Backing up and restoring a bootable USB Stick

December 1, 2021December 1, 2021 / Kai / Leave a comment

I recently needed to create a backup of a bootable USB stick. My usual approach is to simply use dd (disk dump) on a Linux system to create a full copy of the stick into an image file. This time I wanted to play around a bit and see if I could store only the relevant data, to restore the stick without storing empty sectors or – even worse – remnants of old, potentially sensitive data from previous uses.

The USB stick in this case was a 8 GByte Sandisk Cruzer Blade with a bootable FAT32 partition on it:

# fdisk -l /dev/sda
Disk /dev/sda: 7.45 GiB, 8004304896 bytes, 15633408 sectors
Disk model: Cruzer Blade    
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x01234567

Device     Boot Start      End  Sectors  Size Id Type
/dev/sda1  *     2048 15632383 15630336  7.5G  c W95 FAT32 (LBA)

Step 1: Backing up the Partition Layout

I started with creating a backup of the partition layout. sfdisk comes handy here as it is easily scriptable (not required in this case). You can pipe its output into a text file and use the same file to re-create the partition layout.

# sfdisk -d /dev/sda 
label: dos
label-id: 0x01234567
device: /dev/sda
unit: sectors
sector-size: 512

/dev/sda1 : start=        2048, size=    15630336, type=c, bootable


# sfdisk -d /dev/sda > partition-layout-sda.sfdisk

Step 2: Copying the Boot Sector and Hidden Data

You probably won’t need this step if your USB stick is not bootable. In my case it was a recovery stick so it contained a bootable MBR FAT32 partition. Backing up the boot sector is easy: create a disk dump of the first sector (512 bytes). This sector contains the master boot record (the first 446 bytes), partition table entry points (64 bytes), and two magic bytes (0x55, 0xAA) at the end.

# dd if=/dev/sda of=bootsect-sda.img bs=512 count=1
1+0 records in
1+0 records out
512 bytes copied, 0.00350891 s, 146 kB/s

The Master Boot Record only consists of the first 446 bytes. I’ve taken a shortcut here and stored the whole first sector. When restoring the MBR I will only restore the first 446 bytes of it.

Some disk images can contain additional (secret) data in the gap between the boot sector and the first sector of the first partition. The GRUB2 boot loader for example stores additional data in this area. I haven’t created a backup of these sectors in my test; but if you would need to, the command would look something like this…
(In my case the first partition starts at sector 2048, so there could be about 1 MByte of additional hidden data.)

# dd if=/dev/sda of=bootsect-and-additional-sectors.img bs=512 count=2048
2048+0 records in
2048+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.0616555 s, 17.0 MB/s

Step 3: Creating a backup of the files on the stick

So now we’re getting to the interesting part: creating a copy of the files on the USB stick. And only of the files. A really handy tool for this is partclone. It supports various partition formats and only stores the files without the ‘free’ space.

This can be slightly improved by adding a layer of compression. In my case most of the contents was already compressed, so this step wasn’t a big improvement (only 0.1 GBytes or about 4%):

# partclone.fat32 -c -s /dev/sda1 | gzip -c -9 > sda1.img.gz
Partclone v0.3.13 http://partclone.org
Starting to clone device (/dev/sda1) to image (-)
Reading Super Block
Calculating bitmap... Please wait... 
Elapsed: 00:00:01, Remaining: 00:00:00, Completed: 100.00%                      
Total Time: 00:00:01, 100.00% completed!
done!
File system:  FAT32
Device size:    8,0 GB = 15630336 Blocks
Space in use:   4,6 GB = 8976976 Blocks
Free Space:     3,4 GB = 6653360 Blocks
Block size:   512 Byte
Elapsed: 00:06:10, Remaining: 00:00:00, Completed: 100.00%, Rate: 745,33MB/min, 
current block:   15630336, total block:   15630336, Complete: 100.00%           
Total Time: 00:06:10, Ave. Rate:  745,3MB/min, 100.00% completed!
Syncing... OK!
Partclone successfully cloned the device (/dev/sda1) to the image (-)
Cloned successfully.

Schrödinger’s Backup, or: Restoring the USB Stick

Well, it’s always nice to have a backup; but you need to verify that it can be restored.

The condition of any backup is unknown until a restore is attempted.
Schrödinger’s Backup

My approach was to take another USB stick, erase its contents, and then try to restore the files and images I had created earlier. I probably could have combined these steps into a shell script, but as this was a one-off I simply typed them in.

The first step is to erase the old partition layout – if there is one as in my case.

# fdisk -l /dev/sda
Disk /dev/sda: 7.45 GiB, 8004304896 bytes, 15633408 sectors
Disk model: Cruzer Blade    
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xfedcba98

Device     Boot Start      End  Sectors  Size Id Type
/dev/sda1        2048 15632383 15630336  7.5G  b W95 FAT32


# dd if=/dev/zero of=/dev/sda bs=1M count=1; sync
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.114768 s, 9.1 MB/s

Next I’ve recreated the partition layout by piping the ‘partition-layout-sda’ file back into sfdisk.

# sfdisk /dev/sda < partition-layout-sda.sfdisk 
Checking that no-one is using this disk right now ... OK

Disk /dev/sda: 7.45 GiB, 8004304896 bytes, 15633408 sectors
Disk model: Cruzer Blade    
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

>>> Script header accepted.
>>> Script header accepted.
>>> Script header accepted.
>>> Script header accepted.
>>> Script header accepted.
>>> Created a new DOS disklabel with disk identifier 0x01234567.
/dev/sda1: Created a new partition 1 of type 'W95 FAT32 (LBA)' and of size 7.5 GiB.
Partition #1 contains a vfat signature.
/dev/sda2: Done.

New situation:
Disklabel type: dos
Disk identifier: 0x01234567

Device     Boot Start      End  Sectors  Size Id Type
/dev/sda1  *     2048 15632383 15630336  7.5G  c W95 FAT32 (LBA)

The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

After that I recreated the MBR (the first 446 bytes of the boot sector).

# dd if=bootsect-sda.img of=/dev/sda bs=446 count=1
1+0 records in
1+0 records out
446 bytes copied, 0.00312617 s, 143 kB/s

The last step was to restore the files with partclone.

# gzip -c -d sda1.img.gz | partclone.fat32 -r -o /dev/sda1 
Partclone v0.3.13 http://partclone.org
Starting to restore image (-) to device (/dev/sda1)
Calculating bitmap... Please wait...
done!
File system:  FAT32
Device size:    8.0 GB = 15630336 Blocks
Space in use:   4.6 GB = 8976976 Blocks
Free Space:     3.4 GB = 6653360 Blocks
Block size:   512 Byte
Elapsed: 00:03:20, Remaining: 00:00:00, Completed: 100.00%, Rate:   1.38GB/min, 
current block:   15630336, total block:   15630336, Complete: 100.00%           
Total Time: 00:03:20, Ave. Rate:    1.4GB/min, 100.00% completed!
Syncing... OK!
Partclone successfully restored the image (-) to the device (/dev/sda1)
Cloned successfully.

It’s alive

The new stick is bootable. Checksum comparisons during boot did not report any errors. And I was able to significantly reduce the stored data. (I probably would have saved even more on larger USB sticks.)

So in the end, was it worth the time to go through all these steps? Maybe. It definitely was fun to do.

I will continue to simply create disk dumps via dd. But it is good to know that you can reduce the size of such a bootable USB stick if you, for example, need to distribute personalized images to customers and ‘every byte counts’. For everyday use cases I would recommend Clonezilla though. It not only covers all the steps from above, but is also far better field-tested and adapted to various different disk and partition layouts.

WD PiDrive Cable USB 3 to USB 2 Hack with a Saw

January 21, 2017 / Kai / Leave a comment

I literally wanted to start this post with “I literally hacked the PiDrive cable…” but I actually have sawn it instead. Duh!

I’m using quite a few Raspberry Pi boards as servers, gateways, etc. and recently started to ‘polish’ their design. Instead of hard drives hanging beside them with a bunch of loose cables I’ve started to buy WD PiDrive Cases and Cables to pack all of them into nice ‘little boxes’.

The PiDrive Cables are really neat: they are designed to be positioned between a Raspberry Pi, its power supply, and an USB hard drive. The cable is designed for USB 3.0 hard drives, but in one case (hah) I wanted to use an external USB 2.0 drive I had lying around. So without further ado I’ve removed the USB 3.0 extension of the connector with a saw. It looks crude but works perfect…

Kids + Railway Toilets = Toilet-Blinkenlights…

October 23, 2016 / Kai / Leave a comment

Today my kids impressed me by repurposing/hacking/misusing the toilet-occupied-light to send (morse-like) signals across a railway car. Their fingers were thin enough to press the micro-switches in the doors which normally would signal a locked door (i.e. occupied toilet). Not sure if someone noticed the strangely flashing lights… 😀

Thermal Imaging of Fingerprints — How to get your PIN from a Number Pad

September 24, 2016 / Kai / 2 Comments

A few days ago I was able to get my fingers on, and under, an infrared camera. I had already heard before that the thermal signature of fingerprints is visible for quite some time — but what surprised me was that we were still able to see them for over a minute…

Continue reading →

What if certain PINs were not issued (e.g. a bank card PIN would not be completely random)?

December 11, 2015December 16, 2015 / Kai / Leave a comment

Based on a recent Twitter conversation I had a thought about bank and credit card PIN numbers (sorry for the redundancy): are really all possible PINs issued or are some kept back because bank customers could feel uncomfortable with certain combinations of digits? And would it really matter if some of them were kept back?

It should be obvious that in case of a truly random PIN 4 identical digits are just as likely to occur as any other combination. But certain combinations just do not feel random (I don’t know how to explain it better, I’m not a psychologist).
So I’ve made a small Gedankenexperiment:

Let’s assume that a bank issues by default a 4-digit PIN. (I know that my bank issues 4-digit PINs by default but they can be changed to any 4- to 6-digit number afterwards.)
Customers would not accept a PIN with four identical digits (0000, 1111, …, 9999) out of fear that they might be insecure.
An ATM allows 3 attempts to enter a PIN before locking/withholding a bank/credit card. (This limit is actually the main reason why 4-digit PINs are mostly safe, btw.)

Continue reading →

Reviving (jump-starting) a dead R.O.GNT Speaker Lithion-Ion Battery

August 24, 2015December 11, 2015 / Kai / Leave a comment

I recently had to revive a (as it at first seemed) dead Li-Ion battery. It was the battery of a newly bought R.O.GNT external speaker which refused to work or even charge. The device was DOA (dead on arrival) but it was so cheap that sending it back would have cost more than I’ve paid for it.

The speaker has an internal Lithium-Ion battery to allow mobile usage. My guess was that this battery slowly discharged while waiting for a buyer and at some point the undervoltage protection kicked in. Normally this protection should prevent a defective cell from being charged. In my case I hoped the cell would still be okay and survive a jump-start. It was successfully done before in other cases. Continue reading →

What happens when combining SIM-Card plus acetone…

January 21, 2013July 25, 2015 / Kai / Leave a comment

What happens if an obsolete SIM-Card is thrown in acetone?

Well… This was just a brief experiment out of curiosity. To cut it short: the plastic card body is dissolved, what remains are only the microchip and the metal contacts. But see for yourself…

An obsolete T-Mobile SIM card

A SIM card being rinsed in acetone. The plastic has completely dissolved.

A SIM card being rinsed in acetone. Only the microchip and contacts remain.

The remaining metal contacts

Exposing a Chip on Board (COB)

October 3, 2012July 25, 2015 / Kai / 1 Comment

In a previous post I had described my efforts to build (or should I say extract) a DCF77 clock radio receiver from an old radio clock. The remaining part of the board has undergone another surgery to take a look at the chip on board (COB) technology (German Wikipedia entry). The process of removing the covering epoxy resin with a scalpel was rather destructing, but I did not want to use aggressive chemicals. As a result, the bonding wires (between the silicon chip and the conductor tracks) were destroyed.

The following video shows the process of removing the epoxy resin using a scalpel and a heat gun (fired up to 200°C). The whole process took about 10 Minutes. The last minute of the video also shows some close-ups done with a cheap webcam, which was modified for magnification.

I also added some close-up pictures of the exposed silicon die, taken with my DSLR and a reverse-mounted lens.

Homemade DCF77 receiver [FAIL]

August 26, 2012July 25, 2015 / Kai / 1 Comment

A few weeks ago our old clock radio broke. Out of curiosity I’ve disassembled it: I wanted to remove the DCF77 clock radio signal receiver. Unfortunately, the clock contained a single board, but the receiver part was clearly distinguishable from the rest.

The circuit board of my broken clock radio. The radio signal receiver is marked with a yellow frame.

For fun, I cut out the relevant part of the board and replaced/refreshed the solder joints. I also added four connections for 1.5 Volt (power supply), the clock signal and a power-on line. (At least I think that’s what the last two lines should be).

My low cost self made DCF77 clock signal receiver.

I have not yet managed to get a stable time signal. On my digital storage oscilloscope I get occasional spikes with a distance of one second (what you would expect), but only a few of them and then nothing… The problem is probably the correct initialization of the chip under the black blob (a so called chip-on-board, by the way). Maybe, I also damaged a part of the receiver while cutting out the board, or when resoldering the two joints on the 77.5 kHz antenna.

Update: Well, after playing a bit more with the receiver I’m pretty sure I damaged it while cutting it out. I used common initialization sequences and did not manage to get it work. Too bad…

Dissecting a PICO-C USB flash drive

April 8, 2012July 25, 2015 / Kai / Leave a comment

The Super Talent PICO-C is a really tiny USB flash drive. Ever since I bought mine about a year ago I always wondered how it might look like inside the neat metal housing.

About a month ago, the drive was not accessible anymore. A short search on Google showed that in many cases a bug in the firmware rendered the flash memory inaccessible. There are tools available to revive faulty firmwares, especially for this kind of stick – if at least the controller is still recognized, which was not given in my case. Nevertheless, I tried the tools. As expected, they did not work. Luckily, nothing important was stored on the drive…

Being not that expensive, I did not exchange it (in spite of still having a warranty). Instead, I dissected it. 🙂 Removing the front cover with a screw driver was not complicated.

I first tried to also remove the metal back with a screw driver, but it was firmly glued together. I only managed to break of a piece of the black epoxy (?) housing. Ouch… The solution was to use a hot air gun to melt the glue. The black interior fell out by itself after 10-15 seconds.

Sadly, the black block containing all the logic is rather unspectacular. It does contain a labelling which was only readable after some photoshopping:

BXB08GMBH54UD or BXBO8GMBH54UD
4010 C024L0WAA or CO24LOWAA
MADE IN KOREA

At this point I gave up. Without any further possibilities to dissect the part and without any clues from the caption I put the remains aside. I thought about dissolving it in acetone or a similar solvent but I suspect it would work.

By the way: I bought the same drive again. I hope the new one lasts longer… 😉

Update: I’ve found a nice blog post about the build process of these USB sticks (bunnie’s blog): Where USB Memory Sticks are Born

Kai Christian Bader

Analog and Digital, Notes and Thoughts

Experiments