diff --git a/Makefile b/Makefile index 7663e96..eb6a5cd 100644 --- a/Makefile +++ b/Makefile @@ -25,15 +25,8 @@ install: writeimg install -m 0755 $< $(DESTDIR)$(PREFIX)/bin/$< install -m 0644 $<.1 $(DESTDIR)$(PREFIX)/share/man/man1/$<.1 -# Note that this bypasses PREFIX, since -# bash does not source /usr/local by default -install_bash: writeimg_completion_bash.sh - install -d $(DESTDIR)/etc/bash_completion.d - install -m 0644 $< $(DESTDIR)/etc/bash_completion.d/$< - uninstall: rm -f $(DESTDIR)$(PREFIX)/bin/writeimg rm -f $(DESTDIR)$(PREFIX)/share/man/man1/writeimg.1 - rm -f $(DESTDIR)/etc/bash_completion.d/writeimg* .PHONY: clean install uninstall diff --git a/README.md b/README.md index f864c59..6dfebd5 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,13 @@ -# WriteIMG Image Writer +# Simple dd-like image writer with additional security checks. -WriteIMG is a simple dd-like image writer with additional security checks for -Linux and soon FreeBSD. It tells you what you're about to do and warns you -about potential problems before they occur. It also features automatic image -verifications, and uses a suitable block size for fast and gentle writing. - -Say goodbye to fried flash and overwritten bootloaders, no more footguns! +This tool verifies your image automatically. The block size is currently set to +1 MiB, which should be enough to avoid trouble. ``` -WriteIMG v0.2.3, Rev. d02fc5f +writeimg v0.2.0, Rev. 5323932-dirty In honor of SwePwnage - the OG disk destroyer Copyright (C) 2026 Imbus, BSD-2-Clause -Build date: 2026-02-21 +Build date: 2026-02-07 Usage: writeimg [-v] -d @@ -21,18 +17,12 @@ Args: -v Verify only -d device Target block device -h, --help Print this help message - -n, --noconfirm Do not ask for permission + -n, --noconfirm Do not ask for premission -V, --version Print version ``` -We also provide a manpage, which targets OpenBSD-level quality. Incorrect or -outdated information is a bug. - ## Testing -For testing, there is a shell script "test.sh" included. It sets up a block dev -and writes (and verifies) a bunch of nonsense to it. It boils down to: - ``` dd if=/dev/zero of=./disk.img bs=1M count=1024 losetup -fP ./disk.img @@ -40,75 +30,6 @@ losetup -a losedup -d /dev/loop0 ``` -Writes to a regular files is not currently in scope, although it would simplify -testing. - -## Design Considerations - -Most of the sanity checking is currently highly Linux specific. We should -prefer general/posix solutions that reach **at least** FreeBSD, preferably -OpenBSD and Solaris as well. FreeBSD did implement procfs, but its a Linux-ism -and it has since been deprecated. I would prefer not to turn this rather simple -code into macro-mozaic, as i've seen other similar projects do. After all, this -is just a juiced-up dd-rewrite at its core. - -**Apple products are unsupported.** Im simply not interested in ensuring -compatibility with a walled-garden ecosystem. If *you* are, we can change that. - -At the time of writing, my FreeBSD server is down for maintenance, which means -all of my development and testing is focused on AMD64, AArch64 and AArch32 -Linux. - -In the setup phase of the program, we can absolutely afford to do lots of -sanity checking via syscalls. Between each block write, we flush the disk -buffers. These flushes are larger (1 MiB when buffer is full) than the sector -size (often 4k or 64k) of the flash, so as far as i know, this is a gentle way -to write flash, and should not incur any significant performance overhead. 1 -MiB is also a multiple of the most common sector sizes. We could write it all -with no flushing, but that would mean the progress indicator will measure -buffered writes, which is useless. - -It should be possible to induce optimal block size, but this idea has not been -explored yet. - -Currently when verifying the written data, we read from both the input file and -the output block device and do a byte-by-byte comparison. A CRC32 is also -calculated in the first pass of the input file read. In the second pass (the -verification stage), we calculate the CRC32 of the block device data and -compare that to our previous result. **This means that we currently use two -separate methods of verification**. The program allocates **two** separate -buffers in the startup phase for comparisons. This will change in the coming -releases, and we will rely only on the CRC. - -De-allocation is handled in the interrupt vector as well as in the 'sad-paths', -but ultimately this program can be regarded as samurai-principled. We try to -handle deallocation, but exit on failure and let the kernel handle the rest. - -The use of a crypto-grade checksumming algorithm was considered, but was -ultimately rejected in favour of a lookup based CRC32. Its simpler, faster and -easier to understand (See: [crc32.h](./crc32.h)). We may include a compile-time -option to disable the lookup table to reduce size for really small targets, but -we speculate that those targets are already satisfied with busybox-dd. - -We also considered using libudev or any of its analogues, to determine the type -of block device (spinning or flash), but my somewhat inconclusive research -indicates that it does not include functionality to determine the medium type -(usb/sd/sata), which is ultimately what i would like to warn the user about. -The libudev library is also Linux specific. - -We also need completion scripts for the most common shells. This includes csh, -bash and zsh. Should be easy enough when we set our minds to it. - -See: - - `grep -nE 'BLK[A-Za-z0-9]+' /usr/include/linux/fs.h` - In particular, we're interested in BLKGETSIZE64 and BLKFLSBUF for now. - -We can read the device info from: - - /sys/class/block/[name]/* -Like: - - /sys/class/block/[name]/device/model - - /sys/class/block/[name]/size - ## Inspiration See: diff --git a/test.sh b/test.sh index 1eb6280..70cfae9 100644 --- a/test.sh +++ b/test.sh @@ -4,17 +4,13 @@ set -e # set -x # For debugging # If you ever mess this up: -# $ mknod /dev/loop-control c 10 237 -# $ chmod 600 /dev/loop-control -# $ chown root:root /dev/loop-control +# $ sudo mknod /dev/loop-control c 10 237 +# $ sudo chmod 600 /dev/loop-control +# $ sudo chown root:root /dev/loop-control # # For cleanup: -# $ find /dev -maxdepth 1 -type b -name 'loop[0-9]*' -exec rm -f {} \; +# $ sudo find /dev -maxdepth 1 -type b -name 'loop[0-9]*' -exec rm -f {} \; -if [ "$(id -u)" -ne 0 ]; then - echo "Run as root. We need permissions to write and setup a loop device." - exit 1 -fi DISKFILE="/tmp/disk.img" BINFILE="/tmp/file.bin" @@ -26,9 +22,9 @@ echo "Using device: ${LOOPDEV}" cleanup() { echo "Cleaning up..." set +e -x - losetup -d ${LOOPDEV} - rm ${LOOPDEV} - rm ${BINFILE} ${DISKFILE} + sudo losetup -d ${LOOPDEV} + sudo rm ${LOOPDEV} + sudo rm ${BINFILE} ${DISKFILE} } trap cleanup EXIT INT TERM @@ -40,31 +36,28 @@ if losetup ${LOOPDEV} >/dev/null 2>&1; then fi if [ ! -f ${DISKFILE} ]; then - echo "Creating ${DISKFILE}" dd if=/dev/zero of=${DISKFILE} bs=1M count=256 fi if [ ! -f ${BINFILE} ]; then - echo "Creating ${BINFILE}" dd if=/dev/urandom of=${BINFILE} bs=1M count=64 fi if [ ! -e ${LOOPDEV} ]; then - mknod ${LOOPDEV} b 7 ${LOOPNUM} # busybox needs this - losetup ${LOOPDEV} ${DISKFILE} + sudo losetup ${LOOPDEV} ${DISKFILE} fi -./writeimg -nd ${LOOPDEV} ${BINFILE} -./writeimg -vnd ${LOOPDEV} ${BINFILE} +sudo ./writeimg -nd ${LOOPDEV} ${BINFILE} +sudo ./writeimg -vnd ${LOOPDEV} ${BINFILE} -./writeimg -nd ${LOOPDEV} ./writeimg -./writeimg -vnd ${LOOPDEV} ./writeimg +sudo ./writeimg -nd ${LOOPDEV} ./writeimg +sudo ./writeimg -vnd ${LOOPDEV} ./writeimg -./writeimg -nd ${LOOPDEV} ./LICENSE -./writeimg -vnd ${LOOPDEV} ./LICENSE +sudo ./writeimg -nd ${LOOPDEV} ./LICENSE +sudo ./writeimg -vnd ${LOOPDEV} ./LICENSE # Redirect this to avoid confusion -! ./writeimg -vnd ${LOOPDEV} ./crc32.h 2>/dev/null +! sudo ./writeimg -vnd ${LOOPDEV} ./crc32.h 2>/dev/null GREEN="\e[32m" RESET="\e[0m" diff --git a/writeimg.c b/writeimg.c index 2219acb..e839930 100644 --- a/writeimg.c +++ b/writeimg.c @@ -72,7 +72,7 @@ const char help[] = " -v Verify only\n" " -d device Target block device\n" " -h, --help Print this help message\n" - " -n, --noconfirm Do not ask for permission\n" + " -n, --noconfirm Do not ask for premission\n" " -V, --version Print version\n" "\0"; // clang-format on @@ -278,11 +278,7 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } -#ifdef __GLIBC__ if (ioctl(fd, BLKGETSIZE64, &device_size) < 0) { -#else /* With musl, ioctl's take ints, kheaders provide unsigned longs. Passes tests. */ - if (ioctl(fd, (int)BLKGETSIZE64, &device_size) < 0) { -#endif perror("ioctl"); close(fd); exit(EXIT_FAILURE); diff --git a/writeimg_completion_bash.sh b/writeimg_completion_bash.sh deleted file mode 100644 index 305cf95..0000000 --- a/writeimg_completion_bash.sh +++ /dev/null @@ -1,25 +0,0 @@ -_writeimg_completion() { - local cur prev opts - - cur="${COMP_WORDS[COMP_CWORD]}" - prev="${COMP_WORDS[COMP_CWORD-1]}" - - opts="-v -d -h --help -n --noconfirm -V --version" - - # Devices - if [[ "$prev" == "-d" ]]; then - COMPREPLY=( $(compgen -W "$(ls -d /dev/sd* /dev/nvme* /dev/mmcblk* 2>/dev/null)" -- "$cur") ) - return 0 - fi - - # Flags - if [[ "$cur" != -* ]]; then - COMPREPLY=( $(compgen -f -- "$cur") ) - return 0 - fi - - # Files - COMPREPLY=( $(compgen -W "$opts" -- "$cur") ) -} - -complete -F _writeimg_completion writeimg