How can I securely wipe free space in tomato?

Discussion in 'Tomato Firmware' started by Bird333, Jul 20, 2014.

  1. Bird333

    Bird333 Network Guru Member

    For windows there is a program called Eraser that I can use. I have entware installed. Does anyone know how I could go about doing this?
  2. koitsu

    koitsu Network Guru Member

    Free space on what? NVRAM? Flash region? There's no real way to do this with flash or SD/MMC cards. SSDs have the ability to do this natively because there is support for it per ATA protocol specification (right now I'm dealing with Samba problems on my LAN so I can't look up the specific spec, but it might be in ATA9 or possibly a working draft of ATA8-ACS2).

    You might think "can't I just write zeros across every block of the flash device?" Sure, go right ahead -- all you're doing is causing more wear-and-tear on the flash due to how the read-erase-write cycle system works. Some flash chips may have some sort of custom protocol or methodology for actually resetting the flash equivalent of an FTL, but to my knowledge it's not anything common.

    If you're talking about NVRAM, you can probably just use nvram erase and watch the router become extremely angry after nvram commit. ;)

    If you're talking about a mechanical hard disk drive (MHDD): writing zeros to the entire drive using dd is the proper solution. Do not let anyone tell you that you need to store "random data" on the drive -- this is complete nonsense and do not believe it. (Google "the great zero challenge" for details). Since this is Linux, the command would be something like dd if=/dev/zero of=/dev/sdb bs=1M. Because this is Busybox dd, you will not get a progress indicator (I do not know if it supports displaying progress on SIGUSR1 like GNU coreutils dd), so you just have to wait for it. At the very end, it may spit out an I/O error because the capacity of the drive may not be 100% aligned to a 1048576 byte (1M) boundary, but that's okay, it'll still erase everything. Please note that the of= argument needs to point to the correct device (pick the wrong one and you're going to erase the wrong thing -- I take no responsibility if you screw it up :) ). It also needs to point to the device and not the partition (e.g. sdb not sdb1). Please make sure all filesystems are unmounted before attempting the zero; you can crash the kernel otherwise.

    If you're talking about a solid-state drive (SSD): hdparm can do this. However, because the interface layer is probably through a USB/SATA bridge, there is a very strong likelihood that the USB/SATA bridge will interfere/filter out the CDB and you'll receive some weird I/O error. Furthermore, certain drives require (per ATA protocol) that passwords and ATA-level security features be adjusted before you can do it. Google "linux secure erase ssd" for details. It's easier to just pull the drive out of whatever the USB/SATA enclosure is and hook it up to a system via native SATA and do it that way. (Really. I can't stress this enough)

    Finally: if all you want to do is "erase the unused areas of the filesystem" (rather than zeroing the entire device): there is no effective way to do this, not to mention absolutely no reason/need to.
    Last edited: Jul 20, 2014
  3. Bird333

    Bird333 Network Guru Member

    Sorry I am talking about a SATA hard drive connected to the router.
  4. gfunkdave

    gfunkdave LI Guru Member

    koitsu's suggestion of the following will work fine. Just be sure you're giving it the right device name or you will be unhappy with the results. :)

    dd if=/dev/zero of=/dev/sdb bs=1M.
  5. Monk E. Boy

    Monk E. Boy Network Guru Member

    It will work fine (just used it myself last week, albeit on a desktop OS), but that does wipe the entire drive, not just the free space.

    The closest you could come to wiping free space is to cp /dev/zero /mnt/Data/zero.txt where /mnt/Data/ points to your mounted drive. Eventually zero.txt will eat up all free space on the drive and the copy will fail. At that point you have to delete the zero.txt file to reclaim the space (rm /mnt/Data/zero.txt). If you have anything else using the drive concurrently, they will probably crash once the drive gets full. However, this method is far from perfect, there will likely still be directory information and file remnants lurking here and there.

    Long story short, it's far easier to simply not do illegal things on your router that require you to wipe free space.
    koitsu likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice