[HN Gopher] A free tool to quickly detect counterfeit flash (2017)
___________________________________________________________________
A free tool to quickly detect counterfeit flash (2017)
Author : popol12
Score : 120 points
Date : 2024-07-23 14:34 UTC (8 hours ago)
(HTM) web link (fight-flash-fraud.readthedocs.io)
(TXT) w3m dump (fight-flash-fraud.readthedocs.io)
| popol12 wrote:
| Just received 2 cheapo 64GB micro sd cards from aliexpress, they
| seemed legit, had tons of reviews with OK crystaldisk performance
| screenshots and... they're junk This tool quickly identified that
| they were counterfeit of type "Limbo", with 16GB of capacity
| instead of 64GB. Thanks to Michel Machado for writing this gem.
| tombert wrote:
| A part of me will see stuff like "3TB Flash Drive" on
| AliExpress for $3 and briefly consider buying it. Like, I know
| it's obviously not true, it's obviously a lie, but I also am
| curious about _what_ I would actually get.
|
| I never do it because I don't really see the point of paying
| money for something that will immediately go into a landfill,
| but it's always tempting.
| bombcar wrote:
| Back when it was being done with external hard drives there
| were YouTube channels dedicated to breaking them open and
| experimenting with how they did it.
|
| Fun stuff to watch on a boring afternoon.
| jayrot wrote:
| The potpourri of a youtube channel, Atomic Shrimp, has done a
| couple interesting videos doing just that.
| pogue wrote:
| His channel is where I first heard of this scam.
|
| https://youtube.com/watch?v=UsWx1iO-aeA
| megous wrote:
| For consumer stuff like this, you'll obviously get something
| else. But sometimes you can get recycled components if the
| price obviously is not sane, where recycling is an option.
|
| It's only fraud if the description mentions new and original.
| :)
| tombert wrote:
| My trick to get decently priced computer equipment is to
| buy used stuff from data centers; generally that stuff will
| sell for pennies because their goal is to "get rid of it",
| not "get rid of it for a profit". Desktop network cards and
| switches are almost always available for very little
| (sometimes literally just $1 + shipping).
| SoftTalker wrote:
| Look at govdeals.com for stuff from universities, they
| seem to sell a lot of their surplus hardware there.
| tombert wrote:
| Govdeals is sort of addictive. I've only bought stuff on
| there a few times, but it's fun to look around and see
| stuff like "pallet of 400 laptops" selling for $600.
| callalex wrote:
| How do you find such things? In person or online
| somewhere?
| tombert wrote:
| Sibling comment mentioned Govdeals, which is a place I'll
| look sometimes if I can find something near me or they're
| willing to ship.
|
| You can look on Craigslist as well, especially if you
| live in a large metro area (I live in NYC so it's easy to
| find lots of corporate surplus). Companies will often
| need to upgrade all their infra and liquidate their
| equipment. My printer is a giant nearly 20 year old HP
| office thing that I got for $30 + $100 for the Uber back
| home from an office that did a full IT renewal.
| pogue wrote:
| When you say data centers, what do you mean? If I was
| looking on Craigslist or whatever for this, how would I
| be able to tell which seller is a data center?
| axiolite wrote:
| A few sellers on eBay are honest Description:
| This item is upgraded by 32 GB Pen Flash Drive to 2TB
| 32GB-2TB, the actual capacity is 32G, the computer displays
| 2TB, the detection is also 2TB, more than 32G things can be
| stored, but not displayed.
| https://www.ebay.com/itm/234810575961
|
| That's not bad. Most counterfeits I get are just 2GB so
| hardly useful. Still, the counterfeit firmware makes
| compatibility issues more likely, so better to buy one
| without the counterfeiting.
| p51-remorse wrote:
| Is there any reason I would deliberately purchase one of
| these over a standard 32GB drive? Trying to think of if
| there's a case where I would want to trick some hardware
| into thinking it has a 2TB drive when it really doesn't?
| dns_snek wrote:
| > more than 32G things can be stored, but not displayed.
|
| That's certainly an interesting way to phrase it. I use
| /dev/null for a similar purpose with the added benefit that
| it can store petabytes of data, but sadly we don't have the
| technology to display it yet.
| betagammaxyz wrote:
| Lol. That's up there with the [1-bit Bloom
| filter](https://www.xkcd.com/2934/)
| KomoD wrote:
| But why would anyone want a fake 2TB though?
|
| Surely they write this to cover their ass when people don't
| read the entire listing.
| BuildTheRobots wrote:
| Makes backups cheap and easy. Also if you _know_ it won't
| restore, you stop worrying about whether it might or not.
| hex4def6 wrote:
| The issue is that if you exceed the (invisible) limit, you
| start overwriting the existing data. That's Bad (TM), since
| there's no indication that it's happening, until you
| attempt to retrieve the data and discover it's corrupted.
| axiolite wrote:
| The subject of this topic, f3, will quickly probe the
| drive, determine the true size, and create a partition on
| it of the actual usable size. Using that partition, you
| will never lose any data. If you try to create a
| partition in the rest of the drive, it will be
| immediately corrupted, no tools will show it as good, you
| won't ever be able to get around to putting data on it to
| lose it.
| fsckboy wrote:
| > _A few sellers on eBay are honest_
|
| no, that's not honest, farthest thing from it, that's what
| makes it an actual scam. by having that in the fine print,
| you can't return it, and they won't be flagged.
| axiolite wrote:
| You can certainly return an item if the title of the
| listing was inaccurate.
|
| In my experience, eBay won't "flag" dishonest sellers of
| counterfeit storage products, anyhow. I tried to get a
| listing selling counterfeit Samsung micro SD drives taken
| down, but eBay did nothing. I was refunded, but the
| unsuspecting will continue to be duped.
| gosub100 wrote:
| I did this on Amazon knowing it was a scam and immediately
| returned it just to drive up their numbers and hopefully get
| them shut down faster. I have no idea if that did any good,
| but what disappointed me was Amazon only gave me credit, not
| a full refund.
| mavamaarten wrote:
| And there's honest stuff on there too, loads of it actually.
| I bought a 128GB SSD from there many years ago for $10. I
| expected nothing but like you say, I was curious about what
| I'd get and something faster than a shitty USB stick with
| decent storage capacity was all I was after. I verified it,
| and it works perfectly and it's 128GB as described, it just
| lacks cache so it bogs down on super large files. But for $10
| I couldn't buy a better USB stick.
| onemoresoop wrote:
| This tool could save you from corrupting data but once you buy
| these counterfeit cards you're better off trashing them than
| requesting a refund, shipping will cost you more that the drive
| itself.
| globalise83 wrote:
| Chargeback - goods not as described. No need to return them.
| dylan604 wrote:
| Supposedly, card processors are meant to suspend accounts
| when they get too many chargebacks. How is that number
| determined? If it's a percentage of total charges, then
| places like Amazon/Ali* will have so many other charges
| these will pretty much round to zero. Also, these vendors
| are "too big to suspend", so chargebacks will do nothing
| like what they are meant to.
| mynameisvlad wrote:
| What do you mean they don't do what they're supposed to?
| They get you your money back. That's what they're
| supposed to do.
|
| Dropping the merchant is a bonus.
| dylan604 wrote:
| The chargeback is meant as last resort though when a
| company is not cooperating. The company has already been
| refunding without having to do a chargeback. The
| chargeback is meant to let the processor know that their
| customer isn't holding up their end of the agreement.
| mynameisvlad wrote:
| You're correct that it's a last resort, but its primary
| role is to, literally, _charge back_ to the original
| merchant. "[letting] the processor know that their
| customer isn't holding up to their end of the agreement"
| is a side benefit. As is eventually dropping the merchant
| when there are too many chargebacks to justify supporting
| them.
|
| > Through a chargeback, your bank can try to get your
| money back from the seller on your behalf it isn't a
| legal right, but your bank is committed to helping you,
| and will treat any claim fairly.
|
| https://www.visa.co.uk/how-you-pay-matters/chargeback-
| purcha...
|
| > When a customer disputes a debit or credit card
| transaction, the card issuer must determine whether to
| provide that cardholder with a refund for the transaction
| amount--also known as a chargeback.
|
| https://b2b.mastercard.com/news-and-insights/blog/what-
| is-a-...
|
| > A chargeback is a rules-based mechanism, with time-
| sensitive workflows, that enables the issuer and the
| acquirer to determine the financial liability of a
| disputed transaction.
|
| https://www.mastercard.us/content/dam/public/mastercardco
| m/n...
|
| > A chargeback occurs when, after investigation of the
| dispute, we debit your account for the amount of the
| disputed transaction and credit the Card Member with this
| amount.
|
| https://www.americanexpress.com/au/merchant/chargebacks-
| and-...
|
| Notice none of them talk about it being a feedback
| mechanism. Because it's not. It's a refund mechanism used
| as a last resort.
| dylan604 wrote:
| > It's a refund mechanism used as a last resort.
|
| you've just skipped over then entire part where the
| websites are freely refunding and not denying refund
| claims making the last resort of a chargeback entirely
| unnecessary
| mynameisvlad wrote:
| You are commenting in a thread about chargebacks as an
| option. You are the one that claimed chargebacks aren't
| doing what they're meant to do. They are, you just don't
| know what they're meant to do.
|
| Whether or not a website does refunds on their own does
| not change the definition of a chargeback in any way
| shape or form.
| dylan604 wrote:
| Yes, you're so wrong. I've had merchant accounts before,
| and there is clear wording about the negative impacts of
| chargebacks. I've even done a chargeback as a consumer,
| and they asked me if I had already been in contact with
| the seller before making a claim.
|
| So the blind advice of making a chargeback claim before
| making a refund/RMA type of request with the seller is
| really out of order in the steps to take.
| mynameisvlad wrote:
| Clearly the definitions from all three major processors,
| both from consumer and merchant documents, don't mean
| anything. Your anecdotes are far more convincing, for
| sure.
|
| > So the blind advice of making a chargeback claim before
| making a refund/RMA type of request with the seller is
| really out of order in the steps to take.
|
| That wasn't even your point in the first comment. It was
| that chargebacks don't do what they say they do. Way to
| move the goalposts when your initial point was clearly
| proven wrong.
| megous wrote:
| You don't need to ship them back. Aliexpress will fully
| refund fakes, if you send something resembling proof. I got
| refunds for even obscure stuff like opamps, transistors,
| etc., with just a quick video of a oscilloscope output.
|
| Sometimes it's trivial to prove, like CMOS opamp with +6V
| absolute max Vcc supply happily working at +40V.
| onemoresoop wrote:
| I did not know that. Thanks.
| ableal wrote:
| > had tons of reviews with OK crystaldisk performance
| screenshots
|
| Select the 1-star reviews. Usually someone helpfully posts
| proof of the scam.
| gosub100 wrote:
| Until a new scammer runs a protection racket offering to
| withhold the scam accusation for a price.
| toast0 wrote:
| I've bought a couple things from Aliexpress, and payment
| processing is such a hassle[1], I don't know why you would use
| it to buy things that are easily found from domestic sources?
| Especially SD cards which are widely counterfeited.
|
| [1] This was a couple years ago, maybe things got streamlined?
| Of my cards that don't have a foreign transaction fee,
| Aliexpress wants the phone number off the back of one, which is
| sketchy; no thanks. The second one, charges don't go through,
| and the issuer customer service can't even see the attempts; I
| have to ask them to disable security on my card for ~ 30
| minutes, and then the charges go through. Billing showed from
| England, IIRC. Doesn't (edit: Didn't! thanks) support any
| intermediates I do (paypal/amazon pay) which is usually my goto
| for low trust transactions.
| gambiting wrote:
| They do support PayPal nowadays. Paying on AliExpress is as
| easy as on Amazon, and a lot of things do have a 5 day
| delivery guarantee and it does actually work. I've been using
| it quite a lot personally(I'm in the UK).
| KomoD wrote:
| Wow, they scam for that little of a price difference? 64GB
| costs almost nothing...
| Zancarius wrote:
| Yeah, really... I picked up a 128GiB card from the store on
| something of a whim a while back, and I'm not even sure I
| paid more than about $18USD (with tax) for it. I bet I could
| have gotten it cheaper, but I was impatient.
| pogue wrote:
| A helpful tool I recommend for buying from common outlets
| online is Fakespot [1]. It scans the reviews and looks for
| suspicious/fake reviews & other telltale signs of deceit.
| Mozilla recently acquired it, but you can scan Amazon URLs on
| their website, and they have a very helpful browser addon.
| There was a similar tool I used to double check called
| ReviewMeta, but they seem to be offline.
|
| It's not a 100% foolproof way to determine if a vendor or
| product is fake, but it is helpful. There are some other things
| you can do to double check things as well. [2]
|
| [1] https://www.fakespot.com/
|
| [2] https://www.wired.com/story/how-to-spot-fake-reviews-
| amazon/
| zkirill wrote:
| Does anyone have any experience with mass testing flash drives as
| part of an assembly line?
|
| Another tool for testing flash drives that was recommended to me
| was H2testW.
| haswell wrote:
| For anyone looking for tools that do this, it seems like a good
| opportunity to mention Steve Gibson's Validrive tool [0] if
| anyone out there is trying to help family and friends who might
| be scared off by a CLI tool, and I believe it's non-destructive.
|
| I'm glad to see more awareness of this issue and entrants into
| the space.
|
| - https://www.grc.com/validrive.htm
| jayrot wrote:
| It warms my heart to see that Steve's website appears frozen in
| time (and works just fine). I bought Spinrite nearly two
| decades ago and it saved my bacon more than once. Also loved to
| listen to him and Leo on Security Now in the very early days of
| podcasts ("netcasts" lol).
| haswell wrote:
| Security Now is still going strong and I listen weekly! And
| Steve recently committed to continuing past 1000 episodes (he
| was previously planning to wind things down).
|
| He's continuing to do awesome work and I deeply appreciate
| him for it.
| neallindsay wrote:
| I was surprised that when he bought 20 cheap "1 or 2 terrabyte"
| thumb drives, _all_ of them were frauds. This was on Amazon
| just this past September.
| dylan604 wrote:
| Really? You were surprised? Something too good to be true
| actually turned out not to be true? From Amazon no less? I'm
| guessing you forgot the /s at the end of your comment
| rob74 wrote:
| Well yeah, if you take a look at the "group photo"
| (https://www.grc.com/validrive/drives.jpg), you can see that
| all of them are either no-name, have "brands" like "Blanbok+"
| and "Dianww", and one of them is even a borderline
| counterfeit SanDisk product (the SD card). I suspect that if
| he had bought a (non-counterfeit) product from brands such as
| Kingston or SanDisk, he would have got the actual advertised
| capacity (although probably not as cheaply).
| bheadmaster wrote:
| I bought a (little too) cheap large SSD off the internet. It was
| surprisingly slow, but it seemed to work fine, so I assumed
| that's the reason for the low price - until I tried to backup my
| other SSD on it. After the first ~50 GiB, all the writes suddenly
| failed and I could only perform reads.
|
| After re-formatting it and attempting the backup a few more
| times, I was frustrated, so I searched the internet for related
| problems and found out about these so-called "chinese scam
| drives" that announce size to the drivers that is much larger
| than actual, and just throw away any writes above some memory
| address.
|
| I quickly found f3 and tested it - and sure enough, it was a
| chinese scam drive. I reported the seller to the local inspection
| and they confiscated all the other drives and gave them a huge
| fine. I feel pretty smug about it.
| dooglius wrote:
| What do you mean by "the local inspection"? The police?
| Almondsetat wrote:
| the SSDPD
| bheadmaster wrote:
| I suppose the US equivalent would be the FTC (assuming they
| can confiscate and fine?).
| ajsnigrutin wrote:
| Not op, but if someone is advertising X (eg. 10tb o space),
| and the reality is Y (not 10tb of space), you can call
| "trades inspection" (Trzna inspekcija), and they can issue
| fines, etc.
| thedanbob wrote:
| Had a similar experience with a friend's "10 TB" SSD. After I
| tested it with f3 and confirmed it was fake, I opened the case
| and found a 64 GB microSD card and an adapter/faker board.
| LorenPechtel wrote:
| "10 TB"? Why did you even need to open it??
| thedanbob wrote:
| Well, at first it only showed up as 2 TB, which was at
| least possible though unlikely. But f3 indicated it was
| faking 10, at which point I realized it was presenting
| several additional partitions that were so corrupted the OS
| wasn't even making them available to mount. After that I
| opened it just to see what was inside.
| Nzen wrote:
| I suspect LorenPechtel's terse question implies that a 10
| TB drive would weigh appreciably more with real hardware
| than a microSD card.
| codetrotter wrote:
| SSDs can be pretty lightweight. And also sometimes the
| fake ones have a piece of metal or even a rock glued to
| the inside of the thing to make it feel heavier.
| wtallis wrote:
| Weight doesn't even have to be accounted for. There's
| simply no technological or marketing reason to
| manufacture a 10TB SSD. An odd size like that is already
| a massive red flag.
| efilife wrote:
| This website traps me on mobile, can't use the back button.
| Fennec on android
| axiolite wrote:
| Works perfectly fine for me. v125.3.0 with uBlock.
| calebio wrote:
| I can't be the only one who read the title and thought this was
| about detecting a counterfeit Flash player.
| wheybags wrote:
| It was actually silverlight in an adobe branded trenchcoat
| manoweb wrote:
| I misread the title and I thought it was some sort of hardware
| to identify vegan meat
| SoftTalker wrote:
| There's no need for this.
|
| Buy name-brand storage from reputable sellers.
|
| Of course the fantastically cheap stuff on Alibaba is fake. You
| don't even have to check.
| John23832 wrote:
| I don't have a link, but I thought I saw that this was
| happening with name brand drives from third party sellers on
| Amazon as well. And given that Amazon co-mingles product, it's
| a crapshoot.
| radicality wrote:
| Dont even think about buying flash on Amazon. Use a reputable
| store like B&H, Digikey, Mouser.
| kristopolous wrote:
| 2011, I bought a counterfeit Kingston card over Amazon. At the
| time this was not cheap
|
| https://i.imgur.com/4XeaX.jpeg https://i.imgur.com/FZEYA.jpeg
|
| I tried to fill in a warranty claim when I ran into problems. No
| dice. I always make sure the seller is quasi official now.
| pogue wrote:
| How do you check the sellers validity?
| bagels wrote:
| This tool has a function to "correct" the capacity. I can't
| understand why that would be useful, I would not trust a device
| like this at all for any purpose.
| KolenCh wrote:
| I got a few new USB drives at work for testing data centre
| hardwares. I normally would run f3 on new flash drives but this
| time the deadline is so rushed so I skipped that. Then I wasted
| an hour diagnosing a mysterious problem, and eventually I found
| out the usb drive is faulty after testing it using f3.
|
| I then tested all of them and found out 4 out of 8 of them aren't
| faulty, some of them died and disappeared.
|
| So test your hardwares, test your hardwares that's used to test
| hardwares. You will never know you can trust them unless proven.
|
| Edit: badblocks, SMART test, memtest86 and memtest86+, prime95,
| Intel burn test, OCCT, iperf3, etc are equally useful.
| Animats wrote:
| Has someone made a flash drive tester as a standalone hand-held
| device? That would be useful for buyers and incoming inspection.
| Haven't found one yet.
___________________________________________________________________
(page generated 2024-07-23 23:02 UTC)