Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Erasing a hard disk easily
From: <Glenn_Everhart () bankone com>
Date: Wed, 14 Jul 2004 15:34:47 -0400

Seems to me I recall there are some generic scsi commands to read
(try to read) or try to reformat bad sectors. However the point 
below is still correct: the vendor might not have implemented
them correctly, if at all. If they work that just means some things
can be done that affect bad blocks without having to have vendor
specific command manuals.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Gary E.
Miller
Sent: Wednesday, July 14, 2004 2:08 PM
To: Darren Reed
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Erasing a hard disk easily




**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under 
applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, 
distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If 
you received this transmission in error, please immediately contact the sender and destroy the material in its 
entirety, whether in electronic or hard copy format. Thank you
**********************************************************************


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Darren!

On Wed, 14 Jul 2004, Darren Reed wrote:

Too bad the pc Unixes don't have a format command like Sun has had
for Solaris/SunOS....tells the hard drive to 'format' and then tests
with a number of test patterns.

You can not really force a low level format of an IDE or SCSI drive.  The
drive that appears to the OS is not the real drive, but a virtual drive
managed by the disk electronics.

The most you can do is ask the drive to format itself.  Some do a good job
and some do not.  The ones that return in seconds did not and the ones that
takes hours are doing better.

One thing that has been missed in these discussions are the "spare
sectors" present on all IDE and SCSI disks.  I am not talking about the
"bad blocks" stored in FAT tables and such, but hidden sectors managed
by the drive itself.

Each drive vendor has vendor specific commands for accessing and
managing theese spare sectors and bad sectors.  There is no generic
method.  Some consider this proprietary info and some readily release it.

If the drive notices soft errors in a given sector it will copy the data
to a "spare sector", then move the bad sector to a bad sector list and
use the formerly spare sector in it's place.  The OS never noticed that
anything happened.  The old data remains in the bad sector and can be
recovered.

You can format the drive as it appears to the OS as much as you want, but
unless you get "low level" with the drive you are NOT touching the
spare and bad sectors.  They may very well contain data you do not want
to be read.

If you give me one of these drives, I might be able to get vendor data
on how to read the bad sectors and then I would have your data!

This is not as long a shot as it would seem.  Just before your drive dies
it may be doing a lot of thrashing of bad/spare sectors in a last attempt
at staying alive.  Often used files like /etc/passwd and gpgkeys are
more likely to be accessed and therefore more likely to have a copy in the
bad sector table.

You throw the drive away and I get it from the dumpster.  Often I can put
dead HS in the refrigerator and get it to work for a few more hours
longer than you could.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA9XaP8KZibdeR3qURAt+2AKCnRWaro6/mUok1l46Zz2mMNE/cWQCg7Fr0
X14ASFMPd8CikeCxAoYqPu0=
=em1t
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under 
applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, 
distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If 
you received this transmission in error, please immediately contact the sender and destroy the material in its 
entirety, whether in electronic or hard copy format. Thank you
**********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]