nhellfire / dban Goto Github PK
View Code? Open in Web Editor NEWUnofficial fork of DBAN.
License: GNU General Public License v2.0
Unofficial fork of DBAN.
License: GNU General Public License v2.0
It would be nice, if you could fireup DBAN machines for the night, but don't want to waste energy. So maybe it's possible, that the machine shutsdown itself, if after hours the job was finished successfully ?
Write dummy bootcode to display disk info and wipe status.
Logging to disk:
Logging to network:
MBR fingerprint announces "pass" even if verification errors occurred.
Could you provide a list or some kind of reference which HBA controllers/chipset (i.e. LSI, Syba, HighPoint) are supported.
In #11 (comment) you mentioned DELL PERC5 and PERC H200 are supported.
How can I check for example if Marvel 88SE91xx ( https://origin-www.marvell.com/storage/system-solutions/assets/Marvell-88SE91XX-Host-Controllers.pdf ) is supported.
The LSI MegaRAID SAS9211-4i and -8i works great btw.
Should this go into the Wiki?
I downloaded the latest build ISO, dban-20180328-g311c5ee_linux-4.7.2_i586.iso, and have been testing this; which I thought was to add UEFI support, and it never works on a UEFI machine. It only works if I change the BIOS settings to CSM support and "auto" or "both" UEFI and Legacy support.
I may have misunderstood the notes on this. Is this suppose to work on a UEFI machine? I apologize if this is not the right place to ask this question. It is the only place I could find to ask a question.
Audit Report from 2010-12-07 about "NASA’S DISPOSITION OF INFORMATION TECHNOLOGY EQUIPMENT"
Contractor personnel involved in the IT sanitization and disposition process at Kennedy, Johnson, and Ames were not sufficiently familiar with and did not follow NASA sanitization policy. Specifically, we identified instances at each of these three Centers where personnel used unapproved software to sanitize IT equipment.
...
NASA’s Standard Operating Procedure lists only three approved sanitization software products:
- Secure Erase
- WipeDrive/WipeDrive Pro
However, we found instances at Kennedy, Johnson, and Ames of personnel using or recommending sanitization software not on the NASA-approved list:
- USA used DataGone by Symantec to sanitize excess IT equipment at both Kennedy and Johnson. DataGone has not been approved by NASA or certified for use by other Federal agencies, including DOD and the National Security Agency.
- Johnson’s disposition contractor, L&M Technologies, Inc., used both a NASA-approved software program (DBAN) and Active@KillDisk, which is not approved by NASA. When we informed L&M Technologies of the requirements in NASA’s Standard Operating Procedure, it stopped using the unapproved software.
- The Ames IT Security Manager recommended that Center personnel use a sanitization software program called BCwipe, which is DOD-compliant and therefore permissible for use under Ames’ procedures. However, it is not on the NASA list of approved software.
IT personnel at each of the three Centers stated that they were not aware that some of the sanitization software they were using had not been approved by NASA. The use of unapproved software is a significant concern because unapproved software was used on some of the computers at Kennedy that failed verification testing.
source: https://oig.nasa.gov/audits/reports/FY11/IG-11-009.pdf
Might want to add it to the Wiki.
Need to somehow figure out what attached device contains DBAN.
Can't just check for /dban.bzi since it could've been renamed/moved. Probably have to require a tag file is left in root.
When selecting internal drive only automatic selection, my USB flash drive was wiped. I thought I did something wrong so I tried a different drive. Same behavior. Previously this flag could be used to ignore all USB devices.
Hi there! Thank you for maintaining DBAN, I use it frequently in my environment. A potential enhancement I wanted to suggest for it would be to synchronize the system clock with an internet time server before wiping the hard drive. Some of the machines I'm wiping have been sitting in storage for some time and the CMOS battery is long dead, and it's somewhat of a pain to reset the clock on each computer so I have a proper date/time in the wipe log.
and add option to start wiping after a number of login attempts?
A proper configuration menu should be added, rather than having individual menus assigned to separate keys.
Just wondering if this version is able to support skylake chipsets......
I'm trying to build dban from the scratch using the steps described in the Readme.md. However I found some strange URLs connections in the output of the buildroot compiling process like "gutscheinrausch.de" and "bothelp.de" although I cannot find those URLs grepping through the directory.
Do you know whats up with this behavior?
Thanks for helping,
Flo
Currently only x86 and PPC are supported. It'd be good to support other platforms such as ARM.
As I don't have a system to test on, I'd need either donations to buy one or people to build one and submit patches (should just be buildroot and kernel configs).
Additional work needed:
Hello,
For the majority of the machines I'm erasing, the network works fine for saving a log and syncing the NTP client. However, I've noticed on some older Dell laptops I'm erasing, such as the Latitude D830 and D630, it doesn't appear the networking works. It never shows the DHCP or NTP client running during startup like my other machines do.
I found the Ethernet Controller model for the D630 (and I'd assume it's shared with the D830) is a Broadcom NetXtreme 5755M. Any ideas on what could be causing DBAN to not work with this controller? Thanks in advance!
ORG 0x7C00 ; Bootcode
; get cursor position
; dh = row
; dl = column
mov ah,0x03
mov bh,0
int 0x10
; write string
mov ah,0x13
mov al,1 ; write mode (advance cursor, ASCII string)
mov bl,0xF ; attribute (white on black)
mov cx,output_len ; string length
push cs
pop es
mov bp,output ; string
int 0x10
; hang indefinitely
idle_loop:
hlt ; if there is nothing to do, then do nothing
jmp idle_loop ; and do it forever
output:
db 0xA,0xD, "DBAN fingerprint"
db 0xA,0xD, "Model: #MODEL# - Serial: #SERIAL#"
db 0xA,0xD, "Wipe finished at: #DATE# - #RESULT#"
db 0xA,0xD, "Method: #METHOD#"
output_len: equ $ - output
; Keep this at the end
; Will pad out to 510 Bytes, then add MBR signature
; Total length 512 Bytes
; As is, program is 135 Bytes (with signature)
; Allows 414 Bytes for generated text (placeholders are 37 Bytes)
times 510-($-$$) db 0
dw 0xAA55
Features:
Bug fix:
Just looking for what all the options are and what they do. I found the isolinux.cfg file with options to APPEND.
Just wondering what others there are, what exactly silent
does and how do you pass those if I'm PXE booting like so:
LABEL wipe
MENU LABEL Wipe Drive
#MENU PASSWD $nicetry/$
KERNEL /memdisk
APPEND iso initrd=/dban-3.0.1_i586.iso
NHellFire,
I'm moving to ShredOS 2020 but wanted to thank you for your initiative taking over DBAN, developing and maintaining this invaluable tool over the last years.
Happy coding.
While I find the present version of DBAN easy to use, many people at my work help desk have issues with the boot loader and menu system. Would it be possible to make a basic menu that included the most common options, such as autowipe, quick, dodshort, and interactive, even if it is a separate image?
This is a feature request/enhancement.
I've pushed a branch with UEFI support.
This still supports legacy(BIOS) boot and the ISO can still be written directly to a flash drive.
Known issues:
This will be merged into master once any issues are resolved.
Download: https://github.com/NHellFire/dban/releases/tag/nightly%2F20170718-gb9027694a
Is it possible to add NVMe implementation?
Is it very difficult to add the /dev/nvmeX possibility to nwipe code?
Thanks a lot for job !!!
It would be a nice feature, if the PC could beep / blink with keyboard leds, to notify you that the progress is finished. If you have to wipe a dozen PCs, you don't monitor them for hours. You probally don't keep them connected via KVM, so a speaker sound would be nice.
(Currently an ordinary stopwatch-alarm does the job)
When running DBAN on a system without keyboard LEDs (for example a VM), after completion this message gets printed on the console multiple times, until you press Enter to shutdown:
setleds: Error reading current flags setting. Maybe you are not on the console?:
ioctl KDGKBLED: Inappropriate ioctl for device
Final blanking pass should be optional to allow leaving random data on the drive.
Certain devices cause lshw to crash resulting in no disk labels in dwipe.
Known devices:
Waiting for lshw's SVN to be fixed to try latest version.
More wipe methods should be added. Such as badblocks. Patterns 0xAA, 0x55, 0xFF, 0x00 with verify all passes.
Hello,
Nice to see there is ongoing development on this very handy utility!
Do you know how difficult it would be to create an ISO image that also boots from USB without modification? Then one could just download an ISO image and write it to a USB stick using cat
as some Linux distribution ISOs can.
I just spent an hour figuring out how to get the official DBAN onto a USB stick, ended up using this complicated procedure and thought a simple cat
would be a lot nicer :)
Apologies if this feature is already included or prohibitively difficult to do. I couldn't find any mention in the issue tracker or commit logs and don't have any relevant expertise myself.
KR,
Lassi
This should be fixed once the work on updating to latest buildroot is complete. I'll need someone to confirm they're detected as I don't have a Haswell system to test on.
https://sourceforge.net/p/dban/bugs/61/
https://sourceforge.net/p/dban/bugs/57/
Hi,
as more SSDs are integrated in modern PCs, it's also nessesary to wipe them for privacy. Unfortunately the flash logic makes it impossible to predict a full erase of all cells. Also you try to avoid unnessary write cycles to the chips itself.
This requires calling a special ATA command and unlocking the device, which tend to be an annoying manual task....
So it would be nice, if DBAN could detect SSDs and make use of the described procedure instead of wiping all blocks.
Regarding BSI the Host/Hidden Protected Area nor Device Configuration Overlay aren't wiped by default.
It seems that dban should be started with parameters like
------------------------
dban libata.ignore_hpa=1
------------------------
to be ready to really eliminate the whole data on our magnetic disks.
Can someone confirm it? It would be cutting edge to add this feature to enrich dban be much more than just the tool of home data destruction!
Thanks in advance!
Just found this Fork. Congratulations on continuing DBAN.
Long time user here. Usually using v1.0.7 and v1.0.7BETA. v2.2.6 usually never finished booting on dozens of different DELL systems (PowerEdge Servers, Desktops and Laptops). In the past 2 or 3 years I found myself using more and more PartedMagic depending on the system; however PM doesn't support DELL PERCs.
If I could just ask for a few things for future versions: keep it simple and don't add too many new features. KISS. We need a fast-booting, auto-starting wiping tool. Make overwriting with 0 the default, no blanking pass, no verification, just 1 pass.
I haven't used the last v2.2.8, but I'm interested if it works on DELL PowerEdge 2950, R710, R720 and T610 with a DELL PERC 5/i, PERC 6/i, PERC, Hx00i etc.
Fedora release 27 (Twenty Seven)
x86_64 Linux 4.13.15-300.fc27.x86_64
receive error when trying to compile dban....
util-linux 2.28 Configuring
util-linux 2.28 Autoreconfiguring
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'config'.
libtoolize: copying file 'config/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/${ <-- HERE ([^ \t=:+{}]+)}/ at /home/jbergmann/buildroot/output/host/usr/bin/automake line 3936.
autoreconf: /home/jbergmann/buildroot/output/host/usr/bin/automake failed with exit status: 255
make[2]: *** [package/pkg-generic.mk:193: /home/jbergmann/buildroot/output/build/util-linux-2.28/.stamp_configured] Error 1
make[1]: *** [Makefile:41: _all] Error 2
make[1]: Leaving directory '/home/jbergmann/buildroot'
make: *** [Makefile:9: i586] Error 2
In file included from tm.h:46:0,
from insn-recog.c:7:
../../gcc/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix]
fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n",
^
rm gcc.pod
Makefile:3973: recipe for target 'all-gcc' failed
make[4]: *** [all-gcc] Error 2
Makefile:860: recipe for target 'all' failed
make[3]: *** [all] Error 2
package/pkg-generic.mk:196: recipe for target '/home/jbergmann/buildroot/output/build/host-gcc-final-4.9.3/.stamp_built' failed
make[2]: *** [/home/jbergmann/buildroot/output/build/host-gcc-final-4.9.3/.stamp_built] Error 2
Makefile:36: recipe for target '_all' failed
make[1]: *** [_all] Error 2
make[1]: Leaving directory '/home/jbergmann/buildroot'
Makefile:6: recipe for target 'i586' failed
make: *** [i586] Error 2
Version is 30c1b51.
I believe it might be something with gcc-final-4.9.3.... The last compile that was successful was 20160514.
Give quick erase a choice of patterns (add 0xFF to start with). Not sure how hard adding a configuration option would be, may just do separate methods.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.