Author Topic: ML's Haunted House of Cards: Flash Fraud (germish/auto-translate)  (Read 2312 times)

Walter Schulz

  • Hero Member
  • *****
  • Posts: 6238
ML's Haunted House of Cards: Flash Fraud (germish/auto-translate)
« on: September 04, 2017, 09:22:06 PM »
EDIT: Well, you may have a laugh. Explanation follows: http://www.magiclantern.fm/forum/index.php?topic=20455
Do *not* reply here (WIP) -> PN

TOC

1 Introduction and Summary

2 Flash card Fraud

2.1 Card Speed Fraud

2.1.1 Benchmark (Windows)
2.1.2 Benchmark (OS X/MacOS)

2.1.3 Benchmark using Camera

2.2 Card Capacity (Size) Fraud

2.2.1 Detecting Capacity Fraud (Windows)
2.2.2 Detecting Capacity Fraud (OS X/macOS)
2.2.2.1 f3read/f3write
2.2.2.2 F3X

1) Introduction and Summary


ML places demands on the memory cards that were unpredictable for Canon and that go far beyond the bandwidth required by the manual. Unfortunately, counterfeit products are widespread in flash memories. These can lead to performance problems (premature interruption of the recording) and irreparable data loss.

This text explains what kind of counterfeits exist and how to detect counterfeit products.




2) Flash Card Fraud
More often than we would like to be, flash memories are affected by product counterfeiting. Estimates are based on figures of more than 20 percent. Even reputable dealers are not immune to these scams, as the course of business does not provide for checking tickets before they are sold. Therefore, we advise you to test the cards yourself after purchase.

There are 2 types of counterfeiting which can also occur together. The counterfeiting method is relatively well known to pretend a higher data transfer rate than expected by means of an incorrect label. This leads to an unplanned interruption of the recording when the data rate is exhausted (e. g. with RAW video). It is relatively unknown that there is another type of counterfeit, in which the computer is pretended to have a higher memory size. This case is not so obvious, but in case of an error it can lead to the irretrievable loss of data!


2.1 Card Speed Fraud
For the counterfeiters, it is lucrative to indicate a higher transfer rate on the label than actually exists, as cards with a higher data rate are considerably more expensive. For the user, there is no easy way of reliably detecting the writing and reading speed with operating equipment. For Windows and OS X/MacOS there are free add-ons for this purpose. The associated term is "benchmark".

Note:
For the purpose of testing whether the memory card you have purchased meets the specifications, I believe there are a few conditions:
An internal or external card reader that can also exploit the speed of the card. It's z. For example, there is no point in using a card reader connected to USB 2.0 if the transfer rate of the memory card exceeds the speed of USB 2.0. USB 2.0 is theoretically capable of transmitting 60 MByte/s. In practice, with luck you get values of 48 MByte (plus/minus x).

Special care is recommended for CF cards that conform to the "UDMA 7" standard. Card readers that do not master UDMA 7 can destroy these cards!

(On www.cameramemoryspeed.com you will find a selection of tested card readers.

The computer should not be under high load by other applications for this task. Open applications are not a problem in themselves, but if the processor is busy with other tasks, no reasonable benchmark results are to be expected.

Keep your eyes open. A slight deviation between benchmarks on different computers is normal.

2.1.1 Benchmark (Windows)
CrystalDiskMark "is a popular program.




For the maximum data rate, the test "Seq" (sequential reading and writing) is sufficient.

EDIT: Well, great! Who was convinced that all the snapshots necessary for the text were on this computer and not on the computer that is 1,124 km away from the crow flies?

So there is data for the stick...

2.1.2 Benchmark (OS X/MacOS)

A popular program is the "Blackmagic Disk Speed Test", available at the Apple Retail Store.

<Fensterbild BDST>

2.1.3 Benchmark using Camera

ML has its own benchmark program. It's a so-called Module (Bench. mo), which can be loaded via the "Modules" tab.



After restarting the machine, it is then ready for use in the "Debug" tab. For the card test, select Card Benchmarks -> Quick R/W benchmark (1 min).



<Snapshot Benchmark>

Notes:
Of course, ML must be installed on the card.
To determine the maximum possible transfer rate for the card under ML, I recommend the photo mode without additional activated modules.
Sufficient free space (> 2 GB) on the card. ML does not check whether the space required for the benchmark is available. If there is not enough free space, the Benchmark produces fantasy values!
I recommend to carry out this test even if the card reader test is in the green area. In very rare cases, there are compatibility problems between camera and card that lead to drastic performance degradation (independent of ML).
This test cannot achieve the maximum possible transfer rates for very fast cards that are possible with decent card readers! One of the reasons can be the bandwidth of the integrated card connection.

2.2 Card Capacity (Size) Fraud
With this scam, the card pretends to have a higher storage capacity than actually available. So instead of z. For example, with the actual 8 GB available, the card presents itself with 64 GB of storage space. The dangerous thing is that when writing over the real memory area, the card is *overwritten* from the beginning. This leads to irretrievably lost data!
The operating system of the computer and camera have no way to detect this fraud. You assume that the physical memory size information provided by the card is correct.
To detect the fraud, there are programs for Windows/OS X/MacOS that describe the card for testing and then determine whether the data was written correctly.

2.2.1 Detecting Capacity (Size) Fraud (Windows)
For Windows there is the program h2testw, which works with English and German user guidance.
In principle, the test works non-destructively. No existing data will be overwritten if no fraudulent card is available.

Please note that this test can take a long time! And the achievable read/write speed is about 2/3 of what benchmark programs use. Testing a 128 GB card takes about an hour with fast CF cards (1066x).

And the test data will not be deleted by the program, you have to do this yourself! The files with the name *. h2w are located on the top directory level (root) of the map.

2.2.2 Detecting Capacity (Size) Fraud (OS X/macOS)

The implementation for Apple computers was developed F3. F3 = FFF = Fight Flash Fraud = Fight Flash Fraud.
http://oss.digirati.com.br/f3/

In principle, the test works non-destructively. No existing data will be overwritten if no fraudulent card is available.
Please note that this test can take a long time! And the achievable read/write speed is about 2/3 of what benchmark programs use. Testing a 128 GB card takes about an hour with fast CF cards (1066x).

And the test data will not be deleted by the program, you have to do this yourself!
2.2.2.1 f3read/f3write
f3read and f3write are open source programs for the terminal (aka: command line, CLI).

Don't worry, but the programs are available in source code and must be compiled before use. Just go, if you have done it once, the instructions are available on the website. If you absolutely do not want to or cannot compile: -> 2.2.2.2.2 F3X

2.2.2.2 F3X
There is a program derived from f3read/f3write with a user interface called F3X and it is also available as an installable package.