A complete, approachable disk toolkit — securely wipe drives with tamper-proof certificates, inspect health, manage partitions, and repair filesystems, all from one clean interface.
Quick Links: Features • How It Works • Quick Start • Blockchain Verification • Standards Compliance • Important Warnings • Development • License
Install via APT (Ubuntu/Debian, x86_64 — details, one-time repo setup, then apt upgrade handles updates forever):
curl -fsSL https://41vi4p.github.io/BreakNWipe/apt/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/breaknwipe.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/breaknwipe.gpg] https://41vi4p.github.io/BreakNWipe/apt stable main" | sudo tee /etc/apt/sources.list.d/breaknwipe.list
sudo apt update && sudo apt install breaknwipeOr install via the one-liner script (details):
curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/quickstart.sh | sudo bashUninstall (details):
curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/uninstall.sh -o breaknwipe-uninstall.sh && sudo bash breaknwipe-uninstall.shBreakNWipe started as a secure-wipe utility for Smart India Hackathon 2025 (Team CodeBreakers!)
and is growing into a complete, open-source disk toolkit — the tool you reach for to wipe,
inspect, repair, resize, and recover drives, without the confusion of existing tools.
Secure wipe with tamper-proof, blockchain-anchored certificates remains its flagship. See
docs/DISK_TOOLKIT_PLAN.md for the roadmap.
Origin — Smart India Hackathon 2025:
| Problem Statement ID | SIH25070 |
| Problem Statement | Secure Data Wiping for Trustworthy IT Asset Recycling |
| Theme | Miscellaneous |
| Category | Software |
| Team ID | 65891 |
| Team Name | CodeBreakers! |
India generates over 1.75 million tonnes of e-waste annually. A key barrier to responsible recycling is the fear of data breaches, which leads to over ₹50,000 crore worth of IT assets being hoarded instead of properly recycled. BreakNWipe builds trust in the recycling ecosystem by making data sanitization verifiable, standards-compliant, and simple enough for the general public.
BreakNWipe doesn't just overwrite data — it uses a three-layer defense:
- 🔐 Randomized Encryption Algorithm (REA) — data is first encrypted on-the-fly with randomized keys and multi-chain encryption, making it unreadable
- 🔑 Secure Key Destruction — encryption keys are destroyed, making the data undecryptable
- 📝 Overwriting — one of seven industry-standard overwrite algorithms makes the data unrecoverable
And the result isn't just a wiped drive — it's proof anyone can independently verify: a digitally signed PDF/JSON certificate with a QR code, anchored on a public blockchain.
PRE-WIPE WIPING POST-WIPE
┌─────────────────┐ ┌───────────────────────────┐ ┌────────────────────────┐
│ Launch software │ │ Quick Wipe: 1-pass │ │ PDF / JSON report │
│ Detect drives & │ → │ one-click for the public │ → │ Blockchain + QR proof │
│ hidden areas │ │ Deep Wipe: REA encryption │ │ Third-party verifiable │
│ (HPA/DCO/bad │ │ + multipass overwrite │ │ Device safe to discard │
│ blocks) │ │ (7 algorithms) │ │ Data 100% irrecoverable│
└─────────────────┘ └───────────────────────────┘ └────────────────────────┘
- 7 overwrite algorithms — NIST Clear, NIST Purge, DoD 3-Pass, DoD 7-Pass, Gutmann 35-Pass, Random, Zero-fill (+ fully custom)
- REA Cryptographic Erase —
rea-basic,rea-multichain,rea-extreme,rea-fast,rea-custom(randomized encryption + key destruction + overwrite) - Hardware-level erasure — ATA Secure Erase and NVMe Sanitize/Format commands
- Read-back verification of wiped data with per-block validation
- Dry-run mode for safe testing
- HDDs, SATA SSDs, NVMe drives, USB flash drives and memory cards
- Hidden area detection — HPA (Host Protected Area) and DCO (Device Configuration Overlay) via
hdparm - Android device wiping via ADB (encrypts before factory reset — stronger than a plain factory reset)
- Drive temperature monitoring during long wipes
- Drive health dashboard — SMART status, temperature, power-on hours, and (where a reliable source exists — NVMe's standardized wear indicator or a recognized SATA SSD wear attribute) an estimated remaining-lifespan percentage; honestly reports "not available" rather than a guess for HDDs and unrecognized SSDs. Available via
breaknwipe info <device>and the web GUI's "Details / Health / Repair" page. - Partition browsing — filesystem type, size, and mount point per partition, in both the CLI (
breaknwipe info <device>) and the web GUI - Filesystem repair (fsck) — checks (and, with
--repair, fixes) ext2/3/4, FAT/exFAT, NTFS, XFS, and Btrfs filesystems, with a safety model that never auto-unmounts and gates repairing system/Btrfs filesystems behind--force. Available asbreaknwipe fsck <partition>and from each device's web GUI details page. - Partition resize — grow into free space (live for ext4/XFS/Btrfs — extend your root partition without a live USB), shrink, and move, plus the one-step "my VM/root disk grew but the partition didn't" fix (
growpart+ filesystem grow, or LVMlvextend). Interactive partition map in the GUI and abreaknwipe resizeCLI command — both preview the exact commands before running and require typed confirmation; shrink/move are offline-only and never auto-unmount. For anything beyond that (partition types, complex multi-partition layouts), a one-click Open GParted button is right there in the GUI. - Hex / sector viewer — read-only view of raw device bytes (hex + ASCII, sector boundaries, jump-to-offset) in the web GUI, wired into the post-wipe screen so you can see a drive is actually zeroed.
- Deleted-file recovery — undelete accidentally-deleted or quick-formatted files. A quick scan (The Sleuth Kit) recovers files with their original names on NTFS/FAT/exFAT (USB sticks, SD cards, Windows drives); a deep scan (PhotoRec) carves file contents by type even from ext4 or damaged drives, with live progress/ETA and in-GUI preview of what came back. Simple browse-and-select GUI at
/recover, abreaknwipe recover <partition>CLI command, and an honest reminder that a securely-wiped drive has nothing to recover. Recovery always writes to a different drive so it can't overwrite what it's reading. - Verify erasure — confirm a device has actually been wiped clean: read-only sampling of the raw drive (entropy, repeated patterns, known file signatures) at quick/comprehensive/paranoid depth, plus a cross-check against the recovery scan. Runs as a background job with a live progress bar, ETA, and a Cancel button in the GUI (
/verify); a Rich progress bar on the CLI (breaknwipe verify <device>). - File shredder — destroy individual files instead of a whole device: browse/search a mounted partition's files in the GUI, multi-select, pick an overwrite algorithm (the same NIST/DoD/Gutmann/REA set as Wipe), and only those files' bytes are overwritten, then truncated/renamed/deleted. Detects — and honestly warns about, without blocking — the two cases where in-place overwrite can't guarantee destruction: SSD/NVMe wear-leveling and copy-on-write filesystems (btrfs, zfs). GUI at
/shred; CLI viabreaknwipe shred <partition> <files...>.
- Digitally signed PDF certificates (RSA / X.509)
- JSON reports for automated processing
- QR codes for instant verification
- Blockchain anchoring — certificates stored on Ethereum Sepolia via the
ReportRegistryWithJsonsmart contract - Online QR verification through the datawipe webapp (scan → cross-check on blockchain → tamper-proof report)
- Audit-trail logging to a local database
- Interactive CLI wizard for beginners (
--interactive) - Expert CLI mode with full command-line control
- Modern web GUI — a Next.js + React interface (light & dark themes) served by the FastAPI backend, with real-time WebSocket progress. A clean landing page opens into four pillars — Wipe, Recover, Verify, Disk Utility (health, partitions, repair, hex) — each with its own device picker rather than one shared dashboard (
--gui) - Batch processing of multiple devices from a config file
-
.deb/.rpmpackage build scripts and system installer - Self-hosted APT repository (GitHub Pages) —
sudo apt install breaknwipewith real updates viaapt upgrade
- EDL mode wiping for Qualcomm chipsets (requires QFIL integration)
- SP Flash Tool mode for MediaTek chipsets
- Odin download mode for Samsung chipsets
- Bootable ISO/USB — standalone offline wiping environment (custom OS)
- Windows support (currently Linux-only)
- Multilingual UI with localized labels
- PyPI release (
pip install breaknwipe) - Resume capability for interrupted wipes
- Automated test suite with CI
OS support: everything below (the APT repo,
quickstart.sh,install_dependencies.sh,install.sh, andmake install-system) targets Ubuntu/Debian on x86_64 — they shell out toaptfor system packages (hdparm,nvme-cli,smartmontools, etc.).uv sync/pip install -e .on their own are platform-agnostic (any Linux/macOS with Python), but you'll still need to providehdparm/nvme-cli/smartmontoolsyourself via your distro's package manager for device-level operations to work.
APT repository (recommended) — a real, signed APT repo self-hosted on GitHub Pages. One-time setup, then every future release is a normal sudo apt update && sudo apt upgrade, no re-running installer scripts:
curl -fsSL https://41vi4p.github.io/BreakNWipe/apt/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/breaknwipe.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/breaknwipe.gpg] https://41vi4p.github.io/BreakNWipe/apt stable main" | sudo tee /etc/apt/sources.list.d/breaknwipe.list
sudo apt update
sudo apt install breaknwipeThe package is fully self-contained (BreakNWipe + all its Python dependencies are vendored into a uv-managed virtual environment at build time), so it doesn't pull in a web of python3-* system packages — just the device tools BreakNWipe actually shells out to (hdparm, nvme-cli, smartmontools, util-linux). Built and published by .github/workflows/apt-repo.yml on every tagged release; see docs/APT_REPO_SETUP_GUIDE.md for the one-time maintainer setup.
Docker (no install at all) — pull the image, attach a drive, use the web GUI from your host browser. Everything (backend, GUI, all device tools) is baked in:
docker run --rm --privileged -v /dev:/dev -v /run/udev:/run/udev:ro \
-p 8000:8000 -v breaknwipe-reports:/root/breaknwipe_reports \
41vi4p/breaknwipe:latest
# then open http://localhost:8000Full device access on Linux hosts; on Windows, USB drives work via usbipd-win; on macOS, Docker's VM has no device passthrough, so the container runs as a UI/API demo only. Platform details, single-drive scoping, compose usage, and CLI-mode invocation: docs/DOCKER.md.
One-liner script — clones the repo and runs the full system installer (dedicated user, systemd service, breaknwipe/bwipe commands on PATH). As with any curl-to-bash installer, review the script before piping it into a root shell:
curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/quickstart.sh | sudo bashOr manually, if you'd rather keep the checkout around for development:
# Clone the repository
git clone https://github.com/41vi4p/BreakNWipe.git
cd BreakNWipe
# Install system-level dependencies (hdparm, nvme-cli, smartmontools, uv itself, ...)
sudo ./scripts/install_dependencies.sh
# Then install Python dependencies with uv (creates a .venv from pyproject.toml/uv.lock)
uv sync
# Or install from source with pip instead of uv
pip install -e .
pip install -e ".[web,blockchain]" # with optional extras
# Or full system-wide install (system deps + dedicated user + systemd service)
sudo make install-systemIf you installed via APT:
sudo apt remove breaknwipe # keep config/data
sudo apt purge breaknwipe # also remove config/data
sudo rm /etc/apt/sources.list.d/breaknwipe.list # stop tracking the repo entirelyIf you still have the repo cloned:
sudo make uninstall-system
# or directly:
sudo ./scripts/uninstall.shIf you installed via the one-liner and don't have a local checkout anymore — uninstall.sh is self-contained (it only touches system paths like /opt/breaknwipe, /etc/breaknwipe, /usr/local/bin/breaknwipe, so it doesn't need the repo present). Download it and run it directly:
curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/uninstall.sh -o breaknwipe-uninstall.sh
sudo bash breaknwipe-uninstall.shNote: unlike quickstart.sh, don't pipe this straight into sudo bash (curl ... | sudo bash) — it asks interactive yes/no confirmations before removing data and system dependencies, and those prompts don't work when the script's own text is occupying stdin. Download it to a file first, as above.
# Interactive mode (recommended for beginners)
sudo breaknwipe --interactive
# Launch the web GUI at http://127.0.0.1:8000
sudo breaknwipe --gui
# List available devices
sudo breaknwipe --list-devices
# Wipe with NIST Clear and generate a certificate
sudo breaknwipe wipe --device /dev/sdX --algorithm nist-clear --certificate
# Safety first: inspect the device and dry-run before wiping
sudo breaknwipe info /dev/sdX
sudo breaknwipe wipe --device /dev/sdX --algorithm nist-clear --dry-runTab-completion (subcommands, --algorithm/--filesystem choices, and real /dev/sd*//dev/nvme* device paths) is generated dynamically from the CLI itself, so it's always in sync with the real commands. sudo apt install breaknwipe and sudo make install-system/scripts/install.sh set this up automatically if bash-completion is installed. If you installed via uv sync/pip install, or use zsh/fish, set it up manually once:
# bash
_BREAKNWIPE_COMPLETE=bash_source breaknwipe > ~/.breaknwipe-complete.bash
echo 'source ~/.breaknwipe-complete.bash' >> ~/.bashrc
# zsh
_BREAKNWIPE_COMPLETE=zsh_source breaknwipe > ~/.breaknwipe-complete.zsh
echo 'source ~/.breaknwipe-complete.zsh' >> ~/.zshrc
# fish
_BREAKNWIPE_COMPLETE=fish_source breaknwipe > ~/.config/fish/completions/breaknwipe.fishRestart your shell (or source the relevant rc file) afterward. To also complete the bwipe alias (bash only), add one more line after sourcing: complete -o nosort -F _breaknwipe_completion bwipe.
| Command | Description |
|---|---|
wipe |
Perform secure data wiping |
info <device> |
Display detailed device information, health, and partitions |
fsck <partition> |
Check (and, with --repair, fix) a filesystem's integrity |
resize <partition> |
Grow / shrink / move a partition (preview-first) |
recover <partition> |
Find and recover deleted files (quick scan or --deep carve) |
verify <device> |
Confirm a device has actually been wiped (read-only) |
list-algorithms |
Show available wiping algorithms |
batch |
Batch processing from a JSON/YAML config file |
verify-certificate |
Verify wipe certificate authenticity |
| Algorithm | Passes | Description | Use Case |
|---|---|---|---|
nist-clear |
1 | NIST SP 800-88 Clear | General purpose |
nist-purge |
3 | NIST SP 800-88 Purge | High security |
dod-3pass |
3 | DoD 5220.22-M | Government compliance |
dod-7pass |
7 | Enhanced DoD | Maximum security |
gutmann |
35 | Gutmann method | Legacy magnetic drives |
random |
Custom | Random data overwrite | Configurable security |
zeros |
1 | Zero-fill | Quick sanitization |
custom |
Custom | User-defined patterns | Advanced users |
rea-* |
1–7+ | Randomized Encryption Algorithm + overwrite | Deep Wipe (via Web GUI) |
Every wipe certificate can be anchored on the Ethereum Sepolia testnet:
- BreakNWipe completes the wipe and generates the signed certificate
- The certificate hash (or full JSON) is stored on-chain via the
ReportRegistryWithJsoncontract - A QR code embedding the blockchain reference is added to the PDF report
- Anyone can scan the QR at datawipe.vercel.app — the app queries the smart contract and displays the tamper-proof verification result
Setup details: docs/BLOCKCHAIN_INTEGRATION.md
# Configure your credentials (never commit the real .env!)
cp breaknwipe/.env.example breaknwipe/.env
cp blockchain/.env.example blockchain/.envBreakNWipe/
├── breaknwipe/ # Python package
│ ├── wipe_engine/ # Core wiping algorithms, REA, verification
│ ├── device/ # Device detection, health, partitions, fsck, ATA/NVMe/mobile
│ ├── certificate/ # PDF/JSON certs, signatures, QR, blockchain
│ ├── cli/ # Interactive & expert CLI, progress display
│ ├── web/ # FastAPI server, WebSocket, session manager
│ ├── breaknwipe-gui/ # Next.js web GUI (built to a static bundle, served by web/)
│ └── logging/ # Audit-trail logging service & database
├── blockchain/ # Hardhat project — ReportRegistryWithJson contract
├── frontend_ui/ # Legacy static GUI (superseded by breaknwipe-gui; transitional fallback)
├── docs/ # Design docs, roadmap, integration guides, SIH presentation
│ └── apt/pubkey.gpg # APT repo signing public key (see APT_REPO_SETUP_GUIDE.md)
├── scripts/ # Install, packaging, demo & setup scripts
├── tests/ # Integration test scripts
├── .github/workflows/ # CI: builds & publishes the APT repo on tagged releases
├── Makefile # Development commands (make help)
├── pyproject.toml # Package metadata & dependencies (uv-managed)
└── setup.py # No-op shim kept for `python setup.py sdist`
- NIST SP 800-88 Rev 1 — U.S. Federal media sanitization guidelines (Clear/Purge)
- IEEE 2883:2022 — Standard for sanitization of storage
- DoD 5220.22-M — 3-pass and 7-pass overwrite variants
- ISO/IEC 27040 — Storage security guidelines
- 💀 DATA DESTRUCTION — all data on the target device is permanently destroyed
- 🔒 ROOT REQUIRED — must run with
sudofor direct device access - 💾 UNMOUNT FIRST — unmount filesystems before wiping
- 🔌 STABLE POWER — ensure uninterrupted power during operation
- 💿 RAID ARRAYS — handle RAID configurations with extreme care
git clone https://github.com/41vi4p/BreakNWipe.git
cd BreakNWipe
uv sync # installs deps + dev tools (pytest, black, flake8, mypy, isort)
make help # All development commands
make lint # uv run flake8 + mypy
make format # uv run black + isort
make test # uv run pytest with coverage
# Add/remove a dependency
uv add <package>
uv add --dev <package>For the web GUI (Next.js — lives in breaknwipe/breaknwipe-gui/):
cd breaknwipe/breaknwipe-gui
npm install
npm run dev # live GUI on :3000 — run the backend too: sudo uv run python -m breaknwipe.cli.main --gui
npm run build # produce the static bundle (out/) that `--gui` serves in productionNode.js is only needed to build the GUI; it is not a runtime dependency. See docs/DISK_TOOLKIT_PLAN.md for the roadmap.
For the smart contract:
cd blockchain
pnpm install
npx hardhat testFurther reading: docs/DISK_TOOLKIT_PLAN.md · docs/DESIGN.md · docs/BLOCKCHAIN_INTEGRATION.md · docs/CHANGELOG.md · SIH 2025 Presentation
| Member | Contribution |
|---|---|
| Blaise Rodrigues (Team Lead) | Algorithms, Testing & Architecture Design |
| David Porathur | CLI Utility, Github Workflows, Next.js GUI, Features Integration & Architecture Design |
| Vanessa Rodrigues | Research & Architecture Design |
| Natasha Lewis | UI & Research |
| Chris Lopes | Next.js App with digital signature verification |
| Anastasia Lopes | UI, Frontend & Research |
- ♻️ Reduce e-waste hoarding by building user confidence in data destruction
- 🔄 Promote the circular economy through safe device recycling and resource recovery (gold, copper, lithium, rare-earth metals)
- 🇮🇳 Support Digital India & Atmanirbhar Bharat environmental goals
- 🏢 Enable secure ITAD for financial services, healthcare, defense, and government
- 🤝 Create trust in the recycling ecosystem — aligned with UN SDGs 9 & 13
This project is licensed under the GNU General Public License v3.0 — see the LICENSE file for details.
BreakNWipe - Secure Data Wiping for Trustworthy IT Asset Recycling
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
🇮🇳 Made for India's e-waste solution | 🌍 Promoting the global circular economy
Developed with ❤️ by Team CodeBreakers — Smart India Hackathon 2025