------------------------------------------------------------------------------------- / _ \ \_\(_)/_/ _//"\\_ JOHLEM.net / \ https://johlem.net/V1/topics/cheatsheet.php ------------------------------------------------------------------------------------- --- CHEATSHEET DD COMMAND dd mean 'data diplicator', alternative name is 'data destroyer' general usage: # dd if=$input_data of=$output_data [options] Input and output data can be disks, partitions, files, devices... mainly everything you can write to or read from. ---Examples fills the drive with random data: # dd if=/dev/urandom of=/dev/sda bs=4k --- drive to drive duplication: # dd if=/dev/sda of=/dev/sdb bs=4096 --- clean up a hard drive: # dd if=/dev/zero of=/dev/sda bs=4k --- copy from file to tape device: # dd if=inputfile of=/dev/st0 bs=32k conv=sync --- copy from tape device to file: # dd if=/dev/st0 of=outfile bs=32k conv=sync --- check if drive is really zereod out: # dd if=/dev/sda | hexdump -C | grep [^00] --- fills out a partition (carefull with system partitions): # dd if=/dev/urandom of=/home/$user/hugefile bs=4096 --- scramble a file (maybe before delete it) # ls -l myfile -rw-r--r-- 6803104 Nov 15 11:22 myfile dd if=/dev/urandom of=myfile bs=6803104 count=1 --- copy a partition to another partition # dd if=/dev/sda3 of=/dev/sdb3 bs=4096 conv=notrunc,noerror --- view available filesystems: # dd if=/proc/filesystems | hexdump -C | less --- view available partitions in kb: # dd if=/proc/partitions | hexdump -C | less --- creates a gzipped image of the second partition of the second disk: # dd if=/dev/sdb2 ibs=4096 | gzip > partition.image.gz conv=noerror --- copy the contents of a tape drive to a file, converting form EBCDIC to ASCII: # dd bs=10240 cbs=80 conv=ascii,unblock if=/dev/st0 of=ascii.out --- copy from 1KB block device to 2KB block device # dd if=/dev/st0 ibs=1024 obs=2048 of=/dev/st1 --- copy 10GB of zeros to the garbage can # dd if=/dev/zero of=/dev/null bs=100M count=100 100+0 records in 100+0 records out 10485760000 bytes (10 GB) copied, 5.62955 s, 1.9 GB/s --- Erase GPT from disk. Since GPT writes data at the beginning AND at the end of the drive, after erasing from the beginning, we need to find out the number of sectors (second command), the erase the last 20 sectors. # dd if=/dev/zero of=/dev/sda bs=512 count=2 fdisk -s /dev/sda dd if=/dev/zero of=/dev/sda seek=\ (number_of_sectors - 20) bs=1k --- create bootable USB drive (heere shown as /dev/sdc) # dd if=/home/$user/bootimage.img of=/dev/sdc --- a good way to check bad blocks # dd if=/dev/sda of=/dev/null bs=1m --- copy the MNR to a floppy # dd if=/dev/sda of=/dev/fd0 bs=512 count=1 --- drive to drive duplication # dd if=/dev/sda1 of=/dev/sdb1 bs=4096 --- create an image of a CD # dd if=/dev/sr0 of=/home/$user/mycdimage.iso bs=2048 conv=nosync --- mount said image locally # mount -o loop /home/$user/mycdimage.iso /mnt/cdimages/ --- usefull when replacing a disk with another of identicat size: # dd if=/dev/sda of=/dev/sdb bs=64k conv=sync --- create DVD images of a partition(usefull for backing up) # dd if=/dev/sda2 of=/home/$user/hddimage1.img\ bs=1M count=4430 dd if=/dev/sda2 of=/home/$user/hddimage2.img\ bs=1M count=8860 [...] to restore from DVD images # dd if=/$location/hddimage1.img of=/dev/sda2\ bs=1M dd if=/$location/hddimage2.img of=/dev/sda2\ seek=4430 bs=1M dd if=/$location/hddimage3.img of=/dev/sda2\ seek=8860 bs=1M [and so on...] --- destroy the superblock # dd if=/dev/zero count=1 bs=1024 seek=1 of=/dev/sda6 --- another way to destroy the superblock # dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/sda5 --- check file for viruses (needs ClamAV) # dd if=/home/$user/suspicious.doc | clamscan - --- look at the contents of a binary file (needs hexdump) # dd if=/home/$user/binary file | hexdump -C | less --- benchmarks hard drive for read/write speed # dd if=/home/$user/bigfile of=/dev/null dd if=/dev/zero of=/home/$user/bigfile \ bs=1024 count=1000000 --- gives new life to older hard drives that haven't been used for a while(disk must be unmounted) # dd if=/dev/sda of=/dev/sda --- examine memory contents (human-readable, that is) # dd if=/dev/mem | strings | grep 'string_to_search' --- copy a floppy disk # dd if=/dev/fd0 of=/home/$user/floppy.image\ bs=2x80x18b conv=notrunc --- view virtual memory # dd if=/proc/kcore | hexdump -C | less --- view available filesystems # dd if=/proc/filesystems | hexdump -C | less --- view loaded modulels dd if=/proc/kallsyms | hexdump -C | less --- view interrypt table # dd if=/proc/interrupts | hexdump -C | less --- view uptime in seconds # dd if=/proc/uptime | hexdump -C | less --- view available partitions in kb # dd if=/proc/partitions | hexdump -C | less --- view memstats #dd if=/proc/meminfo | hexdump -C | less --- creates a 1kb file of random gibberish # dd if=/dev/urandom of=/home/$user/myrandom \ bs=100 count=1 --- creates an image of the actual state of your system memory # dd if=/dev/mem of=/home/$user/mem.bin\ bs=1024 --- prints the file to stdout # dd if=/home/$user/myfile --- search an entire partition for a string; even if it's secured you can boot a liveCD # dd if=/dev/sda2 bs=16065 | hexdump -C\ | grep 'text_to_search' --- copy file.bin to convfile.bin skipping the first 64kB: # dd if=/home/$user/file.bin skip=64k bs=1\ of=/home/$user/convfile.bin --- create bootable USB drive (here shown as /dev/sdc) # dd if=/home/$user/bootimage.img of=/dev/sdc --- read BIOS # dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8 --- convert Nero image into ISO standard image: # dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300k --- create a gzipped image of a partition using split # dd if=/dev/sda1 | gzip -c | split -b 2000m - \ /mnt/hdc1/backup.img.gz restore above backup # cat /mnt/hdc1/backup.img.gz.* | gzip -dc |\ dd of=/dev/sda1 --- create an empty disk image # dd if=/dev/zero of=myimage bs=1024 count=10240 --- strip first 10 bytes of stdin # dd ibs=10 skip=1 --- make image of a tape drive with dab spots # dd bs=265b conv=noerror if=/dev/st0 \ of=/tmp/bad.tape.image --- view your MBR # dd if=/dev/sda count=1 | hexdump -C --- fast network backup using netcat: # dd if=/dev/sda | nc -l 10001 nc $system_to_backup_IP 10001 | dd\ of=sysbackupsda.img --- clear first 10MB of the partition # dd if=/dev/zero of=/dev/sdX\ --- create temporary swap space: # dd if=/dev/zero of=tmpswap bs=1k\ count=1000000 chmod 600 tmpswap mkswap tmpswap swapon tmpswap --- determine sequential I/O speed of your drive. Reading 1GB file. # dd if=/dev/sda of=/dev/null bs=1024k \ count=1024 1073741824 bytes (1.1 GB) copied, 24.1684 s, 44.4 MB/s --- generate random number # dd if=/dev/random count=1 2>/dev/null | od -t u1 |\ --- copy RAM memory to a file dd if=/dev/mem of=myRAM bs=1024 --- see content of your MBR in hex and ASCII format # dd if=/dev/sda bs=512 count=1 | od -xa --- restore MBR without disturbing partition record which is between 447 - 511 bytes # dd if=/my/old/mbr of=/dev/sda bs=446 count=1 --- create a partition copy and save images where maximum volume size is 700MB # dd if=/dev/sda1 | split -b 700m - sda1-image --- convert the output of a command to uppercase: # ls -l | dd conv=ucase --- convert any text to lowercase # echo "MY UPPER CASE TEXT" | dd conv=lcase -- convert the system password file to fixed lenght EBCDIC-format file # dd if=/etc/passwd cbs=132 conv=ebcdic of=/tmp/passwd.ebcdic --- convert from ASCII to EBCDIC # dd if=text.ascii of=text.ebcdic conv=ebcdic --- convert a file to uppercase # dd if=myfile of=myfile conv=ucase