Saturday, September 15, 2012

Windows 8 Linkage: A Bit Behind the Ball

CC attribution: behind the eight ball by Ed Schipul on flickr.

image

OK. Confession time. I’m more than a bit exhausted this weekend. Besides a particularly busy week at work, for some crazy reason I kept myself up till past midnight every night this past week watching a PBS run of Wagner’s Ring Cycle opera production: GP at the Met: Der Ring des Nibelungen - PBS. From a technical staging perspective alone it was stunning, but this was the first time I watched all the operas straight through. It takes an emotional toll.

Beautifully punishing.

Apparently I’m not the only one suffering a Wagner-induced hangover, A short post after a lot of opera « From the Hatchery

So please bear along I untangle myself mentally from it over the weekend.

Also, if you are running Windows 8 under VirtualBox (I’m currently using VMWare), Oracle released VirtualBox 4.2.0 just this past Thursday. See the changelog. I’m mentioning it as this version is said to include improved Windows 8 support.

Outstanding Windows 8 Link of Note

While my decision to stick with Windows 7 for the near-term remains intact, Scott’s above post has been hands-down the most powerful and well written post I’ve yet encountered to convince me that I will be upgrading to Windows 8 sooner rather than later. I agree that Microsoft has a serious “usability” hurdle to get past to encourage consumers and enterprises to pick up this new OS iteration. That said, the blood, meat, and bones of Windows 8 is quite remarkable. Scott’s excellent post goes a long way in simple terms to communicate that progress, while painful, has its own set of rewards.

Win8 - Start Here - Get It

  • nothing new of note since last post.

Win8 - Related Products and Services

  • nothing new of note since last post.

Win8 - Install It

Win8 - Under the Hood

  • nothing new of note since last post.

Win8 - To Go

  • nothing new of note since last post.

Win8 - Tweaks

Win8 - Deeper Insights

Win8 - Usage Tips

Win8 - Miscellanea, Rumors, & General Grumblings

Windows 8 - GSD Previously Posted

Hoyotoho! Hoyotoho! Heiaha! Heiaha!

--Claus V.

Keep Calm and Use Your Keyboard - @robertmclaws

attribution: Robert McLaws - as spotted on ComputerZen

Sunday, September 09, 2012

Scratching at a SCSI Drive Itch - Part II - WinPE Redux

In the first installment, Scratching at a SCSI Drive Itch - Part I - Hello Ubuntu, we were siting on this problem:

  1. I had a bevy of Dell PowerEdge servers to secure wipe.
  2. Each sever used a SCSI controller board and held two SCDI drives of varying size.
  3. I was using DBAN / Darik's Boot And Nuke to do a DoD 3-pass short wipe pattern on them.
  4. I was seeing random “non-fatal” error reports when wiping was done.
  5. I wanted to perform a secondary sector-based verification of the wipe efficacy.
  6. My custom WinPE 3.0 boot-CD disk didn’t have the needed drivers and I was having great difficulty finding them.
  7. I worked out using Ubuntu to accomplish the task, but it wasn’t time-efficient.
  8. A storm was brewing and development time for a solution was short.

The Rub…as they say…

was in the particular set of Adaptec SCSI controller drivers I needed.

The bad news was that I had a collection of Dell PowerEdge server models from 1300’s to a 2800, and just about all steps in between.

The good news is that in using DBAN, during the system and SCSI hardware boot process, they listed themselves. I noted they were the following:

  • Adaptec AIC-7890
  • Adaptec AHA-2940
  • Adaptec AIC-7860

At least I had something more specific to search for…now could I just find them in a WinPE 3.0 compatible driver format?

WinPE Revisited…Tip #1

Apparently, I wasn’t the only one who had encountered this problem finding WinPE drivers for Dell servers.

Chris Osborn had also run into a similar challenge and documented it in his fairly recent post Insentricity :: Installing Windows 7 Without a DVD Drive ::

In his case he was trying to install Windows 7 on a Dell PowerEdge sever (different model from my collection) via USB from a WinPXE source. Only it didn’t have the Adaptec SCSI controller drivers needed. Sounded familiar.

In Chris’s case, he was able to track down the specific Adaptec AIC driver file source.

The problem after booting the WinPE was that it refused to see the HD. After lots of googling trying to figure out how to add drivers to the WinPE image I finally found the secret incantation. It actually wasn't too bad, the real trick was figuring out what to download from Dell. Even with the service tag entered on their site, they give you back an abundance of "things" that may or may not be the driver you're looking for. When I tried the first SCSI driver I downloaded it didn't work so I spent a long time trying to figure out how to convince the WinPE to load the driver. I then decided to try a different driver from Dell, and sure enough, it worked right away.

I could do all that I suppose, but trying to figure out which was the correct Adaptec driver I needed from each of the Dell PowerEdge server driver pages, unpack the Dell driver executable package, and then drop them into a LiveCD to test each time (hoping they would work under PE 3.0) still seemed like a lot of work. Though it did leave me hopeful.

WinPE Revisited…Tip #2

Next I stumbled upon Dell’s AppAssure product page while searching for Adaptec SCSI drivers in the particular models I had.

This page, Protecting and recovering an EFI system looked promising and seemed to use a custom WinPE platform Replay Recover Anywhere (RRA) to accomplish its mission. Additional digging on the site led me to a PDF file of the tool that talked about both the “RAA Driver Library” and listed the ones provided. Sure enough, there on page 22 were the SCSI Adaptec drivers I was looking for…and then some!

Basically the process was thus, download the Boot CD Builder. Next, get the driver download package for the Replay 4 Boot CD Builder and unpack them.

Then, install the RRA Boot CD builder and inject the readied driver pack. Burn the CD. Done.

Simple, right?

Well, not exactly. Turns out as cool as the RAA building tool is for us WinPE geeks, it requires provision of a product License Key to work.

Not so good, but not a total loss as I got some good takeaways.

  • Even if it can’t be used directly, you can download/install and get all kinds of components out of the BootCD building package including some drivers, some interesting WIM files to pick around, and it was interesting learning and exploring the building tool’s file structure and components.

    Below you can see the folder structure for the AppAssure Boot CD Builder installation.

    hz5x40er.h0a
  • The collection of controller drivers for WinPE was golden and too vast to list. It was freely accessible and was easily downloaded, unpacked, and readied for use as needed in this project. Some of these may or may not work under WinPE 3.0, but it’s a good place to start in a single location for a wide range of hardware. Below you can see a list of the folders (and sub-folder “AlternateDrivers”) that the package provides.

5lyslzrj.tw3

WinPE Revisited…Tip #3

I next found this forum thread for someone looking for Windows 7 (WinPE 3.0) Adaptec driver.

Unable to locate Windows 7 compatible driver for Adaptec AIC-7892 - Microsoft Answers

Seemed a stupid thing, but I popped over and dug around on Adaptec’s site. I won’t link to everything I chased but the following should get interested folks started.

It took me a while but I quickly confirmed that it pretty didn’t much matter what family/driver I needed, they were bundled together and all paths led to a few Roman cities, and Windows 7 was listed as a supported driver! Yea!

I also found that the driver packages themselves, being both small in number and small in size, and Windows 7 supported, would not add too much size to my pre-existing custom WinPE 2.0 build.

So for good measure I went ahead and snagged every Adaptec “Ultra” SCSI driver hardware pack download I could find along with the 2940 Family pack. I think I also grabbed the “SAS-4000, SAS-4800SAS, SAS-4805SAS” pack as well. It may sound like a lot but in the end it resulted in just 4 or 5 zip file packages to unpack and tuck away. Just pay attention to the ultimate pack filenames and you will see what I am talking about.

I finally had my WinPE 3.0 Adaptec drivers! Success was in reach.

By the way, did I mention I also found this?

Dell Driver CAB files for Enterprise Client OS Deployment - Enterprise Client - Enterprise Client - Dell Community TechCenter

At the very top of the page you will find WinPE 2.0 and WinPE 3.0 Driver CABs for Dell Enterprise class systems (Latitude, Optiplex, Precision). The WinPE 3.0 collection is very fresh (07/2012).

The log-jam had broken and the flood was coming!

Inject Me!

Next we have to get the drivers added into the existing WinPE boot.wim file.

I’ve mentioned it before, but “wmmayms” had a great, well-illustrated guide that walks one through the process.

Guide: Adding drivers to a custom winPE (3.0) - boot images - Windows-Noob. This post explains just about everything you need to know about the manual/command-line process. It uses the DISM.exe tool and is pure command-prompt based, baby.

Then these additional guides are great and clear supplements.

DISM - WinPE 3.1 Boot Environment - The IT Bros. In this alternative guide and building method, Brian Jackson takes us on a most-excellent walkthough from start to finish. Not only does he help us from the very start in collecting our materials, but besides the command-prompt, Brian offers some custom WinPE 3.1 Scripts of his own and then leverages one of my favorite WinPE wrangling tools, GImageX.

You might also want to compare both of these methods with this Create a WinPE Bootable disk to Support Dell Hardware (NIC, Mass Storage Injection) - OS and Applications - Dell Community TechCenter article as well. Give your attention to the “Winpe” section at the top. This outlines a slightly different technique using imagex.exe.

Of course, this assumes your system has all the bits needed. While I have all my previous custom WinPE files/folder structure handy I ran into a problem.

For some reason, even though my latest custom boot disk was a WinPE build, somehow my work system was still loaded with the Vista (WinPE 2.0) WAIK kit.  As such I was missing the DISM tool that first made it’s appearance in the Windows 7 (WinPE 3.0) WAIK.  You may want to follow up with the Windows 7 WAIK Supplement for Win 7 SP1 if desired. I didn’t.

So I uninstalled the Vista WAIK, rebooted, and then considered the System requirements for the Win 7 WAIK. I noticed XP wasn’t listed and my work system is still running Windows XP Pro SP3. Would it balk and make me move my building to a Win 7 lab PC? Nope. Installed and worked just fine, thank you very much.

Note: there are a number of ways to build a WinPE boot disk without all the WAIK overhead if you desire. This takes it’s own amount of work and dancing. I've used the WAIK for so long it is second nature to me but you may want to consider it if this is new to you.

Now I could have stopped here and followed wmmayms’ guide and after some CLI-fu had it up and running.

But where’s the fun and discovery in that?

Cool Tool MegaFind!

See, in my Google-work I had run across a super-cool -- and new to me -- GUI front-end for manipulating the DISM and injecting drivers into a WIM file.

OMG! Bonus score!

DISM GUI - CodePlex project page developed by mikecel79 (Mike Celone). Mike's Blog

DISM GUI is a graphical interface for the DISM command line utility written in the .NET.  DISM GUI allows you to mount and dismount WIMs, manager drivers, features and packages.

I didn’t find any documentation on using the took, however, if you are even reading this post or know what the DISM.exe file is/does, then you already pretty much know what you need to know.

Here’s a brief walkthrough just in case.

Download the file linked above at CodePlex

Extract the ZIP file contents. You will get a single file called “DISM GUI.exe”

Move/Copy it into the location where your appropriate DISM.EXE file is. On my Windows 7 x64 system it is showing in four locations:

  • C:\Program Files\Windows AIK\Tools\Servicing\Dism.exe
  • C:\Program Files\Windows AIK\Tools\x86\Servicing\Dism.exe
  • C:\Program Files\Windows AIK\Tools\amd64\Servicing\Dism.exe
  • C:\Program Files\Windows AIK\Tools\ia64\Servicing\Dism.exe

Since my WinPE 3.0 building is to support x32 systems, I picked the x86\Servicing location.

I already extracted all my special driver packages which had been downloaded. In my C:\winpe_x86 building folder, I created a folder called “Drivers-To-Inject” and dumped the unpacked folders/contents into it.

Launch “DISM GUI.exe” from the shortcut you made. I ran mine as Administrator, though that may not be necessary depending on your system particulars.

On the first tab, “Mount Control” select your WIM location to mount. In my case I just have a single index build, so I left the index location alone.

Next select the Mount Location where the WIM will be “unpacked” to temporarily.

Finally click the “Mount WIM” button to get started.

gsx0pmra.hql

You should see some output of the commands in the bottom pane. Hopefully it was successful. Depending on how large your wim file is, it may take a while. Be patient.

Next, let’s add our drivers.

Select the “Driver Management” tab.

Click the “Choose Driver Folder” button and browse to the location you put your drivers in. In my case I created a folder called “Driver-To-Inject” and then there is a sub-folder for the Adaptec drivers, a sub-folder for the Dell WinPE 3.0 drivers, and a third sub-folder for the Dell AppAssurance driver collection.

Since I had the “Recurse” check-box selected, it will add ALL the drivers it finds under the main folder. Doing it this way saves a lot of time if you have a lot of separate driver packs to add.

Once you have everything…just click the “Add Drivers” button to inject them into your mounted WIM.

zcgfehz4.l13

Again, that process may take a while to complete depending on the number of drivers you are adding. Be patient and once done you should see the output in the window pane below. Your results may vary based on the drivers you install.

vu0df3kx.z33

Once all is done, you need to dismount and commit the changes you made to your WIM file.

Go back to the first tab “Display WIM Info” and punch the “Dismount WIM” button. You will then be presented with an additional dialog window confirming you want to commit (save) the changes made to your WIM. Select “YES”

13iuzskb.mij

It will take a while again, but once done, your WIM should now be packed with all the additional drivers injected into it to work as needed when you boot your mastered WinPE disk/USB.

The DISM GUI tool makes this entire process a breeze.

Other similar tools I’ve mentioned here at GSD during my previous WinPE building posts worth reminding you about are:

  • GImageX - AutoItScript. This is a great GUI tool that makes working with the WAIK’s Imagex.exe file tool so much simpler.
  • Je Jin's DISM Tool - Another (not so intuitive but pretty powerful) GUI front end for DISM.exe.
  • GUI Dism ELDI v3.0.2 - Early Java version by ELDI developer. His main website is down (or very slow loading). However his latest version appears to be hosted at this MediaFire link and contains several packages that I understand now support the WinPE 4.0 (Win8) WAIK PE’s. unlike the v3 build that is based on Java, this newer one uses .NET. I’ve not played with them. See this GDism ELDI v6.2 forum post for the access bits you need for the MediaFire downloads as well as running discussion on the tool.

Additional notes,

It also supports adding in additional “packages”. See this TechNet page for more on those; Add a Package to a Windows PE Image.

It can also install additional “features” packages as well such as the WinPE-WMI Feature pack, language packs, and the WinPE-Scripting Feature pack. My needs are pretty simple so I skip these. The tabs and controls are very intuitive so if you know you want them, you should be able to figure out how to use this tool to get them in with no issues.

Almost Done!

Now in my case, I already had a lot of bells and whistles added into my previously built WinPE 3.0 building structure.

Besides all the custom apps I had previously included, I also dropped the following apps/folders into my c:\Temp\winpe_x86\ISO folder location so they would be included and accessible off the WinPE CD specific to my needs for this project. Remember the whole point is to use a GUI-sector editor to check the drive sectors out for confirmation of wiping efficacy.

  • HxD - Freeware Hex Editor and Disk Editor’ - mh-nexus
  • wxHexEditor - a Free Hex Editor / Disk Editor for Huge Files or Devices. This is the Windows binary previously discovered in the last post.
  • Forensic Acquisition Utilities - George M. Garner Jr.s awesome command-line collection. Selected as it has a Windows “dd” equivalent just in case as well as the “Volume_Dump.exe” tool to provide volume and drive information.
  • dcfldd - another Windows binary written by Nicholas Harbour which has some “dd” command ability..and then some.
  • TestDisk - CGSecurity. This was added because TestDisk will discover and report all drives and drive path formats it finds. Helpful for quickly confirming your drives are visible and attached, and what size they are. Something FAU’s “Volume_Dump.exe” also does handily.
  • DHE Drive Info - Dipl.-Phys. Dirk Hauschild. This is a super nice tool for getting all kinds of drive info from a system. It does require the MSVBVM60.DLL file to run, so if you add this app to your WinPE disk, be sure to find and copy “MSVBVM60.DLL” from your system along with it to run properly.
  • Drive Manager - A freeware disk-info tool from Alex Nolan.
  • DiskSmartView - NirSoft. Also provides disk info, I was using it to confirm sector information.
  • HDD Wipe Tool - HDDGuru. Just in case…

Feel free to add additional ones depending on your needs. If you aren’t getting too crazy and are just using the base WinPE image WIM file, you should be aware you only boot to a simple Command Prompt window interface. If CLI navigation isn’t your thing, you may want to also add a simple windows file explorer like Explorer++ or My Commander to the root of your disk (copy the binary into the ISO folder). Then when you get to the WinPE command window, just type D:\EXPLORER++.EXE (or whatever the application name is) and get navigating in a handy GUI to browse to your tools.

Depending on the issues seen (for example the drive was not zero-out as believed) I could then use the WinPE embedded command DISKPART> clean all to zero out the drive again, or the FAU’s “dd” or DCFLDD to zero it out as well. The options are many.

Note: if you are using a WinPE CD format, then you may need to confirm they will work off a CD OK. If they need to read/write, you will have to do some other things, like dropping them into your “mounted” WIM before dismounting/committing it so they will be on the X: “RAM Drive” and can operate properly. Some may also require some additional dll dependencies that you will need to find/copy over from your system for them to run properly as well.

Wrapping it all up...

The last thing we need to do is “master” the WinPE package into an ISO file.

Go to the Start menu and under All Programs find the Microsoft Windows AIK folder and launch Windows PE Tools Command Prompt, or open a command prompt and type

cd c:\program files\Windows AIK\Tools\PETools.

Then, type (note your correct paths and change accordingly, mine for this particular project are listed below).

oscdimg -n -bc:\winpe_x86\etfsboot.com c:\temp\winpe_x86\ISO c:\temp\winpe_x86\winpe_x86_Injected.iso

(all one line)

In my case, a WinPE 3.0 bootable ISO file named “winpe_x86_Injected.iso” was created inside the c:\temp\winpe_86 folder.

With the ISO image file created, you can now burn the image file to CD.

I personally stick with the CD sized builds as almost every system we touch (old and new) comes with a CD-ROM drive. This is particularly true with these servers. If you try to burn a DVD sized ISO with the normal instructions above it will error out.  You must use the undocumented "-m" argument in your string to force it to build the ISO over the normal CD-sized ISO size.  Use the -m switch to override the creation of ISO images larger than 700 MB.

oscdimg -n -h -m -bc:\winpe_x86\etfsboot.com c:\temp\winpe_x86\ISO c:\temp\winpe_x86\winpe_x86_Injected.iso

Deploy! Boot! Verify!

Once the work was done, I used the disk to boot one of the now DBAN DoD 3-pass short wiped/zero’ed Dell servers.

The server booted, the WinPE boot disk was accepted and booted the system.

The driver/hardware discovery process completed and WinPE was up and running.

I launched TestDisk to quickly see if both drives were visible;

  • Disk /dev/sda
  • Disk /dev/sdb

…were both reporting. I noted the location naming path and the sizes.

I then launched HXD, my favorite GUI-sector editor. I mounted /dev/sda and quickly scrolled through the display to confirm all zero’s were showing and no non-00 data was present. Good.

I then launched wxHexEditor and repeated the process for both disks. Great.

Zero’s across all sectors as far as the eye could see.

At this stage I was pretty sure DBAN had done the job.

1fttbckp.5ps

Not my actual custom WinPE disk, but a serviceable basic WinPE 3.0 facsimile for illustrative purposes running in a VirtualBox session. Hopefully you get the idea.

Shut down the WinPE session, eject the disk, confirm one more time the physical drives found inside the server chassis matched the number confirmed wiped as above.

Repeat for the next server…

The newly updated WinPE 3.0 (now SCSI controller supported) disk had saved the day again.

Mischief managed.

--Claus V.

 

Bonus Linkage: Additional Valca custom WinPE building blog-post links to check out in case you are just joining the Grand Stream Dreams blog fan club. All organized in one place for quick research and reference.

WinPE 2.0, 3.0 (Win 7), and 4.0 (Win 8) super freaky/tweaky custom building posts

These posts move on beyond CD/DVD media WinPE formats to bootable WinPE USB platforms. These are much faster loading and can make use of “portable” application access from your WinPE OS much more simple.  I also show how to multi-boot a WinPE device on USB and CD/DVD media.

WinPE 2.0 (Vista WAIK based) building posts

For dead-simple custom WinPE 2.0 / 3.0 building projects, check out WinBuilder package tools over at their Projects - reboot.pro pages.

Note WinPE 1.0 (XP WAIK based) is very outdated. I cut my WinPE teeth using old BartPE building tool to make custom WinPE boot CD’s. It worked great and was very slick but Microsoft’s WinPE 1.0 license restrictions were very tight. It has been mentioned glowingly in the way-past here at GSD but, seriously, it’s time to move on…

--CV

Saturday, September 08, 2012

Scratching at a SCSI Drive Itch - Part I - Hello Ubuntu

So one of the many assignments I have been working on lately is the decommissioning of a hoard of old Dell PowerEdge servers which will be sent to pasture. New technology has been deployed and these are obsolete.

Models range from 1300’s to a 2800; and each contains a pair of SCSI drives.

Accordingly, we need to be sure that all resident data has been purged from the internal drives. (Since apparently just yanking and tossing them into a super-shredder or piercing them with a ram-driven spike isn’t an option.)

The Great Wipe Hope

Instead, I turned to wiping them using DBAN / Darik's Boot And Nuke

I had to use a combo of builds as in some cases the CD ROM drive in the server didn’t work and I didn’t feel like tearing the chassis apart to swap them (or the drive bay carriages). For that I used the last DBAN version that came in a floppy drive format. Otherwise I used the latest CD-based version.

Either way they both seemed to do a good job with a DoD Short 3-pass wipe/zero session. (Yes, yes, I know..a 3-pass now days? The powers that be require a 3-pass minimum wipe if we are passing them on.)

So while DBAN seemed to handle the SCSI drives and daughter-board (?) adapter hardware just fine, every now and then on some of them I would get a “non-fatal errors were encountered” message when the wiping was done.

Obviously I wasn’t tending them full-time so I couldn’t find the error as the logging didn’t work too well; something about writing to a full floppy and/or the CD version obviously couldn’t write to itself.

Anyway…all’s wiped is good correct?

Nay! “Constant Vigilance!”

Reality Check-in

I  just remained uncomfortable releasing these wiped servers without doing an independent verification that the drives really showed all sectors as “zero-out”.  Didn’t want the mess of answering questions if one turned up on E-bay unverified with data still on it. That would be a Bad Thing™.

So my plan was simple.

I’d just pop in one of my custom WinPE CD’s and run a Windows-based "sector editor” against the drives and quickly confirm we found an all-zero pattern.

Simple right?

Not really.

See what I quickly found out is that while my custom WinPE CD is a really cool tool, (big surprise) it didn’t have the needed SCSI adapter board drivers. So while I could boot the iron, I couldn’t see the drives.

That sucks and the plan is now in jeopardy.

I did some reconnoitering via Google and while I found all kinds of things regarding adding drivers to WinPE (something I already knew), trying to find a source for the specific mass-storage SCSI drives that would run under WinPE 2.0 seemed fruitless.

In which Kirk learns that finding WinPE SCSI drivers for the Enterprise may be a problem

In Which “Plan U” is Formed…

So I regrouped.

I knew that Linux seemed to be handling the particular SCSI drives/adapters OK since DBAN was working without any issues.

Since I have been working in Linux quite comfortably, I went directly to Ubuntu for a LiveCD solution.

Sure enough, a check of the Installation Media page found that SCSI CD-ROMs were supported as was the following:

Generally, the Ubuntu installation system includes support for floppies, IDE (also known as PATA) drives, IDE floppies, parallel port IDE devices, SATA and SCSI controllers and drives, USB, and FireWire. The supported file systems include FAT, Win-32 FAT extensions (VFAT) and NTFS.

Disk interfaces that emulate the “AT” hard disk interface — often called MFM, RLL, IDE, or PATA — are supported. SATA and SCSI disk controllers from many different manufacturers are supported. See the Linux Hardware Compatibility HOWTO for more details.

Following that link I confirmed that the particular SCSI controllers I was encountering in these systems was also supported.

Great.

So what process should I use to verify a total zero-out of the drives under Ubuntu?

…and DD is summoned

I knew from my previous secure drive wiping studies that the terminal command tool “dd” could be invoked, not just to wipe a drive but also examine sector data and contents.

From Disk Wiping with dcfldd - Anti-Forensics blog, MAX shows us some techniques (using dcfldd though dd worked fine with the same commands seen below since dcfldd wasn’t on my Ubuntu build):

To view the first sector (with dd) of the first attached drive;

sudo dd if=/dev/sda count=1 bs=512 | hexdump -C

For additional sector spotting, just change the value for count= accordingly.

If the drive had been fully zero-ed out, then running the following command…

sudo dd if=/dev/sda | hexdump -C

…should result in the following output as seen on a blank virutal drive I have handy:

rl01d21i.t4z

All zero’ed out!

I found some additional tips from Dr. Nikolai Bezroukov over on this super-detailed dd usage information page, including this gem:

I just want to make sure my drive is really zeroed out!!

dd if=/dev/sda | hexdump -C | grep [^00]

... will return output of every nonzero byte on the drive. Play around with it. Sometimes drives don't completely zero out on the first try.

And finally, Raymond McKendall has some super-useful “dd-fu” secure wiping verification tips at his Ray’s Notebook site post Erasing Disk Drives. (Note: no page-scrape offense is intended to Mr. McKendall. I want to record all this in case I need to print this post in entirety and take a single hard-copy output with me for quick reference. Full props to him as I doubt I wouldn’t have easily figured this out on my own!)

It's not a bad idea to verify that the drive has been completely overwritten. When the fill pattern is a constant, like 0x00 or 0xFF, then hexdump provides an easy means to check shredding:

-> time hexdump -C /dev/sdb
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
df8f90000

real 40m21.654s
user 9m16.822s
sys 1m47.435s

Here, hexdump reports that the file contains 0xdf8f90000 bytes and that each byte has the value 0x00. To verify this byte count, let bc convert from hexadecimal to decimal: -> echo $bytes; echo "ibase=16; DF8F90000" | bc 60011642880 60011642880

As it turns out, hexdump offers formatting options that can be used to condense the previous report:

-> time (hexdump -e ' "%d " "%_Ad bytes\n" ' /dev/sdb; echo $bytes)
0 *
60011642880 bytes
60011642880

real 40m34.971s
user 30m37.536s
sys 1m56.239s

The first output line indicates that all of the bytes are zero, the second line reports the total number of bytes examined, and the third line echos the value of $bytes for easy comparison.

Alternatively couple dd with hexdump to get a record count and timer all in one. This next example also specifies an ouput format to hexdump, just to be fancy:

-> dd if=/dev/sdb | hexdump -e '"hexdump: " "%d"'
hexdump: 0*
117210240+0 records in
117210240+0 records out
60011642880 bytes (60 GB) copied, 2685.18 s, 22.3 MB/s

The "0*" verifies that all bytes are zero, and the record and byte counts show how many bytes were examined. It's easy to verify that these counts meet expectations:

-> echo $sectors sectors $(( $sectors*512)) bytes
117210240 sectors 60011642880 bytes

And to see the elapsed time in minutes:

-> echo "scale=1; 2685/60" | bc -l
44.7

Or, use grep

-> grep -v -P '\0' -c -m1 junk 0

Which was all well and good, but…

This whole process was very time-consuming. To say it nicely.

Running any of even the basic dd verification methods, though quite definitive, would require many hours…per disk. And since the hard-drives I had were in the 16-80 GB range, and I had a gazillon of them to check…this technique while thorough, was a time-killer.

…pssst, Buddy. Got a good Linux sector editor GUI?

Despite my best efforts, I couldn’t find a GUI-based sector editor pre-loaded in the Ubuntu  12.04 base distro.

So I went looking wider.

Experimenting with GNU/Linux: Five gui hex editors for ubuntu - UnixLab blog

This was a great starting point, and I spent last weekend trialing them and others on my virtual Ubuntu system.

Bless Hex Editor - Ubuntu Apps Directory. Bless worked great, was able to be downloaded directly from the Ubuntu Software Center app and was easy to use. When launched via the terminal with “sudo” (a process I had to follow with all the apps listed below), I was able to access the local hard drives sda/sdb and quickly perform a visual inspection of the sector contents.

ct3q222c.0og

Tweak: an efficient hex editor - Ubuntu Apps Directory. This is a terminal-based sector-editor, but does provide a GUI-like interface view. See this Ubuntu Manpage: tweak for the terminal command syntax as well as this developer’s Man page for tweak. It worked well and was also installable via the Ubuntu Software Center.

0t3caxxp.3b4

Ncurses-hexedit: Edit files/disks in hex, ASCII and EBCDIC - Ubuntu Apps Directory. This is another terminal-based sector editor in a GUI-like interface view. See this [N]Curses Hexedit manual. It worked well and was again installable via the Ubuntu Software Center.

vy1lzkp2.sq3

hexedit - Ubuntu Apps Directory, likewise again could be installed via the Ubuntu Software Center. Invoke from terminal via : sudo hexedit /dev/sda

vbkndi51.sbc

KDE Utilities - Okteta - This is very nice, but to fetch it you must run: sudo apt-get install okteta  I also had issues accessing and viewing /dev/sda with it that I couldn’t overcome. So despite the nice look, it didn’t fit my bill easily.

There were a few others, but these seemed to be the biggest and easiest to use “out of the box”.

Then there was wxHexEditor…

wxHexEditor  - a Free Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX

I really, really liked this tool. It is seriously good. Really!

yxujqx3t.sqr

Not only was it rocket-fast and easy to see/navigate around it, as an added bonus it has a helpful “infoPanel” docked in the bottom left corner to verify the drive/size you are looking at. So if I had a 16 GB drive but was only seeing 8.0 GB reporting, I’d be worried.

Getting it on Ubuntu was a particular challenge to me since it was not listed in the Ubuntu Software Center and I am a Linux noobie.

The “easiest” way I could come up with it was to go over to GetDeb.net V2 - Software for Ubuntu Linux’s wxHexEditor page.

Using that source required me to first install the “get-deb” package to then fetch wxHexEditor.

That wasn’t a problem, but for some reason it didn’t work via downloading from Firefox.

So I re-read the instructions and found that bug 476853 applied to me. Which basically says Firefox hoses the downloads. So I then had to download Chrome into my Ubuntu build to fetch things. That worked and I was eventually able to successfully get wxHexEditor running nicely in Ubuntu.

Did I mention it was compiled in Linux, Mac OS X and Windows binaries? Sweet!

Success? Let’s call it a Pyrrhic victory…

OK. So here’s the rub.

To accomplish my GUI-sector-viewing quick-verification goal on each of these servers, since I was using a LiveCD of Ubuntu I had to…

  1. Wipe the system with DBAN, wait to finish.
  2. Reboot the system with Ubuntu
    1. Did CD-ROM drive work? Yes? Continue to step 3.
    2. No? pull SCSI drive carriage out of system and place into sever that had working CD-ROM drive. Continue to step 3.
  3. Carefully select option to try LiveCD rather than install Ubuntu onto (hopefully) wiped drive.
  4. Wait for Ubuntu to load into limited server system RAM bank.
  5. Wait some more.
  6. Connect network cable to server.
  7. Wait for network detection.
  8. Download “Bless” via the Ubuntu Software Center.
  9. Install “Bless”
  10. Run Bless to then inspect /dev/sda & /dev/sdb
  11. OK?
  12. Shut down Ubuntu/eject disk.
  13. Open server chassis to visually verify no additional non-detected SCSI drives were present. Two were expected, confirm that only two physical drives are inside the box.
  14. If step 2.2 was invoked, replace drives back into original server chassis.
  15. Repeat

This took a frigging long time.

Successful? yes.

Efficient? hardly.

So whatcha gonna do? Build a custom Ubuntu LiveCD?

Well, I suppose I could re-master a Linux LiveCD of Ubuntu that has Bless (or wxHexEditor) installed in it. Way, way before I built Windows PE disks, I cut my teeth making custom Knoppix Live CD’s to use to off-line boot and recover files from DOA Windows NTFS partitions. That was how I first got acquainted with LiveCD formats. That was when having a DOS boot floppy disk for system servicing was still required carry.

I checked out that possibility and found a number of techniques and methods to do so:

Here is the deal. While I was pretty confident I could successfully do it, my project timeline to wipe and get the severs returned for surplusing didn’t give me enough time to do so.

Then again, maybe I could find another Linux LiveCD distro that had a GUI-based sector-editor pre-installed and that would support the particular SCSI drive/controller hardware I had.

Not really, I tried but burning lots of CD’s to trial-n-error them didn’t appeal to me and I didn’t want to attempt using my iODD hard drive to emulate ISO’s for this task.

I might have been able to save a “persistent user profile” to a USB/floppy drive…but the USB support on these servers was spotty at best and I didn’t always have the luxury of both a working floppy drive AND a working CD ROM drive in any given server (seriously) so that really wasn’t worth messing with if I could even get the required planets to align.

Concurrently, another enterprise-wide deployment storm was brewing and the squall-line looked serious. Time was of the essence and I had to complete this project. It was bad enough that I was adding in the self-imposed secondary-verification level for this job.

I’d learned a lot and improved my Linux/Ubuntu user skill set, but I was still not satisfied this was the path to continue my investment in.

Stay tuned for Scratching at a SCSI Drive Itch - Part II

…in which the problem is elegantly solved and I learn and find even more awesomeness!

Cheers,

--Claus V.

Now for the “GUI-Gotcha’s” Postscript

Note, one “gotcha” of this GUI-editor method over the “DD” methods noted earlier is that just dragging the scroll bar down the drive doesn’t really allow you a sector-by-sector inspection of the contents. You are more likely “skimming” them and potentially missing data in your speed reading. That said, it should (possibly) be pretty obvious for a heavily used drive that large blocks of data would be present if the drive wasn’t successfully zero-ed out.

YMMV with this technique so use according to your comfort level.

Network Miner Updating on Ubuntu 12.04

I keep a Ubuntu 12.04 build updated and running to stay current with Linux things. Besides a few disk and sector-editing applications, I also keep a copy of Xplico present. Now that Network Miner is supported in Mono on Linux, I run it as well in Ubuntu.

So when Network Miner was recently updated and released at version 1.4.1, I downloaded it in both the Windows binary as well as in my (VirtualBox) Ubuntu system.

Only after I got done updating it in Ubuntu, it didn’t start so well.

Unable to start NetworkMiner
Access to the path “/opt/NetworkMiner 1-4-1/AssembledFiles/cache” is denied.

0yi5kzmg.run

Hmm.

For kicks I relaunched the version 1.3 of NetworkMiner I was previously running and it did fine.

kq4rx2kv.qwq

So what the haps Ubuntu/Network Miner?

Turns out it was (again) my noobie Ubuntu skills.

Going back to the original “how-to” post in December 2011 for getting NetworkMiner to work on Linux this is what I did originally to get NetworkMiner working.

First I copied the following text as a block-copy from the post above, making a few minor changes to reflect the new version.

wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer.zip
sudo unzip /tmp/networkminer.zip -d /opt/
cd /opt/NetworkMiner_1-4-1
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/
mono NetworkMiner.exe

Note I left off the first line of the original text since I had Mono already installed. I also modified the third line above to point to (what I believed) would be the correct build number based on the NetworkMiner-1.4.1 SourceForge.net page.

I then pasted that block text into a terminal session (which has generally worked before) and let it rip.

I thought it did everything required.

I then launched it from the terminal:

mono /opt/NetworkMiner_1-4-1/NetworkMiner.exe

Which got me the error.

1ezsayqi.md4

I quickly realized my mistake(s).

I was being lazy and copy/pasting the block and expecting it to execute in sequence. In this case…wrong! A review of the terminal output showed that it halted after unzipping the package.

I needed to next manually run the additional commands;

    cd /opt/NetworkMiner_1-4-1
    sudo chmod +x NetworkMiner.exe
    sudo chmod -R go+w AssembledFiles/
    sudo chmod -R go+w Captures/
    mono NetworkMiner.exe

    That did the trick.

    4zbqqqb3.p1z

    If I hadn’t been so excited in trying to get the new version running and had read the NetSec post carefully I would have realized this bit was important:

    The reason for setting write permission to the AssembledFiles folder is because this is the directory to where extracted files are written. If you prefer to instead have the files extracted to /tmp or the user's home directory, then simply move the AssembledFiles directory to your desired location and create a symlink to it in the NetworkMiner directory (hat tip to Lenny Zeltser for this idea).

    Another way you seem to be able to get it to work without those extra lines is to just run this command after first unzipping to the /opt/ location:

    sudo unzip /tmp/networkminer.zip -d /opt/

    sudo mono /opt/NetworkMiner_1-4-1/NetworkMiner.exe

    Running it in an elevated “sudo” session at first could be “risky” but seems to set the required permissions OK.

    Then close it and relaunch it form then on with this command:

    mono /opt/NetworkMiner_1-4-1/NetworkMiner.exe

    Anyway, it was a noobie Ubuntu user mistake, but hopefully this post will help make future NetworkMiner updates a bit smoother in the future. Just be sure to change the version number in the lines you use above accordingly.

    Cheers!

    --Claus V.

    PS -- I just found this morning upon launching VirtualBox that yesterday Oracle released Virtual Box 4.1.22. ChangeLog

    Go download it and the matching “Extension Pack” when you have a chance…

    MetroTextual - Spirit of the notepad known as Bend

    Granted, it has been almost two years past, but in August of 2010, a refreshing -- nay, sexy! -- Windows notepad appeared on the scene. The name was “Bend”.

    Bending “Bend” and Related Miscellanea - Grand Stream Dreams blog

    We all wanted to date her. It was seriously hot…though in hindsight the interface now seems very Windows 8’ish.

    In that post, I happened to describe how I worked out how to snag the binary set once it was installed and have tucked it away. I still use Bend from time to time, despite the fact the project was quickly removed from CodePlex by the author after it had made a big splash.

    xtnbu23h.id2

    My love for this application never has waned. Even after two years I still have fond memories of our time riding bikes and picnicking together in Central Park during the zombie outbreak of 2010. Then it disappeared and I have been running wistful Google searches every so often hoping I would find you again.

    Alas, it is not to be.

    But I was surprised to find a new park-time favorite that reminds me of the way Bend’s hair would blow in the breeze.

    MetroTextual - Metro UI Text Editor - SingularLabs

    Seriously, you guys (& gals?) at SingularLabs are rock stars!

    t4ypox0l.rop

    MetroTextual has the same slick style of Bend and does come with some neat features.

    1. several supported syntax highlighting styles,; C#, XML, HTML, JavaScript, VBScript, CSS, Python, SQL and Assembly language.  Based on Scintilla, it will auto-select based on extension of file being edited.
    2. change the application style color/borders to some common Windows 8 theme colors
    3. multi-thread and Unicode support.
    4. application window always on top of desktop option.

    dh0jddhq.2vs

    Sadly missing on our first date:

    1. More controlled line numbering like Bend (and many other notepad editors). Line numbering is present on the left border, but you need to drop the text formatting into another syntax mode to get it. On regular “default” formatting mode, there are no line numbers.
    2. font changing (to select something like Consolas perhaps)
    3. Tabbed file support. Unlike Bend and other notepad editors, MetroTextual seems to open each new file in a new windows session and not a tab. For those of us with limited screen display real-estate, having an “open in a new tab” option for the same application window is valuable.
    4. No internal “version/about” or “check for updates” options to confirm what version you are running. Version I am using above is 1.0.1 released 07/23/2012 according to the download page.

    And yes, be aware, Microsoft .NET Framework 2.0 (or newer) must be installed for MetroTextual to run on your Windows 7 or Windows 8 system.

    So, go download MetroTextual over at SingularLabs right now.

    Now…to be clear…I will be using this for quick text saving/editing.

    My notepad workhorse still remains Notepad++ and the feature set it brings for extended text editing and manipulation remains unchallenged. No comparison.  If they were motorbikes, MetroTextual would be more of a Vespa to Notepad++’s café-runner looks and functionality.

    Additional heavier-duty notepad alternatives I recommend are:

    Cheers!

    Claus V.

    Java does a “Jack and Jill”

    CC attribution: illustration "Jack and Jill" by "perpetualplum" on flickr.
    Jack n Jill Mod

    So here is the way I saw the Java drama roll downhill like Jack and Jill over the last two weeks from security standpoint.

    So we started out safely headed up the hill to fetch our water shod with Oracle’s Java 1.7 update 6.

    08/27/2012 - Starting up the hill…

    Oh noes! Jack has stumbled!

    (It wasn’t really clear at first, but Java 1.6.34 was also vulnerable.)

    08/30/2012 - Java Jack Recovers

    Fortunately Java Jack just had a stumble, the pail and his crown are still safe after catching himself.

    So we all rush out and download Java 1.7.7 and/or Java 1.6.35.

    Whew! That was close.

    08/31/2012 - Java Jack Takes a Dive bringing Jill with him

    Jack…Stop looking at that frisky rabbit and getting ideas and pay attention dude! You’re about to step into some of its…

    Oh snap! You did and you slipped in it.

    Seriously Jack. Really?

    You should have been paying better attention to your hill-climbing technique; or at the very least dear Jill and not the rabbit.

    Now you’ve taken Jill out in your folly and broken your crown; again.

    Still Want That Water?

    So where does that leave us now that we are holding the pail to safely quench our thirst?

    Here is some sound advice.

    Me? I just disabled my Java browser plugins for IE/Chrome/Firefox and run NoScript in Firefox. However I didn’t uninstall my Java applications (1.6.35/1.7.6) as I do use a handful of true Java applications on my system.

    I figure that will have to do for now until the next round of updates rolls.

    No word when Jack will be out of the ER yet. Jill remains pouty.

    Other Java-related tools you might be interested in while you wait…

    • JavaRa - SingularLabs - great third-party freeware utility to manage your Java RE build installations. More here at ghacks.net.
    • Jarfix - Johann N. Löfflmann’s tiny app to fix Java “JAR” file associations on Windows after a Java update borks them.
    • Java SE Downloads - Oracle - Java SE (Standard Edition) 7u7 JRE (Java Runtime Environment) and Java SE 6 update 35 JRE download links available from this link. When new updates are available you should be able to get them here.

    Oh, did I mention that we just completed a massive rollout of Java 1.6.31 a few weeks ago across our enterprise to bring us to a new operational standard?

    I lovingly refer to it as Project Maginot Line.

    à revoir! from the bunker,

    --Claus V.

    Trouble with The TEDinator

    One of the weekly doses of encouragement, motivation, and inner growth I take in are the regular presentations on TED.

    However, I don’t yet have a data-plan on my growing-older mobile phone and I cannot always count on WiFi availability running around.

    What does work is downloading TED talks locally and then keeping them on my laptop for later viewing or conversion/transfer to my phone.

    To aid in that process I have been relying on an awesome tool called The TEDinator coded by Obin Shah.

    Obin updated it back in May to version 3.0 and it really has rocked.

    So when I recently learned about an older 2005 TED presentation, Richard St. John's 8 secrets of success - TED.com, I went to The TEDinator to fetch it…and was greeted with this error:

    2gsebpzj.1qz

    The TEDinator error was:

    Ouch!!! We just had a Boo-Boo!!
    Length cannot be less than zero.
    Parameter name: length

    Granted, at least Obin coded it as a “kind” error. That was a nice touch.

    I checked the settings and everything looked cool.

    Usually the primary problem I find with these “download” helpers is that the provider has changed their URL patch format slightly requiring the developer to tweak it again to keep up.

    I checked the version and it was listed as Version - 3.0.0.0

    mu4fza30.mwy

    So I then hopped over to Obin’s site Scenario-Solution to look for an updated version.

    No dice. Still listed as V3.0 from July 1, 2012.

    However, I was curious to see if others had been running into the same issue and dove into the comments.

    I found a brief thread from August 30th about someone else having the same issue.

    There wasn’t any mention of a fix, but on a whim I went ahead and downloaded The TEDinator again from the link on the page which hosts the download over on bitbucket.

    And the downloads worked again!

    naeya1td.wd2

    So what up?

    I checked the version number of the working one.

    svh3yw1i.1m2

    Still the same version 3.0.0.0.

    However the binaries are clearly different. 

    First the non-working TEDinator properties:

    File version 3.0.0.0
    Size: 679 KB
    Original filename: TEDinator.exe

    Next the working TEDinator properties:

    File version 3.0.0.0
    Size: 601 KB
    Original filename: TEDinator.exe

    Clearly they are different binaries despite the same internal file version listing.

    I am a bit surprised that Obin didn’t seem to clearly post information that a version change was made. This might be confusing other TEDinator fans who are running into the same problem.

    Solution: Just hop over and redownload the “updated” version 3.0.0.0 TEDinator binary and you should be good to go.

    I’m hoping that Obin will kindly provide some brief changelog or explanation as well as bump the version number to be more clear internally or from his TEDinator page that this is an updated version to fix a problem with the older one. Some of us geeks like that sort of thing and find it helpful.

    TEDinator V3.0.0.0 (the updated one): Highly Valca recommended.

    Cheers!

    Claus V.


    Bonus:
    Richard St.John also provides some motivational wallpapers based on the principles in his “Eight Secrets of Success” presentation.

    I like the iconic style of them from a graphic design perspective and may need to come up with my own custom wallpaper based on my own set of core values and processes.

    Originally spotted via The Eight Secrets of Success, According to TED Attendees - Lifehacker