adata c003/4GB not recognized

[raven4d]

hello all ;

i have no experiences recovering data from ssd , but a customer brought me this drive .

as i donut have a hardware solution for imagings ssds , i plugged it to linux hoping to image it ..


linux show the following after plugging the drive

[ 775.540569] usb 1-2: new high speed USB device using ehci_hcd and address 10
[ 775.673135] scsi8 : usb-storage 1-2:1.0
[ 776.672989] scsi 8:0:0:0: Direct-Access XXXXXXXX U167CONTROLLER 0.00 PQ: 0 ANSI: 2
[ 776.675048] sd 8:0:0:0: Attached scsi generic sg2 type 0
[ 776.680795] sd 8:0:0:0: [sdb] Attached SCSI removable disk

any way i can handle this thing ?
thanks

[Vulcan]

a) What was the original reported problem?
b) What has already been tried by the user, and what were the results?
c) What has already been tried by you, and what were the results?
d) How experienced are you with Linux commands and procedures?

[HaQue]

Isn't that a Flash Drive? as in USB2.0?

Sounds like the controller has had a conniption and is now stuck in "memory bar" mode.

You might have luck with the Mass Production tools for that controller from Flashboot.ru or usbdev.ru or wherever.

BUT - As it looks like you have no experience recovering from flash, and ISTM that if you had the correct tools such as SC or ACE you would know how to proceed - I can only urge you to outsource it to a pro or send the customer to one.

You would be gambling customers data trying the MP tool which is risky and you are basically on your own with poor documentation, and risky to use tools. OR you have to read the NAND flash and remove the mix the controller put on.

If you want to proceed, answer Vulcans questions and additionally post pictures or specify controller and NAND

[raven4d]

a) What was the original reported problem?
b) What has already been tried by the user, and what were the results?
c) What has already been tried by you, and what were the results?
d) How experienced are you with Linux commands and procedures?

thank you very much ..

What was the original reported problem?
the problem as stated by the user , windows stopped detecting the usb2 drive out of sudden "as he stated"

b) What has already been tried by the user, and what were the results?
well , i dont know much , but a mark of screwdriver can be shown on the side of the flash disk .... the flash drive has been disassembled for sure .

c) What has already been tried by you, and what were the results?
just logged the dmesg output after plugging the drive

d) How experienced are you with Linux commands and procedures?
i used to used linux to image HDDs for about 2 years before i got my hardware imager , and i use linux for a good time now ..


i will add photos when i get home ..
thank you

[Vulcan]

Thanks for the info. Here are my comments - other people might have different views

Unfortunately the customer's answers (a) and (b) are too limited to get useful meaning - no Windows error messages which they saw, or Windows commands which they tried, or details of what they did physically. So that does not help with diagnosis.

Based on your answer (d) I'm surprised at answer (c) - why didn't you try to clone it? Was there a problem doing that, which you didn't explain yet?

Since you didn't mention that you had tried cloning the drive... After checking for any obvious physical damage then, based on the limited dmesg output, your earlier comments, and your lack of a specialised NAND reader, one of the few things you can try is making a raw clone of /dev/sdb to a suitable target device or image file. Personally I would use GNU ddrescue, with the logfile writing to another working filesystem, and of course the direction of cloning (source -> target) must be correct! If any filesystems from the USB drive were mounted by your Linux distro during booting, they should be unmounted first.

As this is a customer's drive, I wouldn't try those tools mentioned by HaQue due to the risks which he mentioned.

Next steps depend on the result of the cloning attempt - or, of course, you could outsource this job to another company with more experience with these devices. If any of the raw clone process is successful, that data needs to be checked to make sure it is sensible and not (for example) all 0x00 or 0xFF. Good luck!

[raven4d]

good morning again ,

am attaching photos of the drive ..

i allready tried to image the drive , but i got I/O error ...

Attachments

[arvika]

You need read nand flash and recover data directly from dump.

[HaQue]

+1 Arvika.

This controller is many times used with crappy no-name flash, or intel or Toshiba copies. You may see bit errors and corrupted FAT, but sc tool seems to support it and ACEs probably would.

And yes, kindly forget I mentioned those tools!

[Vulcan]

i allready tried to image the drive

Now it is clear that you didn't fully answer my question (c) and wasted time - some people will remember that, next time you ask for help. Of course with that answer, the next step is clear as arvika said, although since you don't have the equipment to follow his suggestion, I already explained the only feasible option in this case.

[raven4d]

i allready tried to image the drive

Now it is clear that you didn't fully answer my question (c) and wasted time - some people will remember that, next time you ask for help. Of course with that answer, the next step is clear as arvika said, although since you don't have the equipment to follow his suggestion, I already explained the only feasible option in this case.

sorry , i answered the question late in the post that i attached the photos to ..


thank you very much guys for your help

[fzabkar]

[ 776.672989] scsi 8:0:0:0: Direct-Access XXXXXXXX U167CONTROLLER 0.00 PQ: 0 ANSI: 2

The following thread suggests that the "U167CONTROLLER" string is how the ITE1167BE controller identifies itself when there is a problem. The chip natively reports VID = 048d (ITE Tech. Inc.) and PID = 1167. (The thread discusses how to recover the drive by low level formatting, so ignore this part of it)

http://unix.stackexchange.com/questions ... lash-drive

The following page suggests that a working Adata C003 flash drive should ID with VID = 125f and PID = c03a:

http://usbspeed.nirsoft.net/?pdesc=mama ... &pid=49210

This suggests that the controller is functioning but that the memory has a problem.

[HaQue]

also, be EXTREMELY careful following links in pages that report to fix these errors etc on these drives. I saw 2 pages that had a transparent iframe over the top. In a VM, it changed my homepage to some dodgy site like xol.ru or something to that effect, and re-directed to another site I am guessing was a malware attempt. I didn't bother to follow it due to millions of other examples if I so feel the need.
a good way to check, is if you open a web page, BEFORE you click anything at all, control+A to select all. If the whole page turns blue, you have selected a hidden iframe. This means you wont be able to click the links anyway as they are behind the iframe.

the sites were like a half page write-up of fixing it, which was possibly copied from a legit actual solution, and the has a heap of comments of people saying thanks I got all my docs back etc.

BTW does the last record on the nirsoft page look like someone tried some SQLI or XSS attack?

Nirsoft put out some very good tools

[digitalferret]

Nice spot there HaQue.

Another valuable warning for those risking it "hoping to find a solution" on a customers valuable property.

yeh theres a multitude of cynical websites, click me, cure this, pages nowadays.
Even the File.ext websites now exhort you to download a "scanner" in case the extension you use is "malware"
I've even seen a reputable DR co over here with a (failed) page hack/attempted redirection still visible.

Kern

[fzabkar]

also, be EXTREMELY careful following links in pages that report to fix these errors etc on these drives. I saw 2 pages that had a transparent iframe over the top. In a VM, it changed my homepage to some dodgy site like xol.ru or something to that effect, and re-directed to another site I am guessing was a malware attempt.

I generally use Google's cached version of a suspect site, or I launch it in a browser that does not support Javascript.

You could use Google's malware check:
http://google.com/safebrowsing/diagnost ... ddguru.com

Code:

What happened when Google visited this site?
Of the 105 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-07-29, and the last time suspicious content was found on this site was on 2013-07-28.

Malicious software includes 56 trojan(s).

[raven4d]

thank you for your notice ..
the usb stick was outsourced ..

and i am aware of such "dirty" actions that some sites use ...