Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.

Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.

Because the FTDI USB to UART chip is so incredibly common,  the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip.

The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system. There will surely be an automated tool to fix these chips automatically, but until then, take a good look at what Windows Update is installing – it’s very hard to tell if your devices have a fake FTDI chip by just looking at them.

586 thoughts on “Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

  1. What exactly is FTDI doing to brick devices? Is it a change that’s also being applied onto official FTDI hardware? How is it bricking devices? If it’s doing something to the chip, how is it doing it, what is it doing, is this change it’s making addressing some concern on the official hardware? If I had to make a change to my hardware through some sort of firmware update, I’m certainly not going to spend time and money to test that change against counterfeit hardware. So long as I can demonstrate that this change was necessary I’d not lose any sleep over it.

    I’d like to just know the facts before I crucify FTDI. Saying “Drivers are killing devices” and not explaining on a technical forum like this is sensationalism and I think unfitting to the spirit of hackaday.

      1. I have now, and confirmed that there is hackaday sensationalizing assholeism happening. The devices are NOT bricked (aka irrecoverable). FTDI rewrote the PID to 0’s which you can use unsigned drivers to communicate with just fine. So in other words, they forced the devices to not be compatible with their official signed drivers. In my mind I think FTDI instead of rewriting it, should have just made the driver not work but whatever. Now everybody buying hardware from manufacturers that cut corners (ie, bad faith, not good faith like everyone keeps suggesting) will need to deal with getting new drivers.

  2. We just need to avoid anything with a FTDI chip. Anything that currently has one might was well junk it. One of those times were you need to throw the baby out with hte bathwater.

  3. Oh gracious chips!

    What would happen if some of the counterfeit chips would have been introduced in the production line of a navigation system for a car? a sensor interface for a medical equipment? a control panel in some chemical factory? a 3rd party accesory for a missile launch control panel?

    Counterfeit electronics has been seen already in military weapons http://hackaday.com/2011/11/08/counterfeit-electronics-in-military-weapons/

    One thing is a consumer electronic equipement brought useless (in the consumer point of view) by a windows update; but sensitive equipment in a factory, or a chemical plant? a hospital with a quarter less of fully functional equipement? military somethings?

    Who would affect more? Windows or FTDI?
    Who could resist the damages from a lawsuit of that grade?

  4. The Windows 8.1 update messed up FTDI driver for a genuine Arduino Mega too, one I used on a 3D printer, suddenly, serial didn’t work anymore. I solved the problem by reinstalling the Arduino driver, so it didn’t end up ruining the chip or anything like that.

    I can’t help but think this was just a botched driver update all around.

    1. According to the twitter conversation someone posted (https://twitter.com/mikelectricstuf/status/524924141380861953) they got permission to brick counterfeits via their driver license agreement.

      Of course, they’re also bricking the chips of kids under the age of majority who can’t legally enter into legal contracts. I don’t really know if that’s an angle of attack.

      If so, I expect a class-action suite to be formed, have it settled out of court, and all the defendants will get $3 off their next purchase from FTDIChip and the lawyers will walk away splitting $3 million.

    2. More interestingly what if they brick their own legit chips that cripple their customers causing major damages by accident? Do anyone want to run that risk for using their parts in it?

      Not like Apple iphone or MS windows update hasn’t screw that up before…

  5. So, you have a pacemaker… it communicates with an external transmitter… it needs to constantly monitor and make teeny corrections
    Unknown to everyone, a fake chip landed in the manufacturing chain somewhere
    MS update hits and is applied to the medical device
    Dude falls over… dead
    Family now “OWNS” Microsoft….
    Rebrands it “Harold” (After dude who died)

    OSHarold…..Can’t wait

    1. In that case it would be the company who manufactured of the medical device who gets sued as having Windows with an internet connection and auto updates turned on involved in mission critical application is just asking for something bad to happen.

    1. Its a violation of international copyright and trademark laws to sell counterful trademarked items. You technically don’t own anything.. You should contact the manufacturer and demand a refund for selling you a counterfut. Contact your credit card company and have them issue a charge back on the charge if the manufacturer refuses.

  6. I would say that FTDI is betting the farm that the general consumer isn’t going to know the difference or even know what a USB to serial converter chip even is. The end product will stop working, and J. Q. Public is just going to go buy a new whatever until they get one that will work. Most likely blaming the brand of the widget rather than the chips inside of it. You have to remember that even though YOU may know whats going on inside your electronics, the other 99% of people have no clue. It will force the folks that make your products better vet their supply chain.

    That said, I have actually taken a professional level course on identifying counterfeit components and it can be wicked hard, even for professionals, to determine if parts are fakes. And they can enter the supply chain at a lot of different point. They can also do things like load the first foot of a reel with real parts with the rest being bogus, so if you sample that end of the reel, you’ll think everything is cool and all sorts of other nasty tricks. Unless you are willing to buy directly from FTDI, good luck with that. Most of the time there is some middle man you have to deal with.

    Plus these things can end up in equipment that isn’t just some home consumer product…

    So the simple thing would be just to go with someone elses part that isn’t taking things to this sort of extreme. This could blow up in FTDI’s face for sure.

  7. I think most if the people here are angry, not at ftdi (despite what they are writing), but at themselves. Buy from a reputable source, and not from some illegal no name source, and all of what ftdi is doing becomes irrelevant.

  8. As much as i would like to say FTDI should be able to protect themselves, This is far from right.

    Look at it from this point of view, lets say i bought a barcode scanner at a pawn shop because i wanted to open a shop of my own. The scanner uses a clone chip and i use the new driver on it. I consider the scanner broken because the scanner no longer works with my computer or any computer i plug it into. Because the scanner is now broken, it should be considered destruction of property, just like if a window is broken. Usually if someone breaks a window on purpose, they get to spend a little time inside a police car. Who do i get to call the police on for my broken scanner?

    1. The same pawn shop gives you your change with faked/clone currency, you go to the bank to deposit it, the bank tears it up and asks where you got it. The pawn shop owner says the got the bills legitimately and didn’t know they were faked, the clones were so good that they passed all the tests the pawn shop owner had tried and was thus unaware they were fakes.

      Who takes the hit for the lost money ?

      1. Well, the pawn shop won’t be doing it long if the Secret Service keeps getting sent to them. Sure they could say “it passed our tests, we didn’t know!” But when the number of phony bills starts climbing, the SS will ask, “just how many bills did you receive from this so called customer? And if it was such a large transaction, show us the records you kept that day. And if it was such a large transaction, you probably even recorded it, so let us see who it was.”

  9. it’s interesting reading all the hate, and also blaming MS which is laughable, they’re may not even be aware of it, WHQL testing doesn’t include testing for fake usb chips, just an excuse to roll out the M$ etc.

    Best case FTDI changes the driver just not to work vs crippling the fake chip, worst case, nothing happens..

    The fake chips might perform worse than the real ones, the consumer is unlikely to know its FTDI at fault, so they blame the manufacturer.

    Also do we know this is FTDI’s first strategy, maybe they’ve tried other things that didn’t work and its time for drastic measures.

    Bluray DVD’s do similar things, putting a disk in can wipe out the physical player, MASSIVE LAWSUITS EVERYWHERE. or not…

      1. Well, there are RAM based USB microcontrollers, that show a certain PID when plugged in, then get their firmware downloaded, restart, and show up with another PID. As the driver downloads the firmware, you could say that it has a legitimate reason to change the PID.

      2. This instance, where is (a) ripping off a company and all the souls that work there (b) the chips are inferior and cause a lot of problem as well as give FTDI an undeserved bad reputation for poor quality, when in fact they’re quite good. (c) its within the scope of the law, like it or not. If you don’t like it, get the laws
        changed.

        As i’ve said elsewhere, this wasn’t the first course of action and it’s no different when a bluray dvd bricks a counterfeit player, which is perfectly legal. Do some people think its unethical, sure but they’re thinking, i paid for it, didn’t know it was counterfeit so let me keep it.

        If you’re asking as an example from an MS POV< then its not upto them to tell anyone what to do, its FTDI's choice. As long as it doesn't make windows perform badly, thats what WHQL does.

        People say they'd rather have the prolific version where it does random BSOD's instead, and i think that is crazy.

  10. Oh C**P.
    I work in a repair center where I work on repairing some of “Big UK Supermarket name” equiptment.
    I know that the Customer facing displays (the green line display) has an FDTI chip in them. I just hope they’re not fakes!!!!
    That’ll be a bad day or few at work explaining this to my colleagues, if they’ll listen.
    Also the receipt printers could be at risk.

    Thanks FDTI. If the displays all suddenly fail, I maybe without a job!.
    or… on a good side…. A lot of overtime! ;-)

  11. Even if this was an “okay” thing to do, from an ethical and legal standpoint, it was incredibly stupid. Not even from the point of view of the end user or device manufacturer.

    It was stupid to do for FTDI.

    In the case of a shady manufacturer that knows they’re using fakes, they simply switch to some other chip (quite possibly ANOTHER FTDI fake, given that this “anti-counterfeit” measure doesn’t even work with most of them). FTDI sees no difference.

    In the case of an irresponsible manufacturer that doesn’t check their supply chain, the easiest and likely most inexpensive thing to do (because people are lazy and cheap) would be to simply use another kind of chip. If even a part of their supply was genuine chips, FTDI loses.

    In the case of a huge manufacturer with the muscle to buy directly from FTDI…they already buy directly from FTDI. FTDI sees difference.

    Perhaps most interesting is the case of the manufacturer who is responsible and, one way or another, gets duped on even one shipment of chips. They have no realistic way of determining what went wrong. Even if we assume it’s their fault somehow, it doesn’t matter: From a purely business perspective, the smart thing to do is to drop FTDI entirely. FTDI loses.

    That’s not even considering the mere threat of shipping thousands or tens of thousands of dollars worth in merchandise that’s going to turn out to be faulty, leaving you eating both the financial burden and the hit to your reputation. And of course you can simply look up from this post to see how most hobbyists feel about this, though they’re a tiny market compared to mass-manufactured consumer electronics.

    What the fuck were they even thinking? The absolute best-case realistic scenario is that nothing changes. Again, completely ignoring whether or not this is ethical or even legal, bricking devices just sounds like a phenomenally stupid move. I can’t possibly see how this would do much of anything other than lose them business and money.

    1. Why woould the counterfeiters even switch to another chip? The fakes are just micros with USB and UARTS. The code that allows them to act as FTDI serial adapters is burnt into their ROMs. Just remove the code that implements the command to change the PID. Hard code it to the proper one. How many users need that ability anyway? Scratch that, just check the PID. If the requested new PID is 0 then don’t do it. It’s just a simple if statement added to an existing piece of code.

      Actually, they have probably already done this!

      The only problem to the counterfeiters will be if they keep large inventories which already have their ROMs burnt. My understanding is that most of these places go for Just In Time manufacturing practices.

      This is going to hurt FTDI WAY more than any counterfeiter! All the existing fakes that people don’t know are fakes are going to make them seem unreliable!

      What a bunch of 4$$hats!

  12. Well I hope this really boosted the ego of someone at FTDI as that’s the only positive thing that will come from this and I hope they don’t let the door slam on their ass on the way out.

    The TLDR is that if the this is the best solution FTDI has to offer then designers will just switch to an alternative and that shows strongly just by reading through the comments here.

    Really! to through the issue at the end user that has the least skill to deal with it and at a time when the chip is already on a board. I really can’t think of a response that is any more stupid than this!

    They could have introduced a certifying system to enable parts sources to be verified long before it’s in the end product.

    They could have released software to enable intermediate suppliers to verify the authenticity of chips.

    The only thing this response can do is to accentuate the negative association between the brand name FTDI and counterfeit chips.

    What FTDI needed to understand is that the end user didn’t want fake chips, the manufacturer didn’t want fake chips and the designer didn’t want fake chips. A better approach would have been to enable these people to avoid fake chips.

    I say ‘needed’ because they have missed the boat by trashing their own brand name.

  13. These days, there’s more fake chips than real ones. *EVERYTHING* you buy from ebay or alibaba from China, HongKong, or NY Chinatown is fake. IP is not universally accepted across the world (especially from a western company operating in China). If FTDI really wanted to protect their IP, they would not outsource manufacturing work to China in the first place, for the sake of lower cost and higher executive pay.

    FTDI is no different from any other tech company. They play dirty just as you would expect. By intentionally disabling fake chips, they are doing nothing noble or moral, just a lame attempt at protecting profits. But as long as the “race to the bottom” continues, FTDI (and all the other tech companies that operate in the same way) will eventually fail, leaving only the fake copies made in China. Problem solved.

        1. Of course Wikipedia knows where a company manufactures, Fact having spoken to the excellent FTDI customer support is that they do not ever manufacture in China – 232RLs are manufactured in Malaysia and changing a silicon T&A site is not quite the same as moving a screwdriver operation to box build tablets. Fabs and T&A in silicon manufacture are tightly controlled

  14. Really bad move on FTDI’s part!

    The most likely scenario is that FTDI has found where the fake chips are different. Their driver detects this, then programs the fake chips to fail. Likely if this same sequence was applied to FTDI chips (after the detection) then the FTDI chips would also fail. Therefore, this is malicious and just like a virus.

    For those of you who run fake Windows (even a fake upgrade or downgrade), or any other pirated software for that matter, how would you like it if Microsoft bricked your computer’s hard drive with all your other files on it.
    I would call that software malicious!

    But, to warn users their software or hardware is fake is fair enough.

    BTW All my software is licensed – I still use XP, Office 97 and Protel pre 1995.

    1. FTDI’s big problem here is going to be one of perception. Problems caused by this are going to be seen as problems with the FTDI chip, damaging their reputation (which is a primary reason to fight counterfeits in the first place). A better move would have been for the driver to return “COUNTERFEIT FTDI CHIP” instead of actual data when it saw the fakes.

  15. While I respect FTDI’s right to change their drivers as they see fit (after all, they are THEIR drivers), I personally think going the route of attacking the victim (namely the consumers that bought fake devices thinking they had real FTDI chips) is going to backfire on them.

    Most users of these devices probably won’t be savvy about chip fraud and illegal clones and likely don’t frequent sites like this one. So when a bunch of their devices containing chips marked ‘FTDI’ suddenly stop working, what are they going to do? Buy even more devices marked ‘FTDI’?

    No, they’re going to make the perfectly reasonable assumption that devices with ‘FTDI’ chips are junk and go buy something else.

    They’re not going to assume that the update installed last Tuesday is the cause of their problems on Friday or next week or next month. They’re going to blame the device that isn’t working at the time.

    And whose name is on the chip inside that device?

    FTDI.

    Foot, meet gun.

    BANG!

  16. The nearest analogy is what happens to seized counterfeit goods. Most of the time, they are destroyed. Occasionally, the goods are debranded and given to charity. However, they are never returned and no government compensation is provided to the importer/retailer.

    In this case, the chips presented themselves using FTDI’s vendor id and a product number. Setting the product number to zero is akin to discovering a counterfeit good and crossing out the label.

    FTDI’s software certainly has no obligation to operate with counterfeit chips. So, for most consumers, the effect is the same regardless of whether the PID is altered. But, altering the PID prevents unscrupulous sellers from simply redistributing an old driver or asking customers to revert to a prior image.

    It is important that consumers are impacted by counterfeit goods, as they will have the most impact on the seller. Even if the seller was ‘innocent’, they will still have the most impact on the chip supplier. This is how excessive price pressure and unfair competition is counter balanced.

      1. Or perhaps a conductor no longer allowing a person to ride a train, and also tearing up the false transit pass? Or maybe a shopkeeper seizing a counterfeit bill? Or being denied entrance to a stadium, and having the fake tickets taken? Or a stolen art being returned to the owner?

        In those examples, the holder may honestly not have known, but that doesn’t somehow make the goods legitimate and entitle the user to their continued use.

        1. “Or perhaps a conductor no longer allowing a person to ride a train,”

          Nope, that analogy would be the driver just refusing to comunicate with the fakes. The driver is actually bricking them. That’s like the conductor permanently removing the person’s ability to ride any train ever.

          “Or maybe a shopkeeper seizing a counterfeit bill?”

          I’m pretty sure in that case the shopkeeper is supposed to be giving that bill to the authorities along with any information they can to help identify the perpitrator. It’s the authorities place to then hand out the punishment.

          “Or being denied entrance to a stadium”

          See the response to the train analogy.

          “and having the fake tickets taken”

          That’s your best analogy yet. I’m still pretty skeptical about the equivalence. A fake ticket is a worthless piect of paper, not a chip inside an electronic device which could be performing who knows what functions and probably cost the user much more than the mere price of that one chip.

          “Or a stolen art being returned to the owner”

          Nope. You followed your best with your worst. This really has nothing to do with the situation at all. These chips were never stolen and were never returned to anyone. They are just being bricked.

          1. Just to clarify, I was providing examples to demonstrate that the holder of fakes or other ill-gotten objects in similar situations do not retain use of the goods even if the holder is innocent.

            In novel legal situations, the courts often look to existing practices as models. In several examples that I provided, a non-government person seizes and destroys the fake goods when they encounter it (via the driver), without going to court. So, FTDI unilaterally crossing out the part number (subsequently rendering the good ‘useless’) is likely legal and consistent with established norms.

  17. This is unethical as hell. Rather than brick a device that the consumer has PAID for (and therefore OWNS – is that not the maker creed?) they should go after the manufacturers. Unless the company is stamping their products with a label that says “WARNING: Contains Counterfeit FTDI IC” who is to say that the consumer knowingly purchased a counterfeit device. When I purchase parts or devices, I typically go for the lowest price I can. Not being a rich man, that it my only option. I don’t stop and ask the manufacturer, “hey.. is this counterfeit?” Because you know they’d tell me if it was, right?

    This is no different than Nintendo bricking your DS (or threatening to, anyway) if you hack it to run homebew software.

  18. BadUsb in action. Maybe now all the nay sayers from the Badusb comments will understand what is at stake.

    BADUSB pretty much means anyone can reflash your mouse/pendrive/camera just like FTDI reflashed all those fakes.

    1. >BadUsb in action.

      I didn’t realise that badusb could flash *any* usb device.

      >FTDI reflashed all those fakes.

      FTDIs chips have a protocol for writing EEPROM settings that control the PID/VID, GPIO settings etc. This is nothing to do with flashing firmware.
      I don’t know if FTDI have them but Silabs have some chips that have OTP config EEPROMs so there is no way of rewriting them once they have left the factory.

  19. BTW, they did not actually steal FTDI’s work. The chips they are making are a fully reverse engineered implementation of the FTDI protocol using a micro-controller. What they are stealing is the trademark, which is far worse as any problems with the counterfeit chips reflects poorly on FTDI and takes potential profits away as well.

    What they are doing is a horrible solution and makes me never want anything to do with FTDI ever again.

  20. Mikes Electric Stuff ‏@mikelectricstuf 10h10 hours ago
    @FTDIChip Nobody reads that stuff. OK to not work with fakes & show a message, but breaking peoples’ stuff without warning is unacceptable.

    FTDIChip ‏@FTDIChip 10h10 hours ago
    @mikelectricstuf So are counterfeit ICs. They’re destroying innovation in the industry. Please ensure gen ICs before using FTDI drivers.

    They’re destroying innovation in the industry, oh really!!.
    They’ve made the same damn things for years where is the Innovation in doing the same thing over and over.

    1. “They’ve made the same damn things for years where is the Innovation in doing the same thing over and over.”

      Well, if they are anything like TI’s calculators, they’ve learned how to make them even cheaper and still charge the same price! B^)

  21. What FTDI has done is ensure that thousands of hobbyists won’t spec in their devices because there’s almost no way to ensure you get a legitimate one. In addition, thousands of manufacturers are going to start avoiding FTDI chips because the risk of getting fakes and having thousands of angry customers and product returns is immense.

    Good luck salvaging your brand after consumers get wind of this FTDI, I hope you fuck it up just as badly as you’ve fucked this up.

    1. >What FTDI has done is ensure that thousands of hobbyists
      >won’t spec in their devices because there’s almost no way to ensure
      >you get a legitimate one.

      Buy from Digikey etc and not Chinese sellers on ebay maybe?

      >In addition, thousands of manufacturers are going to start avoiding FTDI chips

      Why? Unless they are putting out cheap shit that’s full of cloned parts to make it cheap they will already be sourcing chips from authorised distributors so the chances of fake parts getting into their production line is far reduced. If a big brand finds they have fake parts in their stuff they’ll go and kick the ass of whatever big assembly house they use in China.

      1. You don’t understand the problem of counterfeiting. It can be damn near impossible to tell the difference, and yes, digi-key and other vendors can end up with fake parts just as easily as you can. The counterfeiters aren’t stupid and have a lot of tricks for getting their parts into major “legit” supply chains. Even ordering directly from the factory can bite you, because often times, the factory is not owned by the chip designer, but rather contracted to make and ship parts, and they can and do cut corners. If they can’t fill an order, they are known to get parts from other subcontractors.

        Just saying “well, order directly from FTDI” is over simplifying the issue.

        It’s not uncommon to see reels of parts with the first foot or two loaded with real, genuine parts and the rest being loaded with fakes. yes reels, because people don’t typically build your products by hand, the use pick-and-place machines which are feed by reels. They will sample some parts to check for fakes, but if you have to un-reel all your parts to do this, it costs time and money. And again, a lot of fakes are damn near impossible to sniff out without destructive testing, again wasting time and money.

        And who gets to pay extra for all of this? YOU, the end consumer does in marked up pricing.

        Making the product manufacturers foot the bill for all of these extra checks is one thing, but breaking the end users stuff is business suicide if you ask me.

  22. Meh, It’s not really bricking the device as it’s an EEPROM setting. It would have been nice if they set the ID to something that still registers with Windows so that you can use the config tool to fix it but they haven’t destroyed your hardware. If their drivers used some feature that only real chips implement and bricked your devices by mistake would you all still be so butthurt about it? I’m pretty sure you’d all suggest that FTDI tests their drivers with fake chips to make sure they don’t break them.

  23. Fail to work? Fine. Brick the device? Very not fine.

    Above there was an early mention of Sony rootkitting their paying customers.

    I tried to do a repair to a GoCruise GPS and simply disconnecting the battery bricked (only) the device GPS functions.

    Split all the legal hairs you like, Sony, GoCruise, FTDI, and anyone else who pulls this sort of grossly mis-directed booby-trap punitive stunt are dead meat in my book for costing me time, money, and reputation when I’m an innocent third party, and I’ll very happily go on badmouthing them at every opportunity.

    1. Same here on all counts.
      This is not accidental as the old driver didn’t do this and it would take a conscious effort on their part to set the pid of clone chips to 0.
      I kinda hope their competitors end up putting them out of business as I will not miss them.

  24. I discovered this last month after I got a shipment of arduinos from china, after looking at the PID and seeing it was 0000 after 6001, i opened up the ftdiport and ftdibus.inf file, added the 2 lines per file with the new PID and they worked as usual. Just reprogrammed them using the Mprog utility to the correct PID and they have still been working with the latest Windows update driver.

  25. Why would you blame FTDI if you are an legit user who unknowingly bought a device containing a counterfeit IC, contact your vendor (he is the one to blame) and ask for a refund or a product change. If they knew those where cointerfeit ICs its their fault if they didn’t know they will sue their providers and will make sure they buy the real thing next time it is still their fault.

    Just a reminder: buying or selling counterfeit products is illegal and ipholder has the right and duty to make the counterfeit product destroyed (remember when sparkfun cried when they had to pay to have their fake flukes destroyed?)

  26. We have numerous other options for an interface. V-USB on an ATTiny45/85 will do basic 9600 baud. Littlewire provides SPI and I2C on the same chip. You could also turn your ATTiny45/85 into a usbtiny programmer with the right firmware. Micronucleus bootloader is a handy option.

    You can also find TTL UART on everything from wireless routers to PC motherboards.

    Elsewise Bluetooth it.

  27. Gosh, FTDI complaining that counterfeits stifle innovation just kills me! FTDI FT232 to USB bridges have been around for decades now and they have hardly been changed. I’d say it’s FTDI that’s being lazy.

  28. This is a real scum bag move on FTDI’s part and they will likely face a class action suit.
    It’s one thing to make the new driver incompatible with a clone chip but breaking unsuspecting consumer’s devices is another thing entirely as it can be very difficult to spot a clone chip.
    It’s enough I will not be using FTDI chips from my projects anymore and will be switching to alternatives.

      1. Multiply that by a thousand or a million as I won’t be the only one.
        Manufactures may avoid their chips as well as it is very difficult to spot a fake esp if you operate manufacturing in China or HK like 98% of the OEMs who use their chips.
        I expect the next news we hear about FTDI will be them either rolling back the bricking driver and maybe even stating they have fired the people who came up with the idea or that they are going into chapter 11.

  29. What if I make my own clone of an FTDI chip, with my own hands, for education and personal use only (which is perfectly legal) and then FTDI breaks it.
    I’d call that sabotage.
    I’ve bought lots of chips and boards from them, for lab use and also for commercial projects, but I think I’ll avoid them in the future.

  30. BTW: When it comes to cheap hardware (like, say Arduino clones) I’m already avoiding FTDI. Because genuine FTDI chips are too expensive, and cheap boards with FTDI chips are almost certain fakes.
    But I’ve had good experience with CH340 and CP2102.

  31. From a legal perspective you have to divide the two issues: the IP infringement, and the driver’s action. A kid walking into you lawn may be trespassing, but that does not give you the right to kill him. You could get away with it in some countries, saying that you “thought it was a threat”, but that implies a judgment.
    This driver issue is an automatic action that does not consider the circumstances. The equivalent would be to install a shotgun triggered by sensor in your backyard. You might kill the kid, the postman or a robber. There is no kind of judgment or interpretation, therefore is only dangerous and illegal, and never justifiable.

  32. Whilst I am often seen as just bashing closed source software, I really think it contirbutes to problems like this.

    If you look at eBay listings for cheep ‘arduino’ they nearly all say ‘clone’ or ‘compatible’; they are not trying to parse themselves off or confuse the market, just provide a good value alternative. However when it comes to USB VID/PID they have two choices: They can fake the FTDI ones and have everything (till now) just work. Or they can use a new one and have to write a driver from scratch, then pay Microsoft a large sum to sign it. Compare that with the opensource model where they would just post the new VID/PID to a mailing list of the driver it supports.

    You then have to consider the flip side that with closed source drivers you have two choices. Use them with any negative effects they include, or don’t use them at all. If they added this to an open source driver you would have the third option of using the driver with this ‘feature’ disabled.

  33. Manufacturers,

    Produced by does NOT equal owned by.

    If you think physical item that is not and never was owned by you seems to violate your Intelectual Property rights then by all means, use proper legal channels to have the situation dealt with.

    This does not mean you get to take it upon yourself to destroy a physical item not belonging to yourself. We live in a society with the rule of law. There are people authorized to handle these kinds of disputes. It is NOT your right to take the law into your own hands!

    Thank you

  34. As I look at this massive thread, I have started to wonder at the difference between the pro and anti camps. I do wonder how many in the pro camp have actually seen a medium to large scale product go though productions. For medium scale let us — arbitrarily — say 5,000 units or more.

    Once you start dealing at those kind of volumes, you start to understand how easy it is for counterfeits to enter the supply chain, and how difficult it can be to fix.

    I once spent weeks trying to debug a communications problem between a ATmega644p and a Linx NT transceiver. A small number of units were coming back with an intermittant problem.

    In the end we traced it down to a small number of 644p’s that had slightly different markings. Turns out they failed QC but instead of destroying them, someone got their hands on them, but a new silkscreen on them, and got them back into the channel.

    We weren’t buying from Nocturnal Aviation (“We Fly By Night!”) Parts, it was an authorized reseller. Every party, I am sure, acting in good faith, but one. It happens.

    Were I in FTDI’s shoes I might have started a PR campaign about the issue, and start warning that they are considering disabling fake chips. Maybe give out a tool to test if your chips are good or not.

    Would the counterfeiters just use the tool and “fix” their chips, of course they would, but they are going to do that now anyway. But at least people would be educated about the problem.

    I would find that infinitely preferable to what they did do. I have started sending out warnings to my clients about this, and responses have all been in the form of “That is intolerable. What chip do you recommend we switch to?”

    1. The part you’ve apparently missed in your medium to large scale world. Is that FTDI sent out communications a while ago to suppliers and designers etc telling them this was coming, this started happening over a year ago they were talking and out it and i saw a release on it back in May. They’ve been actively tracking and helping people identify the fake chips for a while now

      So this isn’t a hey sorry everyone we’ve just suddenly done this thing, this has happened after they started telling people along time ago that something like this was coming.

      so if you are doing medium to large scale and you don’t look into supply chains for the chips in a world where counterfeits and errata are very common, then i don’t know what to say about that.

      But now since most people aren’t aware or didn’t look into it, they’ve also assumed that FTDI didn’t do a campaign and it just happened with no warning.

      On top of that the most of the cloned chips perform very poorly, and you can spend ages trying to figure out why your hardware or software isn’t working properly, and FTDI tech people would help you identify a clone.

      Not sure why everyone is just assuming that none of this happened.

      1. All you need to be a designer is someone who reads the datasheet. I don’t even need to go to their site to get access to that.. Care to point me to the press release, blog post, or something else that is obvious to the casual observer?

        I admit I don’t subscribe to their newsletter, but something this big should require that. Something of this magnitude should have a link on their main page.

        But this also ignores the fact that fakes can get into the supply chain without you being aware — read my bit out the atmega644p.

        The end users should have been warned than disabled. All this does is punish the unknowing, and hurt FTDI’s reputation. There were much better ways to handle this

      2. So I just went to FTDI did a search and found their “Company Counterfeit Device Statement”:

        >Company Counterfeit Device Statement
        >
        >FTDI Chip is committed to taking appropriate measures to protect our
        >customers from the adverse impacts caused by counterfeiting of FTDI Chip
        >devices. Many of these devices resemble FTDI Chip markings which may lead
        >the customer to believe they are genuine. FTDI Chip has established a proactive
        >and global process aimed at detecting and deterring such counterfeit activity.
        >In order to protect our customers from acquiring counterfeit FTDI Chip devices,
        >we strongly advise the purchase of products directly from FTDI Chip or one of
        >our authorised distributors.
        >
        > Please visit our Sales Network for a complete listing of authorised sales and
        >distribution partners.

        So where does this say they are going to disable what they believe to be counterfeits? Where is this warning?

          1. You mean that thing they didn’t advertise, and users aren’t required to read or acknowledge before the driver installs?

            I was responding to [charliex]’s statement “Is that FTDI sent out communications a while ago to suppliers and designers etc telling them this was coming, this started happening over a year ago they were talking and out it and i saw a release on it back in May. ”

            I did a search for anything that stated in advance that they would be doing this like [charliex] claimed, and all I could find was a counterfeit statement that indicated no such thing.

            And yes they do state it in their driver licence agreement, but you have to really seek that out to read it. For all the claims FTDI isn’t making it easy for people to know why their stuff stopped working.

            But FTDI could have chosen to tell them. They could have popped up a warning. That would actually educate people about the issue, instead of leaving them in the dark…

        1. Do you think its a good idea to tell everyone ahead of time how they’re planning to actually disable it, versus we’re very aware of all the clones and please take extra care about making sure you’re using the right supply chains. If they give away too much information, it can be countered, and they may lose their only hope of identifying them.

          How much more of a warning do you need ? they offered to help determine supply chains and counterfeit chips long in advance of this. so first its, i need a warning, now its i need an explicit road map of what you’re going to do. They said last year, don’t use cloned chips. Why do you feel they have to be one the ones to spoon feed. is it their fault they’re being ripped off. why aren’t they allowed to protect themselves against this.

          But the point is they did publicly make everyone aware something was going to happen, if you’re under NDA with them they’ll likely tell you more about their plans. It is not as you said, that they suddenly just unleashed this on designers everywhere.

          We’re all aware that counterfeits can sneak in even with the best of intentions, that is why they offer to help people determine if they are fake, last year.

          Why would you not want to make sure you’re using chips that perform correctly, knowing the market is being flooded with clones. Due diligence.

          1. Yes, yes I do think that was a good idea. Even this move is going to be a temporary inconvenience to the counterfeiters, and is only effective against equipment on windows systems.

            But you still didn’t answer my question. Please point me to something easy to find on their website that warned of this. You said they did, but a search of their site reveals nothing but the driver licence agreement which I don’t think constitutes an advance warning.

          2. They can do the same thing in other OS’s its not limited to Windows, but it won’t be as easy, or last as long. But that is their primary market.

            I don’t agree its temporary, i think it’ll make people look harder at making sure they’re using real chips, not just FTDI, and then like the rest of us learn how much of a problem counterfeit chips are. It’ll be good for everyone in the end.

            You point out where i said they posted it on their website, and I will.. but as an aside, a search of the website should find you the license and the PDF from May.

            At the end of the day this will mostly affect people who bought cheap arduino clones from china/ebay , most other large/medium companies would have known in advance and dealt with it. There will be a lot of outraged noise from the 1% of the marketplace and FTDI might pull it since they’re getting some bad PR,. which wouldn’t be a terrible idea.

            Its a lot of fuss over nothing. All the people saying they’ll never use FTDI again is weird, since if they are using actual FTDI chips nothing would happen, its only if they’re using inferior clones that have issues working properly, the mind boggles . . .

            .

          3. Of course it is temporary, so long as cost of counterfeiting is cheaper than the cost of a FTDI chip, then they will keep at it. If I were a counterfeiter I would be adding a tiny bit of code to disable PID rewriting, or prevent reassigning to 0. Do that and they are back in the game and this driver “fix” will no longer apply.

            You, and [Steve C], and some others here keep forgetting that counterfeits can get into the supply chain anywhere along the chain. It can happen without the OEM being aware of it. Elsewhere in the comments I related a story where I ended up with a small batch of counterfeit atmel chips in a batch of otherwise good ones. These weren’t purchased from china, these weren’t cheap, they came from one of the big three suppliers

        2. hit the reply depth.

          Temporary in the sense of people remembering the great “ftdigate” not as in the countermeasure itself being countered. we’ll look harder at supply chains and be more aware, you yourself are now more aware of the data back from May. There will be an associated cost with redoing those clones, they might even fix the bugs. Some people won’t care and will still use them. If you get your news about clone chips from Hackaday, you’ll see the story from way back in the beginning of the year, which is part of what prompted the press release in the first place.

          As for supply chains, I am aware of it, and i even mentioned it earlier, and I also mentioned that FTDI would work with you to identify the fakes at any time.

          As no one seems to care about, the clone chips do not perform as well, they have issues, so basically you find that it doesn’t work at X baud rate, try stuff and maybe contact FTDI and say what gives, and they ask you to dump the EPROM and they’ll tell you if fake or not. Its not like some of the other chips that are either slugs, or obvious fakes, these are good enough that it works most of the time. FTDI have typically been very responsive in the past to this when I’ve contacted them.

          It’s exactly the reason as to why you have to be more aware of these problems and follow up on manufacturers press releases and statements about supply chains, as well as doing QA testing and part sampling. Not blame the manufacturer for trying to protect themselves against something that is pretty much unstoppable.

          But hey if you want to use prolific and have lower data transfer speeds, large data transfer issues, and generally worse drivers with instead a potential BSOD on fake detection, go ahead. I’m still using FTDI, they’ve worked very well for me. I’m looking at the Cypress Capsense versions too.

          1. I think we have both said all we need to say on this, but just in cast I will end with this:

            If FTDI were really interested in working with manufacturers, and educating the marketplace then they wouldn’t be doing it this way. One announcement in May, no article that is findable on the website through search that clearly explains the issue, just hardware that is going to fail silently and without explanation. Any by the way where is there a single mention of helping manufactures that is findable on the FTDI search page?

            Popping up a warning, regularly providing QC tools, the driver sending back debugging messages explaining the chip is counterfeit, etc; that is what a responsible company would do. They would help the consumers and manufactures without adding confusion and stress.

            FTDIGate will fade for some, sure. Maybe even most. But I can tell you I am going to be getting a tidy income designing out the FT232R and replacing it with the MCP2200 over the next month. My clients called me and asked for this and have already put down their ernest.

            I know I won’t be using them, unless they change their turn. Its a shame because I wanted to use the FT801 on a project. Instead I will be using a different approach. But I personally won’t work with a company that handles the problem of counterfeiting this way. And now I get to stop arguing about the price of the FTDI solution.

            Those are my closing remarks. I look forward to yours.

        3. again reply depth..

          Indeed,

          The notice is listed on the website, not sure why you can’t find it, unless you’re not referring to this one, its listed off the main page.

          http://www.ftdichip.com/Corporate/FTResponsibility.htm

          Maybe i’ve just hit a few more counterfeits than you have, but I’ve experienced drivers that cause deliberate BSODs, deliberately corrupt data very subtlety (like say eveer 100 times the right mouse is clicked or some such and add random value) and those that brick devices, especially in the higher end debug tool world. Most of these generally all end up pointing at my software/hardware and saying it is my problem.

          Good luck with that MCP2200, i really hope for your sake they are still not using usbser.sys as the base driver anymore, otherwise you’ll need that luck

          cheers

          1. OK I am breaking my word, but hopefully you can forgive me.

            I do know of those documents, and even quoted the counterfeit one in its entirety here. Neither of the two documents on that page say one word about disabling counterfeits. “[D]etecting and deterring” could mean anything.

    1. Probably some versions of ARM chips. The bigger question is how much firmware effort to be put into it over what FTDI has.

      STM32F4 series would probably be more than overkill for driving LCD and probably has some capsense I/O. The good part about it is that there are lots of support for RTOS. (e.g. ChibiOS for RTOS, uGFX for GUI etc)

      1. I am talking about feature set. I want sprites, clipping regions, anti-aliasing, etc. If it is just a matter of controlling the LCD and doing bitmap graphics I already have code for that sort of thing written.

        The beauty of the FT801 is that it has a robust feature set and is all offloaded to their silicon without you needing to write a lot of code yourself.

        1. I am aware of uGFX, and as I said I have written my own graphics code. What I want is a out of the box 2D LCD/Video controller. Something directly analogous to the FT80X. It is fine if there isn’t one, but that is what I am looking for.

          1. And that is fine. Not all problems have solutions. But you never know unless you ask. Fujitsu has an interesting chip in this area (I can’t recall the name/number right off of my head) but sourcing it has been a bit of a problem.

            It isn’t a bad use of the propeller/xmos since hardware threading can map nicely to a graphics pipeline; but that would be more expensive than the FT801 in a BOM sensative project

          2. It is very hard to beat FTDI’s price/effort on that if you are in the low volume market. Not like the chips with onchip GPU are open enough or easy to use.

            It is always a matter of how much software you are willing to write/mess with. Unfortunately neither the XMOS or propeller can help you there. I would shy away from the propeller as there is no upgrade path once you exceeded the RAM than it has.

          3. Let us just say that the propeller has sufficient RAM for a sprite heavy display-list style GPU-like thing. I am familiar enough with both Propeller and XMOS to know they have the resources/power for what I want.

            What I won’t have on this project is a lot of time. Which is why I want an all in one solution. :)

  35. Just one more reason that USB devices need to NOT be flashable/reprogramable! Almost all USB devices are inexpensive enough these days that they can be considered replaceable instead of upgradeable/flashable/reprogramable.

    1. That works great for commodity items that are manufactured in the millions or more.

      When you have a niche product that is being built by an individual or small development team, a generic chip that can be programmed to fulfill the task is best. If this was not the case… how many arduinos (or your dev. board of choice) would we have? Also consider that Atmel developed an avr chip specifically so that the usb connection can have it’s VID and PID programmed. That is a chip targeted at a class of individuals that happen to read this blog.

    2. Or set up the chip so it cannot have it’s eeprom settings altered without having certain pins pulled low or high.
      I expect some of the cloners to be already doing this but in reality a finished consumer product should be setup this way anyway because of exploits like badusb.

    3. You have full control of what the embedded firmware does and whether or not it can be reprogrammed from the USB port or read/write any memory location with your own API. Even bootloader can be disabled. Not like you are exposing JTAG port directly anyways.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s