Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Hard disk firmware hacking ...  (Read 676 times)

phi2008

  • Reg Member
  • ***
  • Posts: 376
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20314
  • Over the Rainbow
    • The ELRepo Project
Re: Hard disk firmware hacking ...
« Reply #1 on: March 18, 2017, 11:27:20 PM »

Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3341
Re: Hard disk firmware hacking ...
« Reply #2 on: March 18, 2017, 11:29:01 PM »

Any magnetic disk is easily hacked by the simple expedient of dismantling it down to individual platters, then spinning up the platters in a clean room with an appropriate rig and head readers.   The HDD PCB electronics are pretty much irrelevant, as long as the magnetic surface is largely intact.

That is why when disposing of an old HDD, in addition to zero-filling, I usually physically trash the platters - a few 3" nails driven through can be convincing, and would frustrate most/all hacking Attempts. 

It is also why (or at least one reason) I am wary of SSD drives.   There are no platters to trash, and so nothing to convince me the stale data won't be hacked. ???
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20314
  • Over the Rainbow
    • The ELRepo Project
Re: Hard disk firmware hacking ...
« Reply #3 on: March 19, 2017, 12:02:15 AM »

It is also why (or at least one reason) I am wary of SSD drives.   There are no platters to trash, and so nothing to convince me the stale data won't be hacked. ???

A bonfire, blow-torch or a furnace would probably be sufficient.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 × 7km ADSL2; IPv6; Firebrick
Re: Hard disk firmware hacking ...
« Reply #4 on: March 19, 2017, 01:20:59 AM »

I have a 1000 degree Morsų stove which does a decent job.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2350
Re: Hard disk firmware hacking ...
« Reply #5 on: March 19, 2017, 08:35:21 AM »

I prefer to be less wasteful and more environmentally friendly,  filling them with junk data , erasing the drives, and finally checking the disc's for remaining data (there isn't any)  before selling them.

Note, I'm talking about my own personal drives, if somebody wants to spend thousands trying to get data off one  of my old drives then so be it, at the end of the day I'm just a normal guy with a normal job,, so a very unlikely target to be investing money into recovering an old drives data.
« Last Edit: March 19, 2017, 08:43:51 AM by Ronski »
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3341
Re: Hard disk firmware hacking ...
« Reply #6 on: March 19, 2017, 09:41:29 AM »

The problem with zero-filling (or junk filling) is there is no easy way to get at any bad sectors.  They'll contain whatever data they contained the day the sector went bad, but you won't see that data from simply reading the disk.

Bear in mind that email clients generally store your password in plain text, as do browsers if you allow them to 'remember'.   And if there is a swap partition, it may contain a snapshot of your PC's RAM.  Do you really want the risk, even if it's a small risk, that such a disk may fall into the hands of hackers?
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2350
Re: Hard disk firmware hacking ...
« Reply #7 on: March 19, 2017, 10:39:47 AM »

I think it's an extremely small risk, it's not that often I change drives (years apart) and I certainly don't allow browsers to store passwords. There's probably a far greater risk of my house being broken into and the PC's stolen, or the ISP hacked etc. Life's too short to worry about every minuscule risk.
Logged

phi2008

  • Reg Member
  • ***
  • Posts: 376
Re: Hard disk firmware hacking ...
« Reply #8 on: March 19, 2017, 06:43:51 PM »

Any magnetic disk is easily hacked by the simple expedient of dismantling it down to individual platters, then spinning up the platters in a clean room with an appropriate rig and head readers.   The HDD PCB electronics are pretty much irrelevant, as long as the magnetic surface is largely intact.

Hacking and data recovery are not really the same thing normally, forensic examination of disks typically means cloning them using their own interfaces - not extracting platters. Even when the platters are removed there are fairly simple techniques that make data recovery difficult if not impossible.

Taking ZFS, for example, journaling file systems are well known for causing issues with secure deletion. One approach is to generate an encrypted directory, for sensitive data, using some keys. It's then effectively possible to wipe the contents of that directory instantly - simply by destroying the keys - no overwrites required.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2350
Re: Hard disk firmware hacking ...
« Reply #9 on: March 19, 2017, 09:07:13 PM »

That reminds me, I must encrypt my phone, and I presume using Bitlocker drive encryption on Windows will do the same.
Logged

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 × 7km ADSL2; IPv6; Firebrick
Re: Hard disk firmware hacking ...
« Reply #10 on: March 19, 2017, 09:43:56 PM »

I always used bitlocker on my own Win NT-family Thinkpads, even though it did make performance a bit lame. Having a ridiculous amount of RAM helps a bit, I think. I wonder if this kind of encryption can be done without having too much processor load provided you have fast RAM. Would this design work: generate a fat load of crypto garbage ahead of time, before it is needed put the garbage in an encrypted store so that you have to unlock the store to get the garbage out. Then you simply xor the data with a piece of garbage material taken out of the store then removed from it, so that the repository keeps getting deleted and a particular block of garbage gets used one time only. Then you need to add more garbage into the repository reasonably soon to keep it full, but you might be able to do this later, in a lazy fashion, if the system isn't experiencing too much constant demand. Then writing data to the disk would be extremely fast, just requiring one xor and no computation as long as the cost of refilling the repository and sealing it can be paid for later in idle / free time. So it would cost some Joules but not add an immediate delay under favourable circumstances. I wonder if I got any of that right at all?
Logged