Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Erasing a hard disk easily
From: "Gary E. Miller" <gem () rellim com>
Date: Wed, 14 Jul 2004 23:44:13 -0700 (PDT)

Hash: SHA1

Yo Darren!

On Thu, 15 Jul 2004, Darren Reed wrote:

Have you ever actually used format on Solaris to format a SCSI disk ?

Yes, many times.  The first time within a year or two of when they were
founded.  Their HQ was less than a mile from my old offices in Mountain
View.  One of my best friends sold them all their DRAM for the first few
years.  He would personally fly to Japan, swap an envelope of cash for
the DRAM and fly back with the DRAM in his briefcase.

I probably formatted my first scsi disk on a UNIX system in 1982 on a
Charles River Data Systems box.

I have also many times had to move disks from UNIX systems to DOS
systems for low level recovery.  This because many companies only
provide low level bad block tools as DOS .exe files.

If I have been simplifying things a bit much it is because I am
not sure how many other folks out there have EE degrees, have advanced
disk drive electronics experience and really need to know the nitty
gritty details.

I ask because your comments here make it seem like you have not...and the
lack of that experience shows in the rest of your comments, too...

Hmm, so I guess when Priam, Seagate, Shugart, Maxtor, Memorex, etc. paid
me to write low level hardware tests for their disk drive production
lines they hired the wrong guy huh?

When I consulted to Priam I worked next to the room where they kept
the magneto-optical interferometer.  Engineers would pull the platter
out of a marginal drive and place in on a spindle.  The spindle of the
interferometer sat on a 6" thick granite table set on big air donuts on
a solid steel frame.  The steel frame sat on a special piece of solid
concrete that was isolate from the building foundation and sat directly
on the underlying soil.  It was so sensitive that if a big truck drove
by on Oakmead Parkway they could see it in their results.  Sort of
understandable considering the land was sorta swampy before they built
the industrial park just south of Alviso.  They claimed they could read
the last 7 to 10 passes on the track by the residual magnetism on the

The trick is not so much read/write percentages, like has been discussed
here, but off-center tracking and subtle timing/speed changes.

If one pass is written a few % points of track width to the inside
on one pass and a few % to the outside on the next.  The
interferometer was sensitive enough in width to profile the overlapping
tracks.  When you looked at the results it was if you had tried to
draw a pencil line on top of another pencil line.  The small differences
were detectable and discernable as two separate lines.

The second effect is a peak effect.  Contrary to popular opinion, disk
drives do NOT write ones and zeros.  For one thing disks, like T1 lines,
are an AC medium and not a DC medium.  So encoding it used to keep the
frequency spectrum to/from the heads in a narrow range to allow for
effective filtering.  Then, to increase density, special codings are
used, like MFM, RLL, ARLL, etc.  What goes on the disk is measured in
terms of flux reversals and flux peaks.  In RLL 1,7 as many as 7 bits
may be encoded with a single flux reversal.

Here is a good reference on RLL encoding as used on disks:

The analogy is not exact, but you can think of it like a modem.  NO
analog POTS modem has a BAUD (symbol) rate over 2400.  But you get the
BIT rate up to 56,000 by encoding more than one BIT per BAUD (symbol).
If this is unclear you should spend the $$, buy the relevant ITU
specs for V.32 and read them.

When you re-write a disk the flux reversals and flux peaks of the new
data will not line up over that of the last data.  Even if you write
the same data twice, there will be subtle differences in clock speed and
spindle speed that means the new data will not line up exactly on the
old data in the angular direction.  If you have a digital o-scope hooked
up to the read head ahead of the filtering then you can see the little
artifacts of the last data written.  It is also plainly visible on the

I am NOT saying that this is an easy thing to do.  At a big disk
drive company maybe only a few people are capable of this kind of
analysis and their success rate will be limited.  But it can be done
and I have personally seen it done.

To repeat what others have said here.  If the NSA wants to read
your "scrubbed" HDs they probably can.  As for everyone else, not
much to worry about.

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676
Version: GnuPG v1.2.3 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]