high cpu usage!) (there is frandom which is doing better but i did not test it yet)

what is also important: Logging!

this script will log the model number of your harddisk and the serial & the operator responsible.

1. before you sell your hardware

2. you label the pcs with permanent marker with a pcID-number

3. you label every harddisk with pcID:harddiskID number

4. you start this script and pass the pcID:harddiskID number, so you will know in the logs what harddisk was wiped

here is another interesting article about this problem:

The Urban Legend of Multipass Hard Disk Overwrite

Sunday, August 28, 2011
Contributed By:
Brian Smithson7ca9cf570bb97d22b119f3a70d335ede

The Urban Legend of Multipass Hard Disk Overwrite and DoD 5220-22-M

Multipass disk overwrite and  the “DoD 5220-22-M standard 3-pass wipe” are, at best, urban legends. At worst, they are a waste of time and electricity.

Blame Gutmann…

In 1996, Peter Gutmann presented a paper [GUT96] at a USENIX Security Symposium in which he claimed that overwritten data could be recovered using magnetic force microscopy (MFM) and scanning tunneling microscopy (STM) techniques.

This seminal paper alerted many people to the possibility that data which had been overwritten on an HDD could be recovered using such techniques.

Lacking other research in this area, and despite a lack of corroboration, many of those people adopted Gutmann’s conclusions and recommendations and have ever since believed that multiple overwrites are required to effectively render remnant data irretrievable.

Gutmann’s ultimate recommendation was that no fewer than 35 (!) overwrite passes should be performed to ensure that the original data cannot be retrieved.

However, in the context of current HDD technology, there are several problems with Gutmann’s work:

  • Gutmann focused on two disk technologies — modified frequency modulation and run-length-limited encoding — that rely on detection of a narrow range of analog signal values and have not been used for HDDs in the last 10-15 years. Modern HDDs use various kinds of partial-response maximum-likelihood (PRML) sequence detection that uses statistical techniques to determine the maximum likelihood value associated with multiple signal detections [WRIG08].
  • Further, areal density (density of data per square unit of area, the product of bit-per-inch linear density and track-per-inch track density) has increase by at least three orders of magnitude [SOBE04] [WIKI08] since the publication the Gutmann paper. To achieve such densities, head positioning actuators have become significantly more accurate and repeatable.
  • Moreover, Gutmann’s work paper was theoretical, and I am not aware of any practical validation that data could be recovered using the techniques he described.

Gutmann’s work has resulted in the formation of an urban legend: that the US government requires a 3-pass overwrite and specifies it in DoD 5220-22-M.

What about those often-cited US Government standards?

There are many HDD overwrite standards from which to choose [BLAN08]. Among those that are often cited in both procurement and product specifications are DoD 5220.22-M and NSA 130-1. Less often cited, but more current, is NIST SP 800-88.

DoD 5220-22-M

DoD 5220-22-M is the National Industrial Security Program Operating Manual (NISPOM), which a broad manual of procedures and requirements for government contractors handling classified information.

The 1997 version of this document [DOD_97] specified that rigid magnetic disks should be sanitized by writing some character, its complement, and then a random character. However, this “algorithm” was removed from subsequent issues of the NISPOM.

Indeed, the entire table of clearing and sanitization methods is no longer present in the current issue of NISPOM [DOD_06].

NSA 130-1

NSA 130-1 may well have specified a clearing or sanitization procedure by writing a random character, another random character, and then a known value. However, I am not able to find a copy of NSA Manual 130-1 or 130-2 (perhaps they were classified documents).

However, the current issue of the NSA/CSS Storage Device Declassification Manual [NSA_07] (Manual 9-12, which supersedes Manual 130-2) does not specify any overwriting methods for HDDs, and instead requires degaussing or physical destruction.

It is not clear to me if the DoD and NSA no longer recommend overwrite methods because they are ineffective or because their effectiveness as a single technique is uncertain when applied to a variety of HDD technologies.

NIST Special Publication 800-88

The National Institute of Standards and Technology has a special publication “Guidelines for Media Sanitization” that allows HDD clearing by overwriting media “using agency-approved and validated overwriting technologies/methods/tools”.

For purging, it specifies the Secure Erase [UCSD10] function (for ATA-based devices), degaussing, destruction, or the rather vague “purge media by using agency-approved and validated purge technologies/tools”.

The original issue of SP 800-88 [NIST06-1] claimed that “Encryption is not a generally accepted means of sanitization. The increasing power of computers decreases the time needed to crack cipher text and therefore the inability to recover the encrypted data can not be assured”, but that text was removed from SP 800-88 Revision 1 which was issued one month later.

Most interestingly, SP 800-88 states that “NSA has researched that one overwrite is good enough to sanitize most drives”. Unfortunately, the NSA’s research does not appear to have been published for public consumption.

view online: http://www.fylrr.com/archives.php?doc=NISTSP800-88_rev1.pdf

mirror: NISTSP800-88_with-errata

Current Research

Fortunately, several security researchers presented a paper [WRIG08] at the Fourth International Conference on Information Systems Security (ICISS 2008) that declares the “great wiping controversy” about how many passes of overwriting with various data values to be settled: their research demonstrates that a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed.

The researchers found that the probability of recovering a single bit from a previously used HDD was only slightly better than a coin toss, and that the probability of recovering more bits decreases exponentially so that it quickly becomes close to zero.

Therefore, a single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable.

References

admin