Why Are Micro Center Flash Drives So Slow?

March 26, 2025 by Maya Posch 45 Comments

Every year, USB flash drives get cheaper and hold more data. Unfortunately, they don’t always get faster. The reality is, many USB 3.0 flash drives aren’t noticeably faster than their USB 2.0 cousins, as [Chase Fournier] found with the ultra-cheap specimens purchased over at his local Micro Center store.

Although these all have USB 3.0 interfaces, they transfer at less than 30 MB/s, but why exactly? After popping open a few of these drives the answer appears to be that they use the old-style Phison controller (PS2251-09-V) and NAND flash packages that you’d expect to find in a USB 2.0 drive.

Across the 32, 64, and 256 GB variants the same Phison controller is used, but the PCB has provisions for both twin TSOP packages or one BGA package. The latter package turned out to be identical to those found in the iPhone 8. Also interesting was that the two 256 GB drives [Chase] bought had different Phison chips, as in one being BGA and the other QFP. Meanwhile some flash drives use eMMC chips, which are significantly faster, as demonstrated in the video.

It would seem that you really do get what you pay for, with $3 “USB 3.0” flash drives providing the advertised storage, but you really need to budget in the extra time that you’ll be waiting for transfers.

Continue reading “Why Are Micro Center Flash Drives So Slow?” →

Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds

November 25, 2023 by Dan Maloney 49 Comments

How hard can it be to kill a flash drive? Judging by the look of defeat on [Walker]’s face in the video below, pretty darn hard.

To bring you up to speed, and to give the “Mission: Impossible” reference in the title some context, it might be a good idea to look over our earlier coverage of [Walker]’s Ovrdrive project. It started way back in 2022 with the idea that some people might benefit from a flash drive that could rapidly and covertly render the data stored on it, err, “forensically unavailable.” This would require more than just erasing the data, of course, so [Walker] began looking at ways to physically kill a memory chip. First up was a voltage doubler to apply voltage much greater than the absolute maximum rating of 4.6 V for any pin on the chip. That corrupted some files on the flash chip, enough of a win to proceed to a prototype that actually succeeded in releasing the Magic Smoke.

But sadly, that puff of smoke ended up being a fluke. [Walker] couldn’t repeat the result, at least not with the reliability required by people for whom data privacy is literally a life-or-death matter. To increase the odds of a kill, he came up with an H-bridge circuit to reverse the polarity of the memory chip’s supply. Surely that would kill the chip, and from the thermal camera images, it sure looked promising. But apparently, even 167°C isn’t enough to forensically disable the chip, which kind of makes sense from the point of view of reflow survivability.

What’s next for [Walker]? He says he’s going to team up his overvoltage and reverse-polarity methods for one last shot, but after that, he’s about out of reasonable options. Sure, a thermite charge or a vial of superacid would do the trick, but neither is terribly covert. If you’re going to go that way, you might as well just buy a standard flash drive and throw it in the microwave or a blender. And we need to remember that this may be something the drive’s owner needs to do with jack-booted thugs kicking in the door, or possibly at gunpoint. It wouldn’t do to be too conspicuous under such circumstances. That’s why we like the “rapid power cycling” method of triggering the drive’s self-destruct sequence; it could easily be disguised as shaking hands in a stressful situation.

Who knew that memory chips were this robust? Kudos to [Walker] for getting the project as far as he did, and we’re still rooting for him to make it work somehow.

Continue reading “Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds” →

This Week In Security:Camaro Dragon, RowPress, And RepoJacking

June 30, 2023 by Jonathan Bennett 4 Comments

Malicious flash drives have come a long ways since the old days of autorun infections. It’s not an accident that Microsoft has tightened down the attack surface available of removable media. So how exactly did a malicious flash drive lead to the compromise of a European hospital? Some sophisticated firmware on the drive? A mysterious zero day? Nope, just hidden files, and an executable using the drive name and icon. Some attacker discovered that a user trying to access a flash drive, only to be presented with what looks like the same flash drive icon, will naturally try to access it again, running an .exe in the process.

That executable runs a signed Symantec binary, included on the drive, and sideloads an OCX that hijacks the process. From there, the computer is infected, as well as any other flash drives in the machine. Part of the obfuscation technique is an odd chain of executables, executed recursively for a hundred copies. Naturally once the infection has rooted itself in a given machine, it takes commands from a C&C server, and sends certain files out to its waiting overlords. Checkpoint Research has attributed this campaign to Camaro Dragon, a name straight from the 80s that refers to a Chinese actor with an emphasis on espionage. Continue reading “This Week In Security:Camaro Dragon, RowPress, And RepoJacking” →

Updated OSHW Flash Drive Keeps Data Safe, Fingers Dry

June 14, 2023 by Tom Nardi 27 Comments

For almost a year now, we’ve been following the progress [Walker] has been making with Ovrdrive — a completely open source USB flash drive that features the ability to destroy itself should it fall into the wrong hands. It’s an interesting enough project on those merits alone, but what really made this idea stand out was that the user was expected to lick their fingers before handling the drive as a form of covert authentication.

Well, we’ve got some good news and some bad news. The good news is that [Walker] is just about ready to release the Ovrdrive officially on Crowd Supply. But it’s with a heavy heart that we must report that the device’s cutting edge spit-detection capabilities have been removed. Now if you want to preserve the drive’s files, you need to rapidly insert and remove the drive several times rather than just plugging it in.

In all seriousness, this new approach makes a lot more sense. As entertaining as it might have been, the whole idea of a device that could detect moisture on the user’s fingers was fraught with problems. It was a bit more of a meme than a real solution, and if we’re being honest, kind of disgusting. This new approach sounds far more reliable, especially when combined with the new “Lite” self-destruct mode.

While the original capability of literally frying the flash chip by way of several capacitors and a voltage doubler is still here, there’s also a non-destructive approach that’s enabled by default. Unless you open up the drive and desolder the jumper pad on the PCB, the onboard ATtiny24A will simply use the enable pin on the flash chip to make it appear empty. This means that you’ve got to really want to cook your flash chip on the first hint of funny business.

Ultimately, whether it’s self-destructing or not, we just really like the idea of a hacker-developed open source hardware USB flash drive. Admittedly it would be a lot cheaper and more practical to just buy one like a normal person, but we strongly believe that if there’s a way for the community to build a OSHW version of something, they should at least give it a shot.

Continue reading “Updated OSHW Flash Drive Keeps Data Safe, Fingers Dry” →

Self-Destructing USB Drive Releases The Magic Smoke

March 1, 2023 by Tom Nardi 52 Comments

There were some that doubted the day would ever come, but we’re happy to report that the ambitious self-destructing USB drive that security researcher [Walker] has been working on for the last 6+ months has finally stopped working. Which in this case, is a good thing.

Readers may recall that the goal of the Ovrdrive project was to create a standard-looking flash drive that didn’t just hide or erase its contents when accessed by an unauthorized user, but actively damaged itself to try and prevent any forensic recovery of the data in question. To achieve this, [Walker] built a voltage doubler circuit into the drive that produces 10 volts from the nominal 5 VDC coming from the USB port. At the command of an onboard microcontroller, that 10 V is connected to the circuit’s 3.3 V rail to set off the fireworks.

Early attempts only corrupted some of the data, so [Walker] added some more capacitance to the circuit to build up more of a charge. With the revised circuit the USB controller IC visibly popped, but even after it was replaced, the NAND flash was still unresponsive. Sounds pretty dead to us.

Unfortunately, there’s still at least one issue that’s holding back the design. As we mentioned previously, [Walker] was having trouble getting the computer to actually acknowledge his homebrew drive had any free space available. It turns out that the SM3257EN USB controller IC he’s using needs to be initialized by some poorly documented Windows XP software, which might not be such a big deal if the goal was just to build one of them, but could obviously be a hindrance when going into production.

He hopes further reverse engineering will allow him to determine which commands the XP software is giving to the IC so that he can duplicate them in a less ancient environment. Sounds like a job for Wireshark to us — with any luck he should be able to capture the commands being sent to the hardware and replay them.

While we can understand some readers may have lingering doubts about the drive’s spit-detection authentication system, it’s clear [Walker] has made some incredible progress here. This project demonstrates that not only can an individual spin up their own sold state storage, but that should they ever need to, they can also destroy it in an instant.

The Spit-Detecting USB Flash Drive Is Nearly Here

December 25, 2022 by Tom Nardi 17 Comments

Regular readers may recall that security researcher and general open source hardware fanatic [Walker] has been planning a rather unusual flash drive for some time — one that will only show its contents if the user makes sure to lick their fingers before plugging it in. We’re pleased to report that theory has recently given way to real hardware, and the Ovrdrive “self-destructing” flash drive is now a step closer to reality.

The last time we checked in with [Walker], he hadn’t yet put any hardware together, though he was fairly sure what components he would need and how it would all go together. This was assisted somewhat by the fact that USB flash drives are such a ubiquitous piece of tech, making their principle parts plentiful and fairly well documented. As explained in the video below, all you really need to spin up your own flash drive is the USB connector, the controller chip, and a nice slab of flash memory for it to access. Though naturally you’re on your own for spit detection.

The build video has some gorgeous camera work.

What we especially like about this project is that [Walker] is releasing the whole thing as open source hardware. So even if you’re not interested in the whole lick-for-access feature, you’ve still got a boilerplate flash drive design to build on. We haven’t seen a lot of DIY projects tackle USB Mass Storage previously, and perhaps this design can change that.

But of course, only if the thing works. According to the video after the break, [Walker] seems to have hit a snag with this revision of the hardware. While it enumerates as a storage device when plugged into the computer, the operating system claims its capacity is zero. He thinks there might be a swapped trace between the controller and flash chip to blame, so hopefully he can get things sorted out before too long. We’ve been covering this project since the summer, and are eager to see it cross the finish line.

Continue reading “The Spit-Detecting USB Flash Drive Is Nearly Here” →

So How Do You Make A Self-Destructing Flash Drive?

September 26, 2022 by Tom Nardi 57 Comments

A self-destructing storage device that vaporizes its contents at the first sign of trouble would be an invaluable tool for many people, but good luck getting your hands on such a thing if you don’t work for a three-letter agency. Or at least, that’s what we would have said before [Walker] got on the case. He’s working on an open source self-destructing USB flash drive for journalists, security researchers, whistleblowers, or anyone else who really values their privacy.

When we previously covered this project in July, [Walker] had only planned to make the flash drive hide its contents unless you knew to wet your fingers before plugging it in. We admit it sounds a little weird, but as far as clandestine methods of activating something goes, it’s pretty clever. But based on the feedback he received, he decided to go all-in and make the USB drive literally trash itself should it be accessed by somebody who doesn’t know the secret.

An elegant weapon for a more civilized age.

But how exactly do you pull that off? Sure we’d love to see a small thermite charge or vial of acid packed in there, but obviously that’s not very practical. It needs to be safe to carry around, and just as importantly, unlikely to get you into even more trouble with whoever is searching through your belongings. To that end, [Walker] thinks he’s come up with an elegant solution.

The datasheet for his flash memory chip says the maximum voltage it can handle before releasing the Magic Smoke is a meager 4.6 V. So he figures running a voltage doubler on the nominal 5 V coming from a USB port should disable the chip nicely with a minimum of external drama. Will it be enough to prevent the data from being recovered forensically? We don’t know, but we’re eager to find out.

In the write-up, [Walker] takes readers through the circuit designs he’s come up so far, and shows off the source code that will run on the ATtiny25 to determine when it’s time to toast the flash. He says by the next post he should have the entire flash drive built and documented, so stay tuned.