Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Erasing a hard disk easily
From: "Gary E. Miller" <gem () rellim com>
Date: Wed, 14 Jul 2004 11:08:12 -0700 (PDT)

Hash: SHA1

Yo Darren!

On Wed, 14 Jul 2004, Darren Reed wrote:

Too bad the pc Unixes don't have a format command like Sun has had
for Solaris/SunOS....tells the hard drive to 'format' and then tests
with a number of test patterns.

You can not really force a low level format of an IDE or SCSI drive.  The
drive that appears to the OS is not the real drive, but a virtual drive
managed by the disk electronics.

The most you can do is ask the drive to format itself.  Some do a good job
and some do not.  The ones that return in seconds did not and the ones that
takes hours are doing better.

One thing that has been missed in these discussions are the "spare
sectors" present on all IDE and SCSI disks.  I am not talking about the
"bad blocks" stored in FAT tables and such, but hidden sectors managed
by the drive itself.

Each drive vendor has vendor specific commands for accessing and
managing theese spare sectors and bad sectors.  There is no generic
method.  Some consider this proprietary info and some readily release it.

If the drive notices soft errors in a given sector it will copy the data
to a "spare sector", then move the bad sector to a bad sector list and
use the formerly spare sector in it's place.  The OS never noticed that
anything happened.  The old data remains in the bad sector and can be

You can format the drive as it appears to the OS as much as you want, but
unless you get "low level" with the drive you are NOT touching the
spare and bad sectors.  They may very well contain data you do not want
to be read.

If you give me one of these drives, I might be able to get vendor data
on how to read the bad sectors and then I would have your data!

This is not as long a shot as it would seem.  Just before your drive dies
it may be doing a lot of thrashing of bad/spare sectors in a last attempt
at staying alive.  Often used files like /etc/passwd and gpgkeys are
more likely to be accessed and therefore more likely to have a copy in the
bad sector table.

You throw the drive away and I get it from the dumpster.  Often I can put
dead HS in the refrigerator and get it to work for a few more hours
longer than you could.

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

Version: GnuPG v1.2.3 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]