Fake flash

Being a complete fanny, I managed to drop my phone and break the display assembly again.


I was in the pub the next day with a friend recounting my tale of woe, and as he was showing off his shiny new phone to me, it suddenly occurred to me that we used to have the same phone. I ended up buying his old phone off him for parts, and repaired my phone there and then.


Annoyingly, in doing so I managed to snap my SD card!

I bought a new 64GB SD card on ebay and when it arrived I decided to do a check of its integrity:

$ dd if=/dev/urandom bs=1M count=64000|pv|sudo tee /dev/mmcblk0|sha1sum -

Already things were seeming suspicious: It claimed to be a class 10 card (10MB/s) but it initially wrote (at least for the first few GB when I was paying attention) at about 2-2.5MB/s.
When I came back later, it was ~45GB in and had sped up to about 15MB/s.

I had planned to read it back and check that the data were the same:

$ sudo pv /dev/mmcblk0 | sha1sum -

But it read at about 10MB/s (rather than the advertised 50MB/s) so I lost interest and tried a different approach, writing to random locations and reading back. 54MiB in was fine, but 54722MiB in returned garbage.

I threw together a quick script to check random 1MiB blocks throughout the disk:

dd if=/dev/urandom bs=1M count=1 of=somerandom
for i in $(seq 1 1000) 
	thisblock=$(shuf -i 0-63999 -n 1)
	sudo dd if=somerandom of=/dev/mmcblk0 bs=1M seek=$thisblock
	sudo sync
	sudo dd if=/dev/mmcblk0 skip=$thisblock bs=1M count=1 | diff - somerandom
	if [ $? == 1 ]
		echo "bad"
		echo $thisblock >> badblocks
		echo "good"
		echo $thisblock >> goodblocks

(I don’t know if the sync is necessary – I wasn’t sure if maybe there’d be some transparent caching in play whereby the OS would assume what it’s just written is still there.)

This gave me two lists, one of the known good blocks and one of the known bad blocks. About 3/4 of the blocks were bad, so it was looking like this 64GB was a 16GB in disguise:

 $ wc -l goodblocks badblocks 
 240 goodblocks
 760 badblocks
1000 total

I threw together a piece of octave too, to make a visualisation:

for i=goodblocks'
for i=badblocks'
colourmap=[0 0 0; 0 1 0; 1 0 0];

The result:
Each pixel represents a 1MiB block of the SD card, top left being the start, working right then down, with the bottom right being 64GB (more accurately 64kMiB, or 64000MiB). Black pixels are unknown (the script took a random sample of 1000 blocks out of 64k), green are good (read back the same) and red are bad. This looks pretty conclusively like it’s a 16GB card in disguise.

The bad section seems to be the same 512 byte pattern repeated over and over for a bit, then the repeated pattern changes sometimes for no discernible reason. I haven’t invested much energy into figuring out why yet.

7 thoughts on “Fake flash”

  1. No need to reinvent the wheel, check out f3read/f3write, part of the “f3” package.

    On Windows there is h2testw written by Harald Bögeholz of c’t magazine a long time ago.

    1. Yep, I was aware that there were already tools which exist. I just fancied playing around a bit though!

  2. http://oss.digirati.com.br/f3/

    This is a little better, although slower method

    A little better because some SD circle back to the beginning and overwrite old data. Your method may not overwrite existent data and still show a valid sector where it isn’t.This will show exactly how much space you can use.
    Slower, as ti will write and then read all sectors, so it takes a long time

  3. There used to be those funny hard-drives / usb-drives from china claiming to be big, but actually being some 128MB only and then writing/reading to/from nowhere. Usually returning some random stuff.

    Seems we re back with SD cards? 🙂

  4. I recently bought a whole bunch of Micro SD cards from amazon actually (I should say an amazon marketplace seller, not SanDisk). The 20 SanDisk branded SD cards arrived, and when looking at them side-by-side with the other SanDisk cards I had, you can tell the white printing on the new cards was a bit fuzzy, and had some shiny “official” looking sticker on the reverse side, which non of my other cards had.

    Regardless, I had the same problem as you, all the cards exhibited the same behavior, so returned them to the seller and issued a complaint about the fakes.

    1. To expand on JP’s post: Unfortunately, with mixed inventory, your seller could have only sold legitimate SD cards, and a less scrupulous seller could have provided the fake cards, but under the same UPC. Amazon will fill orders from other sellers if the UPC matches.

      By reporting counterfeit goods, Amazon will know who provided the bad cards, so it still helps. Although a lot of these “stores” are fly-by-night and are constantly restructuring themselves to get fake junk on Amazon’s marketplace.

    2. I contacted the seller on ebay and got a full refund. I advised him to take down his listing and sort out his supply, because he was clearly being sold fakes. He didn’t, so I negative feedback’d him and reported the listing.
      I also went into town to try and buy another SD card (i needed one fairly urgently) so I ended up buying one from a little phone repair shop. The packaging looked suspiciously similar to the fake one I bought so I asked if it was genuine. The store keeper seemed surprised to hear that fake flash existed so he asked me to test it for him and said he’d give me a full refund if it was fake. I plugged it into my computer and my phone and it didn’t even register. True to his word, he gave me a full refund and took down the rest of the SD cards off the shelf and said he’d get on to his supplier.

Leave a Reply

Your email address will not be published. Required fields are marked *