
Chinese Infinite Magical Hard-Drive - jitbit
http://blog.jitbit.com/2011/04/chinese-magic-drive.html
======
aik
Here's my sad Chinese sd card experience. The state of things there depresses
me:

When I was in Beijing I went to a regular store to buy an SD card for my
camera. I asked them to let me try the cards in my camera before purchasing,
so I did that. As I put a card in, all looked well, however when I proceeded
to format the card, the issues arose. Regardless of the size of the card, 2,
4, or 8gb, the card would then instead read as 128mb. I mentioned this fact to
them and they said sorry and let me try a new card. About 4 cards later the
owner was nearly in tears and I was very frustrated. At that point the owner
went to the back stockroom and gave me yet another card. This time it
formatted fine and I purchased that one.

It was such a sad experience. I felt very embarrassed and sorry for this
owner. I don't know if the owner knew that they were scamming people, or if
they were just being scammed themselves.

~~~
benguild
That's really sad. Yet, it's probably mostly because all of the other stores
are doing it and he/she can't compete without also selling the fake products.
With no consumer protection or standards, this is what happens.

~~~
bioh42_2
_With no consumer protection or standards, this is what happens._

Not always, some times a wild market eventually results in some of the
strictest standards which also happen to be self enforced.

I say sometimes but some economists believe, in the long term, this will
always happen. I think reality is a bit more complicated, and in the very long
term we're all dead. So for the duration of any one human life time, amazing
self enforced standards sometimes arise form chaos. Those send to be far
superior to anything government can do. But government is often quicker to
come up with enforced standards.

~~~
Florin_Andrei
> some times a wild market eventually results in some of the strictest
> standards which also happen to be self enforced.

I've seen that in works of fiction, where it seems to function pretty well.

I have yet to come up with any real-life example that stands up to scrutiny.

~~~
potatolicious
When I was growing up in Taiwan, there was a private consumer-protection
agency that actually seemed to work. It all came about after a rash of food
poisonings, and a private organization came up with a certification stamp, and
_somehow_ (I'm not sure how) convinced most consumers to look for and demand
the stamp on packages.

All in all, not at all unlike how government protection agencies work, but in
this case entirely private and independent. The neat part is that, IIRC, their
safety standards were mostly stricter than the US.

Probably the exception to the rule though.

~~~
zumbojo
I believe Underwriters Laboratories and the Insurance Institute for Highway
Safety would be US examples of similar private agencies.

~~~
colanderman
Funny, I haven't thought about UL since I was a kid. Do many consumers look
for a UL stamp, or is it used more for legal defense if the device actually
does malfunction?

The American Dental Association is another example. I _do_ look for ADA-
approved toothpastes.

~~~
zumbojo
I believe it ends up getting enforced at the retailer level; most major chains
will refuse to purchase Christmas lights that are not UL listed, so you can be
reasonably sure that the cheaply manufactured lights you purchase at Walmart
don't burn your house down. They also seem to be providing education [1] and
revising their standards [2] to discourage particularly ill-advised appliances
such as electric turkey fryers.

[1]:
[http://www.ul.com/global/eng/pages/offerings/perspectives/co...](http://www.ul.com/global/eng/pages/offerings/perspectives/consumer/productsafety/turkeys/)
[2]: <http://ulstandardsinfonet.ul.com/scopes/1083.html>

------
elliottcarlson
While I know these fake drives exist - wouldn't running the last 5 minutes of
a video file utterly fail as it wouldn't have any of the header/codec/video
envelope data since that's at the beginning? Have a feeling the story is more
anecdotal than anything...

~~~
DarkShikari
Depends...

AVI: Index is at the end, so it might play fine in a tolerant enough player.

MPEG-TS: Headerless. Will play fine in any player.

MP4/MOV: Index is sometimes at the end; if so, it might play fine in a
tolerant enough player.

MKV: Has a header and index, usually at the start. Probably won't play.

Ogg: Has a header, but is indexless; might play fine in a tolerant enough
player. Probably not though, as both Vorbis and Theora (the only things Ogg
supports that are ever used) both rely on custom Huffman tables in the
headers.

~~~
elliottcarlson
Good to know - haven't kept up to date with the envelopes of current formats
as it's been a long time since I have dealt with the nitty gritty of video
formats. I believe WMV for example would fail.

------
pmjordan
A couple of years ago, some USB sticks with a similar "flaw" made it onto the
European market. The capacity difference wasn't quite as drastic as this
example, which almost makes matters worse: you have to fill it with e.g. 1GB
of data and read it back before you notice anything.

 _My friend said they're still trying to figure out how did the Chinese do
that. Because the drive reports "correct" file sizes and disk-capacity. And
the "overwriting" doe not touch the other files present on the drive._

I suspect they treat the first N megabytes correctly to preserve file system
data structures. For anything above that (the remaining "capacity"), they just
let it loop by cutting off the top bits of the offset.

~~~
beilabs
In 2005 a friend brought me a USB thumbdrive he had just bought for a few
hundred RMB. It had apparently 10GB on it.

He couldn't figure out why his files were not opening after saving them to the
drive. The entire space on the drive was about 100MB but as with this article
reported 10GB.

As always, China is great at faking stuff....I loved the line from Kung fu
panda, I've only seen paintings of that painting....

~~~
dcx
I bought one of these in Shanghai last year! Sadly I only realised it was
acting strange when I got back from vacation (It had a perfect plastic casing,
labels, little paper manual; we even tested it in store!). From my googling at
the time, what they did was something like take a standard 128mb stick and
flash it with some interesting firmware - there's even a utility out there
which can help you figure out how big your flash drive _really_ is.

For the price of the drive I thought it was a good business lesson. It implies
the existence of an entire supply chain - crooked engineers/programmers,
distributers, retailers, and maybe even government, manufacturers, building
managers, etc. All to satisfy the market's "need" for the product to appear to
work for longer than someone's visit lasts. An interesting/scary demonstration
of total free-market capitalism.

~~~
roel_v
"Look there's a guy selling heroin over there! An interesting/scary
demonstration of total free-market capitalism!"

/rollseyes

~~~
raganwald
I don't get your sarcasm. Selling heroin is a very good example of how
unfettered free market capitalism leads to circumstances where people sell
things that are harmful to their customers. Likewise tobacco. Likewise unsafe
cars, Baby clothes made out of plastic that sticks to the skin when exposed to
flame, and many other things that we have deemed enough of a harm to society
that we attempt to fetter at least part of the free market.

So yes, obviously, heroin is a good example of places where we have decided
that the free market is a bit too free. This is another example of a place
where the free market might be a bit too free. Is there anything wrong with
that?

~~~
joe_the_user
And oddly enough,

 _Recreational_ drugs are a place where I'd say attempts at regulation have
extremely counter-productive. IE, look at the massive drug war in Mexico.

That could you buy tobacco/heroin/alcohol if you wanted it is the worst
argument against a pure libertarian society.

The better argument against a pure libertarian society is that you might find
heroin in your soup and your cough medicine even if you didn't want it.

~~~
raganwald
Sorry, I am not going to be dragged into an argument about recreational drug
use in a thread about bogus USB drives. Nor am I going to argue the truth of
an argument about bogus USB drives being a necessary side effect of this
wonderful free market capitalism the US claims to enjoy.

What I claim is that making arguments about free market capitalism in light of
behaviour around selling bogus USB drives is reasonable enough that it
contributes positively to HN, and that while you or anyone else might
disagree, such an argument does not deserve scorn.

------
millerc
IIRC from my time playing with Norton Utilities back when it was a real hacker
tool, you only need to format the disk as usual then hand-modify the disk size
in the MSDOS (2nd, logical drive's) boot sector. The FAT will contain all the
entries needed for keeping parts of the file in correct order, and Windows
will happily report the drive size from that field. Assuming the flash drive's
firmware/circuit doesn't report errors but rather uses the low bits to address
the sectors (laziest way to build a flash controller), explains how "only the
last part of the file" gets preserved (i.e. not overwritten).

For the FAT to stay non-corrupt I would assume that Windows writes a full copy
from its cache right after writing the file, that would not be an unreasonable
assumption.

All in all: extremely easy to reproduce, no special controller needed.
Probably just a guy that realized how Windows behaves after changing a couple
bytes on the disk, and another that said "hey, we can make money off that!"

~~~
derobert
The FAT is many sectors long, I'm not sure why Windows would re-write the
entire thing.

Now, OTOH, you could just mark the areas the FAT uses, and all their aliases
as in-use in the bitmap, that'd prevent them from being overwritten (but
chkdisk would notice). You could additionally put a file on all those sectors,
then chkdisk would pass, but you'd show a fairly large amount used (for your
large file).

------
ck2
This is an old trick. Ebay is flooded with 16gb and 32gb flash sticks, SD,
microSD chips that are only a few gb in reality. Complaints and warnings in
the feedback forum go back for years.

They seem to format correctly but you have to copy that much in content to
prove it's real.

Stick to newegg, etc. for that kind of purchase.

------
makeramen
Anyone have experience writing or know the source of the software (firmware)
that does this? If not just for the hax, it would make an epic April fools
joke.

~~~
Murkin
If you have a device running linux with a usb device controller, you can
easily create such a fake.

Linux has an implementation for a 'disk-on-key' (mass storage device).
/usr/src/linux- __*/kernel/drivers/usb/gadget/f_mass_storage.c

The sample can use both memory and a file as storage. You can easily make it
fake the size and rotate around, skipping the first.. 64K or so (forgot the
exact number) to prevent your FAT16 from spoiling.

Had my <http://www.gumstix.com/> doing that for a while..not intentionally.
(PS. I don't recommend that board !)

------
qjz
I love the extra hardware glued inside to give it some weight. Nice attention
to detail!

~~~
patrickyeon
I wish more legitimate gadgets had that. I've taken to gluing some junk into
new remotes, mice, etc. so that it doesn't feel like I'm using a toy.

~~~
tesseract
A couple of years ago I opened up a basic "Trimline" style corded phone, and
found that there was a decent sized chunk of cast iron in the base to weigh it
down.

------
mberning
I love the inclusion of the two end nuts. How do you know if something is
expensive and built well? It feels heavy/and or dense. You definitely get that
feeling when you pick up something like an iPad or a good digital SLR.

~~~
scotty79
After using Samsung Galaxy S for few months and recently playing with my
friends iPhone I was under impression that I'm holding a brick. I also played
with iPad 2 at the store recently and concluded that I really don't have
strong enough writsts to own it.

------
dvfer
I have seen a USB flash drive with only a USB connector on it... inside is
empty, and yes, I'm Chinese. I don't know I should laugh or not.

------
afterburner
Lots of fake 32GB microSDs are also on the eBay market, and function in a
similar fashion. I've bought a fake hard drive, I know a few others who have
bought hard drives or microSDs... someone musta written a how-to! They're
getting tricky with pulling eBay/PayPal accounts and setting up Dutch auctions
to throw wrenches in the system to slow it down before the money transfers are
reversed/released.

------
alizaki
When I was still in college a few years ago, I fell for this on a trip to
Guangzhou. I believe those were supposedly 8GB flash drives with 32MB of real
memory, selling for less than 5 bucks each. Being the immaculate hustler I am,
I bought a sackful of those to haul back home to sell, only to learn that if
it's too good to be true...

------
folkster
At Least you get a WORKING hard drive check this
<http://www.walyou.com/img/fake-usb-flash-drive.jpg>

~~~
Splines
Evolutionary pressure. Tourists now know about the fake USB drive problem, and
test-drive hardware in the store. This sort of fakery is much harder to
detect, and unless there are _easy_ tools to detect wrongly-sized USB drives,
these are going to be the dominant type of forgeries.

Knowing nothing about how USB drive hardware/firmware works, I'm guessing
we'll see mainstream Windows software for detecting real drive sizes soon (if
not already), and then it'll be a back-and-forth between the two sides.

Ultimately (I hope), the costs of the forgeries and the time needed to verify
drive size is going to even out, and you can be assured that even though
you're buying a knock-off, it'll very likely have a certain amount of space on
it and a certain minimum life span.

------
joejohnson
The best part about the article was the really racist comments at the bottom.
People don't like Chinese business practices, I guess.

------
VladRussian
>he had bought in a Chinese store across the river, for an insanely low price.

and who would say after that that there is no venture investors in Russia? The
guy took the risk and it just didn't pan out. :)

------
dfranke
Something about this story doesn't seem to add up. An SSD's firmware presents
the raw flash to the OS as a block device. The filesystem is at a higher level
of abstraction, above that block device. If the device is handling data that
doesn't fit by wrapping back around to the beginning of the file, how is it
figuring out where that file begins when all it sees is a bunch AHCI requests?

~~~
Dylan16807
It wraps it around to the beginning of the data area past a reserved MFT zone.
It doesn't do it per-file unless it's both very clever and dependent on a
certain file system.

~~~
dfranke
Thanks, that makes more sense.

------
hardy263
Not as extreme, but when I bought my 1.5 terabyte hard drive, I thought that I
would be seeing 1.5TB when viewing its properties. I saw 1.36TB instead. So
where did the other 0.14TB go? I thought I got scammed.

Then I looked at the number of bytes on the hard drive, and it listed as
exactly 1,500,299,264,000 bytes, and I realized that computers and
manufacturers use different metrics.

------
yason
It's just like spam: it's not the one who asks but he who pays...

It's not about the Chinese magically managing to screw everyone: it's about
enough people buying these fakes and _not coming back_ with an angry look on
their face and a pickaxe in their hands. That's what keeps this scheme
profitable.

------
ginkgo
How could a program work that can detect such scam-drives? As long as we don't
care about crashing the formatting, at least.

It could work by writing a specific pattern in the first few bytes of the
device and then reading/writing in 2^n steps to check if the pattern cycles.

I think I have some counterfeit thumb-drives lying around. Maybe I will try
writing something like that..

~~~
jerf
Select a random number known only to you(r program). Seed your generator with
it. Start randomly selecting sectors to write to (directly as a block device),
writing a psuedorandom sequence based on your first number and the block
identifier. Store a set of what sectors you've written to. (You can bundle
them into arbitrarily-large contiguous chunks if this gets too large.) As you
write, periodically randomly select a sector you already wrote to and verify
that when read it returns the same psuedorandom sequence. I don't just read
them back in order to prevent the "save the first few chunks" attack. This
will slow down detection a bit, but if I'm working my intuition math correctly
it doesn't actually slow it down very much, at the gain of making it
impossible for a hostile firmware to know which sectors you're going to ask
for.

Using this approach, you can write arbitrarily large of data to a drive with
very minimal storage requirements on your end (well within even modern-day
embedded RAM availability), while still being able to demand any sector back
at any moment and verifying it is correct. Theoretically your psuedorandom
number generator ought to by cryptographically secure, and given that you're
probably IO bound here and they aren't hard to come by, there's probably no
reason to use anything less.

I'm pretty sure the only effective defense against that is to actually store
all the data. If you issue a predictable read pattern, you open an attack. If
linearly-sampling your previously written blocks turns out to be undesirable
you could tweak the sampling distribution, but I bet you wouldn't get much
improvement.

Also, come to think of it, if the drive is honest this could be done non-
destructively (assuming the undo process is allowed to run to completion) by
reading the sector and XOR'ing it, so you could then undo it by a second XOR
operation. Further cleverness could even make this reasonably safe to half-
complete the undo, then finish later, if you work at it.

~~~
ake111
It's really much simpler than that:

    
    
      cd
      head --bytes=your_card_size /dev/random > tmp
      sha1sum tmp
      cp tmp /media/your_card
      sha1sum /media/your_card/tmp

~~~
JonnieCache
Never considered using head to get a bytestream from /dev/random. I've always
used dd. Thanks for the tip!

------
jcromartie
What if (this sort of) Chinese electronics designers spent their (obviously
impressive) technical skills on _not_ ripping people off?

~~~
GrandMasterBirt
I don't think that's a viable strategy for people who rip people off.

Also I'm sure this was a day's worth of work for one dude, and super cheap
production. You can't build real hardware on those terms.

------
aashpak1
so whats the most efficient way to detect such 'infinite' storage drives
programmatically ?! :)

------
hammock
This just made my day. Thank you.

------
killerdark
"He works at a hard-drive repair center". Ah? A hard-drive repair center yes?
What do they do there? Take the drives apart, polish the platters and bolt
them back together? Must be a Russian thing no?

~~~
ars
The actual hard drive is inside the enclosure (assuming it was real). It's
totally normal to open the enclosure to look at the drive inside.

Sometimes the enclosure (SATA to USB converter) fails, while the drive is
fine.

~~~
killerdark
That is correct. However, to the best of my knowledge this activity does not
take place in a "hard-drive repair center". In fact, there's no such thing as
a "hard-drive repair center", with the exception perhaps of an RMA department
of a hard drive manufacturing company. That gave me the impression that the
story was either made up or badly translated.

