Image of the glider from the Game of Life by John Conway
Skip to content
{ 2008 08 17 }

Digital Graffiti

WARNING: IF YOU FOLLOW THE CODE IN THIS POST, YOU WILL DESTROY THE DATA ON YOUR DISK.

Being a Linux instructor for Guru Labs, I get to travel the United States, and on occasion, other countries. When on the road, usually I'm teaching Red Hat Enterprise Linux, but do sometimes teach Fedora Linux, SUSE Enterprise Linux Server and openSUSE Linux. Soon, I hope, we will be partnering with Canonical (Mark, paying attention? 🙂 ) to teach Ubuntu Server LTS.

However, for the longest time, I wanted to leave my calling card, so-to-speak, showing I had visited that training center. I thought about changing the MAC address on the instructor machine, but that wouldn't work out so well. I thought about organizing the dry erase markers in some fashion, or leaving something on the white board, but that's extremely temporary. I needed something to say "Aaron Toponce was here" without causing any damage to the training center, or any of its equipment, and staying preserved.

I came up with an idea: I'll echo my name to every bit on the hard dive until the hard drive is wiped. This is an effective means of erasing the contents of your hard dive, and completely destroying the data. As we all know, when you install an operating system, the OS does not flip every single bit on the disk. In fact, it only flips the bits it needs to. As such, even after a reinstallation of your operating system, much of the contents of the previous install could still be visible. After echoing my name to ever bit on the disk, unless every bit on the disk is re-flipped, my name will be present as long as the disk remains operational. As such, digital graffiti on the hard drive. Let's see how this works.

If you check out the man page on "yes", you will see that it outputs a string repeatedly until killed. I've really have found no useful means for "yes", until now. Using "yes" can take one argument. That argument could be "Aaron was here". As you know with communication channels, you can redirect the output using the ">" operator. Of course, because we want to save this to disk, we just redirect the output to our disk:

aaron@kratos:~ 10064 % yes "Aaron was here on ${date +%D}. " | sudo dd of=/dev/sda

When yes reaches the end of the disk, it will stop, at which point, the disk has been wiped, and data destroyed. Now, perform a reinstall. After the installation finishes, examine the contents of the disk with "xxd": You'll want to pipe the output to the less pager, as the output of "xxd" will scroll past the screen. What you're looking at when viewing the output of "xxd" is first a counter in the left column, then the contents of those bits in hexadecimal, then finally, the string representation of the hex. Notice in the ASCII column, the data of the first few bytes of the hard drive:

aaron@kratos:~ 1 % sudo xxd /dev/sda | head
Password:
0000000: eb48 906f 6e20 7761 7320 6865 7265 206f  .H.on was here o
0000010: 6e20 3038 2f31 372f 3038 2e20 0a41 6172  n 08/17/08. .Aar
0000020: 6f6e 2077 6173 2068 6572 6520 6f6e 2030  on was here on 0
0000030: 382f 3137 2f30 382e 200a 4161 726f 0302  8/17/08. .Aaro..
0000040: ff00 0020 0100 0000 0002 fa90 90f6 c280  ... ............
0000050: 7502 b280 ea59 7c00 0031 c08e d88e d0bc  u....Y|..1......
0000060: 0020 fba0 407c 3cff 7402 88c2 52be 7f7d  . ..@|<.t...R..}
0000070: e834 01f6 c280 7454 b441 bbaa 55cd 135a  .4....tT.A..U..Z
0000080: 5272 4981 fb55 aa75 43a0 417c 84c0 7505  RrI..U.uC.A|..u.
0000090: 83e1 0174 3766 8b4c 10be 057c c644 ff01  ...t7f.L...|.D..

If I were to continue through the less pager, I would see that there are sections where that string is repeated and repeated throughout the disk over and over again. Of course, it's not interfering with the day-to-day operation of the operating system, as the data segments on the disk are unused and unallocated. Those bits will lose their orientation when new data is saved in those spots.

As an instructor, I probably won't show the students the contents of the instructor machine's hard drive in this manner. Other instructors probably won't either. So, this data remains hidden as an easter egg waiting for somebody to stumble on it. However, I'm keeping a list of all the training centers I've visited and where I've left my calling card. It will be interesting to see if this data does in fact remain in tact when I visit again.

Posted by Aaron Toponce on Sunday, August 17, 2008, at 12:20 pm. Filed under Linux. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog. For IM, Email or Microblogs, here is the Shortlink.

{ 8 } Comments