How do I crash my Macbook Pro digitally?

Yep, you read it correctly. I would like a way to crash my Mac OS x hard drive/hardware so that it cannot boot anymore. Through a software solution. This is because if my Macbook ever gets stolen I'd prefer to crash the damn thing rather than recovering data. (of course I have backups)

Is there any location on the hard drive on which finder or so is located? Is there a possibility to delete any of those files/folders using sudo in bash through some remote shell?

The best thing would probably be if I could delete the part of finder/OSX that browses the hard drive filesystem. Please also post your thoughts on any answers if you know something bad with that solution.

EDIT: thought #2: Corrupting the files in the folders? Is there a way of finding them on the hard drive and overwrite their contents with random data? (Maybe mount it using some non-standard driver through sudo?)

EDIT2: Is it possible to use two passwords when encrypting a hard drive? I.e. one that decrypts and mounts my "safe" part, which would be the OS, programs and so, while not decrypting the sensitive parts, and another password to do the rest of the decryption. I doesn't matter if this would end up as two different encrypted files on the disk as long as they are hidden.

Please note: I do not want an encryption-solution unless it can encrypt the hard drive in two parts; one for the OS and one for my files. Maybe encrypting the hard drive and then encrypting the sensitive once again through a bash command or something equally hidden? (no visible "/encrypted-data" folder which you cannot access)

Also, Would a "sudo rm -rf /sensitive/folders" from SSH do the job? Would it do it silently? (non-discoverable by someone looking at the Mac screen)

Edit 3: since this thread is running out of hand and i have posted small aditions all over the place i made a new thread with alot more clarity to the actual problem. Hope you understand why.

Filip Haglund

Posted 2011-05-11T13:20:16.550

Reputation: 1 150

Mac OS 10.7 might have a remote wipe feature: http://blogs.computerworld.com/18225/imac_sandy_bridge_upgrade_hints_remote_wipe_for_mac_more

– sblair – 2011-05-11T13:33:36.770

1I don't think 'crash' is the word you're looking for. 'Erase' 'overwrite' 'destroy' 'render unusuable'? 'Crash' in a computer context is usually recoverable. – Shinrai – 2011-05-11T14:40:39.137

@Shinrai i would like to crash, erase and/or overwrite the disk. A new harddrive is free for me. – Filip Haglund – 2011-05-11T15:07:50.757

1@Filip - My point is simply that 'crash' doesn't generally mean 'irrecoverably damage the disk', it means 'the operating system goes down, and you have to reboot'. Semantics are important here, especially since you seem to dislike every answer you're getting. – Shinrai – 2011-05-11T15:19:49.633

oh, in that sense, yes. Thanks for pointing it out! – Filip Haglund – 2011-05-11T15:37:56.587

Just a hint : If the BIOS infos concerning the number of disks, number of heads per disk, number of sectors per side, etc. is wrongly set, doesn't it physical damage to the disk itself ? – Pierre Watelet – 2011-05-11T15:58:50.200

@Pierre: 0, Macs don't have the same kind of BIOS. 1, Current operating systems access disks directly, bypassing BIOS calls. 2, CHS addressing is never used anymore, only LBA. 3, For "modern" (all ATA/IDE) drives, CHS addressing doesn't even make sense anymore, and if it is used, the drive's firmware will automatically convert it to a working physical address.

– user1686 – 2011-05-12T05:23:05.277

Answers

The solution I used was truecrypt with a visible partition containing the school stuff and a hidden partition with my secret files. They've taken the mac once but they didn't even ask me for the password so I'm not sure they even looked at it.

Filip Haglund

Posted 2011-05-11T13:20:16.550

Reputation: 1 150

I would like a way to crash my mac os x harddrive/hardware so that it cannot boot anymore.

Doing it remotely? No way. You can't erase all of the data just by a remote login*. Also, if it's stolen, why would it be online and reachable from the outer world through SSH? That would mean that any firewall it's behind has port 22 open. You'd have to be lucky, set up DynDNS, etc.

Also, you make the assumption that the thieves don't just take out the hard drive and copy it before they boot the system, which is exactly what I'd do if I stole a machine**.

Please just use FileVault, it's there for that purpose! And use a strong user password — the encrypted drive is unrecoverable without it.

_{* You can try to run rm -rf or dd but who knows how long it takes and at which point it stops, etc.}

_{** Don't take that threat too seriously.}

slhck

Posted 2011-05-11T13:20:16.550

Reputation: 182 472

There is a way, i promise. A remote shell would solve the open port-problem. i.e. the mac connects to my server. I don't want to encrypt my data, i want it to be completely unrecoverable. – Filip Haglund – 2011-05-11T13:45:20.423

2It is de facto unrecoverable if you don't know the encryption password. If you don't want to encrypt your data then you need to solder your Mac into a safe because everybody can still take out the hard drive (which is what I'd do if I stole something). – slhck – 2011-05-11T13:47:39.110

There is one person which i (through a contract) have to give access to the mac. I would like this person to not simply be able to ask me for the password. A corrupted harddrive would be alot better. – Filip Haglund – 2011-05-11T14:00:52.510

2Only give them the password to a secondary account, then lock down access to the files they don't need access to with FileVault and/or file permissions. – Scott – 2011-05-11T14:02:24.997

Like slhck, if I wanted your data, the first thing I'd do is power down the machine and yank the drive out. I don't have the necessary skillset for a cold-boot attack on an encrypted drive, so I wouldn't bother trying it, I'd just assume you hadn't encrypted it. Mount on home server, rsync, all data present. FileVault is the way to go. – Lukasa – 2011-05-11T14:09:19.690

2Remote wipe would depend on you being able to contact the stolen computer. What if they don't give it a network connection? You would need to outfit it with a dead man's switch so it self-destructs if it can't contact you for N days. Seems risky. Encryption is a lot easier. – Stephen Jennings – 2011-05-11T14:45:26.520

I would also just pull the drive and immediately clone it. I also certainly wouldn't connect it to a network. – Shinrai – 2011-05-11T15:21:10.663

rm -rf works fine on Linux (if you remember to exclude /proc and /sys). It even removes itself. – user1686 – 2011-05-12T05:26:09.203

The problem with this solution is first, even if you do successfully login and delete finder, all of your files are still there and completely recoverable. Furthermore, you are assuming the stolen computer will ever connect to a network so you can execute this protection strategy. The boot-ability of your computer is irrelevant to the removal of data from it. And in fact, can serve as something of a hindrance. If you want data out of a computer it's usually much faster to remove the hard-drive and salve it to another computer.

You are much better off encrypting the hard-drive en mass ( using something like the built in, FileVault or OpenPGP) with a strong key. That, while not being a guarantee of your data security is the first step to being much safer in the event of computer loss.

zellio

Posted 2011-05-11T13:20:16.550

Reputation: 306

The scenario i'm thinking of will include an internet connection and corruption of the data is actually a very effective approach to this. A key i assume will be saved in ram or so while the machine is running, right? Also, a password promt is not what i want to be shown! – Filip Haglund – 2011-05-11T13:35:26.223

As a rule, encrypt your data if it's sensitive.

As to your 'crashing' the HDD, I don't think it's possible. However, there is a solution.

You can set up a reverse ssh session that remains in contact with a secure server of your choosing at all times (i.e., it attempts to connect to your remote server no matter what). Once it's set up and your computer gets stolen, you can ssh into your machine the next time it connects to the internet and then securely remove the

This question details how to set up a reverse ssh connection. You can then set it up as a cron job to check if there's a connection and if there isn't then connect.

Nitrodist

Posted 2011-05-11T13:20:16.550

Reputation: 1 488

To the unsuspecting thief, encrypted data might as well be corrupted data if the computer does not boot. Of course, they might attempt to re-install the OS; however, I suspect those most thieves won't want to invest that much time or effort to get a working system. There are third party remote access services, but unfortunately I'm not sure which ones are available for Macs. You might consider adding some startup apps that send an email with whatever info you collect at startup. I would like that you could get local IP, public IP (by scraping whatismyip.com), and possibly grabbing cam shots when the computer is in use. In short if your computer is unusable at boot time, it won't make it onto a network; however, if it's usable (even in a limited capacity), then you have the opportunity to collect data and possibly retrieve your equipment. Be sure to make backups of your critical data, and don't store them with your computer.

Xenoactive

Posted 2011-05-11T13:20:16.550

Reputation: 992

It might be worth watching this presentation and then install the remote tools he has on his Mac. Look at what happens to the guy who stole his computer. http://www.youtube.com/watch?v=U4oB28ksiIo

Edit: It's more a cool video than an answer. Nice to see the bad guys get their comeuppance.

I'd personally recommend Disk Encryption and Physical security to prevent your Laptop being stolen / data being stolen.
Hosing your files afterwards is trying to catch the horse once the stables been left open

Joe Taylor

Posted 2011-05-11T13:20:16.550

Reputation: 11 533

Already watched that one, it's awesome. Although it's not really the same things since at that time nobody used a NAT. The connection part i can solve i think, but how can i corrupt the data? – Filip Haglund – 2011-05-11T13:56:11.643

What happens if they start up your Mac with no network connection? Or don't start it up at all, and just yank the hard drive. – Scott – 2011-05-11T14:03:50.457

SSH in, then type diskutil list to see which device special files represent your hard drive volume(s):

/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *251.0 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:                  Apple_HFS Macintosh HD            250.7 GB   disk0s2

In this case, /dev/disk0 represents the whole boot drive, and /dev/disk0s2 represents the main volume (partition) on that drive.

Then you can probably use something old-school and simple like dd to start reading from /dev/random and writing to whatever /dev/diskX file you determined above, to write random bytes to the first blocks on disk, overwriting first the partition table, then the EFI partition, then the beginning of the HFS+J partition, which probably means you'll first be overwriting some low-level HFS+J data structures that are probably stored there. You'll likely destroy enough of these low-level structures that the disk will become unusable (without a reformat or a heroic work of recovery that most petty thieves won't be interested in doing). After a while the OS will need to read some of those blocks and probably hang or kernel panic.

Try it on a machine without any important data first to make sure it works.

Spiff

Posted 2011-05-11T13:20:16.550

Reputation: 84 656

Being able to SSH in assumes that the network firewall protecting the subnet that it comes up on allows SSH to the device. I suspect that the likelihood of this is very minimal. – Xenoactive – 2011-05-12T20:24:53.077

You'd better use FileVault instead of trying to delete your data afterwards. It's the best way to be sure that nobody will have access to your data. An operating system can always be reinstalled...

Pierre Watelet

Posted 2011-05-11T13:20:16.550

Reputation: 4 269

Have you considered FileVault? While it's not the exact solution you're asking for, it's built into MacOS and will prevent someone from accessing your data if your computer is stolen.

Go to System Preferences -> Security & Privacy -> FileVault to enable it. To get the level of security you need, you'll also need to disable the guest account, make sure that your user account has a password, and make sure that your computer prompts you for a password at boot.

Your password will be used to encrypt the FileVault key.

It won't erase your hard drive in the case of theft, but it will prevent someone from accessing your data.

Andrew Rondeau

Posted 2011-05-11T13:20:16.550

Reputation: 101

There are already three other answers suggesting FileVault. – Scott – 2013-12-13T21:04:13.493