jesnow
l33t
Joined: 26 Apr 2006
Posts: 872
|
 Posted: Sat Sep 21, 2024 2:24 pm Post subject: Fake high-cap USB drive (corrupts data) detection? |
 |
|
Probably everyone is aware that there are fake high-capacity usb thumb drives flooding the market. What these drives do is report every write and read as successful, but they overwrite previously stored data on their (much smaller than advertized) internal flash storage, corrupting it.
This is obviously a huge danger for anybody who uses thumb drives for anything. Imagine putting your bitcoin wallet on such a drive.
There are utilities out there to detect this behavior for windows, eg:
https://www.grc.com/validrive.htm
But nothing even remotely equivalent for linux that I can find. I can think of a variety of brute force ways of accomplishing this task, but they are going to take time for each thumb drive, are going to destroy the data on the drive, and I have a lot of thumb drives. Something that does what validrive does would be a real help.
It would work something like
| Code: | $ capcheck
CAPCHECK v.0.1-mockup
1 USB storage device found /dev/sda. Continue? (y/n): y
Device is /dev/sda
USB address idVendor=067b, idProduct=8171
Manufacturer: ROKNYPR
exfat signature found on partition /dev/sda1
File system reports 1.07 TB capacity
Spot Check size is 64K random data
576 spot check regions written/read across 1.07TB
0 r/w errors reported
24 checksums correct
552 checksums failed
Drive fails validation.
Exiting with return code 0
$ |
It occurs to me that this kind of nondestructive read-write testing would be useful for all kinds of drives, and so might be useful to incorporate into fsck. That's above my pay grade.
I don't know how to program such a thing, and while I could learn, I bet there are people who know exactly what needs to be done, or that such a tool already exists somewhere. Note: Validrive itself is said not to work under Wine.
Cheers,
Jon. |
|
Kernel & Hardware
