Learning Linux commands: dd

Introduction

What you’re reading is only the first of the many articles from the “Learning Linux commands” series. Why would we want to do such a thing? Because it’s useful to you to have every option and possible use of a widely used command all in one place. You will find some options or even some commands that you didn’t even knew existed, and your life as a Linux user / admin will become easier. If you’re not afraid of opening a terminal and know the basics of using a Linux system, this article is for you.

Why dd?

We chose dd as the first contender in our series because it’s a useful tool that has lots of options, as you will see. This makes it almost one of the Swiss army knives of the Linux world. Yeah, this term (Swiss army knife) is used more than it should be by the Linux-oriented article writers, so we couldn’t pass the opportunity to use it ourselves.

General usage

Before we start we wanted to give you a general idea of how dd is used. First of all, the name comes from “data duplicator”, but it’s also jokingly said to stand for “disk destroyer” or “data destroyer” because it’s a very powerful tool. So we recommend extra care when using dd because one moment of carelessness may cost you valuable data. The general syntax of a dd command is

 # dd if=$input_data of=$output_data [options]

Input and output data can be disks, partitions, files, devices…mainly everything you can write to or read from. As you will see, you can use dd in a networked context to send data streams across your LAN, for example. You can have only the input part in your dd command, or only the output command, and you can even eliminate both in some cases. All these will be treated in the table below.



Examples

Learning Linux dd command with examples
Linux command syntax Linux command description
File systems
dd if=/dev/urandom of=/dev/sda bs=4k
Fills the drive with random data
dd if=/dev/sda of=/dev/sdb bs=4096

Drive-to-drive duplication

dd if=/dev/zero of=/dev/sda bs=4k
Clean up a hard drive (may need to be repeated)
dd if=inputfile of=/dev/st0 bs=32k conv=sync
Copy from file to tape device
dd if=/dev/st0 of=outfile bs=32k conv=sync
The above, reversed
dd if=/dev/sda | hexdump -C | grep [^00]
Check if drive is really zeroed out
dd if=/dev/urandom of=/home/$user/hugefile\
 bs=4096
Fills out a partition (careful with system partitions!)
ls -l myfile
-rw-r--r-- 6703104 Oct 31 18:25 myfile
dd if=/dev/urandom of=myfile bs=6703104 count=1
Scramble a file (maybe before deleting it)
dd if=/dev/sda3 of=/dev/sdb3 bs=4096 \
conv=notrunc,noerror
Copy a partition to another partition
dd if=/proc/filesystems | hexdump -C | less
View available filesystems
dd if=/proc/partitions | hexdump -C | less
View availble partitions in kb
dd if=/dev/sdb2 ibs=4096 | gzip > partition.image.gz \
conv=noerror
Creates a gzipped image of the second partition
of the second disk
dd bs=10240 cbs=80 conv=ascii,unblock\
 if=/dev/st0 of=ascii.out
Copy the contents of a tape drive to a file, converting
from EBCDIC to ASCII
dd if=/dev/st0 ibs=1024 obs=2048 of=/dev/st1
Copy from 1KB block device to 2KB block device
dd if=/dev/zero of=/dev/null bs=100M count=100
100+0 records in
100+0 records out
10485760000 bytes (10 GB) copied,

5.62955 s, 1.9 GB/s
Copy 10 GB of zeros to the garbage can.
dd if=/dev/zero of=/dev/sda bs=512 count=2
fdisk -s /dev/sda
dd if=/dev/zero of=/dev/sda seek=\
(number_of_sectors - 20) bs=1k
Erase GPT from disk. Since GPT writes data at the beginning
AND at the end of the drive, after
erasing from the beginning, we need to find out the number
of sectors (second command), then erase the last 20 sectors.
dd if=/home/$user/bootimage.img of=/dev/sdc
Create bootable USB drive (here shown as /dev/sdc)
dd if=/dev/sda of=/dev/null bs=1m
A good way to check for bad blocks
Backup and system-related
dd if=/dev/sda of=/dev/fd0 bs=512 count=1
Copies the MBR to a floppy
dd if=/dev/sda1 of=/dev/sdb1 bs=4096
Drive-to-drive duplication
dd if=/dev/sr0 of=/home/$user/mycdimage.iso\
 bs=2048 conv=nosync
Create an image of a CD
mount -o loop /home/$user/mycdimage.iso\
 /mnt/cdimages/
Mount said image locally
dd if=/dev/sda of=/dev/sdb bs=64k conv=sync
Useful when replacing a disk with another of identical size
dd if=/dev/sda2 of=/home/$user/hddimage1.img\
 bs=1M count=4430
dd if=/dev/sda2 of=/home/$user/hddimage2.img\
 bs=1M count=8860
[...]
Create DVD images of a partition (useful for backing up)
dd if=/$location/hddimage1.img of=/dev/sda2\
 bs=1M
dd if=/$location/hddimage2.img of=/dev/sda2\
 seek=4430 bs=1M
dd if=/$location/hddimage3.img of=/dev/sda2\
 seek=8860 bs=1M
[and so on...]
Restore from above backup
dd if=/dev/zero count=1 bs=1024 seek=1 of=/dev/sda6
Destroy the superblock
dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/sda5
Another way to destroy the superblock
dd if=/home/$user/suspicious.doc | clamscan -
Check file for viruses (needs ClamAV)
dd if=/home/$user/binary file | hexdump -C | less
Look at the contents of a binary file (needs hexdump)
dd if=/home/$user/bigfile of=/dev/null
dd if=/dev/zero of=/home/$user/bigfile \
bs=1024 count=1000000
Benchmarks hard drive for read/write speed
dd if=/dev/sda of=/dev/sda
Gives new life to older hard drives that haven’t been used for a while (disk must be unmounted)
dd if=/dev/mem | strings | grep 'string_to_search'
Examine memory contents (human-readable, that is)
dd if=/dev/fd0 of=/home/$user/floppy.image\
 bs=2x80x18b conv=notrunc
Copy a floppy disk
dd if=/proc/kcore | hexdump -C | less
View virtual memory
dd if=/proc/filesystems | hexdump -C | less
View available filesystems
dd if=/proc/kallsyms | hexdump -C | less
View loaded modules
dd if=/proc/interrupts | hexdump -C | less
View interrupt table
dd if=/proc/uptime | hexdump -C | less
View uptime in seconds
dd if=/proc/partitions | hexdump -C | less
View availble partitions in kb
dd if=/proc/meminfo | hexdump -C | less
View memstats
dd if=/dev/urandom of=/home/$user/myrandom \
bs=100 count=1
Creates a 1kb file of random gibberish
dd if=/dev/mem of=/home/$user/mem.bin\
 bs=1024
Creates an image of the actual state of your system memory
dd if=/home/$user/myfile
Prints the file to stdout
dd if=/dev/sda2 bs=16065 | hexdump -C\
 | grep 'text_to_search'
Search an entire partition for a string; even if it’s secured,
you can boot a liveCD
dd if=/home/$user/file.bin skip=64k bs=1\
 of=/home/$user/convfile.bin
Copy file.bin to convfile.bin skipping the first 64 kB
dd if=/home/$user/bootimage.img of=/dev/sdc
Create bootable USB drive (here shown as /dev/sdc)
dd if=/dev/mem bs=1k skip=768 count=256 \
2>/dev/null | strings -n 8
Read BIOS.
dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300k
Convert Nero image into ISO standard image.
This is possible because the only difference between
the two is a 300 kB header Nero adds to a standard ISO file.
echo -n "hello vertical world" | dd cbs=1 \
conv=unblock 2> /dev/null
Try it, it’s safe. 🙂
dd if=/dev/sda1 | gzip -c | split -b 2000m - \
/mnt/hdc1/backup.img.gz
Create a gzipped image of a partition using split
cat /mnt/hdc1/backup.img.gz.* | gzip -dc |\
 dd of=/dev/sda1
Restore above backup
dd if=/dev/zero of=myimage bs=1024 count=10240
Create an empty disk image
dd ibs=10 skip=1
Strip first 10 bytes of stdin
dd bs=265b conv=noerror if=/dev/st0 \
of=/tmp/bad.tape.image
Make image of a tape drive with bad spots
dd if=/dev/sda count=1 | hexdump -C
View your MBR
dd if=/dev/sda | nc -l 10001 
nc $system_to_backup_IP 10001 | dd\
 of=sysbackupsda.img
Fast network backup using netcat
dd if=/dev/zero of=/dev/sdX\
 bs=1024000 count=1
Clear first 10MB of the partition
dd if=/dev/zero of=tmpswap bs=1k\
 count=1000000
chmod 600 tmpswap
mkswap tmpswap
swapon tmpswap
Create temporary swap space
dd if=/dev/sda of=/dev/null bs=1024k \
count=1024
1073741824 bytes (1.1 GB) copied, 
24.1684 s, 44.4 MB/s
Determine sequential I/O speed of your drive. Reading 1GB file
dd if=/dev/random count=1 2>/dev/null | od -t u1 |\
 awk '{ print $2}' | head -1
Generate random number
dd if=/dev/mem of=myRAM bs=1024
Copy RAM memory to a file
dd if=/dev/sda bs=512 count=1 | od -xa
See content of your MBR in hex and ASCII format
dd if=/my/old/mbr of=/dev/sda bs=446 count=1
Restore MBR without disturbing partition table record
which is between 447 – 511 bytes
dd if=/dev/sda1 | split -b 700m - sda1-image
Create a partition copy and save images where maximum
volume size is 700MB
Text manipulation
ls -l | dd conv=ucase
Convert the output of a command to uppercase
echo "MY UPPER CASE TEXT" | dd conv=lcase
Convert any text to lowercase
dd if=/etc/passwd cbs=132 conv=ebcdic of=/tmp/passwd.ebcdic
Convert the system password file to fixed-length EBCDIC-format file
dd if=text.ascii of=text.ebcdic conv=ebcdic
Convert from ASCII to EBCDIC
dd if=myfile of=myfile conv=ucase
Convert a file to uppercase (simple sed or tr replacement)

Conclusion

This has been just a small part of what dd can do, and we hope that this article managed to comprise the most useful examples for the everyday user. However, before you go further, we recommend you read your hard drive’s documentation, looking for things like LBA limitation, and take extra care when using dd in a root terminal.
Of course, you already have backups, but a little extra care will save you hours of unnecessary work.



Comments and Discussions
Linux Forum