How to clean hidden sectors on your hard drive

WARNING: If you have not backed up all your important data somewhere else, stop right here. I will not be held responsible for lost software licenses, precious pictures of your late dog Fluffy, etc. Do the following at your own risk!

I strongly recommend creating a backup file of your hidden sectors before cleaning. See this post for instructions.

When you install certain software products (cough cough Autodesk), secret entries are made on a hidden sector of the computer’s hard drive. These entries are looked for when you attempt to install the software again and are not removed even if your reformat the drive or install a fresh image of your operating system.

To remove these “permanent” records, you need to use a low-level disk utility to zero out the affected sectors. Fortunately, this can be done quite easily using a Linux rescue disk. The following example uses Ubuntu Rescue Remix 10.10:

1. Insert the rescue disk and reboot the computer. At the “boot” prompt, press Enter and wait for Linux to start (~ 1 minute).
   
   
2. At the command prompt, type the following command:

sudo fdisk -l

(Note: the character at the end is the letter ’l’, as in “lettuce”)

You should see a list of connected drives and their partition information. Find the name of the drive you need to fix (looking at the drives’ capacities should give you a good hint). The drive name will be something like /dev/sda, or /dev/sdb etc.

3. Now we will zero out some of the sectors on that drive where sneaky programs could be hiding data.

CAUTION: Be very careful with the dd command! One small typo or omission can render the entire drive unreadable! (dd has the nickname “disk destroyer” for a reason)

Type the following command, replacing “/dev/sdx” with the actual drive name:

sudo dd if=/dev/zero of=/dev/sdx seek=32 bs=512 count=30

This zeroes out 30 sectors, starting at sector 32, and leaves the last hidden sector (62) alone. The reason for this is that Norton Ghost hides its license information in sector 62, and zeroing it will cause problems for you if you use that product.

           If you want to zero out all hidden sectors except the Master Boot Record, use the 

           following:

     sudo dd if=/dev/zero of=/dev/sdx seek=1 bs=512 count=62

Whatever you choose to do, make sure 'seek' is at least 1, and that 'seek' plus 'count' is no more than 63!  Also, don't forget to replace "/dev/sdx" with the actual drive name.

NOTE: Linux bootloaders, like GRUB and LILO, also write code to these hidden sectors. If you use Linux on this hard drive, you may be destroying information needed to boot the operating system.

ALSO NOTE: These examples assume the hard drive has 512-byte sectors. Next generation hard drives may have 4096-byte sectors, in which case you will need to update the “bs=512” parameter accordingly.

4. Reboot the machine (sudo reboot) and proceed to do whatever it was you were doing.

Useful Links:

Ubuntu Rescue Remix: http://ubuntu-rescue-remix.org/

dd manual: http://www.gnu.org/software/coreutils/manual/html_node/dd-invocation.html

Backing up and restoring a hard drive’s hidden sectors

A computer hard drive typically contains 63 hidden sectors at the very beginning, the first sector containing the master boot record (MBR) and the remaining sectors being potentially used for a variety of purposes. Linux boot code (GRUB/LILO) may go here, and some Windows programs will sneakily write data to these hidden sectors to hide license information and to prevent abuse of time-limited trial versions. Before messing around with the contents of these sectors, it is recommended to back them up to a file so that you can restore them if things don't work out quite as planned.

Tools you will need:

• A Linux rescue CD (I will use Ubuntu Rescue Remix 10.10 for this example)
• A USB drive
  
  

How to back up the hidden sectors

1. With the USB drive plugged in, insert the rescue CD and reboot your computer.
   
   
2. At the command prompt, find the name of the drive whose sectors you will be backing up. Type the command:

sudo fdisk -l

(Note: the character at the end is the letter ’l’, as in “lettuce”)

You will see a list of connected drives. Find the name of the drive (looking at the drive capacity should give you a hint). The drive name will be something like /dev/sdx. Also take note of the name of your USB drive and its main partition number.

3. Mount the USB drive so you can work with it. Type the following commands:

sudo mkdir /mnt/USBDrive

sudo mount /dev/<USB Drive Partition> /mnt/USBDrive

where <USB Drive Partition> is the USB drive’s main partition, eg. /dev/sdb1.

4. Now we will save the contents of those hidden sectors to a file on the USB drive:

sudo dd if=<Drive Name> of=/mnt/USBDrive/first63sectors.bak bs=512 count=63

where <Drive Name> is the name of the hard drive, eg. /dev/sda. Note that there is no partition number at the end of the drive name; we are copying from the beginning of the drive itself!

5. Reboot the computer:

sudo reboot

If you like, you can now inspect the file you created with a Hex Editor (XVI32 for Windows is a good one) to see what mysterious entries might exist after the MBR.

How to restore the hidden sectors

1. Start by following steps 1, 2 and 3 in the previous example.

2. Now we will restore the backup that you previously made:

sudo dd if=/mnt/USBDrive/first63sectors.bak of=<Drive Name> bs=512 count=63

where <Drive Name> is the name of the hard drive, eg. /dev/sda.

Everything should now be back to where it was before you started messing with it 

NOTE: These examples assume the hard drive has 512-byte sectors. Newer hard drives (1 TB+) may have 4096-byte sectors, in which case you may need to update the “bs=512” parameter accordingly.