Мастера, бля

Nov. 19th, 2008 10:55 am
ymarkov: (Default)
[personal profile] ymarkov
Back in 2005 some hacker has figured out how to trick Windows into misreporting total capacity of a flash drive. I only found out about that recently; so when I saw a cheap 8 GB drive on Ebay, I decided to check this out.

These pictures were included in the listing:


I bought it for $7.50 (free shipping) from cckstore78, a Power Seller supposedly in Rochester, New Hampshire.

First off, the 4 kb of used space was occupied by a hidden Autorun.inf - probably a virus loader. Autorun is disabled on my PC, so that's OK. I re-formatted the drive and tested it with Bart's Stuff Test. Sure enough, the drive topped out at 4 GB. (Write speed was 3.2 MB/sec.) Some drives I've read about were sold as 2 GB but were 128 MB...

So how do they do it? And what can I do beside leaving negative feedback? (I actually left neutral, because the price was OK for 4 GB.)
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2008-11-19 04:38 pm (UTC)
From: [identity profile] dlevey.livejournal.com
I'd not only leave negative feedback, but contact eBay. Regardless of the price, the user was committing fraud, and possibly computer sabotage. It would have been useful to examine the drive (before formatting) under something like Linux, which would enable you to look at the contents of that inf file, the partition table, and the like.

You should probably have a Linux LiveCD hanging around anyway, if only as a forensics tool. Knoppix is the one of the standards; Ubuntu and Fedora also both have LiveCD versions of their distribution. I've got a whole bunch of different ones, some with specialised tools, but any of the stock ones should work for you.

Your PC wasn't running Vista, was it? I've seen some... odd... things happening when attaching USB drives to a Vista machine.

Date: 2008-11-19 04:57 pm (UTC)
From: [identity profile] ymarkov.livejournal.com
Maybe I will contact Ebay, yes.

I do have a couple of boot CDs around, which include Linux boots. And I'm not running Vista, not for as long as I can avoid it.

Date: 2008-11-20 10:57 pm (UTC)
From: [identity profile] ymarkov.livejournal.com
No, it's a hack. My PC showed the same information. They can trick the file system somehow.

Date: 2008-11-23 07:39 pm (UTC)
From: [identity profile] bringing-peace.livejournal.com
HOW???? do they do it?
and how do you fight this? Does formatting help?
how did you find out that it's smaller if your PC shows the same info?
Does formatting the drive help?

Date: 2008-11-24 02:30 pm (UTC)
From: [identity profile] ymarkov.livejournal.com
I don't know how this is done, but would like to find out. Formatting does NOT restore the actual size. I tested it with Bart's Stuff Test, and it was able to write 4 GB of data before running out of room. Actual usable size may actually be less; yesterday I copied 4 GB worth of test files onto it, and after I copied them back to the HD, some were corrupted. It's an interesting project :-)

Date: 2008-11-24 05:53 pm (UTC)
From: [identity profile] bringing-peace.livejournal.com
Pls, let us know how it's going.
May be another 8GB are corrupted?

Date: 2008-11-24 05:56 pm (UTC)
From: [identity profile] bringing-peace.livejournal.com
* other 4 GB
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

ymarkov: (Default)
Yisroel Markov

January 2026

S M T W T F S
    123
45678910
1112 13 14151617
181920 21222324
25262728293031

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 23rd, 2026 04:33 am
Powered by Dreamwidth Studios