Solved

How to trash a file system in various ways

Posted on 2002-04-10
26
466 Views
Last Modified: 2006-11-17
I am testing my self on system recovery - eg rescue
I know how to trash the MBR
eg dd onto hda
I am interested in say -
trashing partition table, superblock, unmountable partitions etc

Any suggestions ? - I really want to beat up on my test machine.
0
Comment
Question by:Zombite
  • 10
  • 7
  • 4
  • +3
26 Comments
 
LVL 2

Expert Comment

by:hangman
Comment Utility
Try switching thw power off during some intensive disk use. This totally stuffed my system up !!
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
Tried that - but the cheeky thing repaired itself.
Did mutliple copies of major directories in diff terms - switched of hard. Thing muttered about errors and fixed em.

If this was a production machine I suppose a power off would have trashed it . . .  ;-)
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
dd count=1 bs=512 if=/dev/null of=/dev/hda
# be warned ;-)
0
 
LVL 4

Expert Comment

by:MFCRich
Comment Utility
ahoffmann's trick with larger counts and a "of=" of any local partition (ie /dev/hda2) should trash that filesystem quite nicely.

BUT wouldn't "if=/dev/random" be better?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> BUT wouldn't "if=/dev/random" be better?
.. and would Murphy tell you that it just generates what it should be/what is now ?
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
/dev/random might be "trashier" if he has access to a tool that can determine latent magnetic signatures on the platters - otherwise, not gonna matter much.

I'd do 10 runs alternating between /dev/null and /dev/random - much closer to the "federal government wipe".

-Jon

0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
or i could use /dev/zero -
I am already aware of spitting junk on to a mbr
but how to make a file system unreadable but repairable.
...
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
I gues you have found a hard enough test for yourself if you now claim that you cannot repair such damage.

Glad to be of service.

Cheers,
-Jon
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Or to paraphrase - the leading cause of wrong answers is wrong questions.

-Jon
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
sigh.

dd with a block of 456 and count 1 onto hda1 will trash the mbr - fixable by various methods.
dd with larger block size or count will catch the tail end of the partition table. Harder but not impossible.

The question as first stated.
I am testing my self on system recovery - eg rescue
I know how to trash the MBR eg dd onto hda
I am interested in say - trashing partition table, superblock, unmountable partitions etc

So, still waiting for a suggestion method to upset a superblock, make a file system unmountable but not completely destroyed etc etc.

Thank you for your efforts so far.
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Unless you have a standardized definition of "completely destroyed", all we can do is follow the original question and try to post ways to trash a filesystem that would be hard for you to fix - what is the point if I suggest a way to trash it that you know you can fix?

If you know what I and others have suggested is hard to fix, then go to it...  I think there are many data recovery services out there that would care to argue that our suggestions are do not necessarily compromise a 100% data loss scenario, or any sort of impossiblity of recovery.

Also, since you never specified what kind of partition table scheme (there are more than one, you know) nor what kind of filesystem you are using, I think the responses to your question tended to be accordingly vague.

As I said - wrong questions = wrong answers

-Jon
0
 
LVL 3

Expert Comment

by:comotai
Comment Utility

I bet what you really want is an encrypted file system. Some way to protect your data from being read by other people and still be accessible by yourself.

Am I right?

If so, I can suggestion several senarios. Another important security tool is obscrurity. You may contact me directly if you prefer not to broadcast exactly how you are going to achieve it.

comotai@comotai.com
0
 
LVL 3

Accepted Solution

by:
comotai earned 100 total points
Comment Utility
Actually, nevermind. I never really read your question, but only the comments.

One of the best partition repairing/altering utilities is sfdisk. The primary partition table can be screwed up by someone who doesn't know what they are doing (or does) but with the right know-how you can put the disk back together using sfdisk.

As far as ext2 partitions go. Have a look at lde (the Linux Disk Editor) which is quite good for 'dump'ing/altering file systems and etc.

I would have a look at the kernel src for the ext2 file system as well.

The truth of the matter is though, that errors like this won't happen on a system that you will have to fix unless there is some kind of hardware failure. If there is a production server, you SHOULD have some sort of RAID or external storage device to restore onto a new replacement disk.

If there was some very new, yet critical data on the disk that you must retrieve, it would more likely involve using something like lde, or dumping as much as the filesystem as possible out using a standard redirect. Then trying to piece it back together manually using the file and mounting the filesystem using the loop module. If the hardware error kept you from doing that, then it would take actually physically openning the drive and trying to figure out what was causing it. The only thing you could not repair is if the platter itself was damaged, or the head had in error erased the data contained in those blocks.

That's my 69 cents.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Are you saying if you let dd write over the entire contents of the drive you can still repair it?  Do tell.

comotai says:
>Another important security tool is obscrurity

Rubbish - that sentence is the leading cause of insecurity.  If you can't mention a good way to encrypt something in public, then your encryption scheme is broken.

Private keys and other authentication information should be kept secret - the way they are used should never be a secret (or you are begging to get hacked).

-Jon

0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
A general question for a general senerio.

I will use the editor to introduce errors into the file system, should be suff't for my purposes.

This was simply an exercise in system recovery.



Thankyou for your comments captain - very helpfull.

0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Thanks - but I'd have given points to ahoffman (since he was the first to describe a way to trash any filesystem (just use dd) that would be a challenge for you to repair).

As comotai points out, stuff like this rarely happens in ways that are really easy to fix - sure, you might be able to fix a partition table if it gets a hole punched in it somewhere, but most data loss situations are a lot more messy, and are more along the lines of the 'dd' example as far as repair difficulty in concerned...

Didn't really expect you to give points to ahoffman, since he was giving a practical solution that you obviously didn't want to hear.

If you say "how do I trash my house - I want to test my home repair skills" and someone says "dynamite it", I think they have given you the ultimate test of your home repair skills, regardless of how much you expect/like/accept the answer.

I was tempted to answer your original post by saying "chuck the drive onto the parking lot", but I *do* think surface-mount electronic repair and clean-rooms go a little beyond what most people think of under the guise of "data recovery"

Cheers,
-Jon
0
 
LVL 3

Expert Comment

by:comotai
Comment Utility

>  comotai says:
> >Another important security tool is obscrurity
>
> Rubbish - that sentence is the leading cause of insecurity.  If you can't mention a good way to encrypt
> something in public, then your encryption scheme is broken.
>
> Private keys and other authentication information should be kept secret - the way they are used should
> never be a secret (or you are begging to get hacked).

I can assure you that the DoD and any decent hacker does not agree with you.

but.. this is a subject for another question.
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
The DoD has been hacked so many times it's not funny - that should give you some idea about their security.  By "any decent hacker" I presume you are referring to the fact that most hackers are lazy and tend to bypass machines with non-standard configs - I call those hackers "script kiddiez".  A truly decent hacker would take note of such a machine and consider it a challenge...  A hacker only bypasses a machine because it is too trivial to attack, or too hard.  "Too hard" may or may not mean "obscurely configured", depending on the level of skill.

If you need further convincing, look at Mickeysoft - their chief method of security is through obscurity ("no, you can't examine our security code"), and their products have the worst security track record of all...  Anyone that argues this point is wither smoking crack, or has been reading to many mickeysoft-funded "independant" reviews.

If you want to put your money where your mouth is, throw up an SSH1 server on a non-standard port, and we'll see how far security through obscurity gets you...  I give your box a week or so before it gets hacked.

Do you know what I mean when I say "security through obscurity"?  Obscurity is not refusing to divulge your passwords/authentication keys - obscurity is refusing to say how those passwords/keys are used to authenticate.  No one has a problem about folks knowing how unix passwords are authenticated, because the underlying methodology (one-way encryption) is secure.  Same goes for other open encryption standards.   You will always get hacked if you attempt to implement security that relies on the attackers being ignorant of methodology - they can (and will) figure it out.  I don't think you would have had a problem discussing encrypting data via PGP, because everyone knows how it works, and it is excessively hard to crack without some knowledge of the key data...  The fact that you wanted to discuss encryption off-list suggests you meant to implement a scheme that has not been subjected to peer-review, or is otherwise not publicly verified to be secure.

-Jon

0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
BTW, most network operators agree with my point of view, at least on this continent - ever read (or subscribe) to the North American Network Operators Group mailing list (affectionately known as NANOG)?  

The fact that the DoD does not spend enough money to hire such knowledgeable folk is not my concern.  I'm sure the DoD could not, for example, ever match my own criteria for employment.

-Jon

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
Thanks The--Captain for voting the dd solution.
KISS - keep it small and simple.

But to improve it, even for some sophisticated data recover tools, do it like this:
     while (as-much-as-you like) {
         dd count=1 bs=512 if=/dev/random of=/dev/hda
     }
     dd count=1 bs=512 if=/dev/null of=/dev/hda

where you use bs=512 to just destroy MBR and partition table, and a huge value to destroy the complete disk.
AFAIK, this is a much better, 'cause full-proove, solution than anything recomemded/sold by DoD :-))
And it works since roughly 30 years, without any change.
(Please don't tell DoD:)
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
ahoffman - no problem - we are seemingly in complete agreement.  

Although I feel kind of silly pulling rank, with regard to the security argument, I would remind comotai that there is a reason that ahoffman (sorry for pulling you into this) and I are topic experts in the security forum...  It usually does not result from being a complete idiot on such topics.  The points for topic experts may be unusually low, but I would suggest that this is due to the relatively low traffic in the Security TA (try becoming a topic expert in ATM or OS/2 - not gonna happen anytime soon).

-Jon
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
I dont suppose you chaps noticed that I already mentioned the dd file system "trash" in my question at the start which is why it wasn't given any points. eg I already knew that.

I also didn't mention any sort of security erase. widely off the topic of the question.

The only real new information in relation to the actual question came from "he who has the points".

hangman actually came second in the race.

EOF




0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
calm down, I don't answer just for grabbing points (don't know whatever I can use them for:).
It's some kind of "brain jogging", and that's why I sometimes also do not read carefully enough, yes the dd was mentioned in the question, I missed it, shame on me ..
Anyway, I always try to find a small and simple solution, that's what I post (in a hurry, usually;-)

So, you're welcome if you just explain why this or that answer was the winner, makes it more understandable for future readers.
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
yeah, I noticed that dd was mentioned inititally, but only to trash the MBR - I think ahoffman was good to point out that you can use dd in a myriad of ways (above and beyond trashing the mbr) to test your data recovery skills.  If you use pre-built filesystem editing tools to trash the filesystem they will most likely do a much smaller amount of damage, and be easier to fix (especially since you can easily identify the affected parts of the filesystem, since you did the damage yourself) - using dd can more realistically simulate a drive and or software failure, where random data just starts appearing in the completely wrong place - dd gives you access to the raw device - I doubt you can find a tool that will give you more chances to hose the filesystem than that.

I expected to gain no favor here, since I support an unfavorable but totally correct "answer" to this post.  You say hangman gets your second vote for his "turn off the power" solution?  Do I then get your third vote for my suggestion to throw the HD onto the parking lot?

Sad,
-Jon

0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
I am calm though..

Dear Jon
Ever consider that I might ask some one else to do the damage for me to find ? guess not.

The last post from me on this question/answer

As I indicated in my earlier post and comment to the accepted answer to my question. The accepted answer was considered to be the best solution. If you feel this is not the case I suggest you contact cs@experts-exchange.com

Thankyou for whatever time you have spent considering the questions and have a nice day.
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
I am calm though..

Dear Jon
Ever consider that I might ask some one else to do the damage for me to find ? guess not.

The last post from me on this question/answer

As I indicated in my earlier post and comment to the accepted answer to my question. The accepted answer was considered to be the best solution. If you feel this is not the case I suggest you contact cs@experts-exchange.com

Thankyou for whatever time you have spent considering the questions and have a nice day.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now