Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 20 (Devices Files)

Welcome back, my aspiring hackers!

In recent tutorials, I have made reference to the name and location of the Linux devices in the file system, such as sda (first SATA or SCSI drive). Specifically, I have mentioned the way that Linux designates hard drives when making an image of a hard drive for forensic purposes.

Fundamental to understanding how to use and administer hard drives and other devices in Linux is an understanding of how Linux specifies these devices in its file system.

Very often, if we are using are hard drive in a hack or in forensics, we will need to specifically address its device file name. These device file names allow the device (e.g. hard drive) to interact with system software and kernel through system calls. These files are NOT device drivers, but rather rendezvous points that are used to communicate to the drivers. Linux maintains a device file for every device in the system in the /dev directory.

In this tutorial, we will examine how Linux names and interacts with the file system through the /dev directory and its files.

The /Dev Directory

The /dev directory contains all the files that represent physical peripheral devices present on the system such as disk drives, terminals, and printers. The /dev directory is directly below the / directory. If we navigate there, we will see an entry for all of our devices.

kali > cd /dev
kali > ls -l

Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 20 (Devices Files)

Block v. Character Devices

Linux makes a distinction between block and character devices. Character devices are those that stream data into and out of the machine unbuffered and directly. These would include your keyboard, mouse, tape, and monitor. Because the data is unbuffered, it tends to be a slow process.

On the other hand, block devices are those that stream data into and out of the machine in buffered blocks. These include such devices as hard drives, CDs, DVDs, floppies, flash drives, etc. This data transfer tends to be much faster.

Notice in the long listing of the /dev directory that some files begin with a “c” and some with a “b”. Character devices begin a with “c ” and block devices begin with a “b”.

Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 20 (Devices Files)

You will notice in the third line of the /dev directory listing that there is directory named “block”. Let’s navigate there and do a long list.

kali > cd /block
kali > ls -l

Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 20 (Devices Files)

Here we see a listing of all the block devices. In the first line we see sr0; that would be the first CD-ROM (Linux tends to begin counting at 0, not 1). Near the bottom, we see sda, sda1, sda2, sda5 (yours may be different), where sda1 represents the first primary partition on the SATA drive, and sda2 represents the second primary partition on the SAME drive.

Naming Conventions of Devices in Linux

Originally, hard drives were two types, IDE or SCSI. IDE (or later, E-IDE) was designed as a low cost alternative for low cost PCs. They were relatively slow and only allowed four devices per machine. In addition, they had to be configured in a master and slave configuration. Each master and slave combination had one cable and controller.

A faster, but more expensive alternative was the SCSI (Small Computer System Interface) drive. SCSI drives were (are) faster and pricier. Besides their speed advantage, they did not need a master/slave configuration, but rather were configured with a controller and a series of devices up to 15.

Linux would designate IDE hard drives with an hd and SCSI hard drives with an sd. In recent years, with the development and proliferation of SATA drives, we see that Linux designates these drives with sd, just like SCSI drives.

The first IDE drive was designated with an hda, the second hdb, the third hdc, and so on. The same happens with SCSI and now SATA drives; the first is designated with sda, the second sdb, the third sdc, and so on.

Some other devices files include:

  • /dev/usb – USB devices
  • /dev/lp – parallel port printer
  • /dev/tty – local terminal
  • /dev/fd – floppy drive (does anyone still use floppies)

Logical vs. Physical Partitions of Hard Drives

Linux is able to recognize four (4) primary hard drive partitions per operating system. This doesn’t limit us to four hard drives or four partitions as we can also use logical or extended partitions. We can have up to 15 logical or extended partitions per disk and each of these partitions acts as its own hard drive and operates just as fast as a primary partition.

The first primary partition in Linux with a SATA drive would be sda1, the second sda2, the third sda3, and the fourth sda4. Beyond these primary partitions, we can still partition the drive, but they are now logical partitions. The first logical partition would be sda5 with a SATA drive. This can then be followed by 14 more logical drives, if needed, with the last logical drive on the first SATA drive being sda19 (4 primary and 15 logical partitions).

In Linux, we generally have a separate partition for swap space. Swap space is that area of the hard drive that is used as virtual memory. This means that when we run out of memory (RAM) for a particular process or application, the operating system will then use this hard drive space as if it were RAM, but obviously, much slower (about 1,000x slower).

Special Devices

Linux has a number of special device files. This is a list of a few of the most important special device files.


Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 20 (Devices Files)

This device is a data sink or “bit bucket”. It makes data disappear. If you redirect output to this device it will disappear. If you read from /dev/null, you will get a null string. If I wanted to wipe a drive clean, deleting all the data, I could use:

dd if=/dev/null of=/dev/sda

This device can be used as an input file to provide as many null bytes (0×00) as necessary. It is often used to initialize a file or hard drive.

/dev/ full

This device is a special file that always returns the “device full” error. Usually, it is used to test how a program reacts to a “disk full” error. It is also able to provide an infinite number of null byte characters to any process for testing.


This device can be used as an input to fill a file or partition with random, or more precisely, pseudo-random data. I might use this to overwrite a file or partition to make it much harder to recover deleted files by a forensic investigator.

It’s almost impossible to remove evidence of a file from recovery by a skilled forensic investigator with unlimited time and money. Since few forensic investigators have the skill or the time or the money, this technique will inhibit most forensic investigations.

To do this, we can use the dd command. For instance:

dd if=/dev/random of=evidencefile bs=1 count=1024

I hope this sheds some light on this relatively foreign conceptnative to Linuxthat Windows users often struggle with. For more guides on Linux, check out all of my past Linux Basics guides, and keep a lookout for more to come.

Supreme Court Rules on Police Cell Phone Searches

Your constitutional right to privacy cannot be violated by police, so ruled the United States Supreme Court in a unanimous decision on two cases from California and Massachusettsa major ruling for privacy advocates worldwide. “We cannot deny that our decision today will have an impact on the ability of law enforcement to combat crime,” Chief Justice John Roberts wrote for the court Continue reading

Hack Like a Pro: Exploring Metasploit Auxiliary Modules (FTP Fuzzing)

Welcome back, my hacker novitiates! In previous guides, we have used one of the most powerful hacking platforms on the planet, Metasploit, to perform numerous hacks. They ranged from exploiting Windows XP and Windows 7/8 vulnerabilities, to installing a keylogger and turning on a webcam remotely. We have even been able to save the world from nuclear annihilation, see if our girlfriend is cheating, spy on suspicious neighbors, evade antivirus detection, and more. Continue reading

Hack Like a Pro: The Basics of the Hexadecimal System

Welcome back, my novice hackers! It has become clear from some of your questions that quite a few of you are unfamiliar with the hexadecimal system or simply, hex. The hexadecimal system is used throughout computing and if you have never studied this Base16 numering system, it may appear relatively opaque Continue reading

Get Ready to Send Scents Through Text

Admit it, since childhood you’ve thought to yourself, “When oh when will they finally make Smell-o-vision” And while that technology hasn’t yet made it to our living rooms, we may soon be a step closer towards that particular American dream with the oPhone. // The oPhone uses its iOS companion app to send photos and scent profiles to a contact’s device and “scent station”, which is capable of mimicking 32 separate scents to allow for over 300,000 different combinations. This would be a great idea for long-distance couplesI know I could get my SO to my place much faster if I send him the smell of my cinnamon rolls along with an image of them. Continue reading

The 3D-Viewing, Gesture-Controlled Amazon Fire Phone Has Arrived

The long rumored and recently leaked Amazon phone has finally been unveiled, and in the interest of branding, continues down the Fire linethe Amazon Fire Phone. You can check out the full reveal here (warning: it’s long), but I’ll take you through all the features that sets this device apart from the rest Continue reading

T-Mobile Announces Free Music Streaming, New "Test Drive" Program

T-Mobile continues to make waves in the U.S. wireless market behind CEO John Legere’s UnCarrier program. As the latest installment in a series of industry-challenging announcements, Uncarrier 5.0 unveiled Test Drive Continue reading

The Finnish-Made Jolla Phone with Sailfish OS That Runs Android Apps

Say “hola!” to the independent Finnish phone company, Jolla, and its new eponymous smartphone of the same name. Please enable JavaScript to watch this video.// Now, if you’re an American who is interested in this phone, there is a bit of tough luck there. Continue reading

How to Use Slingshot, Facebook’s New Snapchat Competitor

It looks like Snapchat, it feels like Snapchat, but after using it for a few minutes, you realize there is a huge difference between Facebook’s new Slingshot app and the Snapchat we’ve all grown so accustomed to. // Unlike Snapchat, Slingshot facilitates reciprocation among users. Personally, all the Snapchats I receive are unrequited, and I never send a picture back or even bother to respond. Continue reading

Hack Like a Pro: Digital Forensics Using Kali, Part 2 (Acquiring a Hard Drive Image for Analysis)

Welcome back, my aspiring hackersand even those who want to catch my aspiring hackers. As most of you know, this series on digital forensics is inspired by the motivation to keep all of you all out of custody. The more you know about the techniques used by law enforcement and forensic investigators, the better you can evade them Continue reading