Test real and fake disks for bad blocks
Unmasking Fake Flash Memory

© Lead Image © Uliya Stankevych, 123RF.com
When it comes to cheap flash memory, buyers should beware. Fake flash memory often offers only a fraction of the advertised storage capacity. With no visible calibration mark, it isn't easy to discover a counterfeit. Here's a test to weed out fake disks.
Any customer in a bar who ordered a pint of beer would definitely complain to the barkeeper if their glass was only a quarter full. This kind of attempted fraud always fails in the real world because of the obvious lack of fluid in the glass, along with the high level of motivation of the consumer and the physical presence of the perpetrator.
Unfortunately, online buyers of flash storage media cannot hope for comparably favorable conditions, although their judgment is unlikely to be impaired by the effects of alcohol. Time and time again, you hear of buyers of USB flash drives and flash cards being duped by shady dealers on the Internet. It is not difficult to find media at surprisingly low prices where the storage capacity is wrongly stated, for example, on eBay [1, 2]. To protect themselves, sellers often make statements such as "the stick will store about 4GB of data."
In this article, I attempt to reveal these counterfeits by running the right tests. As test specimens, I use two Samsung Pro 128GB MicroSDXC memory cards (model MB-MG128) purchased in 2016 from two vendors on eBay.de. If you believe the label, they both should achieve up to 90MB/s read and 80MB/s write performance.
Look Closely
Starting with the original packaging shown in Figure 1, a visual inspection reveals interesting differences in the detail. In the case of the first card (shown on the right in Figure 1), the barcode sticker has a spelling mistake: The "o" in "Model" is missing (Figure 2). Also the (possibly fake) CE marking on the back of the first card – the second (shown on the left in Figure 1) does not have this marking – has for a long time been indicative of a fake [3].

According to the manufacturer, the two cards must achieve speed class 3 (U3), but the label on the first card shows that it is two classes below this. For the second card, a search with the exact model designation, model MB-MG128EU/EU, returned almost 6,000 matches, including the Samsung page with extensive technical information and the EAN 8806088133560. The first card, model MB-MG128D/EU, returned only one match on the website of a Polish vendor.
Reading the Registers
The memory card's metadata provides additional hints, for example, the model, manufacturer, version (revision), and serial number. Linux users can access these data using hwinfo disc
, unless you are using a USB card reader – in this case, you will only see the reader's metadata.
This unfortunately also applies to the card register, in particular the card-specific data (CSD) register and card identification data (CID) register of SD cards. You can only read these with a direct SD interface.
Peripheral Component Interconnect Express (PCIe) connected card readers in laptops have this (e.g., the Realtek RTS5229 card reader). Or you can retrofit one as a PCIe card (DeLOCK 91485 or mini-PCIe cards from various Chinese eBay sellers).
If you have such a device, the contents of the register are found below /sys/block/mmcblk0/device/cid
and .../csd
. In the case of the suspected fake card, the content is:
00048d55534220441100001603010301 400e00327b590003e7ff7f800a404001
The other card returned different values:
1b534d303030303010a3385d7e010901 400e00325b590003b9df7f800a404001
If you are investigating a suspicious SSD card, you can also run hdparm
and smartctl
to reveal the manufacturer, product, serial number, hours of operation, and interface speed.
Forgers whose engineering expertise is just as great as their criminal energy, reproduce all the values stored in the registers of the original products in a deceptively genuine-looking way. For honest consumers, the task is therefore to look for a reliable strategy to detect tampering. You will find this in a sequential write and read of the whole data storage device without a filesystem using virtually incompressible test data.
To conceal the fake size, flash counterfeiters often manipulate the addressing mechanism of their goods. This gives users the impression that they can address the promised number of blocks and actually own a regular disk. In reality, however, the accessible data blocks are just repeated multiple times. That's why a test with a single test pattern, such as 0xaa
, may not work; instead you will want to test with large and random patterns.
This kind of testing tool is also useful for detecting incipient defects, because even authentic disks can develop faults: The isolation layer of a flash memory cell degenerates on each delete action. In the case of multilevel cell (MLC) NANDs, the original shelf life of about 10 years decreases to about a year after 3,000 erase/write cycles.
Bad Blocks vs. Bad People
The following call implements the outlined procedures and tests for faults and bandwidth at the same time:
device=mmcblk0 time badblocks -wsv -c 65536 -t random -o log_$device_`date +%F_%T`.txt /dev/$device 2>&1 | tee logg_$device_`date +%F_%T`.txt
The time
command measures the duration of the test (see Figure 3). The test candidate was a microSD card in the laptop's internal reader (mmcblk0
). The badblocks
test tool, included in the e2fsprogs
package, performs the write/read test (-w
) with a logfile for the numbers of faulty blocks (-o <file name>
).

It works with a random data pattern (-t **random
) the size of 65536x1024 bytes (-c 65536
), with a progress indicator (-s
) and verbose messaging (-v
). tee
sends the screen output to a second logfile. To help organize the logfiles, the file names contain both the device name ($device
) and the date and time (date +%F_%T
).
If you want to run this test on a data carrier that is already in use, you can use dd
(or ddrescue
or dd_rescue
) to save the contents to a safe place first and write them back after the test. The disk should not be mounted during copying. Because such a test reliably overwrites all previously stored data, it is also useful as a deletion mechanism for old data. (USB sticks are often manufactured with used flash ICs and contain old data, which could include such undesirable information as child porn, top-secret files, and terrorism plans. The write-read test overwrites all old data so that undelete programs cannot recover them, keeping you out of trouble with the authorities.)
To make testing for bad blocks fun, it is important to choose the right target device. Otherwise, the test could overwrite the data on a different disk. I wrote a script that avoids such mistakes: disktest1.sh
[4]. The only parameter it expects is the name of the data carrier to be tested; in the example above, that's mmcblk0
, but it's sde
in the example in Listing 1. The script also works in a Cygwin environment, thus opening up a test option for Windows users. Linux users should run it as root; on Windows, you need to run Cygwin with administrator rights.
Listing 1
Output of ./disktest1.sh
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Linux Kernel Reducing Long-Term Support
LTS support for the Linux kernel is about to undergo some serious changes that will have a considerable impact on the future.
-
Fedora 39 Beta is Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.
-
Star Labs Reveals a New Surface-Like Linux Tablet
If you've ever wanted a tablet that rivals the MS Surface, you're in luck as Star Labs has created such a device.