[PLUG-TALK] Fake USB/SD drives
wes
plug at the-wes.com
Sat Jan 29 06:24:37 UTC 2022
On Fri, Jan 28, 2022 at 9:33 PM John Jason Jordan <johnxj at gmx.com> wrote:
>
> Worse, looking on Amazon I find 1TB microSD cards going for $25-30, all
> with strange brand names, sounding suspiciously Asian. Now, this
> bothers me. On eBay I am cautious. But Amazon?
>
>
any time there is a dollar to be made, plenty of shady characters will try
to find a way to grab it for themselves. funny story, one time when I
listed an item for sale on amazon, another seller contacted me to
_literally threaten me_ to stop trying to sell that item. amazon, of
course, does not care.
More to the point, I am curious how these fiends are doing this. Any
> ideas?
>
>
there are a few ways to go about this. the easy way, that everyone can do,
is to simply create a partition and filesystem on the device that reports
its size as 256gb or 512 or whatever value you want it to be. there is
nothing physically stopping this from happening. our usual tools have a few
protections in place to prevent users from doing this sort of thing
accidentally, but they also provide the option to specify the values
manually.
another way is to use something like an eeprom programmer to modify the
values directly on the hardware to report a bogus capacity. something like
this: amazon.com/dp/B00LO9MMKW/
one does not even need to desolder the chips any more, they have tools that
help you position the contacts of the programmer on the pins of the chip
you're working with. all you have to do is crack open the usb key, set the
programmer on it, click run, and pop the cover back on the key. then, of
course, ship it to your house.
the long and the short of it is that you have to be just as careful no
matter which marketplace you're on. the one nice thing about amazon is that
you don't have to complain loudly to get a refund.... just complain at all.
-wes
More information about the PLUG-talk
mailing list