HDDerase.exe MD5 hash = E5F5D0C69767C3B32F3914D3B8957610 Erases all data on a hard disk drive - a freeware utility, version 3.1 Dr. Gordon F. Hughes, CMRR, 858-534-5317, gfhughes@ucsd.edu Dael M. Commins, CMRR, dencee@gmail.com 4/20/2007 ======================================================================== I. Introduction II. Revision history III. Creating a boot disk IV. Instructions for using HDDerase.exe V. FAQ I. Introduction ---------------- HDDerase.exe is a DOS-based utility that securely erases "sanitizes" all data on ATA hard disk drives in Intel architecture computers (PCs). It offers the option to run the drive internal secure erase command, security erase unit, based on the ATA specification by the T13 technical committee. To run the utility, make a floppy or recordable CD-ROM DOS bootable disk; then copy HDDerase.exe to the floppy or CD-R. Reboot the computer with the floppy or CD-R inserted, and type "hdderase" at the system DOS prompt. Make sure to set the correct priority boot order in the system BIOS, such as first boot floppy or CD-ROM depending on which media is used to run HDDerase.exe. HDDerase.exe must be run from an actual DOS environment and not a Window based DOS command prompt environment. II. Revision history ---------------------- 3.1 - Released 1/21/2006 - Program now checks for the existence of a host protected area and/or device configuration overlay, and gives the option to remove such areas. Upon requesting the removal of these areas, subsequent "set max address (ext)" and "device configuration restore" commands are issued--resetting the maximum user space to the native factory size so that a secure erase will erase all drive sectors. NOTE: These areas are not normally used for user data and need only to be sanitized for the most sensitive users of hdderase.exe. - md5 hash updated in HDDeraseReadMe.txt for HDDerase.exe version 3.1 3.0 - Released 11/26/2006 - Only two options are now available, secure erase unit and enhanced secure erase. All other methods have been removed. - Added audit trail after secure erase unit completes. When a secure erase or enhanced secure erase completes successfully, an erase completion message and time stamp are written to LBA sector 0 of erased drive. It will also print the same message to a log file "se_log.log" if possible. The log file is amended and updated each time the program completes a successful security erase or enhanced secure erase, creating a log of all completed erasures. - Program now checks for the existence of a host protected area and device configuration overlay. If any of the two exists, then a message is printed to the screen alerting the user of the number of sector(s) in the host protected area or device configuration overlay. These areas may or may not be erased, depending on the manufacturer. No changes are made to the drive's configuration. - Added error message if security remains enabled after a secure erase. This indicates that the process did not finish successfully. - Set passwords changed from high to maximum security. - Added md5 hash in HDDeraseReadMe.txt for HDDerase.exe 2.0b - Released 10/08/2004 - Four drive erase options: secure erase unit, fast erase, single pass overwrite, and multi-pass overwrite. III. Creating a boot disk -------------------------- Creating a boot disk * To make a floppy DOS boot disk Download and run DOS 6.22 boot disk maker from www.bootdisk.com/bootdisk.htm. Erase the two Qbasic files from the created floppy to make enough room tocopy HDDerase.exe onto the disk. * Windows ME Insert a floppy disk into drive A: double-click my computer on the desktop, right-click on floppy drive A: and select format from the resulting menu and click start. After the floppy is formatted, double-click drive C:, double-click the WINDOWS folder, double-click the COMMAND folder, double-click the EBD folder, click once on the COMMAND.COM file to highlight it, hold the Ctrl key and click the IO.SYS file to highlight this file as well, right-click on the IO.SYS file, select copy from the resulting menu, right-click the floppy drive A: and select paste from the resulting menu. * Windows 2000 Insert the Windows 2000 Professional CD. Open a command prompt and switch to the CD by typing in the drive letter and pressing enter. Type \Valueadd\3rdparty\Ca_Antiv and press enter. Now insert a floppy disk into floppy drive A: and then type makedisk and press enter. After the disk has been created, delete unnecessary files from the floppy to make enough room for HDDerase.exe * Windows XP Insert a floppy disk into drive A: double-click my computer on desktop, right-click on floppy drive A: select format from the resulting menu, check create an MS-DOS startup disk and click start. IV. Instructions for using HDDerase.exe ---------------------------------------- Copy the downloaded file, HDDerase.exe onto the created floppy/CD-ROM bootable DOS disk. Boot the computer in DOS using the bootable disk. Make sure to set the correct boot priority setting in the system BIOS. Type "hdderase" at system/DOS prompt to run HDDerase.exe. All ATA hard disk drives connected to the main system board will be identified and their information displayed. Make sure that the jumpers on the hard disk drives are correctly configured. Avoid setting the jumpers to CS (cable select) on the hard disk drives. Master or slave jumper setting is preferred. Example output from program P0 is ST360021A P1 is NONE S0 is NONE S1 is WD75AA-00BAA0 Where: P0 is the primary master IDE port P1 is the primary slave IDE port S0 is the secondary master IDE port S1 is the secondary slave IDE port ST360021A and WD75AA-00BAA0 are the model numbers of the hard disk drives. NONE means there is no drive attached to that corresponding port. HDDerase.exe menu 1: secure erase This uses the ATA internal drive secure erase command. It offers a higher level of secure erase than block overwriting software utilities. It can take 30 to 180 minutes depending on the drive?s capacity and speed. Drive will be left unlocked and ready for use once the process has successfully completed. 2: enhanced secure erase (if supported by the drive) An optional ATA internal drive secure erase command. Drive will be left unlocked and ready for use once the process has successfully completed. Not all ATA drives support this erase method and if it does not, then you will not be given this option. Notes HDDerase.exe tests whether a drive is new enough to support the ATA Security Feature Set in the ATA rev 6 spec. If so (drives larger than about 15 to 20 GB), the secure erase option will be available. ATA drives more than several years old (generally smaller than 15GB) will not support the ATA Security Feature Set. If secure erase command execution is interrupted by restart or a power cycle before completion, the drive will be left in locked state. Run the program again after reboot and successfully execute secure erase to unlock the drive for a new use. Computer BIOS should be set to boot from floppy drive A: or CD-ROM drive, depending on which media type is used to boot the system to DOS. The Windows Disk Management system program can be used to partition and format a secure erased disk, for reuse. V. FAQ ------- Q: What is the difference between secure erase and enhanced secure erase? A: Secure erase overwrites all user data areas with binary zeroes. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas, including sectors that are no longer in use due to reallocation. It can also be far faster. ***NOTE: the enhanced secure erase option is not supported by all ATA drives. Q: How certain can I be that this program will erase all my data beyond recovery? A: Dozens of hard disk drives have been tested at the Center for Magnetic Recording Research (CMRR) for the functionality of the secure erase command. All hard drives that have been found to support the secure erase feature overwrite all user LBAs to binary zeroes. Q: Is there government approval for secure erase, that meets current federal and state lows, like Sarbanes-Oxley, the Health Information Portability and Accountability Act (HIPAA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Gramm-Leach-Bliley Act (GLBA), and California Senate Bill 1386? A: According to federal data sanitization document NIST 800-88, acceptable methods include executing the in-drive Secure Erase command, degaussing a drive, and physical destruction. Q: I receive "This drive is in frozen status" and "!! ATA Security Feature Set is prohibited by the system BIOS chip !!" messages. What does this mean? A: Some BIOS chips prohibit the secure erase option (they issue a Security Freeze Lock command when the drive boots up). This is supposed to prevent ATA passwords from being set maliciously by malware once the OS has loaded. Normally if a drive does this, then HDDerase.exe will not be able to work on the drive, but there are three possible ways to bypass the security freeze lock (see following question). Q: How can I bypass security freeze lock? A: Three different ways can bypass a BIOS security freeze lock: 1. Most preferred method: If another computer is available, boot the drive from another computer. Since the freeze lock is entirely BIOS dependent, another computer's BIOS may not freeze lock the drive. 2. Second method: Switch the drive to another drive channel or another position on the channel, e.g. Switch drive from secondary master S0 to secondary slave S1 or vic...
marcinvx