PIWIPE Windows — User Guide

Overview 🛡️

What is PIWIPE Windows?

Enterprise device erasure and certification platform

PIWIPE Windows is an enterprise data erasure and certification platform designed for second-hand device dealers, IT service companies, and corporate IT departments. It performs industrial-grade erasure on Android phones, iPhones, and HDD/SSD drives — all from a single interface — and generates legally defensible PDF certificates for every wipe operation.

What Does It Do?

PIWIPE ensures that personal data on devices is irreversibly destroyed and fully documented, helping organisations meet GDPR, KVKK, and corporate data disposal policy requirements.

Category	Supported Devices	Methods
📱 Phone / Tablet	Android, iPhone / iPad	Factory reset, NIST 800-88, secure wipe, iTunes restore
💾 HDD / SSD	SATA, NVMe, SAS/SCSI, USB-connected drives	DoD 5220.22-M, NIST 800-88, Gutmann (35 passes), Zero-fill

Key Features

Automatic PDF Certificate — Signed certificate with device details, method, timestamp, and operator info generated after every wipe
QR Code Verification — Customers scan the QR code on the certificate to instantly verify the wipe online
Credit-Based Licensing — Each wipe consumes 1 credit; pay only for what you use
Cloud Sync — All reports stored in Firebase, accessible from the web panel
Digital Signature (PFX) — Cryptographic signatures on PDF certificates, verifiable in Adobe Reader
Parts Verification & Diagnostics — Automated testing of device components (screen, battery, camera, sensors, etc.); results recorded on the certificate
Multilingual — Turkish and English interface

Who Uses It?

User Type	Typical Use Case
Second-hand device resellers	Wipe purchased devices and provide certificates to buyers
IT service companies	Generate data erasure records for corporate device refresh projects
Corporate IT departments	GDPR/KVKK-compliant disposal records for decommissioned hardware
Data destruction firms	Certified workflow for bulk phone and disk wiping services

Quick Start

If you're new, start with Chapter 01 — Setup & Login. If already installed, jump straight to Chapter 03 (phones) or Chapter 04 (disks). For certificate and QR verification details, see Chapter 05.

Chapter 01 🚀

Setup & Login

System requirements, installation, first login and interface overview

This chapter covers everything you need to get PIWIPE Windows running for the first time — from verifying system requirements and installing the application, to signing in and familiarising yourself with the main interface.

1.1 System Requirements

Component	Minimum	Recommended
Operating System	Windows 10 64-bit (1903+)	Windows 11
RAM	4 GB	8 GB+
Disk Space	500 MB free	2 GB+
USB	USB 2.0	USB 3.0+ (faster wiping)
Internet	Required (Firebase)	—
Account privileges	Administrator	—
.NET / VC++	Visual C++ 2015–2022 Redistributable	Installer handles automatically

🔒

Administrator privileges are mandatory

Raw disk access, ADB communication and SMART queries all require the application to run as administrator. A UAC prompt appears on every launch — this cannot be bypassed.

USB Driver Requirements

For Android devices, a manufacturer USB driver must be installed on the PC:

Brand	Driver Package	Source
Samsung	Samsung USB Driver for Mobile Phones	samsung.com/global/galaxy/apps/kies
Xiaomi / MIUI	Xiaomi USB Driver	miui.com/getmiui
Huawei	HiSuite USB Driver	consumer.huawei.com/en/support
Other	Google USB Driver (generic)	developer.android.com/studio/run/win-usb

For iPhone, iTunes or the Apple Devices app (Microsoft Store) must be installed — it includes the Apple USB driver.

1.2 Installation Steps

1

Run the installer

Double-click PIWIPE_Setup_x.x.x.exe. If Windows SmartScreen appears, click "Run anyway". Confirm the UAC prompt.
2

Visual C++ Runtime

The installer automatically installs VC++ 2015–2022 Redistributable. If it is already present, this step is silently skipped.
3

Choose installation directory

Default: C:\Program Files\PIWIPE Windows\. Changing this is not recommended. Click Next to continue.
4

Complete and launch

A desktop shortcut is created. On first launch, right-click → Run as administrator.

💡

Skip "Run as administrator" every time

Right-click the shortcut → Properties → Shortcut → Advanced → check "Run as administrator". PIWIPE will always start with admin privileges on double-click from then on.

1.3 First Login and License Activation

The login screen appears when the application starts. Sign in with your ProİMHA account (email + password).

1

Sign in

Enter your email and password. If you don't have an account, one can be created at piwipe.com or via an invitation from your organization administrator.
2

License and credit check

License status and remaining credits are fetched automatically from Firebase. A warning displays if the license is expired or credits are insufficient.
3

Complete company information

On first use, go to Settings → Company Info and fill in your details. This information appears in the header of all generated PDF reports.

1.4 Interface Overview

🖥️

Top Bar

Application name, company name, language selector (TR / EN), credit balance, Reports button, Help (?) and Settings icon. Credit balance updates automatically after each operation.

📋

Left Panel — Device List

Connected Android / iPhone devices and disks are listed. Each card shows the device name, model, capacity and status. An animated progress indicator plays while a wipe is in progress.

🔍

Right Panel — Device Details

Detailed information about the selected device: IMEI / serial number, battery health, storage, SMART data (for disks), wipe method selection and the Start Wipe button.

📊

Reports Screen

All completed wipe certificates are listed here. PDF viewing, local export, ZIP bulk export and cloud re-upload operations are performed from this screen.

Chapter 02 💳

Credit System

What are credits, package options, payment methods and credit management

PIWIPE operates on a credit-based model. One credit is consumed per successful wipe operation (phone or disk). This chapter explains how to purchase credits, payment options, and what to do when credits run out.

2.1 What Are Credits?

PIWIPE deducts 1 credit after each successfully completed wipe. A credit check is performed before every operation — if the balance is zero, wiping cannot be started and a warning screen is shown.

ℹ️

Credit consumption rules

Phone wipe → 1 credit
Disk wipe → 1 credit
Failed operation (error, disconnection, cancelled) → 0 credits deducted
The mobile app and the Windows app share the same credit pool.

2.2 Credit Packages and Pricing

Package	Credits	Price (USD)	Per Credit	Discount
Starter	10	$89.99	$9.00	—
Business	50	$399.99	$8.00	11% off
Enterprise	100	$749.99	$7.50	17% off

For high-volume use, the Enterprise package offers the best value. For custom volume pricing, contact info@piwipe.com.

2.3 Payment Methods

Card Payment (PayTR)

1

Open the credit request screen

Click the credit indicator in the top bar, or navigate to Reports → Add Credits.
2

Select a package and pay

Click Pay by Card. You are redirected to the PayTR secure payment page. Once payment is complete, credits are loaded to your account automatically.

Bank Transfer / Wire

Transfer the exact amount to the IBAN below and include your registered email address in the payment description. Credits are loaded manually after verification (during business hours, typically same day).

Currency	IBAN	SWIFT / BIC
TRY	`TR76 0015 7000 0000 0071 3821 17`	ENASTRISXXX
USD	`TR04 0015 7000 0000 0098 2549 35`	ENASTRISXXX

Account holder: Tekniknokta Bilişim Mühendislik Hizmetleri İnşaat Proje Çözümleri Ltd.Şti.

License Key Activation

If you have a license key provided by your organization administrator, enter it in Settings → License Key. Credits are added immediately upon successful activation.

2.4 Out of Credits — What To Do?

When credits reach 0, wiping is blocked and a warning screen is shown.

Fastest method: Card payment via PayTR — credits appear within minutes.
Wire transfer: Same business day if received during business hours, otherwise the next working day.
Via organization admin: Contact the PIWIPE support team — info@piwipe.com.

⚠️

Low credit warning

When remaining credits fall below 3, the app shows a yellow warning in the top bar. Top up in advance to avoid interrupting ongoing operations.

Chapter 03 📱

Phone / Tablet Wiping

Connecting Android and iPhone, method selection, progress tracking and certificate

This chapter explains how to connect each device type, which wipe standards are available, and what happens during and after the wipe process.

3.1 Connecting an Android Device

Enable USB Debugging

1

Open Developer Options

Go to Settings → About Phone → Build Number and tap it 7 times in a row until you see "You are now a developer".
2

Enable USB Debugging

Go to Settings → Developer Options → USB Debugging and toggle it on.
3

Connect and trust

Connect the device via USB. When the "Allow USB debugging / Trust this computer" dialog appears on the phone, tap Allow and check "Always allow from this computer".

ℹ️

Manufacturer USB driver

For Samsung, Xiaomi and Huawei devices, the generic Windows USB driver may be insufficient. If the device is not recognized, install the USB driver from the manufacturer's website (see Chapter 1 — System Requirements table). See also Chapter 8 — FAQ for connection troubleshooting.

3.2 Connecting an iPhone

The Apple USB driver must be present on the system (installed with iTunes or the Apple Devices app).

1

Install iTunes or Apple Devices

Install the Apple Devices app from the Microsoft Store (recommended), or download iTunes from apple.com/itunes. Either option installs the required Apple USB driver.
2

Unlock iPhone and connect

Unlock the device with your passcode, then connect via USB. A "Trust This Computer" prompt appears on-screen — tap Trust and enter your passcode to confirm.
3

Pairing complete

PIWIPE creates a pairing file. Once done, the iPhone appears in the left panel. Keep the device unlocked throughout the session.

3.3 iPhone Parts Verification

When an iPhone is selected in the left panel, a Parts Verification table appears automatically in the right panel. The original factory-recorded serial numbers stored on the device are compared against the serial numbers currently read from each component — revealing which parts may have been replaced.

Checked Components

Component	Result	Meaning
Battery	Original Possibly Replaced —	Factory and current serial numbers match Factory and current serial numbers differ — component may have been replaced Factory data not found on device
Screen
Front Camera
Rear Camera
Touch ID / Face ID

ℹ️

Touch ID and Face ID

The biometric sensor row covers both Touch ID (Home button fingerprint reader) and Face ID (TrueDepth camera array), depending on the device model. PIWIPE reads the biometric serial number via MobileGestalt — the same internal interface Apple uses — to determine whether the sensor has been swapped since the device left the factory.

ℹ️

Where does the factory data come from?

Apple writes component serial numbers into the device's internal memory (SysCfg) at the factory. PIWIPE reads this data via libimobiledevice and compares it against the serial numbers currently reported by each component. The device must be paired (trusted) with the computer for this to work.

Reading the Results Table

The parts verification table shows three columns for each component:

Column	Description
Factory SN	The original serial number written to SysCfg memory at the time of manufacture.
Current SN	The serial number currently reported by the component over the device's internal bus.
Result	Original when they match, Possibly Replaced when they differ, — when factory data is absent.

⚡

iOS 15.2+ Swap Flags

On devices running iOS 15.2 or later, Apple exposes additional hardware flags (HasBatteryBeenSwapped, HasDisplayBeenSwapped, HasFrontCameraBeenSwapped, HasRearCameraBeenSwapped, HasBiometricBeenSwapped). PIWIPE reads these flags alongside the serial-number comparison. If a flag reports a swap even when serial numbers are identical, the component is still shown as Possibly Replaced.

⚠️

When parts verification is unavailable

If the device has not yet been trusted (the "Trust This Computer" prompt was dismissed, or the device is locked), PIWIPE cannot read component data. In this case, all rows in the table show — and no result is recorded. Connect the device, tap Trust on the iPhone, and wait for PIWIPE to refresh.

What Does "Possibly Replaced" Mean?

When a component shows Possibly Replaced, it indicates that the component may have been changed since the device left the factory. Common reasons include:

Repair performed by an unauthorised (non-Apple) service provider
Component swapped by the user
Repair at an Apple Authorised Service Centre (in some cases the factory record may not be updated)

In second-hand device buyback workflows, this result can serve as a signal to inspect the device more closely and apply a price adjustment accordingly.

⚠️

Important note

A "Possibly Replaced" result is not definitive proof of replacement — repairs performed outside an Apple Authorised Service Provider do not update the factory record, which can trigger this status. Results are informational only. All parts verification data is included in the certificate PDF.

🔔

Warning banner

If one or more components are Possibly Replaced, a yellow warning banner is displayed at the top of the right panel as long as the device remains selected. This acts as a quick visual alert so technicians processing multiple devices do not overlook a flagged component.

Certificate Integration

The detected status of each component (Original / Possibly Replaced / Unknown) is automatically included in the PDF certificate. This is especially valuable for second-hand device buyback companies: the component history can be documented at the time of purchase and delivered to the customer as a legally valid, auditable report.

3.4 Wipe Method Comparison

After selecting a device in the left panel, choose a wipe standard from the right panel before starting.

Method	Passes	Security	Speed	Android	iPhone
Quick Wipe	1 (zero fill)	Basic	Very Fast	✓	✗
NIST SP 800-88	1 + verify	High	Fast	✓	✓
DoD 5220.22-M	3 passes	Very High	Medium	✓	✓
Secure Wipe	7 (Gutmann)	Maximum	Slow	✓	✓

ℹ️

iPhone hardware encryption note

Because iOS hardware encryption is always active, a factory reset combined with cryptographic key erasure is sufficient in a single pass. NIST SP 800-88 covers this operation and is the recommended standard for iPhones.

3.5 Progress Tracking and Certificate

Once the wipe starts, the phases appear in the right panel in real time:

Phase	Description
Preparation	Device information gathered (IMEI, model, serial number, battery status).
Wiping	Data erasure running per the selected standard. Progress % shown.
Verification	Written data read back and verified (NIST / DoD / Secure Wipe only).
Shutdown	Android device is safely powered off (ADB shutdown command).
Certificate	PDF certificate generated and saved automatically.

⚠️

Do not disconnect during wiping

Unplugging the USB cable while a wipe is in progress will abort the operation. Credits consumed up to that point are not refunded and the operation must be restarted from the beginning.

✅

Certificate ID format

Each certificate receives a unique ID in PW-YYYY-XXXXX format (e.g. PW-2026-00142). This ID appears on the QR code and the PDF report, and can be used for independent verification at piwipe-phone.web.app/verify/<ID>.

3.6 Estimated Wipe Times

Times vary by device type, storage capacity and selected standard. The values below are approximate estimates for typical conditions.

Device	Storage	NIST SP 800-88	DoD 5220.22-M
iPhone Cryptographic erase	All models	~2 minutes — independent of storage size
Android ADB + factory reset	32 GB	~15 min	~40 min
	64 GB	~29 min	~1 hr 20 min
	128 GB	~56 min	~2 hr 40 min
	256 GB	~1 hr 50 min	~5 hr 20 min

ℹ️

Why is iPhone so fast?

iOS devices have hardware encryption always active, so PIWIPE only needs to destroy the cryptographic key. This completes in seconds regardless of storage size, after which the device performs a factory reset. All data becomes permanently inaccessible.

⚠️

Why can Android wipes take longer?

Android wipes run over ADB (~40 MB/s). A USB 2.0 cable, a low-quality adapter or a busy USB hub will reduce write speed and may exceed the estimated time. A USB 3.0 cable with a direct connection to the computer is recommended.

Chapter 04 💿

Disk Wiping

Detecting disks, reading SMART health data, wipe standards and system disk protection

PIWIPE Windows can wipe internal and external hard drives, SSDs, USB flash drives and memory cards. Disks are detected automatically via WMI. This chapter covers disk detection, interpreting SMART health data, and selecting the right wipe standard for your compliance requirements.

4.1 Connecting and Detecting Disks

PIWIPE uses WMI (Windows Management Instrumentation) to scan for disks. Disks already connected when the app starts are detected immediately; newly plugged-in disks appear in the left panel within a few seconds.

Supported Disk Interfaces

Interface / Type	Coverage	Notes
SATA	HDD and SSD	Most common internal interface; all wipe standards supported
PATA / IDE	Legacy HDDs and optical drives	Supported on older systems; SMART support may be limited
NVMe	M.2, PCIe SSD	NVMe Sanitize command supported; fastest wipe method
M.2	SATA or NVMe protocol	Form factor only — processed as SATA or NVMe based on protocol
PCIe / PCI	Add-in card SSD	PCIe SSDs accessed via NVMe are fully supported
SAS / SCSI	Enterprise HDD and SSD	Includes SAS-SSD; typically found in server environments
SED Self-Encrypting Drive	AES hardware-encrypted disks	Crypto Erase supported — encryption key is destroyed, rendering all data permanently inaccessible
USB	Flash drives, external HDD/SSD	Auto-detected on plug-in; USB 3.0+ recommended
Fusion Drive	Apple HDD + SSD hybrid	HDD and SSD components appear as separate drives and can be wiped individually
Memory Card	SD, microSD etc.	Detected via card reader or USB adapter as a standard disk

Detection by Connection Method

Disk Type	Connection	Notes
Internal SATA / NVMe / SAS	Auto-detected on startup	System disk marked in red — cannot be wiped
External HDD / SSD	USB adapter (detected on plug-in)	Use USB 3.0 for faster speeds
USB Flash Drive	Direct USB	Detected within seconds of connection
Memory Card	Card reader or USB adapter	Appears as a standard removable disk

🔒

System disk protection

The disk containing Windows (typically the disk with drive C:) is permanently marked in red and the Wipe button is disabled. This lock cannot be overridden. Always verify the disk name and capacity before each wipe operation — selecting the wrong disk results in permanent data loss.

4.2 Reading and Interpreting SMART Data

When a disk is selected, SMART (Self-Monitoring, Analysis and Reporting Technology) data is displayed in the right panel. These values reflect the disk's health and usage history.

Parameter	Description	Interpretation
Health %	Overall health score (0–100)	70%+ Good 30–70% Caution <30% Critical
Temperature	Current disk temperature (°C)	Normal: 30–55°C. Above 60°C is an overheating risk.
Power-On Hours	Total cumulative uptime (hours)	20,000+ hours warrants attention for HDDs.
Reallocated Sectors	Bad sectors remapped to spare areas	0 is ideal. Any value >0 may indicate physical degradation.
Wear Level (SSD)	NAND flash cell lifetime consumed (%)	Only shown for SSDs. 0% = completely worn out.

⚠️

Wipe risk on degraded disks

If health is below 30% or the reallocated sector count is elevated, the wipe may fail during the verification phase. You may start the operation, but errors are possible. All SMART values at the time of wiping are included in the generated PDF certificate.

4.3 Disk Wipe Standards

Standard	Passes	Method	Verification	Recommended Use
Quick Wipe	1	Zero fill (0x00)	No	Fast cleanup, non-sensitive data
NIST SP 800-88	1	Zero fill + read-verify	Yes	Corporate standard; required when a destruction certificate is needed
DoD 5220.22-M	3	0x00 → 0xFF → Random + verify	Yes	Government, military and financial sector requirements
Secure Wipe (Gutmann)	7	35-pass Gutmann method	Yes	Maximum security; highly sensitive or classified data
NVMe Sanitize	—	Hardware Sanitize / Block Erase command	Internal	Most reliable method for NVMe SSDs — recommended when supported

What Is NVMe Sanitize?

On SSDs supporting the NVMe protocol, PIWIPE issues a hardware-level Sanitize command to the disk controller. This erases all NAND cells — including reserved areas, wear-levelling cells and over-provisioned space inaccessible to software. It is more thorough than software-based methods and typically faster. If the disk does not support the Sanitize command, PIWIPE automatically falls back to NIST SP 800-88 and notes this in the certificate.

Detection and Erasure of Hidden Disk Areas

Beyond the standard wipe pass, PIWIPE detects and clears three hidden areas that could otherwise prevent full disk coverage:

Area	Description	Risk
HPA Host Protected Area	A reserved region hidden from the operating system by the disk manufacturer or BIOS. Recovery partitions, factory tools, or malware can be stored here and survive a standard wipe.	Medium
DCO Device Configuration Overlay	A hardware layer used to mask the disk's true capacity and supported commands. When active, the disk appears smaller than it really is — hidden sectors can be left untouched by a wipe.	High
Remapped Sectors Reallocated Sectors	The disk controller replaces failing sectors with spare cells. Standard write commands cannot reach the retired sectors, leaving their data intact.	Medium

Before wiping begins, PIWIPE queries the disk via ATA commands to detect HPA and DCO; if found, they are removed so the wipe covers the disk's true capacity. For remapped sectors, the Reallocated Sector Count value is read from SMART data and recorded in the certificate.

💡

Choosing the right standard

For most corporate environments, NIST SP 800-88 is sufficient and provides a legally-backed destruction certificate at reasonable speed. For ISO 27001 / GDPR compliance, NIST or DoD is recommended. For NVMe SSDs, choose NVMe Sanitize when available — it is both faster and more complete.

4.4 Estimated Wipe Times

The times below are calculated by the application's estimation engine. Actual duration may vary depending on disk health, system load and hardware.

Disk Type	Capacity	Fast Wipe	NIST SP 800-88	DoD 5220.22-M
NVMe SSD ~500 MB/s · ~30 GB/min	512 GB	~11 min	~21 min	~55 min
NVMe SSD ~500 MB/s · ~30 GB/min	1 TB	~21 min	~40 min	~1 hr 50 min
SATA SSD ~320 MB/s · ~19 GB/min	512 GB	~17 min	~32 min	~1 hr 25 min
SATA SSD ~320 MB/s · ~19 GB/min	1 TB	~33 min	~62 min	~2 hr 50 min
Internal HDD ~95 MB/s · ~6 GB/min	500 GB	~54 min	~1 hr 43 min	~5 hr
	1 TB	~1 hr 48 min	~3 hr 26 min	~10 hr 40 min
	2 TB	~3 hr 36 min	~6 hr 52 min	~21 hr
External HDD (USB) ~60 MB/s · ~3.6 GB/min	1 TB	~3 hr	~6 hr 10 min	~18 hr 30 min
External HDD (USB) ~60 MB/s · ~3.6 GB/min	2 TB	~6 hr	~12 hr 20 min	~37 hr
USB Flash Drive ~18 MB/s · ~1 GB/min	32 GB	~32 min	~42 min	~1 hr 45 min
	64 GB	~62 min	~83 min	~3 hr 25 min
	128 GB	~2 hr 4 min	~2 hr 45 min	~6 hr 50 min

⏱️

How are estimates calculated?

The application estimates write speed based on disk type, interface and capacity. Startup delay, verification time and system overhead are added as multiplier factors. For NVMe drives, 500 MB/s average is used to account for SLC cache exhaustion during a full-drive write. Real-world times may differ by ±20% from the values shown here.

Chapter 05 📄

Certificates & PDF Reports

PDF structure, QR verification, SHA-256 hash, digital signature and bulk export

Every successful wipe automatically produces a legally-backed data destruction certificate. This chapter describes the structure of the PDF report, how to verify its authenticity, how digital signatures work, and how to export certificates in bulk.

5.1 Automatic Certificate Generation

No manual steps are required. When a wipe completes successfully, PIWIPE:

Writes a certificate record to Firestore (wipe_reports/{certId} for phones, wipe_sessions/{certId} for disks).
Generates a PDF report and saves it to Documents\PIWIPE\DD.MM.YYYY\.
Uploads a backup copy to Firebase Storage.
Deducts 1 credit from the account.

PDF Report Structure

Page	Content
Page 1	Company name and logo · Device info (model, serial no, IMEI) · Wipe standard · Start / end date and time · Wipe phase statuses · SMART data (disks only) · SHA-256 integrity hash · QR verification code · Certificate ID
Page 2	Legal liability statement · Digital signature block (when enabled) · Operator and authorized person name

5.2 QR Code Verification

Each PDF has a QR code in the bottom-right corner. Scanning it opens:

https://piwipe-phone.web.app/verify/PW-2026-XXXXX

This verification page requires no login and can be shared with customers. It retrieves certificate data directly from Firestore and displays:

Device type (📱 Phone or 💿 Disk), brand and model
Wipe standard and completion date/time
Company name, operator and authorized person
Certificate ID and validity status
Certificate validity period (1 year from the date of issue)

ℹ️

Certificate validity period

Each certificate is valid for 1 year from its date of issue. This expiry date is shown on the QR verification page. After the period ends, the certificate is marked as "Expired" on the verification page.

⚠️

QR not working?

If Settings → Send Reports to Firebase is turned off, certificates are saved locally only and not written to Firestore. QR verification will return empty. Turn the toggle on and use the Upload to Cloud button in the Reports screen to send the certificate retroactively.

5.3 SHA-256 Integrity Hash

An integrity hash is computed for each certificate using the following inputs and printed on the PDF:

SHA-256( certId + IMEI/SerialNumber + endTime )

This hash can be used to independently verify that the report has not been tampered with. Any modification to the document will produce a different hash.

5.4 Digital Signature (PKCS#7 / PFX)

When Settings → Digital Signature is enabled, a PKCS#7 detached signature is embedded in the PDF.

Adobe Acrobat Reader displays a "Signed and all signatures are valid" banner.
If no custom PFX is configured, the auto-generated default certificate is used.
For corporate use, load your own PFX file via Settings → Custom PFX (see Chapter 6).

SHA-256 Hash vs. Digital Signature — What's the Difference?

PIWIPE certificates use two separate security layers. They are different technologies and complement each other.

SHA-256 Verification Hash (Server-Side)

For each certificate, when erasure completes, critical data (device info, standard, start/end time, result) is combined and converted into a single hash string using the SHA-256 algorithm. This hash is both written into the PDF and saved to the certificates collection in Firestore.

How verification works: When the QR code or verify link on the certificate is opened, the system compares the hash in the PDF with the hash in Firestore. If they match, the certificate is authentic.
What it proves: That the certificate data (date, device, result) has not been altered since it was created. If someone edits the PDF and changes a date or result, the hash won't match.
Limitation: Requires an internet connection — a query is made to the server.
Analogy: The reference number on a bank statement — authenticity is verified by comparing it against bank records.

💡

Why SHA-256 Hash?

When erasure completes, device info, standard, timestamp and result are combined into a single SHA-256 fingerprint stored on the server. If any data is altered (date, device, result), the hash won't match — immediately detected on the verification page. Even if someone deletes the PDF and creates a new one, the server-side hash remains unchanged.

PKCS#7 Digital Signature (File-Side)

The entire PDF file is cryptographically signed using the private key from the PFX certificate. This signature is embedded inside the PDF's internal structure and cannot be separated from the file.

How verification works: Adobe Acrobat, Foxit, or any standard PDF reader automatically verifies the signature when the file is opened. If the signature is valid, a green banner is shown at the top.
What it proves: That not even a single byte of the PDF file has been changed since it was signed. The file itself is portable proof — it can be verified without connecting to any server.
Limitation: If the certificate is self-signed, Adobe may show "signature valid but not trusted." This warning disappears with a CA-issued certificate.
Analogy: A notary seal — the seal is on the document itself; authenticity can be determined without visiting the notary.

🔒

Why PKCS#7 Digital Signature?

The entire PDF is signed with a private key and the signature is embedded directly in the file. If even a single byte changes, Adobe Reader shows "Signature invalid". No internet connection needed — integrity is proven wherever the file is opened.

Side-by-Side Comparison

	SHA-256 Verification Hash	PKCS#7 Digital Signature
Where stored	Inside PDF + Firestore server	Inside the PDF file only
Verification method	Web browser (verify page or QR code)	PDF reader (Adobe Acrobat, Foxit)
Internet required	Yes	No — the file is self-contained
What it protects	Certificate data (date, device, result)	The entire PDF file
Who can verify	Anyone (via QR code / link)	Anyone with a PDF reader

✅

Why use both together?

The SHA-256 hash catches data manipulation — even if someone deletes the PDF and generates a new one, the hash won't match because the server-side hash is unchanged. PKCS#7 protects from the opposite angle — it guards the file itself, without needing the server. Together they provide both online and offline tamper-proof verification.

5.5 Bulk Report Export

In the Reports screen, select multiple certificates with checkboxes for bulk operations:

Action	Description
Bulk PDF copy	PDFs of all selected certificates are copied to a local folder you choose.
ZIP export	All selected PDFs are packed into a single `.zip` archive.
Date filter	Narrow the list by selecting a start and end date range.
Type filter	Show only phone certificates, only disk certificates, or all.
Standard filter	Filter by wipe method (NIST / DoD / Secure Wipe / etc.).

Reports screen — filtering and bulk export

Chapter 06 ⚙️

Settings

Company profile, logo, digital signature PFX, cloud reports and disk display options

The Settings screen is accessible from the gear icon in the top bar. This chapter covers all configurable options — from company information that appears in PDFs, to digital signature certificates, cloud report syncing, and disk visibility controls.

6.1 Company Information

This information appears in the header section of PDF reports. Filling it in accurately is important for legal validity and customer-facing documentation.

Field	Description	Required
Company Name	Displayed prominently at the top of the PDF	✓
Authorized Person	Person legally responsible for the destruction process	✓
Technician Name	Person who physically performed the operation	✓
Tax Number	For compliance and corporate invoicing	—
Phone	Contact info shown in the report footer	—
Website	Shown in the lower section of the report	—

Company Logo

1

Go to Settings → Company Info → Logo

Click the folder icon to open the file picker.
2

Select a PNG or JPG file

Recommended size: 300 × 100 px, transparent background (PNG). Oversized files are scaled automatically.
3

Save

All PDFs generated from this point on will include the logo in the top-left corner of Page 1.

6.2 Digital Signature — Custom PFX Setup

Enabling the Default Signature

Toggle Digital Signature on. The ProİMHA default certificate is used automatically — no additional configuration is needed.

Loading a Custom PFX File

1

Enable "Use Custom PFX"

In the Digital Signature card in Settings, enable the Use Custom PFX option.
2

Select the PFX file

Click the folder icon and select your .pfx or .p12 file.
3

Enter the PFX password

Type the password in the designated field. It is stored locally in encrypted form and never transmitted.
4

Save and verify

Click Save. Perform a test wipe and open the PDF in Adobe Acrobat Reader — a green signature banner confirms the certificate is working correctly.

6.3 Cloud Report Sending

Send Reports to Firebase toggle:

State	Behaviour
On (default)	Certificate data (PDF + Firestore record) is sent to Firebase. QR verification works. Accessible from the web panel.
Off	PDF is saved to local disk only. QR verification returns empty. Use in offline or network-restricted environments only.

⚠️

Compliance note

When cloud sending is off, certificates do not appear in the web panel and QR verification is unavailable. Keep this toggle on when legally-valid destruction documentation is required.

6.4 System Disk Visibility

Show system disks toggle:

State	Behaviour
Off (default)	The Windows system disk is hidden from the left panel — the list stays clean and uncluttered.
On	The system disk is listed with a red indicator. It can be viewed for informational purposes (SMART data, size) but wiping remains permanently disabled.

Chapter 07 🌐

Web Panel

piwipe-phone.web.app — certificate management, customer verification and admin panel

The PIWIPE web panel provides browser-based access to all certificates generated by your organization. It supports both internal certificate management for logged-in users, and public QR-based verification links that can be shared with customers — no account required.

7.1 Logging In to the Web Panel

https://piwipe-phone.web.app

Sign in with the same ProİMHA account used in the Windows application. All certificates are visible because both platforms share the same Firebase project.

Web panel home screen — certificate list

7.2 Certificate Search and Filtering

Filter	Description
Device name / model	Search by device name or model identifier
IMEI / Serial no.	Exact lookup using 15-digit IMEI or disk serial number
Date range	Select start and end dates to view a specific period
Wipe standard	Filter by NIST / DoD / Secure Wipe / Quick Wipe
Device type	Show phones only, disks only, or all
Certificate ID	Direct lookup using `PW-2026-XXXXX` format

7.3 Customer / Corporate Verification

Internal Use (Login Required)

A logged-in user can view all certificates generated by their organization — search, list, view details, and download PDFs.

Public Customer Verification (No Login Required)

Scan the QR code on the delivered PDF or navigate directly to:

https://piwipe-phone.web.app/verify/PW-2026-XXXXX

The page displays: device type, brand/model, wipe date, standard, company name, operator, and certificate ID. No account creation is required. Share both the PDF and this URL with your customer.

✅

Delivering certificates to corporate customers

Send the PDF report by email and include the verification URL from the QR code. The customer can verify the wipe independently from their own browser — without creating an account or installing anything.

7.4 Admin Operations

For admin operations such as creating users, assigning credits, managing licenses and accessing organization-wide reports, please contact the PIWIPE support team.

Action	Contact
Create a new user	info@piwipe.com
Assign credits to a user	info@piwipe.com
Manage licenses	info@piwipe.com

Chapter 08 🛠️

FAQ & Troubleshooting

Common issues, error messages and step-by-step solutions

This chapter covers the most common issues encountered when using PIWIPE Windows, organized by topic. Follow the numbered steps for each symptom — most issues are resolved within the first two or three steps.

8.1 ADB / Android Issues

Q Android phone is not shown in the left panel

USB Debugging enabled? — Settings → Developer Options → USB Debugging must be on.
Trust dialog confirmed? — A "Trust this computer / Allow USB debugging" dialog must have been accepted on the phone.
Try a different USB cable — Charging-only cables do not carry data. Use the original or a certified cable.
Skip USB hubs — Plug directly into a motherboard USB port rather than a hub.
Install manufacturer driver — Samsung: Samsung USB Driver · Xiaomi: MIUI USB Driver · Huawei: HiSuite. See Chapter 1 — System Requirements.
Run as administrator — ADB communication requires elevated privileges.
Check Device Manager: Win + X → Device Manager → look for yellow exclamation marks under Other Devices.

Q ADB shows "unauthorized" or "offline"

The phone is waiting for authorization. Unlock it and accept the USB trust dialog. If the dialog does not appear: Developer Options → Revoke USB debugging authorizations → unplug and reconnect the cable.

8.2 iPhone / iOS Issues

Q No "Trust" prompt when iPhone is connected

Unlock the iPhone with your passcode before plugging in the USB cable.
Ensure iTunes or Apple Devices (Microsoft Store) is installed.
If you previously tapped "Don't Trust" or removed this PC from trusted devices: Settings → General → VPN & Device Management → Reset Location & Privacy, then reconnect.
Try a different Lightning or USB-C cable — the cable may be faulty.

Q iPhone pairing completes but device doesn't appear in the list

The iPhone must remain unlocked throughout the session. Locking the screen invalidates the pairing. PIWIPE caches the pairing file at %TEMP%\piwipe_idevice. If the issue persists, delete this folder and restart the application.

8.3 Disk Detection Issues

Q A connected disk is not listed in the left panel

Check Windows Disk Management — Win + R → diskmgmt.msc. If the disk doesn't appear there either, the issue is hardware or adapter-level.
Try a different USB adapter or port — prefer USB 3.0 ports; some adapters are unreliable.
Run as administrator — WMI disk queries require elevated privileges.
Settings → Show system disks — if off (default), the Windows drive is intentionally hidden. This is expected behaviour.
Unplug and replug the disk. Disks connected while the app is running are detected within a few seconds.

Q "NVMe Sanitize not supported" warning

The disk does not support the hardware Sanitize command. PIWIPE automatically falls back to NIST SP 800-88 — the wipe still proceeds safely. The actual method used is recorded in the certificate.

8.4 Certificate and Report Issues

Q Operation completed but no certificate was created

Check internet connection — Firebase must be reachable. Once restored, re-upload from the Reports screen.
Settings → Send Reports to Firebase — is this toggle on?
Check the local folder: Documents\PIWIPE\. If the PDF is there, only cloud upload failed — use the upload button in the Reports screen.
Run as administrator — some security software may block Firebase connections from non-admin processes.

Q QR code scan returns "Certificate not found"

The certificate was not uploaded to Firestore. Find it in the Reports screen and click Upload to Cloud. If the problem persists, confirm that the cloud sending toggle is on in Settings.

8.5 Installer and Startup Errors

Q "iscc" command not recognized (installer build error)

This only affects developers building the installer — not end users. Inno Setup is installed but not on the system PATH. Use the full path:

"C:\Program Files (x86)\Inno Setup 6\iscc.exe" installer\piwipe_setup.iss

Or download Inno Setup from jrsoftware.org/isinfo.php.

Q VC++ Runtime error during installation

Uninstall the existing runtime: Win + R → appwiz.cpl → find "Microsoft Visual C++ 2015–2022 Redistributable" → Uninstall.
Re-run the PIWIPE installer — VC++ is reinstalled automatically.
If still failing, manually download the VC++ x64 Redistributable from microsoft.com.

Q UAC prompt appears on every launch

This is expected — the application manifest specifies requireAdministrator. To avoid the extra right-click step: Desktop shortcut → Properties → Shortcut → Advanced → check "Run as administrator". You will still see a UAC prompt, but it appears immediately on double-click.

Q How do I update PIWIPE Windows?

Download the new installer (PIWIPE_Setup_x.x.x.exe) and run it directly. There is no need to uninstall the old version — the new version installs over it. Settings, certificate history and license data are all preserved.

8.6 Technical Support

If your issue is not resolved by the steps above, contact support with the error message, your Windows version, and the PIWIPE version number (visible in the title bar).

Channel	Details
Email	info@piwipe.com
Web	piwipe.com

Chapter 09 📋

Activity Log

Audit trail for all wipe operations, logins and settings changes

PIWIPE Windows automatically records every significant action in a local log file. These records can be used for audit trails, troubleshooting and compliance requirements.

9.1 What Does the Activity Log Record?

The Activity Log stores timestamped entries for every important event in the application. The following event types are recorded automatically:

Event Type	When Triggered
🟢 Login	User successfully signs in to the application
⚫ Logout	User signs out of the session
🔵 Wipe Started	A disk or phone wipe operation is initiated
🟢 Wipe Complete	Wipe operation finishes successfully
🔴 Wipe Failed	An error occurs during the wipe
🟠 Wipe Cancelled	User cancels a wipe in progress
🟣 Settings Change	Company profile updated or report folder changed

9.2 How to Open the Activity Log

Click the 📋 history icon in the top bar (to the left of the language buttons). A full-screen log viewer opens.

From the log screen you can:

Search: Filter instantly by device name, user, serial number or IP address.
Type filter: Show only specific event types (e.g. only "Wipe Complete").
Refresh: Reload the latest entries without closing the screen.
Copy file path: Copy the full log file path to the clipboard.
Clear log: Permanently delete all entries (confirmation required).

9.3 Columns and Fields

Column	Description
Time	Date and time of the event (DD.MM.YYYY HH:MM:SS)
Type	Event category — shown with a coloured icon
User	Email address of the user who performed the action
IP Address	Local network IPv4 address of the machine at the time of logging
Serial No	Serial number of the relevant disk or phone (IMEI fallback for phones)
Description	Short description of the event (e.g. "Samsung SM-G991B wipe complete")
Detail	Additional info: wipe standard, capacity, changed setting value

Note: The IP address reflects the machine's current local network address (loopback and link-local addresses are excluded). If a VPN is active, the VPN interface address may appear instead.

9.4 Log File Location

Log entries are stored in a local file. Default location:

C:\PiWipe\Logs\activity_log.jsonl

The file uses JSONL (JSON Lines) format — each line is an independent JSON object. It can be read with any text editor, Excel (Data → Get Data → From JSON), or log analysis tools (e.g. jq, Notepad++).

If you have changed the report folder, the log is created under the same parent directory:

<Report Folder Parent>\Logs\activity_log.jsonl

Important: The log file is never automatically cleaned and can grow indefinitely. For long-term use it is recommended to periodically clear or archive it. Use the 🗑️ button on the Activity Log screen to clear all entries.