Best Data Wiping Software

[Jason Cockerham]

Hey guys. So does anyone know of a good security wiping software for Android that does more than just a factory reset? Due to the nature of my job, I have some sensitive information on my phone and I want to make sure that all that is securely wiped before I sell it. Thanks!

 

[Rukbat]

Root the phone, then learn how to find the various partitions and how to use dd. run dd to write random (that's a named input to dd) to the app and data partitions a few times each. The NSA might be able to recover something after that, but it's unlikely. The average really good black-hat hacker with 20 years of experience wouldn't live long enough to get anywhere.

(You said you wanted the best - and I assume that's without destroying the phone. The best way is a 50 pound sledge hammer or a ball mill, then roast the pieces at a couple of thousand degrees for a few hours. But it's not that much more effective than writing garbage all over the storage areas, as in the first method.)

There's also the Linux shred command (which you should be able to access with adb or a command window app), that writes over a file before deleting it, but some files may not be accessible unless you're rooted, and you can't shred a file you've already deleted.

 

[blahb]

Hello, I've found your thread while searching for secure wipe/reset procedures.
In the paper "Security Analysis of Android Factory Resets" by Simon and Anderson, they note that this bit-by-bit overwrite method does not achieve "digital sanitization" because flash memory is over-provisioned.
However, I am wondering if repeating the process in 2-3 passes effectively overcomes that limitation? Since the problem is the wear-leveling and physical rotation, could one assume that repeating the overwrite a few times generally gives you pretty good odds that nearly all of the memory pages have been touched at least once?

Also, could you provide a link to or at least a super brief rundown of the dd tool usage?
I assume you need to connect with adb, then pipe random to the /data partition, but if you could provide more detail on the "how" for these steps, I would be very grateful.

Thanks

 

[Rukbat]

Hello, I've found your thread while searching for secure wipe/reset procedures.
In the paper "Security Analysis of Android Factory Resets" by Simon and Anderson, they note that this bit-by-bit overwrite method does not achieve "digital sanitization" because flash memory is over-provisioned.
However, I am wondering if repeating the process in 2-3 passes effectively overcomes that limitation? Since the problem is the wear-leveling and physical rotation, could one assume that repeating the overwrite a few times generally gives you pretty good odds that nearly all of the memory pages have been touched at least once?

No. But since the OP parts of storage aren't available through normal APIs, either don't worry about it or use the "even the NSA can't recover any data" method - a 50 pound sledge hammer to reduce the phone to tiny bits, then roast the bits to white heat. If you're not an atheist, there's only one way to recover any of the data after that. (And, unless you're him, you can't do it.)

Also, could you provide a link to or at least a super brief rundown of the dd tool usage?

Almost 8 years old and still the best tutorial I've ever seen on dd - DD tutorial.

I assume you need to connect with adb, then pipe random to the /data partition, but if you could provide more detail on the "how" for these steps, I would be very grateful.

Nope. You can use a terminal emulator right on the phone and just tell dd to use random (that's a reserved name in a dd argument) as the input source and the userdata partition as the output destination.

Once you learn the command, you'll see that it's a very tricial thing - finding the partition location is more difficult (and there's a discussion on that at munky-tool thread).

Then you'd boot to the recovery partition and do a factory reset. Android isn't going to be happy finding random data in the userdata partition. But you're resetting what's already garbage, so by the laws of entropy, it just becomes "more garbagy".