Skip to content

41vi4p/BreakNWipe

Repository files navigation

BreakNWipe Logo

BreakNWipe

A complete, approachable disk toolkit — securely wipe drives with tamper-proof certificates, inspect health, manage partitions, and repair filesystems, all from one clean interface.

Version License: GPL v3 Python Platform Docker Next.js GUI Solidity NIST SP 800-88 SIH 2025


Quick Links: FeaturesHow It WorksQuick StartBlockchain VerificationStandards ComplianceImportant WarningsDevelopmentLicense


Install via APT (Ubuntu/Debian, x86_64 — details, one-time repo setup, then apt upgrade handles updates forever):

curl -fsSL https://41vi4p.github.io/BreakNWipe/apt/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/breaknwipe.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/breaknwipe.gpg] https://41vi4p.github.io/BreakNWipe/apt stable main" | sudo tee /etc/apt/sources.list.d/breaknwipe.list
sudo apt update && sudo apt install breaknwipe

Or install via the one-liner script (details):

curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/quickstart.sh | sudo bash

Uninstall (details):

curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/uninstall.sh -o breaknwipe-uninstall.sh && sudo bash breaknwipe-uninstall.sh

🏆 About the Project

BreakNWipe started as a secure-wipe utility for Smart India Hackathon 2025 (Team CodeBreakers!) and is growing into a complete, open-source disk toolkit — the tool you reach for to wipe, inspect, repair, resize, and recover drives, without the confusion of existing tools. Secure wipe with tamper-proof, blockchain-anchored certificates remains its flagship. See docs/DISK_TOOLKIT_PLAN.md for the roadmap.

Origin — Smart India Hackathon 2025:

Problem Statement ID SIH25070
Problem Statement Secure Data Wiping for Trustworthy IT Asset Recycling
Theme Miscellaneous
Category Software
Team ID 65891
Team Name CodeBreakers!

The Problem

India generates over 1.75 million tonnes of e-waste annually. A key barrier to responsible recycling is the fear of data breaches, which leads to over ₹50,000 crore worth of IT assets being hoarded instead of properly recycled. BreakNWipe builds trust in the recycling ecosystem by making data sanitization verifiable, standards-compliant, and simple enough for the general public.

Why We're Different

BreakNWipe doesn't just overwrite data — it uses a three-layer defense:

  1. 🔐 Randomized Encryption Algorithm (REA) — data is first encrypted on-the-fly with randomized keys and multi-chain encryption, making it unreadable
  2. 🔑 Secure Key Destruction — encryption keys are destroyed, making the data undecryptable
  3. 📝 Overwriting — one of seven industry-standard overwrite algorithms makes the data unrecoverable

And the result isn't just a wiped drive — it's proof anyone can independently verify: a digitally signed PDF/JSON certificate with a QR code, anchored on a public blockchain.

⚙️ How It Works

   PRE-WIPE                      WIPING                        POST-WIPE
┌─────────────────┐   ┌───────────────────────────┐   ┌────────────────────────┐
│ Launch software │   │ Quick Wipe: 1-pass        │   │ PDF / JSON report      │
│ Detect drives & │ → │  one-click for the public │ → │ Blockchain + QR proof  │
│ hidden areas    │   │ Deep Wipe: REA encryption │   │ Third-party verifiable │
│ (HPA/DCO/bad    │   │  + multipass overwrite    │   │ Device safe to discard │
│  blocks)        │   │  (7 algorithms)           │   │ Data 100% irrecoverable│
└─────────────────┘   └───────────────────────────┘   └────────────────────────┘

✨ Features

✅ Implemented

Wiping Engine

  • 7 overwrite algorithms — NIST Clear, NIST Purge, DoD 3-Pass, DoD 7-Pass, Gutmann 35-Pass, Random, Zero-fill (+ fully custom)
  • REA Cryptographic Eraserea-basic, rea-multichain, rea-extreme, rea-fast, rea-custom (randomized encryption + key destruction + overwrite)
  • Hardware-level erasure — ATA Secure Erase and NVMe Sanitize/Format commands
  • Read-back verification of wiped data with per-block validation
  • Dry-run mode for safe testing

Device Support

  • HDDs, SATA SSDs, NVMe drives, USB flash drives and memory cards
  • Hidden area detection — HPA (Host Protected Area) and DCO (Device Configuration Overlay) via hdparm
  • Android device wiping via ADB (encrypts before factory reset — stronger than a plain factory reset)
  • Drive temperature monitoring during long wipes

Disk Utility Toolkit

  • Drive health dashboard — SMART status, temperature, power-on hours, and (where a reliable source exists — NVMe's standardized wear indicator or a recognized SATA SSD wear attribute) an estimated remaining-lifespan percentage; honestly reports "not available" rather than a guess for HDDs and unrecognized SSDs. Available via breaknwipe info <device> and the web GUI's "Details / Health / Repair" page.
  • Partition browsing — filesystem type, size, and mount point per partition, in both the CLI (breaknwipe info <device>) and the web GUI
  • Filesystem repair (fsck) — checks (and, with --repair, fixes) ext2/3/4, FAT/exFAT, NTFS, XFS, and Btrfs filesystems, with a safety model that never auto-unmounts and gates repairing system/Btrfs filesystems behind --force. Available as breaknwipe fsck <partition> and from each device's web GUI details page.
  • Partition resize — grow into free space (live for ext4/XFS/Btrfs — extend your root partition without a live USB), shrink, and move, plus the one-step "my VM/root disk grew but the partition didn't" fix (growpart + filesystem grow, or LVM lvextend). Interactive partition map in the GUI and a breaknwipe resize CLI command — both preview the exact commands before running and require typed confirmation; shrink/move are offline-only and never auto-unmount. For anything beyond that (partition types, complex multi-partition layouts), a one-click Open GParted button is right there in the GUI.
  • Hex / sector viewer — read-only view of raw device bytes (hex + ASCII, sector boundaries, jump-to-offset) in the web GUI, wired into the post-wipe screen so you can see a drive is actually zeroed.
  • Deleted-file recovery — undelete accidentally-deleted or quick-formatted files. A quick scan (The Sleuth Kit) recovers files with their original names on NTFS/FAT/exFAT (USB sticks, SD cards, Windows drives); a deep scan (PhotoRec) carves file contents by type even from ext4 or damaged drives, with live progress/ETA and in-GUI preview of what came back. Simple browse-and-select GUI at /recover, a breaknwipe recover <partition> CLI command, and an honest reminder that a securely-wiped drive has nothing to recover. Recovery always writes to a different drive so it can't overwrite what it's reading.
  • Verify erasure — confirm a device has actually been wiped clean: read-only sampling of the raw drive (entropy, repeated patterns, known file signatures) at quick/comprehensive/paranoid depth, plus a cross-check against the recovery scan. Runs as a background job with a live progress bar, ETA, and a Cancel button in the GUI (/verify); a Rich progress bar on the CLI (breaknwipe verify <device>).
  • File shredder — destroy individual files instead of a whole device: browse/search a mounted partition's files in the GUI, multi-select, pick an overwrite algorithm (the same NIST/DoD/Gutmann/REA set as Wipe), and only those files' bytes are overwritten, then truncated/renamed/deleted. Detects — and honestly warns about, without blocking — the two cases where in-place overwrite can't guarantee destruction: SSD/NVMe wear-leveling and copy-on-write filesystems (btrfs, zfs). GUI at /shred; CLI via breaknwipe shred <partition> <files...>.

Certification & Verification

  • Digitally signed PDF certificates (RSA / X.509)
  • JSON reports for automated processing
  • QR codes for instant verification
  • Blockchain anchoring — certificates stored on Ethereum Sepolia via the ReportRegistryWithJson smart contract
  • Online QR verification through the datawipe webapp (scan → cross-check on blockchain → tamper-proof report)
  • Audit-trail logging to a local database

User Interfaces

  • Interactive CLI wizard for beginners (--interactive)
  • Expert CLI mode with full command-line control
  • Modern web GUI — a Next.js + React interface (light & dark themes) served by the FastAPI backend, with real-time WebSocket progress. A clean landing page opens into four pillars — Wipe, Recover, Verify, Disk Utility (health, partitions, repair, hex) — each with its own device picker rather than one shared dashboard (--gui)
  • Batch processing of multiple devices from a config file
  • .deb / .rpm package build scripts and system installer
  • Self-hosted APT repository (GitHub Pages) — sudo apt install breaknwipe with real updates via apt upgrade

🚧 Planned / Not Yet Implemented

  • EDL mode wiping for Qualcomm chipsets (requires QFIL integration)
  • SP Flash Tool mode for MediaTek chipsets
  • Odin download mode for Samsung chipsets
  • Bootable ISO/USB — standalone offline wiping environment (custom OS)
  • Windows support (currently Linux-only)
  • Multilingual UI with localized labels
  • PyPI release (pip install breaknwipe)
  • Resume capability for interrupted wipes
  • Automated test suite with CI

🚀 Quick Start

Installation

OS support: everything below (the APT repo, quickstart.sh, install_dependencies.sh, install.sh, and make install-system) targets Ubuntu/Debian on x86_64 — they shell out to apt for system packages (hdparm, nvme-cli, smartmontools, etc.). uv sync / pip install -e . on their own are platform-agnostic (any Linux/macOS with Python), but you'll still need to provide hdparm/nvme-cli/smartmontools yourself via your distro's package manager for device-level operations to work.

APT repository (recommended) — a real, signed APT repo self-hosted on GitHub Pages. One-time setup, then every future release is a normal sudo apt update && sudo apt upgrade, no re-running installer scripts:

curl -fsSL https://41vi4p.github.io/BreakNWipe/apt/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/breaknwipe.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/breaknwipe.gpg] https://41vi4p.github.io/BreakNWipe/apt stable main" | sudo tee /etc/apt/sources.list.d/breaknwipe.list
sudo apt update
sudo apt install breaknwipe

The package is fully self-contained (BreakNWipe + all its Python dependencies are vendored into a uv-managed virtual environment at build time), so it doesn't pull in a web of python3-* system packages — just the device tools BreakNWipe actually shells out to (hdparm, nvme-cli, smartmontools, util-linux). Built and published by .github/workflows/apt-repo.yml on every tagged release; see docs/APT_REPO_SETUP_GUIDE.md for the one-time maintainer setup.

Docker (no install at all) — pull the image, attach a drive, use the web GUI from your host browser. Everything (backend, GUI, all device tools) is baked in:

docker run --rm --privileged -v /dev:/dev -v /run/udev:/run/udev:ro \
  -p 8000:8000 -v breaknwipe-reports:/root/breaknwipe_reports \
  41vi4p/breaknwipe:latest
# then open http://localhost:8000

Full device access on Linux hosts; on Windows, USB drives work via usbipd-win; on macOS, Docker's VM has no device passthrough, so the container runs as a UI/API demo only. Platform details, single-drive scoping, compose usage, and CLI-mode invocation: docs/DOCKER.md.

One-liner script — clones the repo and runs the full system installer (dedicated user, systemd service, breaknwipe/bwipe commands on PATH). As with any curl-to-bash installer, review the script before piping it into a root shell:

curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/quickstart.sh | sudo bash

Or manually, if you'd rather keep the checkout around for development:

# Clone the repository
git clone https://github.com/41vi4p/BreakNWipe.git
cd BreakNWipe

# Install system-level dependencies (hdparm, nvme-cli, smartmontools, uv itself, ...)
sudo ./scripts/install_dependencies.sh

# Then install Python dependencies with uv (creates a .venv from pyproject.toml/uv.lock)
uv sync

# Or install from source with pip instead of uv
pip install -e .
pip install -e ".[web,blockchain]"   # with optional extras

# Or full system-wide install (system deps + dedicated user + systemd service)
sudo make install-system

Uninstallation

If you installed via APT:

sudo apt remove breaknwipe          # keep config/data
sudo apt purge breaknwipe           # also remove config/data
sudo rm /etc/apt/sources.list.d/breaknwipe.list   # stop tracking the repo entirely

If you still have the repo cloned:

sudo make uninstall-system
# or directly:
sudo ./scripts/uninstall.sh

If you installed via the one-liner and don't have a local checkout anymoreuninstall.sh is self-contained (it only touches system paths like /opt/breaknwipe, /etc/breaknwipe, /usr/local/bin/breaknwipe, so it doesn't need the repo present). Download it and run it directly:

curl -fsSL https://raw.githubusercontent.com/41vi4p/BreakNWipe/main/scripts/uninstall.sh -o breaknwipe-uninstall.sh
sudo bash breaknwipe-uninstall.sh

Note: unlike quickstart.sh, don't pipe this straight into sudo bash (curl ... | sudo bash) — it asks interactive yes/no confirmations before removing data and system dependencies, and those prompts don't work when the script's own text is occupying stdin. Download it to a file first, as above.

Basic Usage

# Interactive mode (recommended for beginners)
sudo breaknwipe --interactive

# Launch the web GUI at http://127.0.0.1:8000
sudo breaknwipe --gui

# List available devices
sudo breaknwipe --list-devices

# Wipe with NIST Clear and generate a certificate
sudo breaknwipe wipe --device /dev/sdX --algorithm nist-clear --certificate

# Safety first: inspect the device and dry-run before wiping
sudo breaknwipe info /dev/sdX
sudo breaknwipe wipe --device /dev/sdX --algorithm nist-clear --dry-run

Shell Completion

Tab-completion (subcommands, --algorithm/--filesystem choices, and real /dev/sd*//dev/nvme* device paths) is generated dynamically from the CLI itself, so it's always in sync with the real commands. sudo apt install breaknwipe and sudo make install-system/scripts/install.sh set this up automatically if bash-completion is installed. If you installed via uv sync/pip install, or use zsh/fish, set it up manually once:

# bash
_BREAKNWIPE_COMPLETE=bash_source breaknwipe > ~/.breaknwipe-complete.bash
echo 'source ~/.breaknwipe-complete.bash' >> ~/.bashrc

# zsh
_BREAKNWIPE_COMPLETE=zsh_source breaknwipe > ~/.breaknwipe-complete.zsh
echo 'source ~/.breaknwipe-complete.zsh' >> ~/.zshrc

# fish
_BREAKNWIPE_COMPLETE=fish_source breaknwipe > ~/.config/fish/completions/breaknwipe.fish

Restart your shell (or source the relevant rc file) afterward. To also complete the bwipe alias (bash only), add one more line after sourcing: complete -o nosort -F _breaknwipe_completion bwipe.

Commands

Command Description
wipe Perform secure data wiping
info <device> Display detailed device information, health, and partitions
fsck <partition> Check (and, with --repair, fix) a filesystem's integrity
resize <partition> Grow / shrink / move a partition (preview-first)
recover <partition> Find and recover deleted files (quick scan or --deep carve)
verify <device> Confirm a device has actually been wiped (read-only)
list-algorithms Show available wiping algorithms
batch Batch processing from a JSON/YAML config file
verify-certificate Verify wipe certificate authenticity

Wiping Algorithms

Algorithm Passes Description Use Case
nist-clear 1 NIST SP 800-88 Clear General purpose
nist-purge 3 NIST SP 800-88 Purge High security
dod-3pass 3 DoD 5220.22-M Government compliance
dod-7pass 7 Enhanced DoD Maximum security
gutmann 35 Gutmann method Legacy magnetic drives
random Custom Random data overwrite Configurable security
zeros 1 Zero-fill Quick sanitization
custom Custom User-defined patterns Advanced users
rea-* 1–7+ Randomized Encryption Algorithm + overwrite Deep Wipe (via Web GUI)

🔗 Blockchain Verification

Every wipe certificate can be anchored on the Ethereum Sepolia testnet:

  1. BreakNWipe completes the wipe and generates the signed certificate
  2. The certificate hash (or full JSON) is stored on-chain via the ReportRegistryWithJson contract
  3. A QR code embedding the blockchain reference is added to the PDF report
  4. Anyone can scan the QR at datawipe.vercel.app — the app queries the smart contract and displays the tamper-proof verification result

Setup details: docs/BLOCKCHAIN_INTEGRATION.md

# Configure your credentials (never commit the real .env!)
cp breaknwipe/.env.example breaknwipe/.env
cp blockchain/.env.example blockchain/.env

🏗️ Repository Structure

BreakNWipe/
├── breaknwipe/           # Python package
│   ├── wipe_engine/      #   Core wiping algorithms, REA, verification
│   ├── device/           #   Device detection, health, partitions, fsck, ATA/NVMe/mobile
│   ├── certificate/      #   PDF/JSON certs, signatures, QR, blockchain
│   ├── cli/              #   Interactive & expert CLI, progress display
│   ├── web/              #   FastAPI server, WebSocket, session manager
│   ├── breaknwipe-gui/   #   Next.js web GUI (built to a static bundle, served by web/)
│   └── logging/          #   Audit-trail logging service & database
├── blockchain/           # Hardhat project — ReportRegistryWithJson contract
├── frontend_ui/          # Legacy static GUI (superseded by breaknwipe-gui; transitional fallback)
├── docs/                 # Design docs, roadmap, integration guides, SIH presentation
│   └── apt/pubkey.gpg    #   APT repo signing public key (see APT_REPO_SETUP_GUIDE.md)
├── scripts/              # Install, packaging, demo & setup scripts
├── tests/                # Integration test scripts
├── .github/workflows/    # CI: builds & publishes the APT repo on tagged releases
├── Makefile              # Development commands (make help)
├── pyproject.toml        # Package metadata & dependencies (uv-managed)
└── setup.py              # No-op shim kept for `python setup.py sdist`

🏛️ Standards Compliance

  • NIST SP 800-88 Rev 1 — U.S. Federal media sanitization guidelines (Clear/Purge)
  • IEEE 2883:2022 — Standard for sanitization of storage
  • DoD 5220.22-M — 3-pass and 7-pass overwrite variants
  • ISO/IEC 27040 — Storage security guidelines

⚠️ Important Warnings

  • 💀 DATA DESTRUCTION — all data on the target device is permanently destroyed
  • 🔒 ROOT REQUIRED — must run with sudo for direct device access
  • 💾 UNMOUNT FIRST — unmount filesystems before wiping
  • 🔌 STABLE POWER — ensure uninterrupted power during operation
  • 💿 RAID ARRAYS — handle RAID configurations with extreme care

🛠️ Development

git clone https://github.com/41vi4p/BreakNWipe.git
cd BreakNWipe
uv sync             # installs deps + dev tools (pytest, black, flake8, mypy, isort)

make help          # All development commands
make lint          # uv run flake8 + mypy
make format        # uv run black + isort
make test          # uv run pytest with coverage

# Add/remove a dependency
uv add <package>
uv add --dev <package>

For the web GUI (Next.js — lives in breaknwipe/breaknwipe-gui/):

cd breaknwipe/breaknwipe-gui
npm install
npm run dev     # live GUI on :3000 — run the backend too: sudo uv run python -m breaknwipe.cli.main --gui
npm run build   # produce the static bundle (out/) that `--gui` serves in production

Node.js is only needed to build the GUI; it is not a runtime dependency. See docs/DISK_TOOLKIT_PLAN.md for the roadmap.

For the smart contract:

cd blockchain
pnpm install
npx hardhat test

Further reading: docs/DISK_TOOLKIT_PLAN.md · docs/DESIGN.md · docs/BLOCKCHAIN_INTEGRATION.md · docs/CHANGELOG.md · SIH 2025 Presentation

👥 Team CodeBreakers

Member Contribution
Blaise Rodrigues (Team Lead) Algorithms, Testing & Architecture Design
David Porathur CLI Utility, Github Workflows, Next.js GUI, Features Integration & Architecture Design
Vanessa Rodrigues Research & Architecture Design
Natasha Lewis UI & Research
Chris Lopes Next.js App with digital signature verification
Anastasia Lopes UI, Frontend & Research

🌟 Impact

  • ♻️ Reduce e-waste hoarding by building user confidence in data destruction
  • 🔄 Promote the circular economy through safe device recycling and resource recovery (gold, copper, lithium, rare-earth metals)
  • 🇮🇳 Support Digital India & Atmanirbhar Bharat environmental goals
  • 🏢 Enable secure ITAD for financial services, healthcare, defense, and government
  • 🤝 Create trust in the recycling ecosystem — aligned with UN SDGs 9 & 13

📄 License

This project is licensed under the GNU General Public License v3.0 — see the LICENSE file for details.

BreakNWipe - Secure Data Wiping for Trustworthy IT Asset Recycling

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

🇮🇳 Made for India's e-waste solution | 🌍 Promoting the global circular economy

Developed with ❤️ by Team CodeBreakers — Smart India Hackathon 2025

About

Secure data-wiping CLI & web utility for HDD/SSD/NVMe/USB/Android — NIST/DoD-compliant erasure, a custom randomized-encryption crypto-erase pass, and blockchain-anchored, QR-verifiable certificates of destruction.

Topics

Resources

License

Contributing

Stars

3 stars

Watchers

0 watching

Forks

Contributors