how to use the dd command to check, and overwrite surplus sectors on a 120 GB hard drive

Disks, even though there is LBA addressing now, still secretly are read in sectors, cylinders, and heads. There are 63 sectors per cylinder, and 255 heads per cylinder. Then there is a total cylinder count for the disk. You multiply out 512x63x255=bytes per cylinder. 63x255=sectors per cylinder. With dd you usually want to work with sectors per cylinder. With 234441647 total sectors, and 16065 sectors per cylinder, you get some trailing sectors which do not make up an entire cylinder, 14593.317584812. This leaves you with 5102 sectors which cannot be partitioned because to be in a partition you have to be a whole cylinder. Part cylinders do not count. It's like having part of a person. That doesn't really count as a person. So, what happens to these sectors? They become surplus sectors after the last partition. This a perfect place for sneaky programs to play, because you can't ordinarily read in there with an operating system. But, dd can.

It is really a good idea to check for anything writing to surplus sectors. For our Seagate 120 GB drive you subtract total sectors(234441647)-(5102) which don't make up a whole cylinder=234436545 partitionable sectors. Remember, native HDD sectors are 512, or 1b. If you don't specify “bs” in dd it defaults to 512.

dd if=/dev/sda of=/home/sam/myfile skip=234436545

this writes the last 5102 sectors to myfile. Launch “mc” to view the file. I swear, half the time Windows XP has left a weird, mutated MBR there. It like marks the disk for life that XP was there.

If there is something in there, you do not need it for anything. In this case you would write over it with random characters. Many digital rights management programs use surplus sectors to operate from, while enforcing DRM. These trojans, which are corporate trojans, are meant to enforce the security measures in copyrighted software. There are other various means to conceal such a trojan. One of these is a hidden partition. There is an undocumented type of partition which is called hidden. It is not visible to any operating system.

dd if=/dev/urandom of=/dev/sda bs=512 seek=234436545

Will overwrite the 5102 surplus sectors on our 120 GB Seagate drive.

Perhaps not unique, but something ive rarely come upon when reading CLI guides. A few useful bash shortcuts.
(^ being control, M being the meta, usually alt or esc)

^a - jump to beginning of line, handy e.g. when you just want to change the command but keep that 4 line filepath intact

^e - jump to ending of line, useful in similar situations

^r - reverse search of your command history, "I want to ssh back to the server I did last night" >> ^r <type ssh> "uups not that one, the one before that" ^r "thats the one" <hit enter to execute rightaway

M+. - So that would be alt+. if you dont get what I mean. It pastes the last argument of your last command executed. very nifty a command when you think of it. e.g.
Wasnt that nifty? (:

I use these every single day and sofar have seen only one site that demonstrated their existance (if you dont count the bash man ofcourse (;)

There are plenty more of shortcuts for bash but either theyre more cryptic, well documented and learned or useless imo (:

btw, great article AwesomeMachine, will have to check my disks out..