Download & Flash

Get the WiperMax ISO and write it to your USB drive.

Download the ISO

Log in to your account and go to Download ISO in the dashboard sidebar. Your ISO is preconfigured with your account token and hardware binding — it is unique to your account.

Flash on Linux

# Find your USB device
lsblk

# Write the ISO (replace sdX with your device)
sudo dd if=wipermax-latest.iso of=/dev/sdX bs=4M status=progress && sync

Flash on Windows

Use Rufus — free, no installation needed.

1. Open Rufus and select your USB drive
2. Click SELECT and choose the WiperMax ISO
3. Leave all options at default
4. Click START → choose "Write in ISO Image mode"

Flash on macOS

# Find your USB disk
diskutil list

# Unmount and write
diskutil unmountDisk /dev/diskX
sudo dd if=wipermax-latest.iso of=/dev/rdiskX bs=4m && sync

Requirements

Component	Requirement
USB drive	8 GB minimum, USB 3.0 recommended
Target machine	x86_64, BIOS or UEFI, 2 GB RAM
Internet	Optional — only needed for cloud sync

Boot from USB

How to start WiperMax on any machine.

Opening the boot menu

Insert the USB drive and restart the machine. Press the boot menu key during startup — before the OS loads:

Manufacturer	Key
Most PCs (generic)	F12
HP	F9 or Esc
Dell	F12
Lenovo	F12 or F11
ASUS	F8 or Esc
Acer	F12

What happens on boot

1. Alpine Linux loads in ~15 seconds
2. Hardware binding verification runs automatically
3. If first boot → setup screen to configure your account
4. WiperMax interface opens in full-screen kiosk mode

First Use

What to do the first time you boot WiperMax.

First boot — account setup

If your USB was downloaded without a preconfigured account, you will see the setup screen on first boot. Enter your WiperMax account email and API token to enable cloud sync.

Your API token is available at wipermax.online → Profile & API → API Tokens.

Wiping a disk

1. WiperMax automatically detects all connected disks
2. Select the disk you want to erase
3. Enter the client company name for this job
4. Choose the erasure method (or keep the auto-selected one)
5. Tap Start erasure
6. Wait for completion — do not unplug the machine
7. Certificate is generated automatically when done

Wipe Methods

WiperMax supports four erasure standards. The correct method is selected automatically based on the drive type.

Method	Standard	Drive type	Passes
DoD 5220.22-M	US DoD	HDD	3
NIST 800-88 Purge	NIST	HDD / SSD	1
ATA Secure Erase	NIST 800-88	SSD SATA	1 (native)
Crypto Erase	NIST 800-88	SSD / NVMe	1 (native)

Auto-selection logic

Detected drive	Auto-selected method
HDD (magnetic)	DoD 5220.22-M — 3 passes
SSD SATA	ATA Crypto Erase
NVMe	NVMe Secure Erase

NIST 800-88

National Institute of Standards and Technology — Guidelines for Media Sanitization, Revision 1.

Overview

NIST 800-88 Rev.1 is the current gold standard for data sanitization, published by the US National Institute of Standards and Technology. It defines three levels: Clear, Purge, and Destroy.

WiperMax implements the Purge level, which renders data unrecoverable even with laboratory techniques.

When to use it

• SSDs and NVMe drives where overwrite passes are not effective
• When compliance with US government or enterprise standards is required
• Healthcare (HIPAA), finance (PCI-DSS), and government sectors

DoD 5220.22-M

US Department of Defense — National Industrial Security Program Operating Manual.

Overview

DoD 5220.22-M specifies a 3-pass overwrite process for magnetic media (HDDs):

1. Pass 1 — Write all zeros (0x00) to every sector
2. Pass 2 — Write all ones (0xFF) to every sector
3. Pass 3 — Write random data, then verify

When to use it

• Traditional hard disk drives (magnetic platters)
• When DoD compliance documentation is required
• Legacy equipment with spinning disks

Secure Erase

ATA Secure Erase and NVMe Format — drive-native erasure commands.

How it works

Secure Erase uses the drive's own firmware to erase every cell, including hidden areas like the Host Protected Area (HPA) and Device Configuration Overlay (DCO) that are inaccessible to software overwrites.

For NVMe drives, WiperMax uses the nvme format command with Secure Erase User Data setting.

Advantages

• Much faster than overwrite-based methods
• Erases 100% of cells including wear-leveled and remapped sectors
• Compliant with NIST 800-88 Purge level

Crypto Erase

Encryption key destruction — the fastest and most complete erasure method.

How it works

Self-encrypting drives (SEDs) encrypt all data using an internal encryption key (DEK). Crypto Erase destroys this key, rendering all stored data permanently unrecoverable — since the data can no longer be decrypted, it is effectively erased.

Requirements

The drive must be a self-encrypting drive (SED). WiperMax detects this automatically and only offers Crypto Erase when supported.

Certificate Anatomy

What every WiperMax certificate contains and why each field matters.

Certificate fields

Field	Description
Certificate number	Unique ID in format UPW-YYYYMM-NNNNN
Device brand / model	Drive manufacturer and model number
Serial number	Physical serial number of the erased drive
Storage type / size	HDD / SSD / NVMe and capacity
Method	Erasure method used
Standard	Compliance standard (NIST, DoD, etc.)
Result	SUCCESSFUL or WARNING with details
Duration	Total erasure time in seconds
SHA-256 hash	Cryptographic proof of the process
Technician	Name of the operator who performed the wipe
Client	Company name for the job
Custody chain	Timestamped log of every step
QR code	Link for instant public verification

Verification & QR

How to verify a WiperMax certificate is authentic.

QR code verification

Every certificate contains a QR code that links to the public verification page. Scanning it with any smartphone shows the certificate data stored in the WiperMax cloud — if the data matches the PDF, the certificate is authentic.

Manual verification

You can also verify manually by visiting:

https://wipermax.online/verify/[CERTIFICATE-NUMBER]

Or via the API:

GET https://api.wipermax.online/v1/certificates/verify/UPW-202605-13881

SHA-256 Hash

How WiperMax generates a deterministic, tamper-proof hash for every erasure.

What is hashed

The SHA-256 hash is computed from these fields concatenated together:

serial_number | device_model | storage_size | method | started_at | finished_at | technician | bad_sectors

Why it's deterministic

All fields are known at the time of completion and are deterministic — the same wipe under the same conditions will always produce the same hash. This means anyone with the original data can independently reproduce and verify the hash.

Custody Chain

A complete timestamped record of every step in the erasure process.

Chain steps

Step	Description
Device received	Timestamp when the device was registered for erasure
Inventory & identification	Device photographed and serial number confirmed
Erasure executed	Start and end time, duration, hash generated
Certificate issued	PDF generated and digital signature applied

Each step records the technician's name and an exact timestamp. The chain is immutable — once written, it cannot be modified without invalidating the SHA-256 hash.

USB Hardware Binding

WiperMax uses triple-factor hardware verification to ensure each USB image can only run on the original physical drive it was flashed to.

How it works

When you download a USB image from your account, WiperMax records three hardware identifiers:

Factor	Description
USB ID	A unique UUID generated at download time and embedded in the image
Hardware serial	The physical serial number of the USB chip
Filesystem UUID	The partition UUID created when the image is written

On every boot, all three are verified before WiperMax starts. If any factor does not match, the USB is blocked.

Anti-Cloning

What happens when a cloned USB is detected.

Detection

If a cloned USB is detected at boot, WiperMax:

1. Blocks the boot process immediately
2. Shows a full-screen security alert screen
3. Sends a security alert to your account (if internet is available)
4. Logs the attempt with timestamp

Replacing a lost or broken USB

Go to Dashboard → My USBs → Replace. Confirm your password to revoke the old USB and open a new download slot. The old USB will stop working immediately.

Your Account

Managing your WiperMax account.

Plans and limits

Plan	Certs/month	Technicians	Clients	USBs
Starter	10	1	1	1
Pro	200	3	Unlimited	3
Max	Unlimited	Unlimited	Unlimited	Unlimited

API tokens

API tokens are used to authenticate your USB with the WiperMax cloud. Each token is embedded in a USB image at download time. Go to Profile & API → API Tokens to create or revoke tokens.

Cloud Sync

How certificates sync from your USB to your account.

Automatic sync

Every 60 seconds, WiperMax checks for internet connectivity. When online, all pending certificates are uploaded to your account automatically — no action required.

Offline operation

If there is no internet, certificates are stored locally on the USB in a persistent partition. They will sync the next time the USB is connected to the internet.

USB Management

Managing your USB devices from your account dashboard.

Viewing registered USBs

Go to Dashboard → My USBs to see all USB devices that have synced with your account, their last sync time, and current status.

Replacing a USB

If your USB is lost, broken, or you want to use a new one:

1. Go to My USBs
2. Click Replace next to the USB you want to revoke
3. Confirm your password
4. The old USB is revoked immediately
5. Go to Download ISO to get your new image

USB limits by plan

Plan	Active USBs	Replacements/month
Starter	1	1
Pro	3	Unlimited
Max	Unlimited	Unlimited

Client Companies

Organizing certificates by client.

Adding clients

Go to Dashboard → Clients → New client. Add the company name, tax ID, and contact. Once created, the client appears in the USB interface when starting a new wipe job.

Filtering by client

In the dashboard, click on any client card to see all certificates for that company. You can export them as a PDF report for compliance audits.

API Authentication

How to authenticate with the WiperMax REST API. Available on the Max plan.

Getting your API token

Go to Profile & API → API Tokens → New token. Copy the token — it is only shown once.

Using the token

Authorization: Bearer wm_live_xxxxxxxxxxxxxxxxxxxxxxxx

Base URL

https://api.wipermax.online

Login

POST /v1/auth/login
Content-Type: application/json

{
  "email": "you@company.com",
  "password": "your-password"
}

API — Certificates

Endpoints for managing and querying certificates.

List certificates

GET /v1/certificates?page=1&per_page=20&client_id=xxx
Authorization: Bearer wm_live_xxx

Get single certificate

GET /v1/certificates/{cert_number}
Authorization: Bearer wm_live_xxx

Public verification (no auth)

GET /v1/certificates/verify/{cert_number}

Download PDF

GET /v1/certificates/{cert_number}/pdf
Authorization: Bearer wm_live_xxx

Response example

{
  "cert_number": "UPW-202605-13881",
  "device_model": "Samsung SSD 860 EVO",
  "serial_number": "S4EBNX0M123456",
  "method": "ATA Crypto Erase",
  "standard": "NIST 800-88 Rev.1",
  "result": "EXITOSO — 100%",
  "hash_sha256": "a3f9c14d8e2b...",
  "technician_name": "Juan Pérez",
  "client_name": "Tech Corp Argentina",
  "wiped_at": "12/05/2026 14:32"
}

API — Webhooks

Receive real-time notifications when certificates are created or USBs sync.

Available events

Event	Description
certificate.created	New certificate synced from USB
usb.synced	USB device connected and synced
usb.security_alert	Cloned USB detected and blocked
subscription.upgraded	Account plan changed

Webhook payload

{
  "event": "certificate.created",
  "timestamp": "2026-05-12T14:32:00Z",
  "data": {
    "cert_number": "UPW-202605-13881",
    "client_name": "Tech Corp Argentina"
  }
}