Detecting Fake USB Sticks (Flash Drives, Thumb Drives, Memory Sticks)

Like many relatively cheap high-tech items, the number of counterfeited, faked and hacked USB Sticks is enormously high. If you buy a flash drive from eBay and any number of budget internet shops (including some Amazon zShops), and it seems like a very good deal, then the chances are you might well have bought a fake.

 

 

What do you mean by “fake”?

The two main areas of concern are:

1. Counterfeit sticks – where you pay for a well known brand but actually get a cheap knock-off. The reason the brand (eg. Sony, Kingston, Sandisk etc) charge that bit more is that their brand represents quality. If you don’t get that quality you are being ripped off.

2. Fake / hacked sticks – you buy a 16GB flash drive but it isn’t really 16GB. You cannot tell by looking at it. You cannot tell by relying on what Windows tells you. You might not notice for months…until your data simply isn’t there. And into the bargain, the stick will almost certainly fail within a short time making your bargain not such a good buy.

Usually the fakers combine the two.

What is wrong with buying a cheap stick if I know what I’m getting?

Nothing if you really know what you getting. But the chances are you don’t. This is how it works: the quality manufacturers in China etc put the memory chips they use through quality control. Since it is impossible to make memory chips of sufficient quality 100% of the time, they dispose of the bad ones. Except that dishonest factories and staff smuggle them back onto the market. These faulty, weak, damaged and short-lived chips are what you buy. They are worthless except to fraudsters. Not only will the drive fail causing complete data loss, but even whilst it is still working, the files you think you have on it are corrupt and inaccessible.

Is my memory stick really 32GB?

Simply selling you bad chips at a discount isn’t enough for greedy con artists who can reap greater profits lying about how large the capacity is. They go the extra step of hacking the chips so they report a higher memory capacity than they really have. You plug it into the computer and Windows reports that it holds the amount of data printed on the outside of the stick. A “16GB” drive will often hold only 2GB. You might think that you’d quickly notice once you try to add more than 2GB to the stick. But the hackers are cleverer than that. They need you to be happy with the flash drive long enough to get their positive eBay feedback or cash your cheque. What happens is that the files appear to go on just fine. But what is actually happening is that the older files are written over by the new ones whilst the file and folder names stay there, making it appear as if all is OK.

How can I tell the real size of my flash drive?

Odd behaviour or slow speeds

Often the first sign will be corrupted or lost files. This is very obvious sign something is not right. The second, non-technical clue is the speed the drive works at. Because the hacked sticks are overwriting the old data, and are of poor quality anyway, they are much slower than real drives and tend to get slower as they fill up. If you are only getting between around 1mb/s then you should be suspicious.

Check the drive properties.

Open My Computer (XP) or Comptuer( Vista) and right click on the drive in question and select Properties. Click the Hardware tab and you’ll see the drive names. Usually a proper branded drive will be named with the brand name. The fake one will often just report “ Generic Flash Drive” or similar. This can be faked so is not a reliable test, but it is an indicator you should check deeper.

A sure-fire way of checking the real size of a flash drive or other flash memory device

There a free program which will check your flash memory device for you and let you know sure sure whether you have a faked or hacked device. Download h2testw here: http://www.heise.de/ct/Redaktion/bo/downloads/h2testw_1.4.zip
How to use h2testw

* Before you start, you need to make sure your drive is empty before you test it so backup any files you want onto your PC and delete everything off the drive.

* Download the h2testw.zip file and extract the h2testw.exe file by right clicking it and selecting Extract Files. Double click the h2testw.exe file to run it. Select English language unless you happen to speak German.

* Click the Select Target button and select the flash drive you want to test. Be careful you really are selecting the right drive!

* Now click the Write & Verify button. This will start the test. Testing make take several hours for a large drive. Let it run all the way through.

If the drive is genuine and healthy, you will just get a short report like this:  

Test finished without errors.

You can now delete the test files *.h2w or verify them again.

Writing speed: 585 KByte/s

Reading speed: 1.52 MByte/s

H2testw v1.4

But if your drive is faked you will get a report like this:

Warning: Only 16143 of 16144 MByte tested.

The media is likely to be defective.

1.9 GByte OK (4105737 sectors)

13.8 GByte DATA LOST (28955127 sectors)

Details:10.7 GByte overwritten (22536613 sectors)

7 KByte slightly changed (< 8 bit/sector, 14 sectors)

3.0 GByte corrupted (6418500 sectors)

64 KByte aliased memory (128 sectors)

First error at offset: 0x0000000000000000

Expected: 0x0000000000000000

Found: 0x00000003f0e70000

H2testw version 1.3

Writing speed: 2.81 MByte/s

Reading speed: 4.53 MByte/s

H2testw v1.4

 

Ignore the first line as this is quite normal. But look at the 3rd line:- “1.9GB OK” and the 4th line: “13.8 GByte DATA LOST”.

This is my own report from a supposedly 16GB memory stick. As you can see, it is only 1.9GB! The rest of the data space simply doesn’t exist. The drive chip is just cycling through that 1.9GB eight times to pretend to be 16GB.

Don’t worry about the slight difference here between 2GB and 1.9GB. Even real drives do not contain the exact amount you might be expecting. For instance a 1GB drive will report as 0.95GB due to the way drive manufacturers do their maths compared to how the computer does it. A real 8GB drive will only hold 7.73GB. That sort of difference is quite normal.

My drive IS fake. What can I do?

If you bought it from a shop take it back and get a refund. If you used a credit card to buy it online, then you should be covered by the card company. They will use their financial might to get the money back. If you bought it from ebay then you need to file a complaint as soon as possible. File it under fraudulent goods as they take more notice of this. If you paid with PayPal you should raise a dispute ASAP. Keep your h2testw log as evidence. Contact the buyer in the meantime and demand a refund and don’t accept you need to return the item. Clearly do not accept a replacement. If you ordered it from a HongKong or China buyer tell them you will contact HK or China police via their website. I doubt those authorities will do anything but residents of those countries can suffer very harsh penalties if caught and so tend to be rightfully scared of them. Whilst you are at it, why not contact other buyers from the auction and let them know they’ve been had. 90% of them will have no idea and will have left positive feedback.

WARNING: If your drive is fake, or even if it is genuine but on it’s last legs, this sort of intensive test might finish it off. In my opinion, you are better off it failing during a test than in a week’s time without any warning, but you might not agree. Always backup important information. I do not accept any responsibility for anything you do to your drive by using the information in this article.

Thanks for reading this article courtesy of MobileTechie, Berkshire’s leading computer call-out repair and support service. I hope it has been useful to you.

Comments are closed.