Story of Zeros: Linux and Zero Generator /dev/zero
I am using Ubuntu on my two years old laptop as main operating system since beginning. Now, its 1 TB hard disk is about to fill, and so I am getting “Low memory” error message since last couple weeks. So, this weekend I decided fix this and end up knowing the lovely world of “zeros” by knowing about the /dev/zero file of Linux. Earlier, I know about /dev/null but was not aware of /dev/zero.
This story is about that dev’s zero. So, what is special about this file?
The /dev/zero is a special file in Unix-like operating systems that provides as many null characters (ASCII NUL, 0x00) as are read from it. (https://en.wikipedia.org/wiki//dev/zero)
So, one can call /dev/zero as “zeros generator” in simple words and combining this with dd, one can utilize this in many ways.
The dd Unix utility program reads octet streams from a source to a destination, possibly performing data conversions in the process. Destroying existing data on a file system partition (low-level formatting).
So, still what is so special about it. I will explain that further but first let understand the working with dd and /dev/zero.
One can use this to create file of a fixed size filled with zeros like initialization of memory.
dd if=/dev/zero of=examplezerofile bs=1024 count=1024This will create a 1 MB ( 1024 bytes X 1024 )file (examplezerofile) on disk
bs (block size): The block size value can be given in in GB, MB, etc.
To create a 1 GB file one would simply type
dd if=/dev/zero of=examplezerofile bs=1GB count=1
or
dd if=/dev/zero of=examplezerofile bs=1MB count=1024After understanding this, I suddenly got idea to test this for formatting USB pen drive to deter file recovery (this was natural because just a day back I was in a situation where I have to share my USB stick with others after deleting some confidential files, then I managed by formatting.)
So, With this background I planned to test this method on my USB stick. This story is about the that finding i.e. Files craving and stopping that.
Experiment
To carry out my experiment, I selected foremost as recovery tool.
Foremost is a forensic program to recover lost files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. http://foremost.sourceforge.net/
Step 1: Recover files from the USB pen drive (The pendrive was formatted using Ubuntu’s disk tool)
So, first I wanted to check the recovery of foremost tool on the formatted pendrive. For this I attached the pendrive and run the foremost for jpg files recovery.
$sudo foremost -v -t jpg -T -i /dev/sdb1
It runs for minutes and was able to recover 1515 jpg files from the pendrive. This proved that normal formatting does not delete files from the storage device and so can be recovered by specific tools.
To know about flags used and other with foremost, one can use help. -i is use to specify the storage from where the files will be recover, it can be external device or a partition from the file-system or a memory dump.
$foremost -h
Step 2: Writing zeros to the pendrive
To deter the files recovery from storage device writing zeros to it the most used method but this is slow and sometime difficult but here purpose is to test the /dev/zero and recovery possibility, so I used dd to achieve this.
I used dd with /dev/zero file to write zero to all available locations of the pendrive. The command is very simple.
$ sudo time dd if=/dev/zero of=/dev/sdb1 bs=1GB count=15
Here,
if — input file
of- output file
bs — block size
count = block count
So, I used 15 blocks of 1 GB to write into my 16 GB pendrive.
Note: We have to unmount pendrive before writing to it.
$umount /dev/sdb1
It can be observed from figure 3 that writing took nearly 35 minutes but it worth to deter the file recovery.
Step 3: Try to recover files after writing zeros
The pendrive was filled with zeros and so again we want to test the file recovery through foremost.
So, again I unplug and the plug the pendrive to system and run foremost with similar options as in step but this time the location was /dev/sdc1 so the command looks like
$ sudo foremost -v -t jpg -T -i /dev/sdc1
And as expected, this time foremost was not able to detect any jpg as compare to earlier nearly 1515 images.
Conclusion:
Knowing /dev/zero is important and fun to work with. Can be use for many purposes such as one I used for stopping file recovery. There are similar special file in Unix-like OS such as /dev/null , /dev/full and /dev/random etc.
Further, planned experiments for fun and features: A simple todo list-
a) Script to generate a file to consume all memory of partition (using cat and /dev/zero)
b) Experiment files recovery with other deep memory recovery tools
c) Speed up the writing process by randomly choosing blocks in storage.
d) Perform similar scan as recovery tool for file header and write zeros to those locations. (Copyrighted idea :))
e) Automate the aforementioned steps with Python or shell script.
Happy Learning. Happy Zeroing…
Closing statement: “After all zeros are not so bad or useless, and being Indian it is another reason to be proud that Aryabhata (Indian) discover zero.”
The purpose of this article is just for fun and learning. So, not written in so technical manner, please do write to me for any suggestions/comments/errors etc.
