Aug. 19, 2016, 12:17 p.m.
IT

Wiping Disks for Resale

If you have some old hard disks lying around and are considering selling them, it is important that you wipe them before passing them along - otherwise your data can very easily fall in to the wrong hands. There are a billion ways to wipe a disk - this article is not a tutorial. It is a reminder of something you might not be aware of. It definitely applies to using the unix command "dd" to perform a disk wipe, possibly to other tools as well.

A naive approach might be to issue this command:

dd if=/dev/zero of=/dev/diskX bs=4m

with /dev/diskX the target disk you are wiping, and bs=4m is to speed up the wiping by writing larger blocks. Checking the disk after this finished:

waldo@waldomp ~ $ sudo hexdump -C -v /dev/diskX | head
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
...

so far so good. But lets peek at the end of the disk. To get the size of the disk, under Mac OS X you can do this:

waldo@waldomp ~ $ diskutil info /dev/diskX | grep -i "total size"
   Total Size:               1.0 TB (1000204886016 Bytes) (exactly 1953525168 512-Byte-Units)

under Linux you can try:

waldo@waldopcl ~ $ blockdev --getsize64 /dev/diskX
1000204886016

either way, we use that to check the last part of the device:

waldo@waldomp ~ $ sudo hexdump -C -v -s$((1000204886016 - 512)) /dev/diskX
e8e0db5e00  11 de 11 de e1 93 a5 c5  20 20 20 20 f5 75 11 00  |........    .u..|
e8e0db5e10  01 f0 fa fa 05 90 85 02  00 00 00 00 ff ff ff ff  |................|
e8e0db5e20  30 32 2e 30 30 2e 30 30  ff ff ff ff 00 00 00 00  |02.00.00........|
e8e0db5e30  00 00 00 ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
e8e0db5e40  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
e8e0db5e50  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
e8e0db5e60  0a 5b 70 74 00 00 00 00  ff ff ff ff ff ff ff ff  |.[pt............|
e8e0db5e70  00 ff ff ff 00 80 00 00  b0 6d 6f 74 00 00 00 00  |.........mot....|

and whoopsies... The reason why the last part of the disk was not wiped, is because the block size - especially when using larger values such as 4m - does not always perfectly divide the disk's size, thereby causing a short write at the end. A strange thing is that on two identical disks, it wrote to the last 512 byte block on one disk but on the other it stopped 555MB before the end of the disk - way larger than the 4m block size I used. I therefore recommend you slow wipe the last 2*block size of the disk just in case (seek uses blocks of size bs, so I adjust bytes to blocks by dividing by 1024 - and this assumes I originally wiped it with bs=4m):

sudo dd if=/dev/zero of=/dev/diskX bs=1024  seek=$((1000204886016 / 1024 - 2*4*1024*1024 / 1024))

and optionally verify it is indeed blank:

waldo@waldomp ~ $ sudo hexdump -C  /dev/diskX
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
e8e0db5ffa  00 00 00 00 00 00                                 |......|
e8e0db6000

take note, the last command is not the most efficient way to do this and will take a LONG time. I like it though because of its elegant output in non verbose mode - it will show the first (empty) line, then an asterisk to indicate a repetition of the previous line as long as the disk is zeroed.