Cet article contient les programmes de la vidéo. Il s'agit d'outils aidant à la suppression sécurisée et au calcul de la taille d'un fichier. Ces programmes sont ici à but éducatifs, bien qu'ils peuvent suffire pour un résultat efficace même si les programmes ne sont pas très optimisés.





0x01. FILESIZE.C


 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
 
#ifdef BSD
  #include <sys/malloc.h>
#endif
#ifdef LINUX
  #include <malloc.h>
#endif
 
 
#define APP "filesize"
 
 
void usage()
{
  printf("\\nUsage: %s <normal file>\\n",APP);
  printf("\\nPrint raw size in byte of file.");
  printf("\\nDoes not work on special files (char/bloc/socket/pipe)");
  printf("\\n\\n");
  exit(0);
}
 
 
int main(int ac, char **av)
{
  FILE *handle;
  char *filename=(char*)malloc(sizeof(char));
 
  if( ac == 1 )
    scanf("%s",filename);
  else if ( ac == 2 )
    strcpy(filename,av[1]);
  else
    usage();
 
  handle=fopen(filename,"rb");
 
  if( handle == NULL )
  {
    perror("fopen");
    fclose(handle);
    return(1);
  }
 
  fseek(handle,0,SEEK_END);
  printf("%ld\\n",ftell(handle));
  fclose(handle);
}
 
 
 




0x02. WIPE.SH


 
#!/bin/bash
 
 
# Variables globales
# ------------------
#####################################################################
 
APP="wipe"
VERBOSE=0
E=0
 
 
# Fonctions
# ---------          
#####################################################################
 
function usage
{
  echo "
Usage: $APP [-v|-vv] <-l|-q> <file1> [file2 [file3 [fileN... ]]]
 
 -l #: number of passes
 -q  : wipe the file quickly (one pass)
 -v  : be verbose
 -vv : be more verbose
file : file to wipe
 
Executed:
dd if=/dev/urandom of=file bs=1 count=size_of_file
 
Hint:
BCWipe from Jetico is really more secure and has more options
"
  exit $1
}
 
 
function _display
{
  [ $VERBOSE -ge 1 ] && [ $E -eq 0 ] && printf "\\n$*\\n"
}
 
function _error
{
  printf "\\n\\e[1;31m$1\\e[0m\\n"
  E=2
}
 
function _dd
{
  if [ $E -eq 0 ]
  then
    [ $VERBOSE -ge 3 ] && dd if=/dev/urandom of="$FILE" bs=1048576 count=$((1+SIZE/1048576))
    [ $VERBOSE -le 2 ] && dd if=/dev/urandom of="$FILE" bs=1048576 count=$((1+SIZE/1048576)) >/dev/null 2>&1
  fi
}
 
function _mv
{
  if [ $E -eq 0 ]
  then
    [ $VERBOSE -ge 1 ] && (
     printf "\\e[0;4;32mRenaming to temporary file :\\e[0m \\e[0;i"
     mv -v "$FILE" "$R_FILE"
     )
   [ $VERBOSE -eq 0 ] && mv "$FILE" "$R_FILE" >/dev/null 2>&1
  fi
}
 
function _rm
{
  if [ $E -eq 0 ]
  then
    [ $VERBOSE -ge 1 ] && ( 
     printf "\\e[0;4;32mUnlinking file :\\e[0m "
     rm -fv "$R_FILE"
     )
 
   [ $VERBOSE -eq 0 ] && rm -f "$R_FILE" >/dev/null 2>&1
  fi
}
 
function _erase
{
  if [ $E -eq 0 ]
  then
   R_FILE=".tmp_$RANDOM$RANDOM$RANDOM"
   [ -f "$FILE" ] && _mv $FILE $R_FILE
   [ -f "$R_FILE" ] && _rm -f $R_FILE
  fi
}
 
 
function wipe_level
{
  get_size
  _display "Wiping \\e[1;32m'$FILE'\\e[0m (\\e[1;32m$SIZE Kbytes + 1024 Kbytes\\e[0m) with \\e[1;32m$LEVEL\\e[0m passes"
  if [ $E -eq 0 ]
  then 
    for pass in $(seq 1 $LEVEL)
    do
      [ $VERBOSE -ge 2 ] && printf "\\rPass # \\e[1;29m%6s\\e[0m / \\e[1;32m%-6s\\e[0m" "$pass" "$LEVEL"
      _dd
    done
  fi
  [ $VERBOSE -ge 2 ] && echo
}
 
function get_size
{
  [ ! -f "$FILE" ] && _error "Error, file not found: '$FILE'"
  [ $E -eq 0 ] && SIZE=$(ls -l "$FILE" |awk {'print $5'})
}
 
function wipe_quick
{
  level=1
  get_size
  _display "Wiping \\e[1;32m'$FILE'\\e[0m (\\e[1;32m$((SIZE/1024)) Kbytes\\e[0m) with \\e[1;32m$LEVEL\\e[0m passes"
  _dd
  E=$?
}
 
 
 
# Programme principal
# -------------------
#####################################################################
 
if [ "$1" = "-v" ]   # be verbose 
then                 #
  VERBOSE=1
  shift
fi
if [ "$1" = "-vv" ]  # be more verbose
then                 #
  VERBOSE=2
  shift
fi
 
[ $# -eq 1 ] && [ "$1" != "-h" ] && usage 1
[ $# -ge 1 ] && [ "$1" != "-q" -a "$1" != "-l" ] && usage 1
 
if [ $# -ge 1 ]
then
  while getopts "l:q:hz:" option
  do
    case $option in
 
    l)  LEVEL=$OPTARG
        shift ; shift
 
        for I in $(seq 1 $#)
        do
          FILE="$1"
          shift
          wipe_level
          [ $E -eq 0 ] && _erase
          E=0
        done
        exit $E
    ;;
 
 
    q)  LEVEL=1
        shift
 
        for I in $(seq 1 $#)
        do
          FILE="$1"
          shift
          wipe_quick
          [ $E -eq 0 ] && _erase
          E=0
        done
        exit $E
    ;;
 
    h)  usage 0
    ;;
 
    *)  usage 1
    ;;
    esac
  done
else
  usage 0
fi
 
[ $VERBOSE -ge 1 ] && echo
 




0x03. WIPE.C


 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
 
#ifdef BSD
  #include <sys/malloc.h>
#endif
#ifdef LINUX
  #include <malloc.h>
#endif
 
 
#define APP "sdelete"
#define MAX 35
 
 
void usage()
{
  printf("\\nUsage: %s <normal file>\\n",APP);
  printf("\\nSecure erase file (35 times).");
  printf("\\n\\n");
  exit(0);
}
 
 
int main(int ac, char **av)
{
  FILE *handle;
  char *filename=(char*)malloc(sizeof(char));
  long size=0,i=0,j=0;
 
  if( ac == 1 )
  {
    scanf("%s",filename);
  }
  else if ( ac == 2 )
  {
    if( strcmp(av[1],"-h") == 0 ) 
      usage();
    else
      strcpy(filename,av[1]);
  }
  if( ac > 2 )
    usage();
 
  handle=fopen(filename,"r+b");
 
  if( handle == NULL )
  {
    perror("fopen");
    fclose(handle);
    return(1);
  }
 
  fseek(handle,0,SEEK_END);
  size=ftell(handle);
  rewind(handle);
 
  printf("\\nErasing: ");
  for( i=0 ; i<size ; i++ )
  {
    for( j=0 ; j<MAX ; j++ )
    {
      fseek(handle,i,SEEK_SET);
      fputc(0,handle);
    }
    // First byte (index=0) => size 1 byte
    printf("\\rErasing: %ld/%ld bytes",i+1,size);
  }
  printf("\\n\\nDone.");
  fclose(handle);
}
 



   =>   Écrit par : Nicolas, le 29 février 2016


 
Mots clés :  
  c 
  
  forensic 
  
  linux 
  
  macos 
    >   Articles connexes :

Volatility



Cheat SHeet OpenSSL



Comment gagner du temps sur Internet



/tmp et /var/log en noexec sur macOS



6550882