Jump to content











Photo

Software to wipe a systemdrive from Windows?


  • Please log in to reply
164 replies to this topic

#101 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 January 2011 - 08:22 AM

More than that, something that in movies may happen and that doesn't in real life, is "instant" or few seconds wiping: to wipe a disk it takes TIME.

As a LAST, and I mean LAST - (have I mentioned it's the LAST?) possibility, if you initiated a disk wipe, and changed idea, the SANEST thing to do is to cut power off from the machine IMMEDIATELY, and as fast as you can, by unplugging it from mains, UPS, or removing battery.

Most of the data will not be wiped and can later be retrieved.

:)
Wonko

#102 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 19 January 2011 - 07:53 PM

Just a crazy little idea.
What exactly is stopping us from doing a secure erase from within Windows?
Secure Erase is just a simple command, that is send to the HDD and the actual wiping, does not require a working OS or Program, doesn't it?

:dubbio:

#103 Guest_connetport_*

Guest_connetport_*
  • Guests

Posted 19 January 2011 - 08:06 PM

@MedEvil : Windows is blocking a lot ....... :dubbio:

Not impossible but very hard with a chance to be detected as Virus.

I'm interested to participate in it if you want to have some help !

Best regards,

#104 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 January 2011 - 08:07 PM

Just a crazy little idea.
What exactly is stopping us from doing a secure erase from within Windows?
Secure Erase is just a simple command, that is send to the HDD and the actual wiping, does not require a working OS or Program, doesn't it?


I presume that the HAL is in the middle.... but I guess that one could use WINKEXEC:
http://reboot.pro/7391/
http://reboot.pro/13310/
but - unless the keyboard problem has been resolved in the meantime - a rather UNsafe program it will become :dubbio:.

:dubbio:
Wonko

#105 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 19 January 2011 - 08:25 PM

I don't know, if you got my drift.
The idea is to send the command and let the program and the OS simply crash.

The way i understood it, the command does not provide any feedback, except for a log at the beginning of the wiped HDD.

:dubbio:

#106 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 January 2011 - 08:47 PM

I don't know, if you got my drift.
The idea is to send the command and let the program and the OS simply crash.

Sure :thumbsup:, point is if the HAL will (as it should) create a barrier between the hypothetical command you send and the actual HD.

The way i understood it, the command does not provide any feedback, except for a log at the beginning of the wiped HDD.

The way I understood it, the command itself doesn't even write the log, which is written by the DOS program. :dubbio:

Try seeing it the other way round, you start your hypothetical command and left the stoopid thingy whirl doing the wiping.

A power surge/blackout/whatever interrupts the operation.

Since you cannot boot, you cannot see if the thingy completed successfully or just wiped a small bunch of sectors leavng behind most of your (precioius?) private data behind.

...and I think may happen also with the NUKE.CMD :dubbio: (haven't had time to test), maybe re-installing after the wipe a grub4dos that lists contents of first sector may be a good idea.... :whistling:

;)
Wonko

#107 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 19 January 2011 - 09:38 PM

Sure :thumbsup:, point is if the HAL will (as it should) create a barrier between the hypothetical command you send and the actual HD.

So the program has to run as a driver. This is just problem of implementation.

The way I understood it, the command itself doesn't even write the log, which is written by the DOS program. :dubbio:

In that case the command would have to give feedback to the program to create the log. But this would be less safe than having the implemented wiping routine doing the logging itself.
I think, i got it right. :dubbio:


Try seeing it the other way round, you start your hypothetical command and left the stoopid thingy whirl doing the wiping.

A power surge/blackout/whatever interrupts the operation.

Since you cannot boot, you cannot see if the thingy completed successfully or just wiped a small bunch of sectors leavng behind most of your (precioius?) private data behind.

It does not matter what kind of advanced routine, you're inventing. I can stop it from doing a sucessful wipe easily, by pulling the plug every time.
So unless you have an idea, how to build a PSU into a program there is no 100% certainty without user intervention.

So let's go look at this problem from a more realistic point of view.

Variant A
- user has to download an image
- user has to burn image to CD or write to USB
- user has to have an empty CD or USB-Stick
- user has to know how to set the "dangerous" BIOS to boot from ... and if it even can.
- user has to deal with a cryptic interface

Variant B
- user downloads small programm
- user runs program with single button GUI (clicks on "delete all" button)
- user waits till HDD LED turns off, before turning computer off
- If a powersurge should happen, while wiping, then he will have to use Variant A or simply not sell the HDD.

Imo, Variant B will result in more people using it, than Varaint A.

:whistling:

#108 cdob

cdob

    Gold Member

  • Expert
  • 1450 posts

Posted 19 January 2011 - 09:51 PM

Just a crazy little idea.
What exactly is stopping us from doing a secure erase from within Windows?

A volunteer to run hdparm.exe
http://reboot.pro/13...post__p__119569

#109 steve6375

steve6375

    Platinum Member

  • Developer
  • 7263 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 19 January 2011 - 09:53 PM

The main problem is that to start the secure erase, an hdd password must be set - the erase command sent - then some long time later when it finishes, the hdd must be unlocked using the same password to remove the pwd lock.
It is the last bit that is tricky! We could start the secure erase and not care that Windows has crashed - but we would have a locked drive and would need to boot to dos/linux/?? to run an unlock command.
[Edit]Once the erase command finishes it clears the password[/Edit]
Equally, once you start the secure erase, pulling the plug is safe because no one can access the drive unless they crack the password.

I am not sure why it was designed like this - why not just design it so that once a secure erase command is issued, there is no way to stop it. i.e. all read/write and other commands are blocked until it has finished the erase and then unlock the interface???

#110 Guest_connetport_*

Guest_connetport_*
  • Guests

Posted 19 January 2011 - 10:18 PM

The password is not a real password as you may think.

As where you store your data is a disk, you don't have a natural "reference point" ..... the hard drive basically doesn't know where to start.

The password is part of an authentication process in order to know where your data starts physically in the hard drive. Changing that password means loosing the "reference" point and unable you to read the information.

However the information is still here :dubbio:

#111 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 19 January 2011 - 11:13 PM

A volunteer to run hdparm.exe
http://reboot.pro/13...post__p__119569

I might have a system i can try it on. How do i check if the HDD supports this feature?

:confused1:

#112 cdob

cdob

    Gold Member

  • Expert
  • 1450 posts

Posted 20 January 2011 - 05:44 AM

How do i check if the HDD supports this feature?

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

For first hard disk:
hdparm.exe -I /dev/hda


#113 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 January 2011 - 08:32 AM

@Medevil
I do like your "plan B" :confused1:
I was trying to make a slightly different point.
As I see it one of the very few good things that computer have is the fact that once you run a given command, they do run it, and then report what happened during the run (if you prefere you get an errorlevel).
This allows to take a walk, smoke a few (several) cigarettes, go to lunch or whatever during the time a program is executed, then come back at your leisure and check that everythng ran smoothly.
Wiping a hard disk is a delicate procedure and the good thing about the SecureErase command is that it is a validated one (unlike most of the "software based ones).
In the "traditional" way of running such thingy, it writes, once finished a confirmation on first sector of the hard disk.

So, if everything went well you come back and you find such a report.
If anything didn't work out as expected you don't find it.

The disk may be locked, and you can boot again the program and unlock it.

What happens in the proposed way, in the two case (success/failure)? :confused1:

:yawn:
Wonko

#114 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 11:57 AM

What happens in the proposed way, in the two case (success/failure)? :confused1:

- If the wiping finishes the HDD LED will be out.
- If there was no power failure, the BSoD will still be on the screen.
- If the wipe didn't went trough for some other reason, the drive will still be locked, when the users tries to put a new Windows on the HDD, to sell the computer. (I think a wipe that failed for internal HDD reasons, means the drive is done and can't be sold.)

However the setting and the removing of the password seems a bit troublesome to me. When the program crashes, after issuing the wipe command, there is no way to remove the password again.

It would have been a much better idea, if the wipe command itself would remove the given password, once the wipe was successful.

:confused1:

#115 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 12:22 PM

For first hard disk:

hdparm.exe -I /dev/hda

When i type this in (under Win7 32Bit) i get: Permission denied
Any idea, who denied the permission?
Sounds like a Windows reply, but hdparm is meant to be run from Windows, isn't it?

:cheers:

#116 steve6375

steve6375

    Platinum Member

  • Developer
  • 7263 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 20 January 2011 - 12:26 PM

Run as Admin??

#117 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 12:31 PM

I am loged in as Admin.

:cheers:

#118 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 January 2011 - 01:24 PM

Well, among ALL NT based Windows, you managed to test on the one that has the MOST preventions against issuing direct commands to hardware!

NOT a wise choice. :cheers:

:cheers:
Wonko

#119 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 02:22 PM

NOT a wise choice. :cheers:

I think to try to wipe a testsystem is a much better choice, than to try to wipe a worksystem.
But if you disagree, please feel free to try the wipe on your system. :cheers:


:cheers:

#120 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 January 2011 - 02:34 PM

I think to try to wipe a testsystem is a much better choice, than to try to wipe a worksystem.

The not wise choice was to test on Windows 7, not to test on a test :cheers: system.

I was suggesting:
Delete the current install of the 7 on the test system.
Install to it a NEW install of 2K or XP (that have less "protections" when compared to Vista :cheers: or 7).
Try running from the 2K or XP.
This is just "common sense", since you already tried and failed with one of the OS that have "better" protection, try on one with less.

Typical example of the possible differences on access to a hard disk:
http://reboot.pro/8480/page__st__193
(a number of apps that worked on the physical drive stopped working on Vista :cheers: and 7)

:cheers:
Wonko

#121 Sadeghi85

Sadeghi85

    Newbie

  • Members
  • 15 posts
  •  
    Iran

Posted 20 January 2011 - 03:57 PM

It would have been a much better idea, if the wipe command itself would remove the given password, once the wipe was successful.



It does: https://ata.wiki.ker...ty_is_disabled:

#122 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 05:00 PM

I was suggesting:
Delete the current install of the 7 on the test system.
Install to it a NEW install of 2K or XP

First of all, since only geeks are still using 2k or XP, who do not need help wiping, i guess, a success would be pointless to the topic discussed.
And second, i really hate wasting my time.

:cheers:

#123 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 20 January 2011 - 05:04 PM

It does:

Then Variant B is a definitiv maybe, if we ever manage to get the command to the HDD.

:cheers:

#124 steve6375

steve6375

    Platinum Member

  • Developer
  • 7263 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 20 January 2011 - 05:48 PM

I tried hdparm -I under WinPE v2 and the drive responded but had a Frozen status. I unplugged the power and did a diskpart rescan and it was still frozen. I tried diskpart - automount disable - unplug - replug - exit - hdparm -I --> still frozen.

So OS freezes drive and without knowing pwd we cannot unfreeze it???

#125 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 January 2011 - 06:19 PM

I tried hdparm -I under WinPE v2 and the drive responded but had a Frozen status. I unplugged the power and did a diskpart rescan and it was still frozen. I tried diskpart - automount disable - unplug - replug - exit - hdparm -I --> still frozen.

So OS freezes drive and without knowing pwd we cannot unfreeze it???


Diagnose the drive under DOS (even more geekish :cheers:) ONLY, at first using it's manufacturer utility.

"frozen" is not really a "technical" term, do you mean "bricked" :cheers: or "locked" or WHAT?

Which make/model is the drive?

:cheers:
Wonko




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users