dd confusion (200 Views)
Reply
Honored Contributor
Dave La Mar
Posts: 829
Registered: ‎03-27-2001
Message 1 of 9 (200 Views)
Accepted Solution

dd confusion

On one of our boxes, my intent was to overwrite the internal drives with nulls.
I performed -
dd if=/dev/zero of=/dev/rdsk/c1t6d0 bs=1024k
on each of the internal drive device files.
The dd job finished successfully -
Thu Aug 7 16:49:01 PDT 2008
70008+0 records in
70007+1 records out
I/O error
Thu Aug 7 17:46:04 PDT 2008
The confusion is that I can still log into this box and look at the entire directory structure. Granted, there is no data showing in the majority of files.
I know if I try to physically power down and power up the machine it most likely will not boot up.
My confusion is - Why can I see directory structures when I should be seeing nothing and NOT be able to login?

TIA
-dl
"I'm not dumb. I just have a command of thoroughly useless information."
Please use plain text.
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 2 of 9 (200 Views)

Re: dd confusion

Hi Dave:

> The confusion is that I can still log into this box and look at the entire directory structure.

I'm not sure what you mean by "look". I suspect that you are seeing cached data. If data destruction is really desired, a nice acid bath and a shredder are in your future.

A one-pass write with zeros or random bits ('dev/urandom' instead of '/dev/zero') is sufficient for most purposes. Multiple (>10-15) passes are required to retard the spooks.

Regards!

...JRF...
Please use plain text.
Honored Contributor
Dave La Mar
Posts: 829
Registered: ‎03-27-2001
Message 3 of 9 (200 Views)

Re: dd confusion

James -
Nice answer. When I say look, a simple ls -l allows me to list all files. A more of a file displays nothing.
I can, however, see the output from the dd command, (as posted), as I directed standard error and standard out to a file.
Cache read makes sense, but I just want to insure nulls were actually written over the data.
As noted, should I attempt a reboot, it is not likely I will be able to verify anything.
Not sure I will even be able to get into single user mode, but I'll give that a shot.
I was relying on prior posts regarding wiping out data.

Thanks again.
"I'm not dumb. I just have a command of thoroughly useless information."
Please use plain text.
Honored Contributor
Dave La Mar
Posts: 829
Registered: ‎03-27-2001
Message 4 of 9 (200 Views)

Re: dd confusion

I "think" I'm home free based on the following output -


# dd if=/dev/rdsk/c1t6d0 count=10
10+0 records in
10+0 records out


Anyone care to confirm?

Thanks.

-dl
"I'm not dumb. I just have a command of thoroughly useless information."
Please use plain text.
Outstanding Contributor
Pete Randall
Posts: 16,205
Registered: ‎11-03-1996
Message 5 of 9 (200 Views)

Re: dd confusion

Dave,

I can partially confirm:

# dd if=/dev/rdsk/c3t5d0 count=10
10+0 records in
10+0 records out
# dd if=/dev/rdsk/c3t6d0 count=10
ISL10 !x%D08P10+0 records in
10+0 records out

Both these disks are my vg00. The second one being the boot disk. I believe you're seeing the boot headers on the second one but the other doesn't show anything.


Pete


Pete
Please use plain text.
Honored Contributor
Dave La Mar
Posts: 829
Registered: ‎03-27-2001
Message 6 of 9 (200 Views)

Re: dd confusion

Thanks Pete.
I got the same results on my second disk as shown on my first.
I'm just looking to insure that I have adequately destroyed all disk data.
Don't really want to attempt a reboot until someone agrees that this disk is free of data.

Thanks for the input.

-dl
"I'm not dumb. I just have a command of thoroughly useless information."
Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,205
Registered: ‎05-29-2000
Message 7 of 9 (200 Views)

Re: dd confusion

Use xd to display the contents of each lvol:

xd -c /dev/vg00/rlvol1 | more

This will show ASCII characters when present, \0 if the byte is null. On a valid disk, the first bytes are LVM numbers and eventually directory items. Just keep listing the data until you get bored...

Note the use of rlvol and not lvol to avoid the buffer cache. The directory structures of recently used filesystems are in a cache memory for faster access. If you umount the lvol, it will never mount again since the directories have been corrupted. bdf and du will verify that the lvols are missing useful data.
Please use plain text.
Honored Contributor
Hein van den Heuvel
Posts: 6,585
Registered: ‎05-19-2003
Message 8 of 9 (200 Views)

Re: dd confusion

I'm sure its all resolved now, but just in case...

You could count zero's, or blocks with zeroes, for example with perl:

Count non-zero bytes:

# dd bs=1024k if=x | perl -e 'while($b=sysread(STDIN,$_,512)) {$t+=$b;$n+=(tr/\000/\000/c);}print "$t bytes, $n non-null\n"'

I tested (on a tru64 box) with a file 'x' created using:
# dd bs=1024 count=8000 if=/dev/zero of=x
# dd bs=1024 count=1 if=/dev/random >> x
1+0 records in
1+0 records out
# dd bs=1024 count=1 if=/dev/zero >> x

Then I replaced 'x' with raw device name.
dd was used to be able to specify the IO read size. You can replace with 'cat' or an other tool willing to ready raw disks.

To count the zero bytes, drop the 'c' in the tr (TRansliterate expression.

To count 'read blocks' you could use:

# dd bs=1024k if=x | perl -e 'while($b=sysread(STDIN,$_,8192)) {$t+=$b;$n+=/[^\000]/;}print "$t bytes, $n block with non-null\n"'

The 8192 is an arbritrary block size chosen.
Change to 512 or a large value as you see fit.

To count blocks = null:

dd bs=1024k if=x | perl -e 'while($b=sysread(STDIN,$_,8192)) {$t+=$b;$n+=/\000/;}print "$t bytes, $n null blocks\n"'

# dd bs=1024k if=/dev/rdisk/dsk6a | perl -e 'while($b=sysread(STDIN,$_,8192)) {$t+=$b;$n+=/\000/;}print "$t bytes, $n null block>
64+0 records in
64+0 records out
67108864 bytes, 7347 null blocks

fwiw,
Hein/.
Please use plain text.
Honored Contributor
Dave La Mar
Posts: 829
Registered: ‎03-27-2001
Message 9 of 9 (200 Views)

Re: dd confusion

I assign 10 points to each beacuse each had valued input on insuring I was doing the right thing.
As per JRF, I dd'd a second time and got to the point where no command was acknowledged following the dd.
As per Pete, this did lead to some crediblity that I was getting the desired results.
As per Bill and Hein I will definitely try those suggestions on the next one. (One more to perform.)
All was verified with a reboot and a BO PRI/ BO ALT.
I am satisfied that the disks are clean and not just the boot sector overwritten.
Thanks for the valued input.
I will miss the forums greatly for this reason.
My employer has moved on to an AIX solution so I am, once again, in a learning curve.
For all the new people out there, "This is the best forum, bar none, for expertise help and training."

Regards,

-dl
"I'm not dumb. I just have a command of thoroughly useless information."
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation