DATARAZER is a lightning-fast NIST 800-88r1 compliant data erasure tool designed for the Electronics Recycling Industry, Medical Industry, and Education Institutions

Features:

  • Pseudorandom and Single Character Overwrite
  • Erase Hidden Areas (HPAs/DCO)
  • Erasure Certificate (PDF/TXT/SQL)
  • HDD Hot Swapping
  • HDD Grading (via HDSentinel)
  • Synchronized Write Verification
  • HDD Fingerprinting
  • SATA, SAS, NVME & IDE Support
  • MySQL Database (TLS Supported)
  • Resumed Erasure (Keep progress if a drive becomes disconnected from the host)
  • Live-Boot Environment (USB/PXE/CD)
  • SSH Compatible
  • Multi-Language (English/Russian by default)
  • Plugin Support (CXX SDK - Example Language Plugin)

Overwrite Methods:

  • NIST CLEAR One Pass Random
  • NIST CLEAR One Pass Zeros
  • NIST CLEAR Three Pass Random
  • DOD 5220.22-M Three Pass (0x00|0x01|RAND)
  • Three Pass Hybrid (0xFF|RAND|0x00)

Short Video (In-depth guide coming soon):

Video Demo

Images:

The main window, everything you need to know at a glance with easy to remember controls main

Pull only the data you need for your reports with your favorite DB Application, no more irrelevant information (See ‘Sample Cert Data’ section below) db

Beautiful, easy to navigate menus make configuration a breeze settings

Impossible to miss warning messages, reducing the chance of operator error warnings

Pricing:

To request a demo or an invoice for commericial licensing, please contact: sales@thetadyn.com

Demo License:

  • Timed 30-day trial
  • Free, upon request

Enterprise License:

  • Subscription based
    • $99.99/Month
    • $549.99/6 Months
    • $999.99/Year
  • Unlimited processes
  • No drive limits
  • Free updates
  • Free email support

On-Site Support/Install:

  • Contact Us for Quote

NIST 800-88r1 CLEAR:

Either single character or psuedorandom data, depending on selected method, is written over every sector of the disk at the configured size/increment. Typically this is block_size=4MB and total_size=(total_sectors / block_size). Verification is forced and is done synchronously along with the writer. If the user’s verification setting is set to below 10%, the engine will adjust it to the minimum. If HPAs are detected, they will be cleared during overwrite initialization; after which, the total_sector count will be adjusted. If the HPA reset fails, the drive will be rejected and the erasure aborted

DOD 5220.22-M Three Pass & Three Pass Hybrid:

A pattern of both single characater and psuedorandom blocks is written to all user addressable areas of the disk. This processes is then repeated three times for each method. User addressable areas do not include HPAs or the DCO. Both methods are essentialy the same but provide different write patterns. DOD 5220.22-M uses 0x00|0x01|RAND where as Three Pass Hybrid uses 0xFF|RAND|0x00

Overwrite Engine Breakdown:

  1. Receive start instruction
  2. Run Resumed Erasure init logic, if enabled
  3. Main initialization
  4. Clear HPAs, if enabled
  5. Reset DCO, if enabled
  6. Start overwrite pass loop
    1. Run post-start Resumed Erase logic, if enabled and this is the first pass
    2. Initialize I/O stream
    3. Start disk iteration loop
      1. Wait if paused
      2. Check error allowance
      3. Write buffer to I/O stream
      4. Run verification logic, if enabled
      5. Check if we’ve reached the end of the disk
      6. Run Resumed Erasure checkpoint logic
      7. Repeat until the end of the disk, or until the error allowance is reached
    4. Force flush and close the I/O stream
    5. Repeat until pass threshold is met, or until the error allowance is reached
  7. Gather erasure statistics
  8. Apply fingerprint, if enabled and erasure was successful
  9. Store erasure results
  10. Loop back to the very beginning, and await instruction

Fingerprint Breakdown:

The first 512 bytes of the disk is used to store data about the drive for identification and “resumed erasure mode”. Data is displayed inside the application as well as it is bootable for quick identification without access to the datarazer application. When resumed erasure mode is active, data is written here at the configured step size and can be seen live updating in the main window of the application. booted-fp

Fingerprint data:

Key Description
OFST: Current write offset
PASS: Current write pass
DURATION: Wipe duration
END: End time
START: Start time
RESULT: Wipe result
ERRCT: Current error count
METHOD: Overwrite method used
H: Fingerprint header
BLKSZ: Block size used by the overwrite engine
TSZ: Total blocks based on BLKSZ: in the disk
BVER: Total number of blocks verified
RSM: The last block marked as a resume checkpoint

Flag data:

Bit Index DB Name Description
0 fp_in_progress Set when erasure in progress; Used for resumed erasure mode
1 fp_resume_used Set if the erasure was resumed
2 fp_hpa_at_start Set if hidden HPA (Host Protected Area) sectors were detected at the start of erasure
3 fp_hpa_cleared Set if HPAs were detected and successfully reset
4 fp_dco_reset Set if the DCO (Disk Configuration Overlay) was successfully reset
5 null Unused
6 null Unused
7 null Unused

Example of a wipe in progress/incomplete erasure:

00000000: 33D2 8EDA BE28 7CFC AD8B D8AD 8BC8 B800  3....(|.........
00000010: 138E C28B EECD 1033 C0CD 16CD 1900 0000  .......3........
00000020: 0000 0000 0000 0000 0200 CB00 BBAA 01AA  ................
00000030: BBBB AA61 3A62 AABB BBAA 424C 4B53 5A3A  ...a:b....BLKSZ:
00000040: 3030 3430 3030 3030 AABB BBAA 4256 4552  00400000....BVER
00000050: 3A30 3030 3034 4533 44AA BBBB AA44 5552  :00004E3D....DUR
00000060: 4154 494F 4E3A 3135 3636 AABB BBAA 4552  ATION:1566....ER
00000070: 5243 543A 30AA BBBB AA48 3A44 4154 4152  RCT:0....H:DATAR
00000080: 415A 4552 2049 4E43 4F4D 504C 4554 4520  AZER INCOMPLETE
00000090: 5749 5045 AABB BBAA 4D45 5448 4F44 3A4E  WIPE....METHOD:N
000000a0: 4953 5420 434C 4541 5220 4F6E 6520 5061  IST CLEAR One Pa
000000b0: 7373 2052 616E 646F 6DAA BBBB AA4F 4653  ss Random....OFS
000000c0: 543A 3030 3031 3837 3243 AABB BBAA 5041  T:0001872C....PA
000000d0: 5353 3A30 3030 31AA BBBB AA52 534D 3A30  SS:0001....RSM:0
000000e0: 3030 3032 3731 46AA BBBB AA53 5441 5254  000271F....START
000000f0: 3A31 3637 3433 3038 3238 30AA BBBB AA54  :1674308280....T
00000100: 535A 3A30 3030 3144 3143 33AA BB00 0000  SZ:0001D1C3.....
00000110: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000120: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000140: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000150: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000160: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000170: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000180: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000190: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001b0: 0000 0000 0000 0000 43A8 F662 0000 0000  ........C..b....
000001c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001f0: 0000 0000 0000 0000 0000 0000 0000 55AA  ..............U.

Example of a complete wipe:

00000000: 33D2 8EDA BE28 7CFC AD8B D8AD 8BC8 B800  3....(|.........
00000010: 138E C28B EECD 1033 C0CD 16CD 1900 0000  .......3........
00000020: 0000 0000 0000 0000 0200 CB00 BBAA 00AA  ................
00000030: BBBB AA61 3A62 AABB BBAA 424C 4B53 5A3A  ...a:b....BLKSZ:
00000040: 3030 3430 3030 3030 AABB BBAA 4256 4552  00400000....BVER
00000050: 3A30 3030 3035 4432 37AA BBBB AA44 5552  :00005D27....DUR
00000060: 4154 494F 4E3A 3138 3836 AABB BBAA 454E  ATION:1886....EN
00000070: 443A 3136 3734 3331 3431 3135 AABB BBAA  D:1674314115....
00000080: 4552 5243 543A 30AA BBBB AA48 3A50 524F  ERRCT:0....H:PRO
00000090: 4345 5353 4544 2057 4954 4820 4441 5441  CESSED WITH DATA
000000a0: 5241 5A45 52AA BBBB AA4D 4554 484F 443A  RAZER....METHOD:
000000b0: 4E49 5354 2043 4C45 4152 204F 6E65 2050  NIST CLEAR One P
000000c0: 6173 7320 5261 6E64 6F6D AABB BBAA 4F46  ass Random....OF
000000d0: 5354 3A30 3030 3144 3143 33AA BBBB AA50  ST:0001D1C3....P
000000e0: 4153 533A 3030 3031 AABB BBAA 5245 5355  ASS:0001....RESU
000000f0: 4C54 3A53 5543 4345 5353 AABB BBAA 5253  LT:SUCCESS....RS
00000100: 4D3A 3030 3030 3245 3934 AABB BBAA 5354  M:00002E94....ST
00000110: 4152 543A 3136 3734 3331 3232 3239 AABB  ART:1674312229..
00000120: BBAA 5453 5A3A 3030 3031 4431 4333 AABB  ..TSZ:0001D1C3..
00000130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000140: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000150: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000160: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000170: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000180: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000190: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001b0: 0000 0000 0000 0000 43A8 F662 0000 0000  ........C..b....
000001c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
000001f0: 0000 0000 0000 0000 0000 0000 0000 55AA  ..............U.

Sample Certificate Data:

# Database/internal data
id: 1
timestamp: 2023-07-14 20:24:38
app_version: 0.0+git20230713.5c26c03

# Info on the disk
disk_dev_path: /dev/sdc
disk_model_name: VBOX_HARDDISK
disk_serial_number: VB13125bc8-a46ac9a5
disk_capacity_gib: 8.00
disk_capacity_gb: 8.59
disk_hdsent_health: 100
disk_hdsent_grade: A
disk_hdsent_power_on_hours: 22
disk_sector_size: 512
disk_total_sectors: 16777216
disk_hpa_info_read: 0
disk_hpa_detected_at_start: 0
disk_drive_type: UNKNOWN
disk_rotation_rate: 0
disk_total_sectors_with_hpa: 16777216
disk_hdp_cmd_output: Disabled

# Info on what wipe method was used
ov_title: NIST CLEAR One Pass Random
ov_desc: One pass of random data in 4MB increments. Minimum 10% verification.

# Erasure engine relavant data
bw_is_fp_enabled: 1
bw_is_verify_enabled: 1
bw_is_resume_enabled: 1
bw_wipe_status: 1
bw_hpa_reset_enabled: 0
bw_dco_reset_enabled: 0
bw_was_hpa_at_start: 0
bw_was_hpa_reset: 0
bw_was_dco_reset: 0
bw_block_size_mult: 8192.00
bw_verify_percent: 0.20
bw_resume_percent: 0.10
bw_err_allowance: 10
bw_last_ofst: 2048
bw_current_errct: 0
bw_current_pass: 1
bw_block_size: 4194304
bw_start_time: 2023-07-14 18:55:49
bw_end_time: 2023-07-14 20:24:38
bw_duration: 5329
bw_job_number: NO JOB# SET
bw_asset_number: SOME_UNIQUE_ID
bw_was_resume_used: 1
bw_total_blocks: 2048
bw_blocks_verified: 4
bw_blocks_marked_resume: 2
bw_passes_required: 1

# Data collected from DMI firmware
sys_dmi_bios_vendor: inotek GmbH
sys_dmi_bios_version: VirtualBox
sys_dmi_bios_release_date: 12/01/2006
sys_dmi_bios_revision: NO_DATA
sys_dmi_firmware_revision: NO_DATA
sys_dmi_system_manufacturer: inotek GmbH
sys_dmi_system_product_name: VirtualBox
sys_dmi_system_version: 1.2
sys_dmi_system_serial_number: 0
sys_dmi_system_uuid: 2899e394-57e8-ad4b-a43d-edabb1d46be3
sys_dmi_system_sku_number: Not Specified
sys_dmi_system_family: Virtual Machie
sys_dmi_baseboard_manufacturer: Oracle Corporatio
sys_dmi_baseboard_product_name: VirtualBox
sys_dmi_baseboard_version: 1.2
sys_dmi_baseboard_serial_number: 0
sys_dmi_baseboard_asset_tag: Not Specified
sys_dmi_chassis_manufacturer: Oracle Corporatio
sys_dmi_chassis_type: Other
sys_dmi_chassis_version: Not Specified
sys_dmi_chassis_serial_number: Not Specified
sys_dmi_chassis_asset_tag: Not Specified
sys_dmi_processor_family: NO_DATA
sys_dmi_processor_manufacturer: NO_DATA
sys_dmi_processor_version: NO_DATA
sys_dmi_processor_frequency: NO_DATA

Grading Scale:

Grading requires the hdsentinel dependency to be installed to $PATH
Grade Min Health (%) Max Health (%)
A 98 100
B 90 97
C 80 89
D 65 79
F 50 64
S 0 49

User Settings:

NOTE: Settings are stored at /etc/datarazer/settings

Erasure Settings

Setting Type Settings File Key Description
Job# String erasure.job_number Unique identifier per batch, this setting will be applied to all drives not currently wiping
Asset# String erasure.asset_number Unique identifer per unit, this setting will be applied to all drives not currently wiping
Use Fingerprint Bool erasure.use_fingerprint Whether or not to use Drive Fingerprinting
Use Verification Bool erasure.use_verification Whether or not to use Write Verification
Verification Quota Int erasure.verification_percent Percentage value between 1-100% of blocks to verify during the erasure process
Error Allowance Int erasure.error_allowance Number of errors needed to cause the erasure to abort
Block Size Multiplier Int erasure.block_size_multiplier Multiplier for the size of the block written to the disk each iteration. block_size = 512 * block_size_mult. Lower values may make the program unstable; the maximum value is 8192
Resumed Erasure Enabled Bool erasure.resumed_erase_enabled Whether or not to use Resumed Erasure mode. This mode will write a fingerprint containing all the data needed to resume. If this fingerprint is present at start, this option is enabled, and the wipe method is the same; the drive will start its erasure off at the last ofst marker written to the disk. There are several factors that must all be true for the resume to be used. If any of these are off, the erasure will be treated as a non-resumed erasure
Resumed Erasure Step Size Int erasure.resumed_erase_step_percentage Percentage value between 1-100% of blocks to mark for resume during erasure
Clear HPAs Bool erasure.clear_hpa Whether or not to clear Host Protected Areas from the drive at erasure start. This value will be set to false for the disk’s erasure if no HPAs are detected.
Note: Erasure will be aborted if this task fails
Warning: This option can potentially brick the HDD
Reset DCO Bool erasure.reset_dco Whether or not to reset the Disk Configuration Overlay on erasure start. Having this option will reset the DCO regardless of if the erasure is resumed or not.
Note: Erasure will be aborted if this task fails
Warning: This option can potentially brick the HDD

Database Settings

Setting Type Settings File Key Description
Username String mysql.username Username needed to connect to the MySQL database
Password String mysql.secret Password needed to connect to the MySQL database
Address String mysql.addr Address/Hostname and Protocol of the MySQL database e.g. 192.168.1.1 or demo-db1.thetadyn.com
Port Int mysql.port Port# of the MySQL database
Schema String mysql.schema_name Name of the MySQL Schema/database to use
Supress Lost Connection Warnings Bool mysql.supress_lost_conn_warnings If enabled, you will only receive one warning upon disconect instead of having the log console flooded
Use SSL Bool mysql.use_ssl Enable TLS/SSL (Must be setup correctly on the server’s end)
SSL Cert Path String mysql.ssl_client_cert_path Path to your signed client certificate; in .pem format
SSL Key Path String mysql.ssl_client_key_path Path to your client private key belonging to the certificate; in .pem format
Auto Login Bool mysql.auto_login If enabled, attempt to connect to database on application start

Other Settings

Setting Type Settings File Key Description
Disk Update Bool dc.update This option should always be set to true. Setting this to false will turn off drive mapping
Save Cert to PDF Bool cert.save_pdf If enabled, save a nicely formated PDF to the configured location.
Dump Cert SQL Bool cert.dump_sql If enabled, dump SQL INSERT statement to text file on erasure completion.
Dump Cert TXT Bool cert.dump_txt If enabled, dump cert data to text file with similar format to INI
PDF Save Path String cert.pdf_save_path Path to save PDF files to, leading directories will be created. Supports templated file naming*
SQL Dump Path String cert.dump_sql_path Path to dump SQL files to, leading directories will be created. Supports templated file naming*
TXT Dump Path String cert.dump_txt_path Path to dump TXT files to, leading directories will be created. Supports templated file naming*
Overwrite Confirm Bool bw.saftey Enable confirmation pop-up before an overwrite starts
Overwrite Confirm Phrase String bw.saftey_code The phrase that needs to be entered by a user to start an overwrite if confirm is enabled
Skip Mounted Drive Mapping Bool dc.skip_mounted_drives Will skip over mapping any drive mounted by the system
Plugin Directory String api.plugin_dir Directory to load plugins from
License Key String app.license_key License key provided by us to utalize the Enterprise edition
Language String app.language_locale What language to display the program in. English/Russing are available by default with en_US and ru respectively

NOTE: on Templated File Naming; This allows you to enter a template phrase when choosing where to save a file to that in turn will substitute any matching certificate value.

As an example:


PDF Save to => /home/datarazer/{{bw_job_number}}-{{disk_model_name}}-{{disk_serial_number}}-{{bw_wipe_result}}.pdf

Controls:

Key(s) Window(s) Description
Up/Down Main Window Scroll drive table
Left/Right Main Window Tab pages Forward/Back in the drive table
Enter/Return Main Window Start Erasure of selected disk
M Main Window Enter menu system
Up/Down Menus Navigation
Enter Menus Select item
ESC Dialogs Cancel dialog
Enter Dialogs Submit dialog
PgUp/PgDown All Scroll log viewer
Home/End All Resize log viewer

NOTICE:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Special Thanks:

NIST SP 800-88r1 Publication - See sections A-5,6,8 pg. 31
DOD 5220.22-M Publication