Operation Thumbo

...An attempt to rid the scourge of fake/counterfeit/hacked USB thumb/flash drives.

Thumbo.exe - Non-destructive Windows Test

To detect fake thumb drives, most people use h2testw. The two drawbacks are that [1] it takes a lot of time to run, and [2] it is destructive (altering the data on the thumb drive).

Advantages of Thumbo.exe

Thumbo.exe was written with read-only access, to ensure that it is non-destructive. It does nothing to alter the data on the drive (e.g. there should not even be any changes to the FAT or master boot record).

The other advantage is that it is usually very fast, taking under a minute to complete.

Where to Download

You can download (and run) Thumbo v0.90 here.

How to Run Thumbo.exe

You can instruct your web browser to run the program (or run it directly from whereever the file was saved).

When you start the program, a window will appear, and it will wait for you to put in the USB thumb drive (if it is already inserted, just remove it and re-insert it). The test will run automatically.

You can also run Thumbo.exe from a command prompt (DOS prompt), typing "thumbo /?" for help.

Results

The program displays some basic information, and has a display that looks something like this:

GOOD DRIVE, half full:
0000GB<4444144444444444245!5111154444444545444444444554414544434544442
0008GB444 2445455544454533333323333333554!!!!!!!!!!!!!!!!!2?3232332333
0016GB33332323322233333332332332333333323333333333333333322323!!!!!!!!
0024GB!!!!!!!!!                     44445444445?2143414443144414344444
0032GB4444144444344444444444144444444444444433333333454455542544545453
0040GB41444555                      ?                                 
0048GB                                                                
0056GB                  ----------------------------------------------

The drive shown here is a good drive (it is mostly green with sporadic red), with the only potential warning sign being the exclamation marks (which indicates that Thumbo read all zeroes where Windows reports there should be data). In this case, it was due to some blank files that were saved.

BAD DRIVE:
0000GB 4544444545554454445454555444545445544554444554544545554544544  
0016GB                                                                
0032GB                                                                
0048GB                                                                
0064GB                                                                
0080GB                                                                
0096GB                                                                
0112GB                                                    ------------

The drive shown here is a fake thumb drive, which reports 128GB but is really just 16GB. The green section is the real 16GB (the 4's and 5's mean that there is data there, which appears to be random data). Note that every square that is red is blank, indicating that the drive returned all zeroes.

Legend:
=======
'-' -    Untested, beyond end of drive
'<' -    Before beginning of tested area
'>' -    After end of tested area
' ' -    Area to be tested
'°' -    First pass complete
'±' -    Second pass complete
'²' -    Final pass complete
0-9 -    Represents data. 0 means blank (all 0x00's).
!   -    Blank sector, but Windows reports it as part of a file

Green:   Tests as a GOOD SECTION
RED:     Tests as a likely BAD SECTION
YELLOW:  Test results inconclusive
The legend explains what the various colors and characters mean.

[Go back to the main Thumbo page]

 
(C) Copyright 2016-2017 R. Scott Perry