Test real and fake disks for bad blocks
Unmasking Fake Flash Memory
When it comes to cheap flash memory, buyers should beware. Fake flash memory often offers only a fraction of the advertised storage capacity. With no visible calibration mark, it isn't easy to discover a counterfeit. Here's a test to weed out fake disks.
Any customer in a bar who ordered a pint of beer would definitely complain to the barkeeper if their glass was only a quarter full. This kind of attempted fraud always fails in the real world because of the obvious lack of fluid in the glass, along with the high level of motivation of the consumer and the physical presence of the perpetrator.
Unfortunately, online buyers of flash storage media cannot hope for comparably favorable conditions, although their judgment is unlikely to be impaired by the effects of alcohol. Time and time again, you hear of buyers of USB flash drives and flash cards being duped by shady dealers on the Internet. It is not difficult to find media at surprisingly low prices where the storage capacity is wrongly stated, for example, on eBay [1, 2]. To protect themselves, sellers often make statements such as "the stick will store about 4GB of data."
In this article, I attempt to reveal these counterfeits by running the right tests. As test specimens, I use two Samsung Pro 128GB MicroSDXC memory cards (model MB-MG128) purchased in 2016 from two vendors on eBay.de. If you believe the label, they both should achieve up to 90MB/s read and 80MB/s write performance.
Look Closely
Starting with the original packaging shown in Figure 1, a visual inspection reveals interesting differences in the detail. In the case of the first card (shown on the right in Figure 1), the barcode sticker has a spelling mistake: The "o" in "Model" is missing (Figure 2). Also the (possibly fake) CE marking on the back of the first card – the second (shown on the left in Figure 1) does not have this marking – has for a long time been indicative of a fake [3].
According to the manufacturer, the two cards must achieve speed class 3 (U3), but the label on the first card shows that it is two classes below this. For the second card, a search with the exact model designation, model MB-MG128EU/EU, returned almost 6,000 matches, including the Samsung page with extensive technical information and the EAN 8806088133560. The first card, model MB-MG128D/EU, returned only one match on the website of a Polish vendor.
Reading the Registers
The memory card's metadata provides additional hints, for example, the model, manufacturer, version (revision), and serial number. Linux users can access these data using hwinfo disc
, unless you are using a USB card reader – in this case, you will only see the reader's metadata.
This unfortunately also applies to the card register, in particular the card-specific data (CSD) register and card identification data (CID) register of SD cards. You can only read these with a direct SD interface.
Peripheral Component Interconnect Express (PCIe) connected card readers in laptops have this (e.g., the Realtek RTS5229 card reader). Or you can retrofit one as a PCIe card (DeLOCK 91485 or mini-PCIe cards from various Chinese eBay sellers).
If you have such a device, the contents of the register are found below /sys/block/mmcblk0/device/cid
and .../csd
. In the case of the suspected fake card, the content is:
00048d55534220441100001603010301 400e00327b590003e7ff7f800a404001
The other card returned different values:
1b534d303030303010a3385d7e010901 400e00325b590003b9df7f800a404001
If you are investigating a suspicious SSD card, you can also run hdparm
and smartctl
to reveal the manufacturer, product, serial number, hours of operation, and interface speed.
Forgers whose engineering expertise is just as great as their criminal energy, reproduce all the values stored in the registers of the original products in a deceptively genuine-looking way. For honest consumers, the task is therefore to look for a reliable strategy to detect tampering. You will find this in a sequential write and read of the whole data storage device without a filesystem using virtually incompressible test data.
To conceal the fake size, flash counterfeiters often manipulate the addressing mechanism of their goods. This gives users the impression that they can address the promised number of blocks and actually own a regular disk. In reality, however, the accessible data blocks are just repeated multiple times. That's why a test with a single test pattern, such as 0xaa
, may not work; instead you will want to test with large and random patterns.
This kind of testing tool is also useful for detecting incipient defects, because even authentic disks can develop faults: The isolation layer of a flash memory cell degenerates on each delete action. In the case of multilevel cell (MLC) NANDs, the original shelf life of about 10 years decreases to about a year after 3,000 erase/write cycles.
Bad Blocks vs. Bad People
The following call implements the outlined procedures and tests for faults and bandwidth at the same time:
device=mmcblk0 time badblocks -wsv -c 65536 -t random -o log_$device_`date +%F_%T`.txt /dev/$device 2>&1 | tee logg_$device_`date +%F_%T`.txt
The time
command measures the duration of the test (see Figure 3). The test candidate was a microSD card in the laptop's internal reader (mmcblk0
). The badblocks
test tool, included in the e2fsprogs
package, performs the write/read test (-w
) with a logfile for the numbers of faulty blocks (-o <file name>
).
It works with a random data pattern (-t **random
) the size of 65536x1024 bytes (-c 65536
), with a progress indicator (-s
) and verbose messaging (-v
). tee
sends the screen output to a second logfile. To help organize the logfiles, the file names contain both the device name ($device
) and the date and time (date +%F_%T
).
If you want to run this test on a data carrier that is already in use, you can use dd
(or ddrescue
or dd_rescue
) to save the contents to a safe place first and write them back after the test. The disk should not be mounted during copying. Because such a test reliably overwrites all previously stored data, it is also useful as a deletion mechanism for old data. (USB sticks are often manufactured with used flash ICs and contain old data, which could include such undesirable information as child porn, top-secret files, and terrorism plans. The write-read test overwrites all old data so that undelete programs cannot recover them, keeping you out of trouble with the authorities.)
To make testing for bad blocks fun, it is important to choose the right target device. Otherwise, the test could overwrite the data on a different disk. I wrote a script that avoids such mistakes: disktest1.sh
[4]. The only parameter it expects is the name of the data carrier to be tested; in the example above, that's mmcblk0
, but it's sde
in the example in Listing 1. The script also works in a Cygwin environment, thus opening up a test option for Windows users. Linux users should run it as root; on Windows, you need to run Cygwin with administrator rights.
Listing 1
Output of ./disktest1.sh
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.