RE: Simple but effective Disk Wipe Software

From: dave kleiman (dave_at_isecureu.com)
Date: 11/09/04

  • Next message: Nick Owen: "RE: Password management"
    To: <keith.bucknall@zen.co.uk>
    Date: Tue, 9 Nov 2004 17:33:10 -0500
    
    

    Keith in this forum we are all here to learn and there are no stupid
    questions!

    Eraser programs write random data to disk in an attempt to erase any
    preexisting data.

    The two I mentioned below from SourceForge are free and both create boot
    disks for wiping, which is what I believe you were asking for.

    The best write-up I have ever found on erasing/wiping is:

    http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

    The one I placed the C code from you could compile into and .exe and make a
    boot disk and add the .exe to it. The one we made is in .exe form and could
    be put on a bootable disk.

    But I would recommend the ones from SourceForge, as Eraser just won Chip
    Magazine's BEST FILE SHREDDER AWARD.

    Dave

    -----Original Message-----
    From: Keith Bucknall [mailto:keith.bucknall@zen.co.uk]
    Sent: Tuesday, November 09, 2004 16:49
    To: 'dave kleiman'
    Subject: RE: Simple but effective Disk Wipe Software

    Dave

    Thanks sorry to sound stupid but what does it actually do?

    Kieht

     

    -----Original Message-----
    From: dave kleiman [mailto:dave@isecureu.com]
    Sent: 09 November 2004 01:02
    To: keith.bucknall@zen.co.uk; security-basics@securityfocus.com
    Subject: RE: Simple but effective Disk Wipe Software

    Here are a few:

    http://sourceforge.net/projects/eraser/

    http://sourceforge.net/projects/dban/

    I have one that we made ourselves, will gladly e-mail it to you ( no
    warranties our guaranties expressed or implied)

    Here is C Code for one from: Keith Oxenrider (koxenrider@sol-biotech.com)

    /*******************************************
        wipeIt.c

        A program for writing random data to disk
        in an attempt to erase any preexisting data.

        It was written for Windows, but should be
        easily addapted for any UNIX variant
        (or any with an ANSI compatible C compiler).

        Written/Addapted by Keith Oxenrider (koxenrider@sol-biotech.com)

        This program is hereby placed in the public domain, use as you will.

        This program has no warrentee, expressed or implied.

        Use at your own risk!

     ******************************************/

    #include <ctype.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <time.h>

    typedef unsigned long uint32; /* this value must be 32 bits in length! */
    #define WIPENUM 1024 /* the block size for writing to disk, can be
    optimized by OS */

    /*
        prng adapted from http://www.math.keio.ac.jp/~matumoto/cokus.c
        Cokus@math.washington.edu and matumoto@math.keio.ac.jp */

    #define N (624) /* length of state vector */
    #define M (397) /* a period parameter */
    #define K (0x9908B0DFU) /* a magic constant */
    #define hiBit(u) ((u) & 0x80000000U) /* mask all but highest bit
    of u */
    #define loBit(u) ((u) & 0x00000001U) /* mask all but lowest bit
    of u */
    #define loBits(u) ((u) & 0x7FFFFFFFU) /* mask the highest bit
    of u */
    #define mixBits(u, v) (hiBit(u)|loBits(v)) /* move hi bit of u to hi bit
    of v */

    static uint32 state[N+1]; /* state vector + 1 extra to not violate
    ANSI C */
    static uint32 *next; /* next random value is computed from here
    */
    static int left = -1; /* can *next++ this many times before
    reloading */

    void seedMT(uint32 seed){
        register uint32 x = (seed | 1U) & 0xFFFFFFFFU, *s = state;
        register int j;

        for(left=0, *s++=x, j=N; --j;
            *s++ = (x*=69069U) & 0xFFFFFFFFU); }

    uint32 reloadMT(void){
        register uint32 *p0=state, *p2=state+2, *pM=state+M, s0, s1;
        register int j;

        if(left < -1)
            seedMT(4357U);

        left=N-1, next=state+1;

        for(s0=state[0], s1=state[1], j=N-M+1; --j; s0=s1, s1=*p2++)
            *p0++ = *pM++ ^ (mixBits(s0, s1) >> 1) ^ (loBit(s1) ? K : 0U);

        for(pM=state, j=M; --j; s0=s1, s1=*p2++)
            *p0++ = *pM++ ^ (mixBits(s0, s1) >> 1) ^ (loBit(s1) ? K : 0U);

        s1=state[0], *p0 = *pM ^ (mixBits(s0, s1) >> 1) ^ (loBit(s1) ? K : 0U);
        s1 ^= (s1 >> 11);
        s1 ^= (s1 << 7) & 0x9D2C5680U;
        s1 ^= (s1 << 15) & 0xEFC60000U;
        return(s1 ^ (s1 >> 18));
    }

    uint32 randomMT(void){
        uint32 y;

        if(--left < 0)
            return(reloadMT());

        y = *next++;
        y ^= (y >> 11);
        y ^= (y << 7) & 0x9D2C5680U;
        y ^= (y << 15) & 0xEFC60000U;
        return(y ^ (y >> 18));
    }

    void Usage(char * argv[]){
        fprintf(stderr, "Usage: %s <drive letter (no colon!)>\n", argv[0]);
        fprintf(stderr, "\n");
        fprintf(stderr, "This program writes randomly generated data to the
    root\n");
        fprintf(stderr, "directory of the drive given (this implementation is
    intended\n");
        fprintf(stderr, "for Windows) until it is full (file name is 'wipe.dat',
    be\n");
        fprintf(stderr, "sure that name is not in use!), then deletes the
    file.\n");
        fprintf(stderr, "The purposes of this exercise is to overwrite any
    deleted data.\n");
        fprintf(stderr, "\n");
        fprintf(stderr, "The prng is adapted from
    http://www.math.keio.ac.jp/~matumoto/cokus.c\n");
        fprintf(stderr, "\n");
        fprintf(stderr, "Written 2/11/2003 by Keith Oxenrider
    (koxenrider@sol-biotech.com)\n");
        fprintf(stderr, "\n");
        fprintf(stderr, "Press enter to quit.\n");
        getchar();
        exit(1);
    }

    int main(int argc, char * argv[]){
        FILE *fwipe;
        uint32 dat[WIPENUM];
        char fileName[] = "0:\\wipe.dat";
        size_t retval;
        uint32 cnt = 0;
        int i;
        time_t timeTot, elapsedTime;

        if (argc != 2)
            Usage(argv);
        if (strlen(argv[1]) != 1)
            Usage(argv);
        if (!isalpha(argv[1][0]))
            Usage(argv);

        fileName[0] = argv[1][0];

        seedMT((uint32)time(NULL));

        if ((fwipe = fopen(fileName, "r")) != NULL){
            fprintf(stderr, "\n\n\t%s already exists!\n\n\n", fileName);
            fclose(fwipe);
            Usage(argv);
        }

        if ((fwipe = fopen(fileName, "wb")) == NULL){
            fprintf(stderr, "\n\n\tCannot open %s!\n\n\n", fileName);
            Usage(argv);
        }

        fprintf(stderr, "sizeof(dat): %d, sizeof(uint32): %d, WIPENUM: %d\n",
    sizeof(dat), sizeof(uint32), WIPENUM);

        time(&timeTot);

        while ((retval = fwrite(dat, sizeof(dat), 1, fwipe)) == 1){
            for (i=0;i<WIPENUM;i++){
                dat[i] = randomMT();
            }

            cnt += sizeof(dat);
            if (cnt % (sizeof(dat) * 20000) == 0){
                elapsedTime = time(NULL) - timeTot;
                fprintf(stderr, "Have written %d bytes in %d:%01d\n", cnt,
    (elapsedTime / 60), (elapsedTime % 60));
            }
        }
        fclose(fwipe);
        remove(fileName);

        elapsedTime = time(NULL) - timeTot;
        fprintf(stderr, "Fini. Wrote %d bytes in %d:%01d min\n", cnt,
    (elapsedTime / 60), (elapsedTime % 60));
        fprintf(stderr, "Press enter to quit.\n");
        getchar();

        return 0;
    }

     

    -----Original Message-----
    From: Keith Bucknall [mailto:keith.bucknall@zen.co.uk]
    Sent: Monday, November 08, 2004 17:26
    To: security-basics@securityfocus.com
    Subject: Simple but effective Disk Wipe Software
    Importance: High

    Dear All,

    I know a few weeks ago we had a post on someone putting a post up about
    returning a Hard Disk to Dell.

    Well at my last place of work we used Paragon Disk Wiper Pro which states it
    wipes Hard Disks to DoD standard. I am looking for a simple but effective
    Boot type of wiping software for our old stock of PC's that we have just
    upgraded.

    My Director does not want to spend any money as he feel's a standard
    "format" will suffice; therefore I guess a Linux solution is the best. I am
    wondering what people would recommend, we do not have High Classified
    documents put I would like something a little more than a standard format.

    Kind Regards

    Keith Bucknall


  • Next message: Nick Owen: "RE: Password management"