My wife recently bought me a new flash drive. Its a 32GB drive from Ebay which she also got engraved for me. Its a nice solid drive which will be great to carry around on my keys…but there was a problem.
I spent hours trying to build a LUKS encrypted partition. Everything seemed fine creating the partition and initally mounting and reading/writing to it but as soon as the drive was unmounted and then attempted remount my laptop constantly complained that the filesystem was corrupt. this happened countless times. In the end i called it quits and just left it as a normal ext4 partition.
After some googling i found an amazing tool called F3.
Basicly, F3 reads what the flash drive advertises its capacity as then tries to fill that capacity with 1GB files. once done, you run another utility which tried to read each file and displays whether it read correctly, was corrupt or overwritten. Sadly, it turned out my flash drive was a fake. Here is the process i went through for my flash drive.
Testing the fake drive
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[jon@localhost f3-5.0] $ sudo ./f3write /run/media/jon/UNTITLED
[sudo] password for jon:
Free space: 29.07 GB
Creating file 1.h2w ... OK!
Creating file 2.h2w ... OK!
Creating file 3.h2w ... OK!
Creating file 4.h2w ... OK!
Creating file 5.h2w ... OK!
Creating file 6.h2w ... OK!
Creating file 7.h2w ... OK!
Creating file 8.h2w ... OK!
Creating file 9.h2w ... OK!
Creating file 10.h2w ... OK!
Creating file 11.h2w ... OK!
Creating file 12.h2w ... OK!
Creating file 13.h2w ... OK!
Creating file 14.h2w ... OK!
Creating file 15.h2w ... OK!
Creating file 16.h2w ... OK!
Creating file 17.h2w ... OK!
Creating file 18.h2w ... OK!
Creating file 19.h2w ... OK!
Creating file 20.h2w ... OK!
Creating file 21.h2w ... OK!
Creating file 22.h2w ... OK!
Creating file 23.h2w ... OK!
Creating file 24.h2w ... OK!
Creating file 25.h2w ... OK!
Creating file 26.h2w ... OK!
Creating file 27.h2w ... OK!
Creating file 28.h2w ... OK!
Creating file 29.h2w ... OK!
Creating file 30.h2w ... OK!
Free space: 0.00 Byte
Average writing speed: 2.20 MB/s
So here you can see drive advertises 29.07 GB of free space. So F3 tries writing 30x1GB files to it. I should mention this is very slow process. It took over 3 hours for this part to complete. Once this was complete it was now time to read the files back to to see if all was ok.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[jon@localhost f3-5.0] $ sudo ./f3read /run/media/jon/UNTITLED
[sudo] password for jon:
SECTORS ok/corrupted/changed/overwritten
Validating file 1.h2w ... 2097152/ 0/ 0/ 0
Validating file 2.h2w ... 2097152/ 0/ 0/ 0
Validating file 3.h2w ... 2097152/ 0/ 0/ 0
Validating file 4.h2w ... 2097152/ 0/ 0/ 0
Validating file 5.h2w ... 2097152/ 0/ 0/ 0
Validating file 6.h2w ... 2097152/ 0/ 0/ 0
Validating file 7.h2w ... 2097152/ 0/ 0/ 0
Validating file 8.h2w ... 787652/ 1309500/ 0/ 0
Validating file 9.h2w ... 0/ 2097152/ 0/ 0
Validating file 10.h2w ... 0/ 2097152/ 0/ 0
Validating file 11.h2w ... 0/ 2097152/ 0/ 0
Validating file 12.h2w ... 0/ 2097152/ 0/ 0
Validating file 13.h2w ... 0/ 2097152/ 0/ 0
Validating file 14.h2w ... 0/ 2097152/ 0/ 0
Validating file 15.h2w ... 0/ 2097152/ 0/ 0
Validating file 16.h2w ... 0/ 2097152/ 0/ 0
Validating file 17.h2w ... 0/ 2097152/ 0/ 0
Validating file 18.h2w ... 0/ 2097152/ 0/ 0
Validating file 19.h2w ... 0/ 2097152/ 0/ 0
Validating file 20.h2w ... 0/ 2097152/ 0/ 0
Validating file 21.h2w ... 0/ 2097152/ 0/ 0
Validating file 22.h2w ... 0/ 2097152/ 0/ 0
Validating file 23.h2w ... 0/ 2097152/ 0/ 0
Validating file 24.h2w ... 0/ 2097152/ 0/ 0
Validating file 25.h2w ... 0/ 2097152/ 0/ 0
Validating file 26.h2w ... 0/ 2097152/ 0/ 0
Validating file 27.h2w ... 0/ 2097152/ 0/ 0
Validating file 28.h2w ... 0/ 2097152/ 0/ 0
Validating file 29.h2w ... 374076/ 1723076/ 0/ 0
Validating file 30.h2w ... 150176/ 0/ 0/ 0
Data OK: 7.63 GB (15991968 sectors)
Data LOST: 21.45 GB (44975616 sectors)
Corrupted: 21.45 GB (44975616 sectors)
Slightly changed: 0.00 Byte (0 sectors)
Overwritten: 0.00 Byte (0 sectors)
Average reading speed: 9.43 MB/s
[jon@localhost f3-5.0] $
This process takes between 30 minutes to an hour but obviously this depends on the size. Here you can see the first 7 files were absolutely fine. 1GB was written and 1GB was read. Then we get to file 8, this is where it all goes wrong, as you can see, the rest of the files are corrupt. Also interestingly, the last sectors are valid and ok. What this suggests to me is that the firmware fills the drive up to 7GB~ then dumps the rest of the data and then writes the last bytes of the files, seemingly to make people who check on that the end of the file was written aswell without noticing that middle section is completely missing. We can also see the actual size of the memory installed.
There are 2 other utilities you can build in f3 zip file, these are f3probe and f3fix. F3probe is a much much quicker way of testing your flashing drive. This is the output of f3probe on the same drive.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[jon@localhost f3-5.0] $ sudo ./f3probe --time-ops /dev/sdb
F3 probe 5.0
Copyright (C) 2010 Digirati Internet LTDA.
This is free software; see the source for copying conditions.
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
Please unplug and plug back the USB drive. Waiting... Thanks
CAUTION CAUTION CAUTION
No more resets are needed, so do not unplug the drive
Probe finished, recovering blocks... Done
Bad news: The device `/dev/sdb' is a counterfeit of type limbo
You can "fix" this device using the following command:
f3fix --last-sec=15530527 /dev/sdb
Device geometry:
*Real* size: 7.41 GB (1941316 blocks)
Announced size: 29.10 GB (7628800 blocks)
Module: 32.00 GB (2^35 Bytes)
Block size: 4.00 KB (2^12 Bytes)
Last good sector: 15530527
Probe time: 92.52 seconds
Probe read op: count=113, total time=4.48s, avg op time=39.66ms
Probe write op: count=72, total time=8.99s, avg op time=124.83ms
Probe reset op: count=8, total time=79.05s, avg op time=9881.70ms
It doesn’t matter how many times you have to plug and unplug the flash drive, just do it as many times as the software asks.
The output shows you everything you need to know about your drive, it gives you the announced size, actual size and also how to “fix” the drive. By fix, what actually happens is the software creates a partition up to the last know good sector then leaves the rest as non-formatted. This well at least let you use what you have unfortunately been given.