Last Updated: February 25, 2016
·
3.776K
· austinkeeley

Checking for fake USB drives on Linux

#linux
#dd
#disk image

I've heard about the fake USB and flash memory problem that's happening on eBay and some less-reputable retailers. I recently purchased a 32 GB USB drive and I wondered if there was a quick way to make sure it was the advertised size. I found a few Windows utilities, but I'm running Linux. Fortunately, it's not too hard.

First, plug in your USB drive (obviously) and find the device using mount -l

Be sure you are getting the right device! Otherwise, this next step is not going to be fun. We're going to overwrite the entire drive with 0s from /dev/zero. This will delete everything on the drive so make sure you have things backed up if you want to keep them.

sudo dd if=/dev/zero of=/dev/[your device here]

Now wait a while as it writes to the drive. In the end you should see something like this:

dd: writing to ‘/dev/sdb1’: No space left on device
62254082+0 records in
62254081+0 records out
31874089472 bytes (32 GB) copied, 1500.72 s, 21.2 MB/s

So it wrote 32 GB, which is what I expected. I've heard about some fraudsters getting clever and getting around this, so we can take it a step further by writing some known data instead of just a bunch of 0s.

First, let's allocate some data.

fallocate -l 31874089472 known_value.img

[Edit: Earlier I used the argument -l 32G, which does indeed allocate 32 gigabytes, but due to dumb weirdness about how one defines disk space, it was about 2 billion bytes off. Whups.]

Open up known_value.img in your favorite hex editor and throw some bytes into it. I'll go with 0xDEADBEEF. Your hex editor might not be able to support large files. I used bless and it seemed to be okay.

You can probably guess what to do next. We'll write the known value image to the USB drive and then read it back. 

sudo dd if=known_value.img of=/dev/sdb1
sudo dd if=/dev/sdb1 of=new_image.img

Open new_image.img in the hex editor. If we can find 0xDEADBEEF at the end, then our disk should be legit.

I've never encountered a fake drive before, so I'm not sure if there are any other ways of getting around checks like this. I'd be very interested to know about them.

#linux
#dd
#disk image

Written by Austin Keeley

Say Thanks
Respond

Related protips

Remote Access to IPython Notebooks via SSH

300.6K
24

Find all the IP ranges on an ASN

228.8K
0

Add self signed SSL certificate to Android (for browsing)

196.1K
8

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Linux Authors
cheglastgnat
299.8K
#linux
#Python
#shell
barnettjw
256.1K
#linux
#css
#powershell
mehikmat
195.6K
#linux
#Shell
#java
sdepablos
195.3K
#linux
#MySQL
#Symfony2
projectcleverweb
163.7K
#linux
#javascript
#css
Related Tags
#linux
#dd
#disk image
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Tools
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#