I’m looking to wipe my device for resale (i upgraded to a newer model) any thoughts on a good app for busybox (like sfill) that will zero the contents where my wifi password, openvpn configs, etc was stored?
Out of curiosity where where is all the user set information stored outside the rom partition?
root@GL-AR300M:~# uname -a
Linux GL-AR300M 4.4.92 #0 Tue Oct 17 17:46:20 2017 mips GNU/Linux
nope already setup the new one. just looking for an app that will work with busybox to overwrite those sensitive areas (as well as which areas are sensitive)
ok
[1] i want to resell this device because i recently upgraded to a newer model (slate)
[2] i want to factory reset the device to clear out all of my old settings (done)
[3] i want to overwrite all of the areas where sensitive information was stored such as my last known WAN IP, VPN configs + usernames + passwords, logs and traffic details
I’m not incredibly scared that any of this information is valuable to anyone but if someone goes peeking i dont want something to be discovered like credentials that can be used to get onto my current system. i.e. if i reused my router password - i didn’t but say i did. the last known wan address would give some and address to attach and a username and password to login. after that I’m owned.
i’m hoping i can find a binary like ‘wipe’ that works with busybox to overwrite free space with random bits and the locations/partitions on which this sensitive data is stored.
Deleting files from a memory card or a hard drive usually only means that the file is removed from the file allocation table, with the files data still remaining on the memory. The operating system can not see the files anymore, but forensics software can scan each memory location and use patterns to find the files. Images for example have a header and checksum, so they could be recovered pretty easy.
The only way to truly delete the data is to overwrite it. For a magnetic based drive like a harddisk, it requires
overwriting many times, as shadows of the data can still be found using sensitive equipment. For a memory chip i would still recommend to overwrite the data randomly and a few times just to be sure.
NOR based targets - flashing from uBoot should be good enough, and perhaps so for many using SPI-NAND and eMMC.
For the truly paranoid - clearing out the NAND space might a concern on those targets as it removes the pointers, but doesn’t really clear the bits - this isn’t unique to GL-iNet targets and might be better addressed upstream with OpenWRT so that wheel isn’t repeatedly reinvented…
It just removes the directories from the file table, not even the files themselves - so they would be quite easy to recover if all you did was ‘revert’ and sell the device.