Episode: 1693
Title: HPR1693: DD fun
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1693/hpr1693.mp3
Transcribed: 2025-10-18 07:48:26

---

This is HPR Episode 1693 Entitled DD Fun.
It is hosted by first-time host Cibola Jerry and is about 24 minutes long.
The summary is, having some fun with the DD command.
This episode of HPR is brought to you by an honesthost.com.
Get 15% discount on all shared hosting with the offer code HPR15.
That's HPR15.
Better web hosting that's honest and fair at An Honesthost.com.
Welcome to HPR.
This episode is called fun with DD or how to store information on your computer outside
of the fastest.
So back in 3.1 days I noticed that a lot of the software in early attempts at DRM I suppose
would write information outside the file system.
So I asked my friend who was a professional computer guy and I said, how are they doing
this?
And he told me about the DD command and so a lot of the little tips and stuff that I will
relate to you today came from him.
Well, the reason why I am doing this now is because I noticed that we have these flash
pricing and I never tried out the DD command before because I had a 20 make hard drive and
I don't want to risk it and the only place I could find the DD was on some bulletin
board and I just don't want to risk it so I just filed away if I ever needed to do that
use the DD command and then recently was in the last year I snapped to the fact that
these flash drives are some bucks a piece.
You can afford to experiment with them and I did and I made a HPR episode about it but
the sound was so bad I am redoing the whole thing from scratch.
So when we write our data to the flash drive outside of the file system we are not hiding
it.
We are just locating the data outside of the file system and the only way you will see
this data is with a command like DD or some sort of sector editor which I have never
really seen in Linux, a sector editor other than DD and then your partition table will
show empty space.
So that will be a clue that there might be data there as if there is empty space or
it might be taken as some sort of sector alignment issue which it is not at least on these
flash drives it ain't and then so any forensic examination is going to show these files.
It is going to show that there is something there so you are not hiding nothing from anybody
that has the first occasion or the permissions to use such tools we will see it and so if
you really want to make sure your data is private you need to encrypt before you save because
this is out in the open you are not hiding nothing you are just keeping the information outside
of the file system.
So coming to partition the thing about it is if you use a boot disk you don't want to
put your information at the beginning of your disk because that is where the boot
sector information is at and if you are going to be booting into windows you don't want
to use the last part of the disk because windows insist on having a one megabyte area at
the end of the disk which is outside of the file system and is Microsoft writing information
outside of the file system just like we are going to be doing.
So basically that leaves us the space in between other partitions.
So I went ahead and I formatted my Sans disk cruiser 8GB flash drive with a VFAT partition
and a EXT2 partition and I went ahead and made a file system on them and I copied a
file with each partition to make sure everything is working so we are ready to go.
So when we save to the disk outside of the file system we have become the file system.
The file system manager is on us to keep track of where our data is and so it is convenient
to use tar files because you can pack a bunch of files in there and just make one save
and it is convenient.
In my opinion it is better to do all your compression on the files before you stick them
in the tar file because it will be easier to recover the tar file if you don't have to
worry about it being compressed so compress your data, encrypt your data and then stick
it in the tar file and we are just going to use the normal tar files we are going to use
to have two saves.
I made a sub directory of my home directory for images and I threw some images in there
and I made another directory called the data where I threw some text files in there.
All right and so now we got to tar them up with the tar dash cf and then you put the
name of your tar file data dot tar and we are going to use data the path to data or actually
you don't really need to put a path if you are in a home directory and let's spell.
Okay that worked on the data and tar filing my image directory, images directory and
make it images dot tar and so now we have our tar files compressed so now we need to find
out where we are going to put this data, paste the paper list, pick up this scrap paper
and a pencil and we are going to look at our tar cf disk command, still a root so I am
not going to seedle, I am just going to see a disk and we are going to look at our partition
table. Oh, I got to quit this and tell us to look at the flash drive which was SDD.
Wait a second, all right, let's see, SDD, all right, so we got about 104.86 megabytes
and we are going to read that, you know, XT2 and what we are going to do is let's see,
we need to quit, we need to use the option which is the cf disk dash big capital P, space,
small s, okay so the whole command is cf disk dash capital P, space s, space slash dev slash
SDD and it shows us the first and last sector of each partition and what we are really interested
in is the first and last sector of, wow, we are going to pause for a minute because
my cf disk give me the asterisk on the first and last sector columns and that means my
partitions are not aligning with the actual sectors, so I am going to do a little investigating
of why this is, all right, this will be an experiment for both of us, I just put arbitrary
sizes in there and the asterisk means that my partitions are not lining on cylinder
boundaries, it should not matter, so we are going to test it. All right, we are going to make
a note of the free space where it starts, where it ends and in my case, the first sector
of the free space is 8194048, all right, 8194048 and the last sector is 8398847, all right,
so, one of the warnings of voice heard in relation to this operation is keep away from
your partitions, now I tried actually parking my date over, right next to partition and
one sector over and it could have been some sort of a slip up on my part, but in one instance
it seems like it was working and then in another instance it wrecked the partition.
So, best bet is to always put your files probably like 10 sectors apart, so our start address
will be 8194048 plus 10, because we are going to start our first save, and once we save
there, we are going to have to find out where the end of that file is and put some space
between it and our next file, so we are going to do that. So, DD command, let me just check the
page real quick, make sure I got it right, all right, tar files like to be on a 512 sector
size, it works good, I've tried it, you know, okay, the DD command has a field called
a sector size, input file sector size and output file sector size, you actually don't
have to put in any numbers in those fields, so I put in 512, even though my
soldercises probably are my sector sizes are bigger, it worked, but I don't think we'll need it.
So, basically the command is DD, input file, name of our image file, dot tar out file,
I've got to check the mount page, make sure I got this inside, yeah, okay, we've got to use
equal sign, so command is DD, input file equals images dot tar out file,
wow, yeah, okay, all right, DD, IF equal images dot tar space seek,
this is where we are going to put in our starting sector number, which was 819-058,
oh my 819, this is 417, 819-4058, all right, I'm sure you just read 819, my eyes are
a little bad, 4058, all right, so we've got DD, space, IF equals images dot tar,
seek equal 819-4058, and then out file, which is actually the device will be devsdd,
and there we go, so it's doing this thing, and it looks like it read good,
it gives us some numbers, we've got to check this out, it says that there are so many records,
and that's another way of saying so many sectors in, so many sectors out,
15 megabytes copy, lotty-dotty-dotty-dot, okay, we need to make note of this, records in,
and records out, those are our sector sizes, and it's 29680, 298, 29680, 29680,
okay, that's how many sectors we just wrote, so we need to add that number to our starting point,
and that'll tell us where the file ends at, and I'm just going to do this by hand real quick,
9, 2, 3, 8, so the end of our file will be at 823-738,
it's like that would be the sector number, so we're going to add 10 to that,
and I'll give us our second starting point, so that'll be 822-3748,
will be our second place for our file, I'm just going to circle our file,
so the second save will be the data tar, data tar,
and we're going to seek to 822-3748, and I'll file same thing,
so there it goes, and it saved a little over half a megabyte worth of text files,
all right, so now we have to make sure that our save looks good,
and this is convenient because it'll also produce our retrieval command,
so let's look at some text for a DD retrieval,
and I'm just going to do it on paper real quick,
DD, the end file, okay, we don't really need the name of the tar file,
it could be anything, when it unpacks the tar file format,
it'll tell it where to unpack, of course you want to avoid tar bombs,
but if you just stick your stuff into a directory and tar it, it'll be okay,
so we'll just call it x.tar and y.tar,
when we are pulling them off, that will be our out file,
and our inf file will be SDD, to place SDD,
and so the syntax on the DVD, I mean on the DD command,
when you're right into the disk, you move the,
what we might call the head or the cursor to the sector with the see command,
but on retrieval, it's different, it's a count,
starting point and count, so let me work this up real quick,
the syntax for retrieving, okay, skip,
we'll be skip is where our files will start at, and count,
so count, skip, and count, that's right,
all right, so we're gonna form the command, skip the file,
count, who's in skip, all right,
let's see, I'm sitting in the man of DD,
I'm gonna form the commands, DD,
inf file, slash dev, slash SDD, skip,
equal, our first file is at, eight, one,
nine, four, oh, four, eight,
and we had a count of 29, 680,
29, 680, yeah, one,
okay, my skip is actually at, eight, one, nine, four,
five, eight, space, count, equal,
two, nine, six, eight, zero,
outval, OF, equal, X dot tar,
and we're gonna run it,
I've got equal sign in there somewhere,
all right, copy 15 megabytes back in,
so now we're gonna diff, the X dot tar,
with the images dot tar,
X dot tar, space, images dot tar,
and come back with no difference,
so our extraction command was,
DD, space, IF equal, slash dev,
slash SDD, space, skip, equal,
then starting point over file,
which was eight, one, nine, four,
five, eight, space, count, equal,
and this will be our number of sectors we wrote,
which was 29, zero, oh no,
29, six, eight, zero,
space, outval, equal, X dot tar,
and I'll go ahead and do the same thing with my data,
so we got to change this up a little bit,
we'll call the, out, coming file, Y dot tar,
and our count was 1320,
1320, and our skip,
our starting point was,
eight, two, two, three, seven,
four, eight,
and it comes back,
we got to do a dip on this,
dip Y tar with data tar,
and no differences,
so we extracted all that,
so if you keep your little extraction command around,
somebody might find it and say,
wow, if I run this command,
I'll pull all my data off,
so what do you really need to know?
You know the DD command,
so you don't need our IDD down,
you don't need to even know a tar file name
because it doesn't matter what the file name is
when you extract it,
it'll be the way it's supposed to be.
You don't really really need the sector links,
or the file links,
the data links,
the number of sectors that you saved,
or it's starting position,
if you look at the drive you can tell,
but you might want to keep those two numbers around,
starting point in that count,
and that's how you save and retrieve information
from a disk outside of the fastest.
You've been listening to Hacker Public Radio
at Hacker Public Radio.org.
We are a community podcast network
that releases shows every weekday,
Monday through Friday.
Today's show, like all our shows,
was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast,
then click on our contributing
to find out how easy it really is.
Hacker Public Radio was founded
by the digital dog pound
and the Infonomicon Computer Club,
and it's part of the binary revolution at binrev.com.
If you have comments on today's show,
please email the host directly,
leave a comment on the website
or record a follow-up episode yourself.
Unless otherwise status,
today's show is released
under Creative Commons,
Attribution, ShareLife,
3.0 license.