# How Many Times to Wipe?



## Tarkus.Z (Jun 6, 2011)

The subject has been asked often with the most often reply once because it calls the same functions to perform the wipe. Repeating the wipe just does what it has already done again. Yet, it still persists that some people have to wipe more than once to get things to go properly. Today on the bugtraq list a possible proof that all wipes are not created equal and can cause a security problem was posted. I have copied the text of the post below. FYI

We have discovered that the "wipe" function on Android does not reliably delete data on all devices. On a Nexus S running Android 2.3.6, we were able to recover user data after running a "wipe" both using the "factory data reset" from the menu and by wiping the device from recovery.



To recover data, the device must be rooted. This can be done after the wipe by using e.g. the zergRush root exploit. (Note that the official way which includes unlocking the bootloader must not be used - that one does securely wipe the memory).



After rooting the device, the memory can be dumped using

cat /dev/block/platform/s3c-sdhci.0/by-name/userdata

Move the dump to a PC by piping the cat output into nc, then recover using any common recovery software.



This means that if a locked device affected by this is lost/stolen, it is possible to access the data by first wiping the device (to remove the screen lock), then rooting and recovering.



Note that we do not know the full range of affected devices.

Manufacturers may have made customizations that fix this, and Android 3.x and 4.x (Honeycomb/ICS, about 5% of devices) seem to have fixes according to the code.



The Android security team has been notified.



Further details can be found in our blog post:

https://www.hatforce.com/blog/android/wipe



Kind regards,

Jan, from the Hatforce team



Hatforce (https://www.hatforce.com) is the first crowd-sourced security testing startup world-wide. The services comprise web- and mobile application pentests. Since its launch, Hatforce got extensive positive feedback, especially from the Forbes magazine: "This service is stroke of genius! [...] This is a great business concept and one that could make a huge difference in how safe your application, and brand, is."


----------



## Axium (Jan 21, 2012)

I do 1 now but on my og droid I did 3

Sent from my Galaxy Nexus using Tapatalk


----------



## PonsAsinorem (Oct 10, 2011)

Puts it much more elegantly than I can.

http://cvpcs.org/blog/2011-06-05/time_to_wipe_data/cache


----------



## Tarkus.Z (Jun 6, 2011)

I recall when he first posted that and figured it was the end of it. I agree that if one wipe does not really clear the system, doing the same code multiple times should have no change in the result. I was also a part of old school unix and if anyone recalls syncing three times rather than one then they know what I am talking about. BTW the multiple syncs was to get the syncs to complete faster. What they are saying is that a wipe may not actually wipe all a wipe is designed to do, having found data after a wipe was performed.


----------



## PonsAsinorem (Oct 10, 2011)

Yes, but if a wipe doesn't wipe everything, is running the same code going to somehow hit the spots it missed the first time?


----------



## yarly (Jun 22, 2011)

Wipe most likely just tells the device it can overwrite the data at a location as it does on a PC and does not actually erase it until something fills up the spot that was currently there before. Not exactly something that is surprising, though it should not happen on a factory reset as a user would want to do that to sell their phone, etc. In order to really erase the data, you would need to go over the area the partitions were with random data a number of times.


----------



## hall (Sep 29, 2011)

yarly said:


> Wipe most likely just tells the device it can overwrite the data at a location as it does on a PC and does not actually erase it until something fills up the spot that was currently there before.


 Anytime I've seen people claim you need to or people who just do it are always referring to wiping before installing a new ROM or an update to a ROM, not in regards to making data recovery impossible. That said, wiping for a new ROM, it's perfectly sufficient to do it just one time. Anything from the old ROM is technically still there but will never be touched by a new ROM.


----------



## yarly (Jun 22, 2011)

hall said:


> Anytime I've seen people claim you need to or people who just do it are always referring to wiping before installing a new ROM or an update to a ROM, not in regards to making data recovery impossible. That said, wiping for a new ROM, it's perfectly sufficient to do it just one time. Anything from the old ROM is technically still there but will never be touched by a new ROM.


My comment was in reference to paranoia, not in reference to safety/integrity of putting a new ROM on the device. Much of what the OP's link says does not apply to android 3 and 4 anyways. Only 2.x and before.


----------

