1

Today I nuked an old usb3 flash 8GB drive on a linux machine with:

dd if=/dev/random of=/dev/sdb

then I put it into a windows pc, it asked me to format it, I did an extended format with default values like 4k block size, fat32 and so on, copied some files I needed and put it on my new debian 12 installed machine and this is what fdisk says:

Disk /dev/sdb: 7.32 GiB, 7864320000 bytes, 15360000 sectors Disk model: **************** Units: sector of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minum/optimal): 512 bytes/ 512 bytes Disklabel type: dos Disk identifier: 0x******** Device Boot Start End Sectors Size Id Type /dev/sdb1 778135908 1919645538 1141509631 544.3G 72 unknown /dev/sdb2 168689522 2104717761 1936028240 923.2G 65 Novell Netware 386 /dev/sdb3 1869881465 3805909656 1936028192 923.2G 79 unknown /dev/sdb4 2885681152 2885736650 55499 27.1M d unknown Partition table entries are not in disk order.

Why there are 4 partitions on the usb drive with 2 of them about 900gigs and one of 500 on a 8GB usb drive? It's a making of the windows machine? During the format in windows I asked explicitly for an extended format (zerofilling).

I tried to mount the drive with:

mount -t vfat /dev/sdb /mnt/flashdrive

and the content is mounted correctly, the files I copied from the windows pc are there.

Should I consider the drive damaged or hijacked by a virus of some kind? Can this drive be trusted or should I consider this a security issue? It could be a fdisk bug?

Thanks

I tought it could be something related to the fact that I wrote random data and maybe that random data in mbr sector could have caused the drive appear with multiple partitions but this is not the case. I have 3 identical flash drives and repeated the same procedure using this time dd if=/dev/zero instead of random and obtained the same result.

To me is Windows that format the drive in some weird fashion making the drive a working fat32 flash drive but making fdisk and gdisk go crazy.

Tried to put the drive inside Acronis Disk Director and it detects them correctly as fat32 flash drives, however because Acronis Disk Director is still a Linux Distro by switching in console and running fdisk -l the same weird partition scheme happens. While the Acronis GUI detects everything correctly the console fdisk doesn't. Acronis GUI however even if allows the format of main partition doesn't allow the disk to be cleaned up, create additional partitions or something like that also it calls it "Super Floppy"...

Could be a problem given by how the manifacturer created the usb drive?

EDIT: I added gdisk output

gdisk -l /dev/sdb GPT fdisk (gdisk) version 1.0.9 Partition table scan: MBR: MBR only BSD: not present APM: not present GPT: not present *************************************************************** Found invalid GPT and valid MBR; converting MBR to GPT format in memory. *************************************************************** Exact type not match not found for type code 7200; assigning type code for 'Linux filesystem' Exact type not match not found for type code 6500; assigning type code for 'Linux filesystem' Exact type not match not found for type code 7900; assigning type code for 'Linux filesystem' Exact type not match not found for type code 0D00; assigning type code for 'Linux filesystem' Warning! Secondary partition table overlaps the last partition by 3790549690 blocks! You will need to delete this partition or resize it in another utility. Model: DataTraveler 3.0 Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): ************************* Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 15359966 Partitions will be aligned on 1-sector boundaries Total free space is 15359933 sectors (7.3 GiB) Number Start (sector) End(sector) Size Code Name 1 778135908 1919645538 544.3 GiB 8300 Linux filesystem 2 168689522 2104717761 923.2 GiB 8300 Linux filesystem 3 1869881465 3805909656 923.2 GiB 8300 Linux filesystem 4 2885681152 2885736650 21.7 MiB 8300 Linux filesystem
Improve this question
2
  • Does gdisk -l output something less weird? Commented Nov 11, 2023 at 0:03
  • @xhienne edited the question Commented Nov 11, 2023 at 11:57

2 Answers 2

Reset to default
2

I don't know Windows' extended format but your saying that mount -t vfat /dev/sdb /mnt/flashdrive is mounted correctly gives a useful hint.

With that command, you are mounting the whole drive, not a partition of it (/dev/sdb1, /dev/sdb2, etc.). This means that Windows didn't make a partition table on it and used every sector, from the first to the last, as a VFAT area.

If there is no partition table, then what fdisk (or gdisk) displays is not relevant at all.

Should I consider the drive damaged

No, unless you saved the "partition table" with fdisk (or gdisk).

or hijacked by a virus of some kind?

No.

Can this drive be trusted or should I consider this a security issue?

Nothing in your question suggests it can't be trusted.

It could be a fdisk bug?

No. fdisk is a tool to manipulate a partition table. What it displays is what would be the partition table if there was one, but there is none. That's why it's important you didn't modify/save the partition table with fdisk.

I tought it could be something related to the fact that I wrote random data (...)

No, it's the way the disk was formatted.

Improve this answer
2

A superfloppy (a drive with a filesystem on the entire device, without a parition table) still contains the fragment that otherwise defines a dos partition table.

The purpose of fdisk or gdisk is to work with partition tables. If there is none, either tool does not know this in advance and tries its best to interpret data as a partition table. In some cases they can tell for sure there is no partition table (e.g. when there are all zeros), in many cases they cannot.

The point is even random data can be interpreted as (more or less insane) partition table. This is what you see on your device. A similar setup is in this question: Windows does not mount USB NTFS superfloppy; you can get some insight from my answer there.

Seeing insane partition tables is one of the reasons to prefer creating a partition table even for a single filesystem. It seems your Windows knew better though. Windows and only Windows is to blame. The disk itself is fine (or rather there is no evidence it's damaged).

As long as you can mount the filesystem in all the systems you use, there is no problem. I cannot tell if Windows won't ever be fooled by the "mess" it made, but in Linux you can always explicitly mount /dev/sdb and simply not use /dev/sdb1 and such, if they appear.

But if you want to make the setup more sane, start anew. Use dd if=/dev/zero of=/dev/sdb bs=512 count=1, then fdisk /dev/sdb and create a dos partition table with exactly one primary partition (the default values of starting and ending sectors should be fine), its type should be 0C (W95 FAT32 (LBA)). Let the tool write the partition table. Then create a FAT32 filesystem in sdb1 (in Linux; or let Windows do it, hopefully it will respect the new partition table).

Improve this answer
4
  • I'm not sure what it is this superfloppy, I have just this usb3 pen drive that I have formatted with Windows. You are telling me that windows wrote directly the fat32 code without creating any partition and assuming all the drive as a whole? And that's the reason because fdisk and gdrive tries to interpret a partition scheme in the last 66 bytes of first 512 bytes sector (the common place for mbr partition table) but fails because it reads other data (already the fat32 data streams) ? Commented Nov 11, 2023 at 14:07
  • 1
    @user3450548 Yes. The fact you can successfully mount /dev/sdb (as opposed to /dev/sdb1 or so) proves the filesystem starts at the beginning of the whole device. Commented Nov 11, 2023 at 14:09
  • Thanks, a related question: why on some drives some partiton software seems to being unable to create multiple partitions on flash drives and other can? If I have an usb flash drive, every usb flash drive can be partitioned with a mbr o gpt partition table or there are limitations of some kind where some drives can only be used as a whole without partitions? Commented Nov 11, 2023 at 14:16
  • 2
    @user3450548 There is no technical limitation but I know Windows used to (i.e. old Windows versions still do) ignore partitions other than the first on a device marked as removable. Usually you cannot change the removable bit. Maybe the software you're talking about takes this into consideration and doesn't let you create multiple partitions on a removable drive, because it knows it won't work with (old) Windows and such setup will only give you frustration in (old) Windows. Commented Nov 11, 2023 at 14:21

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.