The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,118 other followers

From TailsOS – I needed a faster security wipe to clear out a Linux VM’s…

Posted by jpluimers on 2018/03/21

Cool tool to clear out Linux VM’s non-paged RAM: [WayBack] From TailsOS – I needed a faster security wipe to clear out a Linux VM’s non-paged RAM on demand and on shutdown – someone might find my little journey… – Joe C. Hecht – Google+

A Way Fast Memory Wipe – based on van Hauser’s / [THC], vh@thc.org sdmem

–jeroen

/*
*
* A Way Fast Memory Wipe – based on van Hauser's / [THC], vh@thc.org sdmem *
*
Joe C. Hecht – got this from Tails OS. I had some troubles running sdmem
from the secure-delete package under elementary OS, and had some compile
issues as well, so I took van Hauser's source and modded it to compile from a
single source file (and to my liking). I needed a really fast memory wipe that
was good enough… I don't need to hide anything from the C.I.A., but I do
want to reasonably clear out the RAM of a small VM that is setup not to page
to disk (and has no swap). Basicaly, I just want to sleep well at night
knowing that if any bots are blowing around this vast memory pool looking for
passwords and the like, they will get the scan done quickly, since they will
find only very long null terminated strings. If they are looking for residual
memory leftovers requiring 48 rounds from /dev/random to clear, then I suppose
I have been made, the gig is up, and my bank account is now empty. OK, I
adapted the code to give some verbose output every so often, showing the
approximate amount of memory wiped, and tired really hard to do this task
using a little humor along the way. For simpliciy, I removed all the args.
*
*/
/* The makefile looks like this:
CC=gcc
OPT=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
OPT_MOD=-D__KERNEL__ -DMODULE -fomit-frame-pointer -fno-strict-aliasing -pipe -mpreferred-stack-boundary=4
all: sdmem
smem: sdmem.c
$(CC) ${OPT} -o sdmem sdmem.c
-strip sdmem
clean:
rm -f sdmem
*/
/* Secure MEMORY cleaner – by van Hauser / [THC], vh@thc.org
*
* Note that this program is beta. It was tested with linux, solaris and
* openbsd but I can't tell for other platforms.
*
* Secure MEMORY overwrites all data in your memory it gets.
* The any -l option this does a real security wipe for 38 times, flushing
* the caches after every write. The wipe technique was proposed by Peter
* Gutmann at Usenix '96 and includes 10 random overwrites plus 29 special
* defined characters. Take a look at the paper of him, it's really worth
* your time.
* If run with one -l option, it wipes the memory twice, first with null
* bytes, then with random values.
* If run with two -l options, it wipes the memory only once with null bytes.
*
* Note that it is *very* slow. You might run it with "-llf"
*
* Read the manual for limitations.
*
*/
#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/resource.h>
int smash_it() {
struct rlimit rlim;
struct rlimit curlim;
/* We set a new ulimit, so we can grab all memory … */
#ifdef RLIM_INFINITY
rlim.rlim_cur = RLIM_INFINITY;
rlim.rlim_max = RLIM_INFINITY;
#ifdef RLIMIT_DATA
if (setrlimit(RLIMIT_DATA, &rlim) != 0)
fprintf(stderr, "Warning: Could not reset ulimit for data.\n");
#endif
#ifdef RLIMIT_STACK
if (setrlimit(RLIMIT_STACK, &rlim) != 0)
fprintf(stderr, "Warning: Could not reset ulimit for stack.\n");
#endif
#ifdef RLIMIT_RSS
if (setrlimit(RLIMIT_RSS, &rlim) != 0)
fprintf(stderr, "Warning: Could not reset ulimit for rss.\n");
#endif
#ifdef RLIMIT_MEMLOCK
if (setrlimit(RLIMIT_MEMLOCK, &rlim) != 0)
fprintf(stderr, "Warning: Could not reset ulimit for mem locked.\n");
#endif
#ifndef RLIMIT_DATA
#ifndef RLIMIT_STACK
#ifndef RLIMIT_RSS
#ifndef RLIMIT_MEMLOCK
fprintf(stderr, "Warning: Not compiled with support for resetting ulimits for memory\n");
#endif
#endif
#endif
#endif
#else
fprintf(stderr, "Warning: Not compiled with support for resetting ulimits for memory\n");
#endif
size_t chunksize = 4096;
size_t chunks = 16;
size_t mouthfull = chunks * chunksize;
size_t eaten = 0;
size_t bitestaken = 0;
size_t sipstaken = 0;
size_t takeasipevery = 1024*1024*100; //ahh.. every hundred megs
char * ptr;
alarm(600); /* needed to prevent mem caching */
printf("\n");
while ((ptr = calloc(chunksize, chunks)) != NULL) {
eaten += mouthfull;
bitestaken++;
if ((eaten % takeasipevery) == 0) {
sipstaken++;
printf("Sip: %zu Bites: %zu Eaten: %zu \n", sipstaken, bitestaken, eaten);
}
}
// this will rarely happen since we will usually get killed
printf("done: – %zu \n", eaten);
printf("done\n");
return 0;
}
void cleanupSIGINT() {
fprintf(stderr,"Terminated by SIGINT.\n");
fflush(stdout);
fflush(stderr);
exit(1);
}
void cleanupSIGTERM() {
fprintf(stderr,"Terminated by SIGTERM.\n");
fflush(stdout);
fflush(stderr);
exit(1);
}
void cleanupSIGHUP() {
fprintf(stderr,"Terminated by SIGHUP.\n");
fflush(stdout);
fflush(stderr);
exit(1);
}
void cleanupSIGALRM() {
fprintf(stderr,"Terminated by SIGALRM.\n");
fflush(stdout);
fflush(stderr);
exit(1);
}
int main (int argc, char *argv[]) {
printf("Starting Wiping the memory, press Control-C to abort early");
(void) setvbuf(stdout, NULL, _IONBF, 0);
signal(SIGINT, cleanupSIGINT);
signal(SIGTERM, cleanupSIGTERM);
signal(SIGHUP, cleanupSIGHUP);
signal(SIGALRM, cleanupSIGALRM);
smash_it();
exit(0);
}
//end. (for pascal lovers)

view raw
sdmem.c
hosted with ❤ by GitHub

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: