Uncomplicated File Wipe for *NIX

We needed to guarantee to one of our customers that a file will be securely deleted. Since the server was a HPUX Unix and we can’t compile nor install new applications, I managed to write this script to wipe the file.

The file is overwritten 7 times as the US Department of Defense clearing standard DoD 5220.22-M specifies and renamed another 7 times before being deleted. It is written for the KSH shell as many UNIX has it by default. It doesn’t run in bash but you can edit it to fit your needs.

Here is the code:

#!/usr/bin/ksh
# Script by Adrian Puente Z..
# Powered by Hackarandas www.hackarandas.com
# Licensed by GNU GPLv3
# http://www.gnu.org/licenses/gpl-3.0.txt

# US Department of Defense clearing standard DOD 5220.22-M (ECE)
PASES=7
# Device to overwrite the file.
# Can be:
# /dev/random
# /dev/urandom
# /dev/zero (less secure, overwritten with zeros)
RANDEV=/dev/urandom
NAME=$$
COUNT=0
FILE=$1

if [[ $# -eq 0 ]];then
	print "Syntax: $0 "
	exit 1
fi

if [[ ! -f $FILE ]]
then
	print "File $FILE doesn't exists"
	exit 1
fi

if [[ ! -w $FILE ]]
then
	print "Can't write on file $FILE"
	exit 1
fi

SIZE=$(ls -l $FILE | cut -d' ' -f5)

print -n "About to wipe file: $FILE are you sure? \"N/y\": "
read answer
print ""

if [[ ! ( $answer = 'y' || $answer = 'Y' ) ]]
then
	print "Command canceled."
	exit 0
fi

while [[ $COUNT -lt $PASES ]];do
	(( COUNT += 1 ))
	print "Pass number: $COUNT"
	dd if=$RANDEV of=$FILE bs=$SIZE count=1
done

COUNT=0
echo "Renaming..."

while [[ $COUNT -lt $PASES ]];do
        (( COUNT += 1 ))
        (( NAME += "$NAME$COUNT" ))
	mv -v $FILE $NAME
	FILE=$NAME
done

rm -v $FILE
FILE=$1
echo File: $FILE deleted.
exit 0

The syntax is simple:

      --.^       (ch0ks@xipe)*(20:38:05)*(~)      ^.--
-=:)> uncomplicatedwipe.ksh 
Syntax: uncomplicatedwipe.ksh 

You can follow this commands to test the script:

 hexdump /dev/urandom > foo.txt 
#after some seconds press CTRL+C 

Now we wipe the file

      --.^       (ch0ks@xipe)*(20:36:00)*(tmp)      ^.--
-=:)> uncomplicatedwipe.sh foo.txt 
About to wipe file: foo.txt are you sure? "N/y": y

Pass number: 1
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 4.01637 s, 3.9 MB/s
Pass number: 2
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.87637 s, 4.0 MB/s
Pass number: 3
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 5.451 s, 2.8 MB/s
Pass number: 4
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 4.48904 s, 3.4 MB/s
Pass number: 5
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.88731 s, 4.0 MB/s
Pass number: 6
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.98379 s, 3.9 MB/s
Pass number: 7
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.2128 s, 4.8 MB/s
Renaming...
`foo.txt' -> `69257'
`69257' -> `761829'
`761829' -> `8380122'
`8380122' -> `92181346'
`92181346' -> `1013994811'
`1013994811' -> `11153942927'
`11153942927' -> `122693372204'
removed `122693372204'
File: foo.txt deleted.

In the next release I will make a recursive version for directories and you can visit my other projects here.

Troubleshoot: Some Unix systems doesn’t have /dev/urandom device so you can play with the RANDEV variable to use the one you have.

Update: Some versions of HPUX doesn’t have /dev/[u]random so you can use as a desperate alternative the /dev/zero device. I found in a forum that some versions of HPUX doesn’t have the /dev/zero device so you can create it with this command:

#!/bin/sh

# major/minor for HPUX 11.X
mknod /dev/zero c 3 4
chown bin:bin /dev/zero
chmod 666 /dev/zero

Adrián Puente Z.

, , , , , , , ,

Share

About ch0ks

Untamable cybersecurity enthusiast focused on DevOps and automatization. Former Pentester, CTFer, Linux fanboy, full time nerd and compulsive SciFy reader.
This entry was posted in Code, Hacking, Security and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.