Protect data by modifying the system partition of the hard drive. What is Magisk, or how to hide root in Android
What is a reserved partition, or why does Windows hide part of the disk?
When installing Windows 7, Windows 8, etc. for the first time. to a blank or formatted disk (and in previous versions of the system there was no such volume), the first thing windows does is create a certain partition at the very beginning of the hard drive. It is called System Reserved Partition (system reserved partition or system partition). The partition is actively used by the system to install and load the main body of windows - what we see as the operating system itself.
When you open the My Computer folder or just Computer, you won’t see the system partition. It is not assigned any designation and is not available in Windows Explorer. To see it, you need to open the computer management console (command in the search bar diskmgmt.msc) in the Disk Management section:
Why do you need a reserved partition?
This system partition contains boot data, boot manager code (a program that allows you to select the active disk partition from which windows will boot). There will also be a Windows recovery environment as a result of a system failure. If you use the built-in BitLocker encryption feature in Windows, the BitLocker Drive Encryption feature boot data will also be located there.
For each version of the system, the disk size is also already ready. 100 MB in Windows 7, 350 MB in Windows 8/8.1, and finally 500 MB in Windows 10. And, by the way, sometimes this space is not enough, and the user receives an error message after the next batch of updates.
How to look into the reserved section?
If you want to take a look at the contents of this section, simply give the section a name. As always, in the form of a Latin letter. After the new partition appears in Windows Explorer, activate showing hidden folders and files, as well as system files. Let me remind you, this is done through the Control Panel in the Folder Options item. 
If you can’t do this using the Windows console, but files like , BOOTSECT.bak and the Boot, Recovery folders, as well as System Volume Information, $RECYCLE BIN become visible without such manipulations, you are not the first to work with your hard drive . Without disk Reserved by the system disk encryption will simply be impossible to support. And since the ransomware is ready to work in all the latest versions of Windows, this section will also always appear.
There is no system partition anymore...
Is it possible to delete a reserved partition?
I have no idea why you might need this. I highly recommend not doing this when Windows is working.. Yes for any reason. Otherwise, you are almost guaranteed to encounter a loading error. Moreover, when you try to subsequently fix Windows loading when it refuses to boot (if this happens, of course), the system will naturally show you a problem in the form of a missing item Troubleshooting your computer. And you'll have to use Windows.
Is there no way to get rid of it?
Consider it again - this section is very useful and may come in handy. However, if you think that he is just getting in the way, consider this.
- Before installing Windows
Everything is simple here. If you do not want to see this section in the future, use the built-in utility Diskpart. It is embedded in the Windows installation disk.
- During system installation, press Shift + F10, calling the cmd console
- launch diskpart and check the number of physical disks with the command list disk(numbering starts from 0)
- select the one you need with the command select disk 0
- and create a volume ready for use with the command create partition primary
We continue installing Windows pointing to this disk (Windows will not create a reserved partition)
- The section is already present
You can’t delete it with a simple mouse click—the system is not its own enemy. And, before the volume is deleted, all files stored there must be moved to another location. Only it sounds so simple: these manipulations involve editing the registry, copying files between volumes, and changing the BCD boot loader storage. In versions from Windows 8 you will also have to include the recovery environment. If you wish, I can describe several techniques, but I simply do not recommend doing this. Moreover, I came across some programs that assured that with their help, transferring data from a backup disk (and then deleting it) would go smoothly. Unfortunately, in reality there were more problems than they mentioned. Leave it as is.
Read: 20
Menu Edit(Edit) of the Regedt32 program contains commands that allow you to add, modify and delete sections and significant registry elements.
To add a new section to any registry hive, select the command Add section(Add Key) menu Edit. When you run this command, you are prompted to enter the section name and class (class in this case refers to the data type). The dialog box for entering this information is shown in Fig. 14.5. There is no list from which you can select a data type in this dialog box, but you are given the opportunity to create a section and determine the data type when entering a new parameter as part of the created section.
Team Add section used to add significant elements to registry keys. The dialog box that opens when executing this command (Fig. 14.6) contains a list that allows you to select the data type for the significant element: string values (REG_SZ, REG_MULTI_SZ and REG_EXPAND_SZ) or binary values (REG_DWORD or REG_BINARY).
To remove a section or significant element from the registry, select the object (section or significant element) intended to be deleted and select the command Delete(Delete) menu Edit. You will be asked to confirm your intent to delete the selected section or significant item.
Note |
|
|
In addition to the commands for deleting registry elements and adding new sections and parameters to its composition, in the menu Edit The Regedt32 editor has a set of commands for editing existing registry entries (and it should be noted that this set of options is much broader than those provided by the newer Regedit program). Menu Edit Regedt32 registry editor contains commands Binary data(Binary) Line(String), Double word(DWORD) and Multiline(Multi String). Selecting each command launches the value editor of the corresponding type - for example, select commands binary data launches the binary editor - Binary Editor, select command Double word- DWORD value editor, and command selection Line and Multiline calls the corresponding editors for string and multiline values. Please note that such extensive capabilities are simply not available in the Regedit editor.
In the vastness of the Runet, it is difficult to find constructive and well-presented information about the design of the Android operating system. For the most part, the information is fragmented and incomplete; there is no introductory part with basic concepts, which makes it difficult for beginners to perceive and understand. Without basic knowledge of the device and operating algorithm of the Android operating system, it is impossible to debug or customize firmware or develop for the Android OS. This is what prompted me to write this article, in which I will try, in ordinary and understandable language, to convey “complex” things.
The material is aimed primarily at study by ordinary users and is presented as an introductory excursion into the world of Android operating systems. Therefore, concise and superficial information will be presented here without technical depths and nuances. This material will be useful to everyone who is involved in flashing and customizing firmware, developing for the Android OS, repairing mobile computer systems, and the average user for a better understanding of the operating principles and capabilities of their Android.
Android internal memory partitions
The internal memory of an Android device is divided into several logical drives (partitions). Here is a classic memory layout:
Bootloader- here is a program (bootloader) that allows you to launch the Android operating system, Recovery and other service modes.
Recovery- as the name implies, an engineering recovery menu or simply Recovery is installed here.
Boot- the heart of the Android OS, here is the kernel, drivers and processor and memory management settings.
System- the system partition, which contains all the files necessary for the operation of the Android OS, this is like the Windows folder on your C:\ drive (hereinafter we will associate it with the Windows OS)
Data- a section for installing applications and storing their data. (Program files)
User- this is a well-known sdcard or, more simply put, a place for user files (My Documents). Here we are forced to make a digression, because placement of this section has several options:
- The partition is not in the internal memory, and instead an external drive is used - the most popular option. (Fig.1)
- In devices with large built-in memory, this section is seen as sdcard, and the external memory card is seen as sdcard2 or extsd (there may be other name options). Typically found on devices running Android 3.2. (Fig.2 Option 1)
- This option replaced the previous version, along with Android 4.0. The User section was replaced with a media folder on the Data section, which allowed us to use all the memory available to the user for installing programs and storing data, and not the amount that the manufacturer allocated to us. In other words, sdcard and data are one. (Fig.2 Option 2)
Now that we know what is where, let's figure out why it is there and how this information can be useful to us.
Let's start with Bootloader. This is the bootloader that launches Android, recovery, etc. When we press the power button, the bootloader starts and, if there are no additional commands (pressed keys), starts loading boot. If a key combination was pressed (each device has its own), then it launches, depending on the command, recovery, fastboot or apx. The figure below clearly shows what Bootloader runs and how the sections are interconnected.
As can be seen from Figure 3, the Recovery partition does not affect the loading of the Android OS, but why is it needed then? Let's try to figure it out.
Recovery is essentially a small utility based on the Linux kernel and is loaded independently of Android. Its standard functionality is not rich: you can reset the device to factory settings or update the firmware (pre-downloaded to the sdcard). But, thanks to folk craftsmen, we have modified recovery, through which you can install modified (custom) firmware, configure Android, create backups and much more. The presence or absence of recovery, as well as its version, do not affect the performance of the Android OS (a very common question on the forums).
Particularly attentive readers may have noticed a certain Fastboot in Fig. 3. This is an interface for working directly with internal memory partitions using the command line. Through it you can flash recovery, kernel or new firmware version, or format (delete all information) one or another partition.
Since we're talking about interfaces, I want to talk about another fairly well-known one - adb (android debugbridge). This is the so-called debugging mode, and it is named so for a reason - through it you can monitor the operation of both the system as a whole and individual applications. But that's not all, with adb you can get full access to the device's file system and change system files, or retrieve important information when your device is stuck loading. I will not describe all the functions of the debugging mode because... my goal is to convey general information, and not a detailed overview of the functions of a particular mode.
Having understood the theory, let's launch the Android OS.
We press the power button - Bootloader is launched, which loads the Kernel (boot), which, in turn, starts the system (System), well, and it already loads programs (data) and user space (user). (Fig.3)
Now let's go to the root directory and look at the insides of the Android OS itself:
In this diagram we have provided only the directories necessary for reference. In fact, there are many more of them, and a review of just one System folder would require a whole article.
And so, the data folder. As the name suggests, it has something to do with data, but what kind? Yes, with almost everyone, this includes synchronization and account data, passwords for wifi access points and vpn settings, and so on. Among other things, you can find the app, data and dalvik-cache folders here - let’s look at their purpose:
- app - programs and games are installed here.
- data - application data, their settings, game saves and other information are stored here.
- dalvik-cache is a software cache area for the Dalvik program. Dalvik is a Java virtual machine, which is the basis for running programs that have the *.apk extension.
- In order to make programs launch faster, their cache is created.
The System folder stores system data and everything necessary for the operation of the OS. Let's look at some of these folders:
- app - here are system applications (SMS, phone, calendar, settings, etc.), as well as applications installed by the device manufacturer (branded widgets, live wallpapers, etc.).
- fonts - system fonts
- media - contains standard ringtones, notifications, alarms and interface sounds, as well as boot animation (bootanimation)
- build.prop - This file is almost the first mentioned in conversations and articles about fine-tuning the system. It contains a huge number of settings, such as screen density, proximity sensor delay time, wifi control, device name and manufacturer, and many other parameters.
Root superuser rights in Android OS
As in any Linux-like system, in the Android operating system, access to system files and directories is provided with Root superuser rights. In this section, we decided to consider the principle of operation of superuser rights in the Android OS, the ability to edit system files or logical partitions of file space if you have Root superuser rights.
— Knowing what is in which folder is good, but is it possible to do something about it?
- Yes! But you need superuser rights (root) or, if we draw an analogy with Windows, Administrator rights. Initially, all Android devices come without root rights for the end user, i.e. When we buy a device, we are not full-fledged owners of it. This is done both to protect against malware and from the user himself - after all, in inept hands, full access to the system can lead to the “death” of the operating system and the subsequent need to flash the device.
“Well, what is the use of such a dangerous thing?”- you ask.
Now we'll tell you:
- The ability to backup data and restore it after flashing or accidental deletion.
- Fine-tuning the system manually or using special programs.
- Removing system applications, ringtones, wallpapers, etc.
- Changing the appearance of the OS (for example, displaying battery charge as a percentage)
- Adding functionality (support for ad-hoc networks, for example)
This list can be continued for a long time, but I think these examples will be enough to get an idea of the capabilities and breadth of application of root privileges.
- This is all great, but now any program will be able to access the “heart” of the operating system and my data?
- No. You decide whether to allow this or that application to gain root access or not. For this there is a program called Superuser or its advanced sister SuperSU. Without this or a similar program, it is not possible to use root.
As you can see, Android is not such a difficult operating system for the user to understand. If you have previous experience with Linux-like operating systems, you will find many similarities with Android systems, and these similarities are justified. The Android system is derived and built on the Linux kernel. I hope that after reading the article, you learned something new or received an answer to a question that has been of interest to you for a long time.
Hello Habr!
Several years ago, when I was first introduced to Android, I heard from a work colleague that Android provides the ability to install modified or homemade firmware. Frankly, I was far from it then. And even half a year ago I was barely interested in such things. Deep in my heart, I was sure that what the manufacturer was doing was already intended for normal use.
Imagine my disappointment when I purchased a phone from China, where the factory settings prohibited the use of Google, Skype, Facebook and other applications. In principle, it was possible to turn a blind eye to some things, but when my phone did not require the use of a Google account, I made promises to definitely figure it out no matter what happened to me.
Half a year has passed and my custom firmware is being successfully used all over the world.
This series of articles will discuss how to do reverse programming for Android, implement patches, tweaks and mods.
Preamble
So! Let's first define the concepts that will be used in given article. Your usual understanding, however, may be very different.Patch- changing or replacing existing program code in order to modify the program algorithm.
Maud- as a rule, adding additional functionality to existing program code without changing the algorithm.
Tweak- improvement of the program functionality in order to facilitate access to system parameters.
I also want to note that all examples will be taken for an HTC phone, but this does not mean that this information cannot be used on other phones.
Preparing the environment
I can do without detailed instructions on how to use this or that software. If you are interested in this article and have read this far, then I hope that you are already an experienced user and have experience using, or at least experimenting in, this area. There are plenty of instructions, articles and test results in the public domain, just like on Habré. I will also do without describing some terms, otherwise the article will turn out to be very long and tedious. We will write only to the point. I'm sure you've been on Wednesday for a long time. If not, then I suggest downloading and installing it.1
. Android SDK. This is an application development environment for Android. In order to make modifications, we will definitely have to check our program code. The development environment is the best we can use.
2
. Android Kitchen. This utility will allow you to work with images of system partitions of official or unofficial firmware.
3
. JD-GUI. Java code decompiler. I would like to note right away that this is the best decompiler in terms of ease of use.
4
. DJ Java Decompiler. Another decompiler, or disassembler, as some like to call it, of Java language program code. It is not convenient to use, but it parses code that JD-GUI sometimes does not understand.
5
. smali. Another disassembler, but this time dalvik code. smali is needed for disassembling, and backsmali is needed for assembling code.
6
. dex2jar. A utility for converting Dalvik code executable files.
Firmware conversion
Of course, the firmware that you have on your phone from the manufacturer is optimized to reduce power consumption. In order for the firmware to be modified, it must be converted to a format that allows the code to be modified. Android Kitchen is used for this. Of course, you can do it with your hands, as I did before until I found this very “kitchen”. You can read on the Internet how to remove the system area from the phone, install the environment, and make DEODEX firmware. If you don't understand anything already, I think it's worth holding off on reading this article until you gain enough experience.After the firmware has changed from an optimized version (ODEX - optimized dalvik executable code, if my memory serves me correctly) to DEODEX (that is, NOT optimized), all executable files are ready for modification.
Direct modifications
Creating patches
As I already said, my phone was initially banned from using Google. Well, no matter what, you can’t go to the Playstore, you can’t set up an account, the phone book doesn’t really sync. Why do you need such an Android? After digging for a long time into the logcat of the device itself, I found entries that said that the use of Google is prohibited. The most inconvenient thing about Android is that you see the log, but you don’t know which system application is producing it. To find where my legs were coming from, I had to gut all system applications to disassembled Java code. It took a lot of time, but I still use the work I did when analyzing and finding the right code. The steps to obtain such tools are as follows:1 . Make DEODEX of all firmware
2 . Your new DEODEX firmware will need to be assembled and flashed onto your phone. How this is done is the topic of another article.
3 . From each file located in /system/framework, extract the classes.dex file and convert it to JAR using dex2jar.
4 . Open each resulting JAR in JD-GUI and re-save it into source code
5 . Unpack the source code from the archive.
In the end, I ended up with as many folders as there were JAR files in /system/framework, and each folder had a Java source code structure.
Through simple manipulations, I quickly found the place that generated entries in logcat.
We will not consider the entire logic of the ban, since each case is a separate story. I had to spend a couple of hours before I found where the checks were made, built a block diagram of the algorithm in my head and understood where to go in order to “spoil” the algorithm a little.
It turned out to be simple. There is a subroutine that, based on pre-established constants, when contacted, answered whether the phone belongs to China or not.
The code was in the file HTCExtension.jar, and the class that contained this subroutine was in
Unpacking and analysis of the original file
1 . First, we need to take the original DEODEX JAR file, which is responsible for the part of the code we need. In our case HTCExtension.jar.2 . Open with any archiver and pull out classes.dex from there
3 . Use the dex2jar converter to convert it to a JAR file. Command: dex2jar.bat classes.dex
4 . Open the resulting classes_dex2jar.jar file in JD-GUI.
5 . Yes, most often JD-GUI decompiles the code not as it looks in the original, it is understandable, but it is quite readable. In the source code we see that the subroutine checks the project parameters and the firmware language flag. In our unfortunate case, TRUE is returned.
public static boolean isChina() ( if ((HtcBuildFlag.Htc_PROJECT_flag == 216) || (HtcBuildFlag.Htc_PROJECT_flag == 218) || (HtcBuildFlag.Htc_PROJECT_flag == 23)); while (((HtcBuildFlag.Htc_PROJECT_flag == 1) && (2 == HtcBuildFlag.Htc_LANGUAGE_flag)) || (HtcBuildFlag.Htc_PROJECT_flag == 27)) return true;
6 . To make a patch, we need to disassemble the Dalvik code itself. For this we use baksmali. The most convenient way is to create a separate folder and put three files there together: HTCExtension.jar, smali.jar And baksmali.jar. Give the command java -Xmx512m -jar baksmali.jar -a -d -o HTCExtension -x HTCExtension.jar
This is the API for your version of Android. For JB it's 16
- the folder where all the firmware frameworks are located.
In my case it was the command
java -Xmx512m -jar baksmali.jar -a 16 -d S:\dev\Android\Android-Kitchen\WORKING_JB_15\system\framework -o HTCExtension -x HTCExtension.jar
7
. In our newly created folder, the HTCExtension folder appeared, and in it our files with Dalvik code.
8
. Finding the file along the path \com\htc\util\contacts\BuildUtils$Customization.java and look at the code:
.method public static isChina()Z .registers 3 .prologue const/4 v0, 0x1 .line 276 sget-short v1, Lcom/htc/htcjavaflag/HtcBuildFlag;->Htc_PROJECT_flag:S const/16 v2, 0xd8 if-eq v1 , v2, :cond_13 sget-short v1, Lcom/htc/htcjavaflag/HtcBuildFlag;->Htc_PROJECT_flag:S const/16 v2, 0xda if-eq v1, v2, :cond_13 sget-short v1, Lcom/htc/htcjavaflag/HtcBuildFlag ;->Htc_PROJECT_flag:S const/16 v2, 0x17 if-ne v1, v2, :cond_14 .line 297:cond_13:goto_13 return v0 .line 283:cond_14 sget-short v1, Lcom/htc/htcjavaflag/HtcBuildFlag;-> Htc_PROJECT_flag:S if-ne v1, v0, :cond_1d .line 285 const/4 v1, 0x2 sget-short v2, Lcom/htc/htcjavaflag/HtcBuildFlag;->Htc_LANGUAGE_flag:S if-eq v1, v2, :cond_13 .line 291:cond_1d sget-short v1, Lcom/htc/htcjavaflag/HtcBuildFlag;->Htc_PROJECT_flag:S const/16 v2, 0x1b if-eq v1, v2, :cond_13 .line 297 const/4 v0, 0x0 goto:goto_13 .end method
9
. Scary, isn't it? Nothing is clear. But this is a fixable issue. Having created a few of your own patches and thus gained experience, you can easily modify the code without third-party tools. In our case, in this code
.prologue const/4 v0, 0x1 assigns the variable v0 the value 1, that is, TRUE. Next comes all sorts of checks, and if the phone is not Chinese, then the value of the variable changes:
.line 297 const/4 v0, 0x0 goto:goto_13
10
. The easiest way to save the father of Russian democracy is to change the code to the following:
.prologue const/4 v0, 0x0 , that is, change the value of the variable from 1 to 0. That is, no matter what, the value FALSE would always be returned and in the JD-GUI the code would look like public static boolean isChina() ( if (( HtcBuildFlag.Htc_PROJECT_flag == 216) || (HtcBuildFlag.Htc_PROJECT_flag == 218) || (HtcBuildFlag.Htc_PROJECT_flag == 23)); while (((HtcBuildFlag.Htc_PROJECT_flag == 1) && (2 == HtcBuildFlag. Htc_LANGUAGE_flag)) || (HtcBuildFlag.Htc_PROJECT_flag == 27)) return false;
11
. Yes, the method will work. But we are not looking for easy ways - this time. Secondly, it’s not exactly beautiful. I would like code something like
public static boolean isChina() ( return false; )
12
. How can we get the Dalvik code for this source code? For beginners we will do a little trick.
Creating Dalvik code
1 . Open Android SDK.2 . We create a new project, and write the following code in our only test class
package ru.habrahabr.test; public class test ( public static boolean isChina() ( return false; ) )
3 . We compile our project and then take the assembled application from the workspace.
4 . We put the assembled application in the folder where we gutted the JAR file.
5 . Give the command java -Xmx512m -jar baksmali.jar -a -d -o test -x test .apk
6 . We disassembled the newly built application into Dalvik code.
7 . Open our test.smali file and see the code there
.method public static isChina()Z .registers 1 .prologue .line 7 const/4 v0, 0x0 return v0 .end method
8 . That's it, the patching code is ready.
Rolling a patch
1 . Dalvik code is littered with markers indicating a line of code in the original source file. This is necessary when displaying errors, if any, in your program. The code also works fine without specifying lines.2 . We delete the lines with line numbering, copy and replace the method (subroutine) in our \com\htc\util\contacts\BuildUtils$Customization.java file.
.method public static isChina()Z .registers 1 .prologue const/4 v0, 0x0 return v0 .end method
3 . Save the file. Yes, I forgot to say, you need a normal editor, for example Notepad++ or EditPlus. Who likes which one?
Compiling and building a patched JAR file
1 . Using backsmali, we gutted our JAR file, and now we need to put it back together.2 . Give the command java -Xmx512m -jar smali.jar -a 16 HTCExtension -o classes.dex
3 . The classes.dex file appears in our folder
4 . Opening again HTCExtension.jar file with an archiver and replace the existing one in it classes.dex to our just created one.
5 . That's it, ours HTCExtension.jar contains modified program code.
Replacing the original file with a patched one
Usually, special scripts are created for ordinary users, which are replaced via recovery. But we are not interested in this. Firstly, it’s long and tedious, and secondly, we are experienced users and can afford some subtleties.1 . You can replace the current working file with the following commands if you already have DEODEX firmware and have root access:
Adb push HTCExtension.jar /sdcard/HTCExtension.jar adb shell su mount -o remount -rw /system dd if=/system/framework/HTCExtension.jar of=/system/framework/HTCExtension.jar.back dd if=/sdcard /HTCExtension.jar of=/system/framework/HTCExtension.jar chmod 644 /system/framework/HTCExtension.jar rm /data/dalvik-cache/system@ [email protected]@classes.dex reboot
The first command uploads the patched file to the flash drive
2nd command opens shell
3rd command gives root access
The 4th command mounts the system in read/write mode
5th command makes a backup copy of the file
The 6th command overwrites the existing file with the new patched one.
7th command configures permissions
8th command deletes cache
The 9th command reboots the device.
2
. Thank you for reading to this point, there is little left.
3
. After a reboot, your new patched code will take effect.
4
. If the code does not work or an error occurs, then using simple combinations you can return the backup copy.
adb shell su mount -o remount -rw /system dd if=/system/framework/HTCExtension.jar.back of=/system/framework/HTCExtension.jar rm /data/dalvik-cache/system@ [email protected]@classes.dex reboot
Epilogue
Yes, some thought this article was too specific, some found it difficult to understand, and some found it useless. I deliberately avoided in-depth detail and illustrations of how it all looks live and in practice. Firstly, this work will be thankless and will only give rise to even more questions. Secondly, I don’t want to see an army of users on forums complaining that they killed their phone.For the next article I will tell you how to make Tweeks. There will be an example of using automatic recording of phone calls using native phone tools. Thank you for your attention.
P.S. If something is not clear or confusing, ask questions - I will always be happy to answer and explain.
Formulation of the problem
Storing information on a computer is associated with the risk of accidental or intentional disclosure, so various methods and means are used to protect it. Most often as a primary means, which prevents free access to information in electronic form, use encryption, which is implemented in hardware or software. The objects of cryptographic protection are individual files, groups of files, directories and, finally, logical drives. The result of encryption is file archives located on electronic media. Details of the implementation of various cryptographic algorithms, it can be noted that in this case the GKU must also solve problems related to the guaranteed destruction of the initial unencrypted information to prevent its recovery.
The fact is that a feature of all used file systems ( FAT, NTFS, etc.). It is not possible to overwrite information in clusters belonging to a file until the file is noticed as deleted. That is, during file encryption, its encrypted copy is written not instead of the initial file, but into free clusters of the electronic media, and only after the encryption process is completed, the unencrypted file is deleted, unless this is provided for by the algorithm.
Thus, it is possible to recover deleted unencrypted information, which is successfully accomplished by such software products as File Recover, Back2Life, R-Studio, GetDataBack for NTFS, etc.
If you do not take into account the recommendations associated with them physical destruction of electronic media, then this can be made impossible only by repeatedly rewriting those magnetic disk clusters where confidential information was previously stored. For example, American National Standard of the Department of Defense DOD 5220.22-M (E) involves recording random numbers in the first pass, numbers additional to those recorded in the previous pass in the second, and random numbers in the third. In the famous algorithm of Peter Gutmann, which is considered one of the most reliable , in place of the destroyed data, all known combinations of digits are written in turn (a total of 35 passes are carried out). — information destruction methods support American standards DOD 5220.22-M, Army AR380-19, NCSC-TG-025, Air Force 5020, NAVSO P-5239-26, HMG IS5, German VSITR, Canadian OPS-II and Russian GOST P50739-95, etc. Thus, encryption performed inside the logical drive, always carries the risk of incomplete destruction of the original information, so a different approach to this problem is necessary.
