The usage of the dd command in linux

The dd command in Linux stands for “data duplicator” and is primarily used to convert and copy files. It’s one of the most powerful tools available in the Linux/UNIX world, and it can be used for a variety of tasks including backup and recovery, data migration, and generating files of a particular size.

Basic syntax of dd:

dd if=<input file> of=<output file> [options]

dd if=input.txt of=output.txt

Creating an ISO from a CD-ROM:

dd if=/dev/cdrom of=myCD.iso

Insert the CD-ROM into your computer’s CD/DVD drive.
Determine the device name of your CD/DVD drive: You can usually find the CD/DVD drive under /dev with a name like cdrom, sr0, cdrw, dvd, etc. A quick way to list the block devices and their partitions is by using the lsblk command For the purpose of this example, let’s assume the device name is /dev/sr0.
Create the ISO image: Use the dd command to create an ISO image. For instance, to create an image called cdrom.iso from the device /dev/sr0, you would run: dd if=/dev/sr0 of=cdrom.iso bs=2048 That’s it! You now have a file named cdrom.iso which is an exact digital copy of your CD-ROM. You can mount this ISO, burn it to another disc, or store it for archival purposes.

Generating a file of a certain size (e.g., 1GB) filled with zeros:

dd if=/dev/zero of=file1GB.img bs=1M count=1024

Usage:

If you need to quickly generate a file of a specific size, you can use dd in conjunction with /dev/zero. The /dev/zero is a special file in Unix-like operating systems that produces as many null bytes (zeros) as are read from it.

This can be useful for various purposes:

Testing and benchmarking (e.g., determining disk write speeds).
Preallocating space for applications or filesystems.

Creating disk images or swap files.

# To create a 1GB swap file filled with zeros:
dd if=/dev/zero of=/swapfile bs=1M count=1024
# Set up the swap space:
mkswap /swapfile
# Turn on the swap:
swapon /swapfile
# To make the swap permanent across reboots, add the following line to /etc/fstab:
/swapfile none swap sw 0 0

Generating a file of random data (e.g., 1GB):

dd if=/dev/urandom of=random1GB.img bs=1M count=1024

Usage: Sometimes, you might want to generate a file filled with random data rather than zeros. This is often used:

For cryptographic purposes or key generation.
For testing how systems or applications handle truly random data.
To overwrite a disk or a file with random data, which can be a rudimentary form of data sanitization.

To generate a file with random data, you’d typically use /dev/urandom (or /dev/random, though it’s slower and can block if the entropy pool is exhausted).

Copying a hard disk to another disk:

dd if=/dev/sda of=/dev/sdb

Ensure both the source and target hard disks are connected:

For this example, let’s assume Source disk: /dev/sda, Target disk: /dev/sdb

Unmount any mounted partitions from both disks: Before you start the copying process, make sure no partitions from either disk are mounted. This is to prevent any read/write operations from affecting the cloning process.
```
umount /dev/sda*
umount /dev/sdb*
```
The _ in /dev/sda_ will unmount all partitions of the disk, e.g., /dev/sda1, /dev/sda2, etc.
Copy the entire source disk to the target disk:
```
dd if=/dev/sda of=/dev/sdb bs=4M status=progress
```
Once the dd operation is complete, you can use tools like fdisk, lsblk, or gparted to verify that the partitions on the target disk (/dev/sdb in our example) match the source disk (/dev/sda).
Data Overwrite: The above process will overwrite all the data on the target disk (/dev/sdb). Ensure that there’s no important data on it before you begin the operation.
Disk Size: As previously mentioned, make sure the target disk is equal or larger in size than the source disk. If the target disk is smaller, the operation will fail and could result in data loss.
Errors: If there are any bad sectors or read errors on the source disk, dd will stop. To continue past errors, you can use the conv=noerror,sync options, but be cautious as this can produce a corrupted clone.

Cloning only the first 100MB of a disk:

dd if=/dev/sda of=partial_disk_clone.img bs=1M count=100

Cloning only a specific portion of a disk, such as the first 100MB, can be useful in various scenarios. By doing this, you capture not just the MBR but also any early parts of the file system, bootloaders, or other structures that reside at the beginning of the disk. Usage Scenarios:

Backup and Restoration: Sometimes, you only need to backup the initial portion of a disk, especially if that part contains critical boot or system data. By cloning the first 100MB, you can later restore that portion if it becomes corrupted.
Forensic Analysis: In digital forensics, investigators might clone the beginning of a disk to analyze boot sectors, initial file system structures, or to look for hidden data.
Migration: If you’re moving to a different disk but only need the initial setup, boot loaders, or partition structures (but not the entire content), then copying the first 100MB can be a quick way to achieve this.
Optimization: Some advanced users might clone the first portion of a disk to another faster storage medium (like an SSD) to accelerate boot times or frequently used operations, while leaving the rest of the data on a slower medium.

To clone only the first 100MB of a disk (e.g., /dev/sda) to a file named first100MB.img:

dd if=/dev/sda of=first100MB.img bs=1M count=100

Here’s what’s happening:

if=/dev/sda: Input file is the disk /dev/sda.
of=first100MB.img: Output file is first100MB.img.
bs=1M: Set the block size to 1 Megabyte.
count=100: Copy only 100 blocks of size 1M (so, 100MB in total).
If you backed up the first 100MB of /dev/sda to first100MB.img and you want to restore it to the same disk, you’d use the same command in reverse:
```
dd if=first100MB.img of=/dev/sda bs=1M count=100
```

Creating a bootable USB drive from an ISO image:

dd if=mylinux.iso of=/dev/sdb bs=4M && sync

Backing up the Master Boot Record (MBR) (which is 512 bytes):

dd if=/dev/sda of=backup_mbr.img bs=512 count=1

The Master Boot Record (MBR) is located at the very beginning of a storage device, specifically in its first 512 bytes. Within the MBR, the primary bootloader takes up 446 bytes, followed by the partition table, which occupies the next 64 bytes. The last 2 bytes are reserved for a signature.

Usages:

System Migration or Cloning: If you’re moving to a new hard drive or cloning your existing setup, it can be useful to backup the MBR separately. After copying your data, you can restore the MBR to ensure the new drive is bootable and retains the original partition structure.
Preventative Backup: Just as you would backup important files, backing up the MBR is a preventative measure. If something corrupts your MBR, having a backup allows you to quickly restore it without needing to rebuild your partition table or bootloader.

Here’s how you can view the MBR in a hex format:

To inspect the MBR, including its partition table, you can use the dd command in conjunction with a tool like hexdump or od.

dd if=/dev/sdX bs=512 count=1 2>/dev/null | hexdump -C

Here’s a breakdown of the output:

Bytes 0-445 (0x1BD in hex) are typically used by the bootloader code.
Bytes 446-509 (0x1BE to 0x1FD in hex) contain the partition table, which consists of four 16-byte partition records. Each record provides details about one of the possible four primary partitions.
Bytes 510-511 (0x1FE and 0x1FF in hex) contain the signature, usually 0x55AA.
If you’re only interested in the partition table, you can extract that specific portion: dd if=/dev/sdX bs=1 skip=446 count=64 2>/dev/null | hexdump -C This output will show you the raw data for the four primary partition entries in the MBR. Each partition entry will detail:
- The boot indicator (means it’s bootable)
- The starting CHS (Cylinder-Head-Sector) address
- The partition type
- The ending CHS address
- The LBA (Logical Block Addressing) of the starting sector
- The total sectors in the partition

Interpreting this data can require some knowledge of disk structures and might not be straightforward for the average user. However, there are also tools and utilities that can present this information in a more user-friendly manner, such as fdisk or parted.

Zeroing out the first 10MB of a disk (to wipe the beginning of it):

dd if=/dev/zero of=/dev/sda bs=1M count=10

Usage would be for

Wiping the Master Boot Record (MBR) and Partition Table: The MBR, which includes the bootloader and partition table, is located in the first 512 bytes of a disk. By zeroing out the first 10MB, you would effectively wipe the MBR and make the disk unbootable. This could be useful if you’re trying to ensure a system doesn’t boot, or if you’re preparing a disk for a fresh installation and want to remove any traces of the old bootloader.
Removing Disk Signatures: Some operating systems and disk utilities may place a signature or marker at the beginning of a disk to indicate the disk’s usage or purpose. Zeroing out this section would remove such signatures.
Troubleshooting Disk Issues: Sometimes, if there are issues with a disk’s partition table or boot sector, clearing out the beginning of the disk can be a troubleshooting step before attempting to reinitialize or repartition the disk.

dd if=/dev/xxx of=/dev/sda oflag=sync bs=128M status=progress

if=/dev/xxx: This specifies the input file. The /dev/xxx is a placeholder, meaning you’d replace “xxxx” with the actual device or file name from which you’re copying data.

of=/dev/sda: This specifies the output file or device. Here, it’s copying to the /dev/sda device, which typically represents the first hard disk in a Linux system.

oflag=sync: This ensures that the data is written to the output file in a synchronized manner. The sync operation will ensure data is written to the disk immediately.

bs=128M: This sets the block size to 128MB. This means dd will read and write in chunks of 128MB at a time.

status=progress: This option will display a progress bar while dd is running, allowing you to monitor the copying process.

Buy Me a Coffee