Wanted: Source of fake USB flash drives

[Halcyon]

It's not everyday I deliberately need to buy a cheap Chinese, fake capacity USB flash drives. It's for a university assignment and a paper I'm writing.

Can anyone recommend a seller on ebay, Amazon or Aliexpress with known fakes? The actual or reported capacity isn't important at all, the reported capacity just needs to be larger than the actual flash size.

[Ice-Tea]

Make your own:
https://www.youtube.com/watch?v=pHQxB7Ve2wQ&feature=youtu.be

[wraper]

Just buy some ridiculously high capacity at ridiculously low price. 100% guarantee to have fake capacity.

[wraper]

Make your own:
https://www.youtube.com/watch?v=pHQxB7Ve2wQ&feature=youtu.be

Nah, it does not represent fake drives at all. They report fake capacity on controller level.

[tszaboo]

There:
https://www.ebay.com/itm/2TB-256GB-USB-2-0-Drive-Thumb-U-Disk-Memory-Stick-Pen-Supply-New-PC-Laptop-Y5M9/312981333908?hash=item48df242794:m:mD68FrDZolONyXEjVI7iNTQ

2TB for 5 money unit.

This is golden:
"Please EMAIL us with any problems before leaving neutral or negative feedbacks, we will help you solve the problems ASAP."
"Special design: earthquake proof, anti-electromagnetic waveOperating System: Windows 2000 / XP and above"
"Notes: All 1TB and 2TB USB drives and Hard Drives can't work on Windows XP system directly , Due to system limit Windows XP is not able to access partitions larger than 1TB directly."

Good luck. ebay is a good source of these.

[wraper]

There:
https://www.ebay.com/itm/2TB-256GB-USB-2-0-Drive-Thumb-U-Disk-Memory-Stick-Pen-Supply-New-PC-Laptop-Y5M9/312981333908?hash=item48df242794:m:mD68FrDZolONyXEjVI7iNTQ

2TB for 5 money unit.

Funny that 4GB version is the most expensive

[MadTux]

Funny how ebay doesn't seem to give a single crap about these.
As long as they can cash their selling fees, these fuckers are happy.
I contact fixed price sellers directly nowadays, these fuckers got my money for long enough.

[Halcyon]

I ended up finding some "quality" items from Shenzhen. The description stated:

Please Be Noted:
This item is upgraded by 8 GB Pen Flash Drive to 2TB/1TB
8 GB = aproximadamente 7.4 GB-7.7 GB
8G-1TB/2TB, the actual capacity is 8G, the computer displays 2TB, the detection is also 2TB, more than 8G things can be stored, but not displayed.

Hey, at least they're honest! This must be one of those elusive "write-only" drives.

They also seem to support Windows "Yo" Edition:

Operating System: Windows 98 \ YO \ 2000 \ XP, Linux 2.4.x win7 win8 win10 support 2.0 and down top

 

[pcmad]

zbay

[Refrigerator]

Just make sure your PC doesn't get any viruses from those flash drives, i've seen videos where they have no memory at all and just dump malware into your PC for whatever reason.

[I wanted a rude username]

Could be worse ...

[Halcyon]

Just make sure your PC doesn't get any viruses from those flash drives, i've seen videos where they have no memory at all and just dump malware into your PC for whatever reason.

Oh, they won't be getting plugged into my machine. They will be going into a lab environment.

Either way, I run Linux so the risk is low.

[Fred27]

Either way, I run Linux so the risk is low.

Obviously the most important thing with any OS is not to do something daft, but don't let your OS choice give you a false sense of security.
https://www.linux.com/news/debian-linux-was-the-most-vulnerable-operating-system-in-the-last-20-years/

[exe]

Either way, I run Linux so the risk is low.

Obviously the most important thing with any OS is not to do something daft, but don't let your OS choice give you a false sense of security.
https://www.linux.com/news/debian-linux-was-the-most-vulnerable-operating-system-in-the-last-20-years/

Just in case, the link is a typical deliberate misinformation from MS marketing department ("get the facts", etc). The way the calculate the number of vulns is the following. They take all the packages available in standard debian distribution (which is tens of thousands), and sum all the vulnerabilities from all the packages, which is nonsense.

A "fair" comparison for windows would be to sum all the vulns from all the programs in the windows store. Or, better, don't use such bullshit metrics at all.

PS this comparison is kept reposted from year to year (with number updated, but essentially it's the same report). I first such reported showed up around 7-10 ago after somebody posted a research in that redhat was portrayed as much more secure OS (in terms of number of vulns) comparing to windows server (just in case, I don't say it was a fair comparison either). Then MS started campaign to recover their reputation, including many payed "analytics" that was showing how windows is secure and that total cost of ownership is cheaper comparing to linux.

[wraper]

Just in case, the link is a typical deliberate misinformation from MS marketing department ("get the facts", etc).

Just in case provide any proof this report has anything to do with Microsoft. Or methodology of how vulnerabilities were counted.

[Halcyon]

Either way, I run Linux so the risk is low.

Obviously the most important thing with any OS is not to do something daft, but don't let your OS choice give you a false sense of security.
https://www.linux.com/news/debian-linux-was-the-most-vulnerable-operating-system-in-the-last-20-years/

I think I'll be right ;-)

[CatalinaWOW]

I'm not sure how to compare security on Linux vs other operating systems.  In my world there are two types of people running Linux.  One group is IT professionals in extremely well controlled environments, often completely physically separated from the internet.  The other group is fairly motivated technical types.   Both groups are well aware of security risks and means to control them.  There just are very few Joe Schmoes running Linux.  When I suggest it to friends and relatives they nod, and then go back to their Windows or Mac systems.

The sizeable majority of Windows and Mac users are just clueless.  If there is a choice between convenience and security they will opt for security every time.  Administrative privileges?  Sure - all the time.
Automatic log in on boot?  Of course!  Use the rights management systems?  What are those?  Network access restrictions?  Naw, I don't want any barriers between me and what I want.

While there are some real security differences between the operating systems, the dominant difference is in the user base.  If Linux ever takes over as the dominant operating system on user desktops/devices you will see problems multiply in that world.

[james_s]

Don't forget to file a claim and get a refund when you get your fake capacity drives. The more people who actually do something about it the less profitable it is for these jokers to sell that stuff to the unsuspecting public.

[Red Squirrel]

Just buy some ridiculously high capacity at ridiculously low price. 100% guarantee to have fake capacity.

That's pretty much what I was thinking too.

Oddly enough if you "fail" and it happens to actually be legit, then it's still a win! 

Just found this one:

https://www.amazon.ca/1TB-USB-2-0-Flash-Drive/dp/B081N3MLKR/ref=sr_1_1

There is also a bunch of flash drives that are under a dollar if you just do a search for flash drive an dsort by price.  It's actually kinda odd.  Most are low capacity like 128MB, I don't know how they are profiting off that even if it is fakes.   I guess they profit off the shipping price as some want like $20 shipping.

[Red Squirrel]

Don't forget to file a claim and get a refund when you get your fake capacity drives. The more people who actually do something about it the less profitable it is for these jokers to sell that stuff to the unsuspecting public.

You know, that almost makes me want to do this for fun, just buy stuff that I suspect is fake like storage devices, batteries etc, test it, and if it is, report it.  Can you get your Amazon account banned if you do this too much?  Could perhaps make for some fun Youtube videos too especially if you're not obligated to return it as you could do a tear down to look at the flash chips etc.

[james_s]

I can't imagine how you'd get your amazon account banned for receiving fake goods, you're the victim not the perpetrator. If anyone other than the seller has any blame at all it's Amazon, listings like that ought to be flagged as suspicious automatically and investigated.

[CatalinaWOW]

I actually purchased a couple of the "2TB" drives as a lark.  So far can't say what the capacity is because they are incredibly slow.  But they do seem to hold at least 400 Gbyte.  I don't have the knowledge to identify what is inside to know if there is any chance the capacity is real so I am not going to do a teardown.  They will probably just go into the trash as a you get what you pay for lesson.  The case is actually nice enough I might put a worthwhile drive into it.

[wraper]

I actually purchased a couple of the "2TB" drives as a lark.  So far can't say what the capacity is because they are incredibly slow.  But they do seem to hold at least 400 Gbyte.  I don't have the knowledge to identify what is inside to know if there is any chance the capacity is real so I am not going to do a teardown.  They will probably just go into the trash as a you get what you pay for lesson.  The case is actually nice enough I might put a worthwhile drive into it.

Define "hold". You can write files there and all will appear fine. The problem is reading them back. They usually will even read but will contain a few GB of data which you wrote last.

[exe]

Just in case, the link is a typical deliberate misinformation from MS marketing department ("get the facts", etc).

Just in case provide any proof this report has anything to do with Microsoft.

Or methodology of how vulnerabilities were counted.

I read the original article, I might got it wrong, so my apologies. It's still leaves a lot of questions to me. Like, why they chose debian kernel, and not redhat or oracle? I believe because it was easier to make up numbers they wanted. And why they took all the history from 1999 (which was long ago and nothing to do with current state of the project)?

Here is my two cents how I'd do it. I wouldn't even compare two OS, I'd compare two deployments that do a similar thing (say, a file server or a webserver). All setups should be hardened, otherwise it simply doesn't make sense for production (containers, virtualization, etc). I'd also count only vulns that are relevant to me. This way it gives a much better idea of real security, not paper security based on vague metrics.

[wraper]

And why they took all the history from 1999 (which was long ago and nothing to do with current state of the project)?

To show how things changed over time? What improves and what becomes patched crap impossible to maintain?

Like, why they chose debian kernel

They compared multiple OS, including Red Hat and others. Debian just turned out to be the worst.