Securely Erasing a Hard Drive with Perl

By Mark Nielsen

  1. References
  2. Introduction
  3. What problems I have.
  4. The Perl Script
  5. Conclusion

Introduction

When moving from Ohio to California, GNUJobs.com had some hard drives (along with other hardware and software) which were to be donated to COLUG. They needed to be deleted before they were donated. 2 out of the 3 hard drives had bad sectors on them, and the third I ended up using as a hard drive for testing purposes, like creating this article, so I ended up not giving any away. Still, I will need to wipe a hard drive in the future, so I created this Perl script (which I will later convert to Python and make it have more options).

The goal of this Perl script is to just delete the hard drive at /dev/hdb (the slave drive on the Primary IDE controller) since I have a hard drive removeable kit there. I want it to delete all partitions, create one partition that takes up the whole hard drive, and then fill up the hard drive with garbage data (including some random encrypted data just to ruin a hacker's day trying to find out what the data is).

The Problems

Here is a list of problems I had and how I solved them:
  1. How do I get it to delete all the partitions?

    I remember researching many different options to alter partitions on a hard drive, and doing it manually yielded the best results. I had used a Perl Expect script to automate the fdisk program (fdisk partitions hard drives in Linux) in the past, and I decided to continue to do it that way. I believe there are better alternatives for the simple task of deleting all the partitions, like sfdisk and others, but if one solution covers all possibilities with 100% power and flexibility, I usually just stick to one way of doing things so that I don't have to remember too many things and if it ever gets more complicated, I don't have to learn anything new.

    Thus, I used Expect code to simulate a user typing in the commands for fdisk. The Expect code deleted all the partitions and then it created one big partition.

  2. How do I fill up the hard drive with garbage data?

    Just deleting partitions isn't enough to delete the data. I want to overwrite all old data with garbage to make sure the previous data was deleted. I used sfdisk to get the size of the partition that fdisk created. Then, I created a loop which would continuously print garbage data until the amount printed was equal or greater than the size of the partition.

  3. How do I put binary data on the hard drive to confuse a hacker? I created random binary data using the random function and "chr" function in Perl. Then, I encrypted the random data using the Perl Blowfish module. If someone manages to decrypt the data, it will still look like garbage and confuse them. I wanted to encrypt the data so that it didn't look purely random in a mathematical sense.

  4. The last step was to reformat the big partition, which was done with a simple "mkfs" command.

The Perl Script

The version of Perl I was using for this Perl script was out of date. I was using Perl 5.005_03 and I believe Perl is up to 5.6 as of 1/2001.

There are a lot of things I need to enhance to make this script more user friendly. There should be a lot more error checking, considering how dangerous this script is, and prompts to ask a user if they really want to do so stuff. I am waiting until I restart my MILAS project (which will be written in Python) before I make this script better. It was only to get me through moving from Columbus to the Bay Area.

I have commented a lot of the code, so hopefully a novice Perl programmer can understand most of what I am trying to do.

Conclusion

Using Expect was not necessary (other programs could have solved the simple problems I had). Using Blowfish was not necessary. As a matter of fact, the whole darn script was way too long if you just wanted to wipe a hard drive and fill it with blanks. However, I wanted to use fdisk because I always want to use fdisk, Expect is such a powerful tool, it is good to let people see how it works, and putting random garbage encrypted binary data in to confuse a hacker is just an extra touch.

I don't understand the complete complexity of hard drives, so I am not sure if there are residual data left on the hard drive. For my purposes, and my level of security, it does exactly what I need. As I develop MILAS more, I am sure there will be tighter checks and enhancements to delete all data off of a hard drive.

I tend to look forward in time trying to anticipate things which might be needed in the future, which always causes a programmer to work more than is required for the project at hand. However, the mood struck me, and I like the direction the script is going, and so, it doesn't bother me to write up this article on an airplane flight. Making something cool doesn't wear me out, unlike having to do work for someone else, which is real work.

References

  1. http://www.cs.auckland.ac.nz/~pgut001/secure_del.html -- An article you should read about erasing hard drives.
  2. Perl.com website.
  3. Expect Perl Module
  4. Blowfish Perl Module
  5. If this article changes, it will be available here http://www.gnujobs.com/Articles/14/Wipe_It.html
Mark works as an independent consultant donating time to causes like GNUJobs.com, writing articles, and writing free software.
Copyright © 1/2001 Mark Nielsen
Article