Misc Tech Notes

sön 13 mars 2016

Cleaning USB memory sticks - usbclean

Posted by Peter Reuterås in Tips   

Since I handle a lot of USB memory sticks and sometimes I consider the information sensitive I wanted an easy way to clean them. This solution is easy to use but not fast due to the Raspberry Pi only supporting USB2. If someone has any suggestions for faster hardware in a similar price range and size please contact me on Twitter @reuteras.

This an extremely simple solution to clean memory sticks. Just insert the memory stick in the Raspberry Pi and the cleaning will start. You might consider setting a warning message on the box since the process is automatic... The code is available at my usbclean Github repo (used to be called zerousb).

Trust but verify

The important question to answer now is how secure is this solution? I haven't had time to test it with more then two memory sticks. With the first it seemed that a lot of data was available after cleaning. But I had a lot of problems with that memory stick so therefore I discard those results. The second test was done with a 4GB SanDisk Cruzer Blade.

SanDisk has placed two files on the memory stick from the beginning:

linux$ ls /media/user/0BBF-E89F/
SanDiskSecureAccessV2.0  SanDiskSecureAccessV2_win.exe

The disk is formatted as vfat:

/dev/sdb1 on /media/user/0BBF-E89F type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0077,codepage=437,iocharset=utf8,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2)

First step was to create a disk image of the initial stick:

linux$ sudo dd if=/dev/sdb of=shared/original.img
7821312+0 records in
7821312+0 records out
4004511744 bytes (4.0 GB) copied, 272.72 s, 14.7 MB/s

Then remove the original files and use the create_files.sh script to fill the disk with data (test was done when the project was called zerousb):

linux$ git clone https://github.com/reuteras/zerousb.git
Cloning into 'zerousb'...
remote: Counting objects: 50, done.
remote: Total 50 (delta 0), reused 0 (delta 0), pack-reused 50
Unpacking objects: 100% (50/50), done.
Checking connectivity... done.
linux$ cat zerousb/.git/refs/heads/master
linux$ cd /media/user/0BBF-E89F/
linux$ ~/zerousb/create_files.sh
/home/user/zerousb/create_files.sh: line 15: echo: write error: No space left on device

Now create a new disk image of the filled memory stick:

linux$ umount /media/user/0BBF-E89F
linux$ sudo dd if=/dev/sdb of=shared/full.img
7821312+0 records in
7821312+0 records out
4004511744 bytes (4.0 GB) copied, 265.928 s, 15.1 MB/s

Then the memory stick was put into the Raspberry Pi running usbclean. I monitored the progress to verify that all files where indeed removed and that the disk space was full with random data. After the green led was turned on I moved the stick back to my other host for a new memory dump:

linux$ sudo dd if=/dev/sdb of=shared/cleaned.img
[sudo] password for user:
7821312+0 records in
7821312+0 records out
4004511744 bytes (4.0 GB) copied, 323.117 s, 12.4 MB/s

The first two images was gzip:ed to save space and all of them are available for download:

Lets take a look at each image. The original image contains the files from SanDisk:

mac$ gzcat original.img.gz | strings -n 11 | head -15
NO NAME    FAT32   
NO NAME    FAT32   
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 32 0 R/MarkInfo<</Marked true>>>>
<</Type/Pages/Count 1/Kids[ 3 0 R] >>
<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 14 0 R/F4 16 0 R/F5 21 0 R/F6 23 0 R/F7 25 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 30 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
<</Filter/FlateDecode/Length 2571>>
<</Type/Font/Subtype/TrueType/Name/F1/BaseFont/ABCDEE+Calibri,BoldItalic/Encoding/WinAnsiEncoding/FontDescriptor 6 0 R/FirstChar 32/LastChar 118/Widths 77 0 R>>
<</Type/FontDescriptor/FontName/ABCDEE+Calibri,BoldItalic/Flags 32/ItalicAngle -11/Ascent 750/Descent -250/CapHeight 750/AvgWidth 537/MaxWidth 1956/FontWeight 700/XHeight 250/StemV 53/FontBBox[ -691 -250 1265 750] /FontFile2 75 0 R>>
<</Type/ExtGState/BM/Normal/ca 1>>

Verify that there are no instances of the string "Secret file" on the stick from the start:

mac$ gzcat original.img.gz | strings | grep "Secret file"

The lets verify that the image that was filled with files contains the string "Secret file":

mac$ gzcat full.img.gz | strings | grep "Secret file" | wc
242832 19178737 120816596

Finally find out if there are any instances of secret file in clean.img:

mac$ cat cleaned.img | strings | grep "Secret file" | wc
0       0       0

In this case the USB memory stick was cleaned. I'm very interested in your experience with cleaning USB memory sticks. I'm on Twitter as @reuteras.