[dd][Linux] Learning Linux commands: dd

[dd][Linux] Learning Linux commands: dd

Learning Linux dd command with examples
Linux command syntax	Linux command description
File systems
dd if=/dev/urandom of=/dev/sda bs=4k	Fills the drive with random data
dd if=/dev/sda of=/dev/sdb bs=4096	Drive-to-drive duplication
dd if=/dev/zero of=/dev/sda bs=4k	Clean up a hard drive (may need to be repeated)
dd if=inputfile of=/dev/st0 bs=32k conv=sync	Copy from file to tape device
dd if=/dev/st0 of=outfile bs=32k conv=sync	The above, reversed
dd if=/dev/sda | hexdump -C | grep [^00]	Check if drive is really zeroed out
dd if=/dev/urandom of=/home/$user/hugefile\ bs=4096	Fills out a partition (careful with system partitions!)
ls -l myfile -rw-r--r-- 6703104 Oct 31 18:25 myfile dd if=/dev/urandom of=myfile bs=6703104 count=1	Scramble a file (maybe before deleting it)
dd if=/dev/sda3 of=/dev/sdb3 bs=4096 \ conv=notrunc,noerror	Copy a partition to another partition
dd if=/proc/filesystems | hexdump -C | less	View available filesystems
dd if=/proc/partitions | hexdump -C | less	View availble partitions in kb
dd if=/dev/sdb2 ibs=4096 | gzip > partition.image.gz \ conv=noerror	Creates a gzipped image of the second partition of the second disk
dd bs=10240 cbs=80 conv=ascii,unblock\ if=/dev/st0 of=ascii.out	Copy the contents of a tape drive to a file, converting from EBCDIC to ASCII
dd if=/dev/st0 ibs=1024 obs=2048 of=/dev/st1	Copy from 1KB block device to 2KB block device
dd if=/dev/zero of=/dev/null bs=100M count=100 100+0 records in 100+0 records out 10485760000 bytes (10 GB) copied, 5.62955 s, 1.9 GB/s	Copy 10 GB of zeros to the garbage can.
dd if=/dev/zero of=/dev/sda bs=512 count=2 fdisk -s /dev/sda dd if=/dev/zero of=/dev/sda seek=\ (number_of_sectors - 20) bs=1k	Erase GPT from disk. Since GPT writes data at the beginning AND at the end of the drive, after erasing from the beginning, we need to find out the number of sectors (second command), then erase the last 20 sectors.
dd if=/home/$user/bootimage.img of=/dev/sdc	Create bootable USB drive (here shown as /dev/sdc)
dd if=/dev/sda of=/dev/null bs=1m	A good way to check for bad blocks
Backup and system-related
dd if=/dev/sda of=/dev/fd0 bs=512 count=1	Copies the MBR to a floppy
dd if=/dev/sda1 of=/dev/sdb1 bs=4096	Drive-to-drive duplication
dd if=/dev/sr0 of=/home/$user/mycdimage.iso\ bs=2048 conv=nosync	Create an image of a CD
mount -o loop /home/$user/mycdimage.iso\ /mnt/cdimages/	Mount said image locally
dd if=/dev/sda of=/dev/sdb bs=64k conv=sync	Useful when replacing a disk with another of identical size
dd if=/dev/sda2 of=/home/$user/hddimage1.img\ bs=1M count=4430 dd if=/dev/sda2 of=/home/$user/hddimage2.img\ bs=1M count=8860 [...]	Create DVD images of a partition (useful for backing up)
dd if=/$location/hddimage1.img of=/dev/sda2\ bs=1M dd if=/$location/hddimage2.img of=/dev/sda2\ seek=4430 bs=1M dd if=/$location/hddimage3.img of=/dev/sda2\ seek=8860 bs=1M [and so on...]	Restore from above backup
dd if=/dev/zero count=1 bs=1024 seek=1 of=/dev/sda6	Destroy the superblock
dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/sda5	Another way to destroy the superblock
dd if=/home/$user/suspicious.doc | clamscan -	Check file for viruses (needs ClamAV)
dd if=/home/$user/binary file | hexdump -C | less	Look at the contents of a binary file (needs hexdump)
dd if=/home/$user/bigfile of=/dev/null dd if=/dev/zero of=/home/$user/bigfile \ bs=1024 count=1000000	Benchmarks hard drive for read/write speed
dd if=/dev/sda of=/dev/sda	Gives new life to older hard drives that haven't been used for a while (disk must be unmounted)
dd if=/dev/mem | strings | grep 'string_to_search'	Examine memory contents (human-readable, that is)
dd if=/dev/fd0 of=/home/$user/floppy.image\ bs=2x80x18b conv=notrunc	Copy a floppy disk
dd if=/proc/kcore | hexdump -C | less	View virtual memory
dd if=/proc/filesystems | hexdump -C | less	View available filesystems
dd if=/proc/kallsyms | hexdump -C | less	View loaded modules
dd if=/proc/interrupts | hexdump -C | less	View interrupt table
dd if=/proc/uptime | hexdump -C | less	View uptime in seconds
dd if=/proc/partitions | hexdump -C | less	View availble partitions in kb
dd if=/proc/meminfo | hexdump -C | less	View memstats
dd if=/dev/urandom of=/home/$user/myrandom \ bs=100 count=1	Creates a 1kb file of random gibberish
dd if=/dev/mem of=/home/$user/mem.bin\ bs=1024	Creates an image of the actual state of your system memory
dd if=/home/$user/myfile	Prints the file to stdout
dd if=/dev/sda2 bs=16065 | hexdump -C\ | grep 'text_to_search'	Search an entire partition for a string; even if it's secured, you can boot a liveCD
dd if=/home/$user/file.bin skip=64k bs=1\ of=/home/$user/convfile.bin	Copy file.bin to convfile.bin skipping the first 64 kB
dd if=/home/$user/bootimage.img of=/dev/sdc	Create bootable USB drive (here shown as /dev/sdc)
dd if=/dev/mem bs=1k skip=768 count=256 \ 2>/dev/null | strings -n 8	Read BIOS.
dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300k	Convert Nero image into ISO standard image. This is possible because the only difference between the two is a 300 kB header Nero adds to a standard ISO file.
echo -n "hello vertical world" | dd cbs=1 \ conv=unblock 2> /dev/null	Try it, it's safe. :-)
dd if=/dev/sda1 | gzip -c | split -b 2000m - \ /mnt/hdc1/backup.img.gz	Create a gzipped image of a partition using split
cat /mnt/hdc1/backup.img.gz.* | gzip -dc |\ dd of=/dev/sda1	Restore above backup
dd if=/dev/zero of=myimage bs=1024 count=10240	Create an empty disk image
dd ibs=10 skip=1	Strip first 10 bytes of stdin
dd bs=265b conv=noerror if=/dev/st0 \ of=/tmp/bad.tape.image	Make image of a tape drive with bad spots
dd if=/dev/sda count=1 | hexdump -C	View your MBR
dd if=/dev/sda | nc -l 10001 nc $system_to_backup_IP 10001 | dd\ of=sysbackupsda.img	Fast network backup using netcat
dd if=/dev/zero of=/dev/sdX\ bs=1024000 count=1	Clear first 10MB of the partition
dd if=/dev/zero of=tmpswap bs=1k\ count=1000000 chmod 600 tmpswap mkswap tmpswap swapon tmpswap	Create temporary swap space
dd if=/dev/sda of=/dev/null bs=1024k \ count=1024 1073741824 bytes (1.1 GB) copied, 24.1684 s, 44.4 MB/s	Determine sequential I/O speed of your drive. Reading 1GB file
dd if=/dev/random count=1 2>/dev/null | od -t u1 |\ awk '{ print $2}' | head -1	Generate random number
dd if=/dev/mem of=myRAM bs=1024	Copy RAM memory to a file
dd if=/dev/sda bs=512 count=1 | od -xa	See content of your MBR in hex and ASCII format
dd if=/my/old/mbr of=/dev/sda bs=446 count=1	Restore MBR without disturbing partition table record which is between 447 - 511 bytes
dd if=/dev/sda1 | split -b 700m - sda1-image	Create a partition copy and save images where maximum volume size is 700MB
Text manipulation
ls -l | dd conv=ucase	Convert the output of a command to uppercase
echo "MY UPPER CASE TEXT" | dd conv=lcase	Convert any text to lowercase
dd if=/etc/passwd cbs=132 conv=ebcdic of=/tmp/passwd.ebcdic	Convert the system password file to fixed-length EBCDIC-format file
dd if=text.ascii of=text.ebcdic conv=ebcdic	Convert from ASCII to EBCDIC
dd if=myfile of=myfile conv=ucase	Convert a file to uppercase (simple sed or tr replacement)

Reference :

• 
  Learning Linux commands: dd