Test real and fake disks for bad blocks
Unmasking Fake Flash Memory
When it comes to cheap flash memory, buyers should beware. Fake flash memory often offers only a fraction of the advertised storage capacity. With no visible calibration mark, it isn't easy to discover a counterfeit. Here's a test to weed out fake disks.
Any customer in a bar who ordered a pint of beer would definitely complain to the barkeeper if their glass was only a quarter full. This kind of attempted fraud always fails in the real world because of the obvious lack of fluid in the glass, along with the high level of motivation of the consumer and the physical presence of the perpetrator.
Unfortunately, online buyers of flash storage media cannot hope for comparably favorable conditions, although their judgment is unlikely to be impaired by the effects of alcohol. Time and time again, you hear of buyers of USB flash drives and flash cards being duped by shady dealers on the Internet. It is not difficult to find media at surprisingly low prices where the storage capacity is wrongly stated, for example, on eBay [1, 2]. To protect themselves, sellers often make statements such as "the stick will store about 4GB of data."
In this article, I attempt to reveal these counterfeits by running the right tests. As test specimens, I use two Samsung Pro 128GB MicroSDXC memory cards (model MB-MG128) purchased in 2016 from two vendors on eBay.de. If you believe the label, they both should achieve up to 90MB/s read and 80MB/s write performance.
Look Closely
Starting with the original packaging shown in Figure 1, a visual inspection reveals interesting differences in the detail. In the case of the first card (shown on the right in Figure 1), the barcode sticker has a spelling mistake: The "o" in "Model" is missing (Figure 2). Also the (possibly fake) CE marking on the back of the first card – the second (shown on the left in Figure 1) does not have this marking – has for a long time been indicative of a fake [3].
According to the manufacturer, the two cards must achieve speed class 3 (U3), but the label on the first card shows that it is two classes below this. For the second card, a search with the exact model designation, model MB-MG128EU/EU, returned almost 6,000 matches, including the Samsung page with extensive technical information and the EAN 8806088133560. The first card, model MB-MG128D/EU, returned only one match on the website of a Polish vendor.
Reading the Registers
The memory card's metadata provides additional hints, for example, the model, manufacturer, version (revision), and serial number. Linux users can access these data using hwinfo disc
, unless you are using a USB card reader – in this case, you will only see the reader's metadata.
This unfortunately also applies to the card register, in particular the card-specific data (CSD) register and card identification data (CID) register of SD cards. You can only read these with a direct SD interface.
Peripheral Component Interconnect Express (PCIe) connected card readers in laptops have this (e.g., the Realtek RTS5229 card reader). Or you can retrofit one as a PCIe card (DeLOCK 91485 or mini-PCIe cards from various Chinese eBay sellers).
If you have such a device, the contents of the register are found below /sys/block/mmcblk0/device/cid
and .../csd
. In the case of the suspected fake card, the content is:
00048d55534220441100001603010301 400e00327b590003e7ff7f800a404001
The other card returned different values:
1b534d303030303010a3385d7e010901 400e00325b590003b9df7f800a404001
If you are investigating a suspicious SSD card, you can also run hdparm
and smartctl
to reveal the manufacturer, product, serial number, hours of operation, and interface speed.
Forgers whose engineering expertise is just as great as their criminal energy, reproduce all the values stored in the registers of the original products in a deceptively genuine-looking way. For honest consumers, the task is therefore to look for a reliable strategy to detect tampering. You will find this in a sequential write and read of the whole data storage device without a filesystem using virtually incompressible test data.
To conceal the fake size, flash counterfeiters often manipulate the addressing mechanism of their goods. This gives users the impression that they can address the promised number of blocks and actually own a regular disk. In reality, however, the accessible data blocks are just repeated multiple times. That's why a test with a single test pattern, such as 0xaa
, may not work; instead you will want to test with large and random patterns.
This kind of testing tool is also useful for detecting incipient defects, because even authentic disks can develop faults: The isolation layer of a flash memory cell degenerates on each delete action. In the case of multilevel cell (MLC) NANDs, the original shelf life of about 10 years decreases to about a year after 3,000 erase/write cycles.
Bad Blocks vs. Bad People
The following call implements the outlined procedures and tests for faults and bandwidth at the same time:
device=mmcblk0 time badblocks -wsv -c 65536 -t random -o log_$device_`date +%F_%T`.txt /dev/$device 2>&1 | tee logg_$device_`date +%F_%T`.txt
The time
command measures the duration of the test (see Figure 3). The test candidate was a microSD card in the laptop's internal reader (mmcblk0
). The badblocks
test tool, included in the e2fsprogs
package, performs the write/read test (-w
) with a logfile for the numbers of faulty blocks (-o <file name>
).
It works with a random data pattern (-t **random
) the size of 65536x1024 bytes (-c 65536
), with a progress indicator (-s
) and verbose messaging (-v
). tee
sends the screen output to a second logfile. To help organize the logfiles, the file names contain both the device name ($device
) and the date and time (date +%F_%T
).
If you want to run this test on a data carrier that is already in use, you can use dd
(or ddrescue
or dd_rescue
) to save the contents to a safe place first and write them back after the test. The disk should not be mounted during copying. Because such a test reliably overwrites all previously stored data, it is also useful as a deletion mechanism for old data. (USB sticks are often manufactured with used flash ICs and contain old data, which could include such undesirable information as child porn, top-secret files, and terrorism plans. The write-read test overwrites all old data so that undelete programs cannot recover them, keeping you out of trouble with the authorities.)
To make testing for bad blocks fun, it is important to choose the right target device. Otherwise, the test could overwrite the data on a different disk. I wrote a script that avoids such mistakes: disktest1.sh
[4]. The only parameter it expects is the name of the data carrier to be tested; in the example above, that's mmcblk0
, but it's sde
in the example in Listing 1. The script also works in a Cygwin environment, thus opening up a test option for Windows users. Linux users should run it as root; on Windows, you need to run Cygwin with administrator rights.
Listing 1
Output of ./disktest1.sh
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.