A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.
Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is 188.8.131.52, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to 184.108.40.206 will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.
Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:
[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.
A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.
The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.
Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.
Because the FTDI USB to UART chip is so incredibly common, the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip.
The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system. There will surely be an automated tool to fix these chips automatically, but until then, take a good look at what Windows Update is installing – it’s very hard to tell if your devices have a fake FTDI chip by just looking at them.
Above are two FTDI FT232RL chips, an extremely common chip used to add a USB serial port to projects, builds, and products. The one on the left is a genuine part, while the chip on the right was purchased from a shady supplier and won’t work with the current FTDI drivers. Can you tell the difference?
[Zeptobars], the folks behind those great die shots of various ICs took a look at both versions of the FT232 and the differences are staggering. Compared to the real chip, the fake chip has two types of SRAM etched in the silicon – evidence this chip was pieced together from different layouts.
The conclusion [Zeptobars] reached indicated the fake chip is really just a microcontroller made protocol compatable with the addition of a mask ROM. If you’re wondering if the FTDI chips in your part drawers are genuine, the real chips have laser engraved markings, while the clone markings are usually printed.
[RandomTask] has posted a nice tutorial on how to use a FTDI serial to usb converter, and a couple analog to digital converters to make a simple software oscilloscope. Using a “Universal Serial to USB converter” and one of many FTDI break out boards, he first reprograms the chip using FTDI’s programming software to put the device into a FIFO (first in first out) mode.
From there a pair of ADC0820 8 bit digital to analog converters are wired up, and input is fed to a couple 555’s for testing. It should be noted that there is no input protection, so things like voltages above 5 volts, or negative voltages are a big no-no with this setup. It still could be very handy while working with micro controllers or other digital circuits.
Data is then sent to the computer and displayed using a VB.net program, which has some basic features like scale and triggering, but also contains a couple bonuses like Calc Freq and Calc V delta calculation.
Many people have these little serial to usb converters, and might be in need of a simple scope. If you’re one of them, then you can cobble this together pretty darn quickly, and cheaply.
[Sprite_tm] automated a portion of serial hacking by sniffing out the baud rate using an ATtiny2313 and FT232 breakout board. The firmware assumes 8 data bits, no parity, and 1 stop bit (8N1). This is pretty much defacto among serial ports so it should work well, though some devices do use different settings. The auto detection routine can sniff rates as low as 110 baud and supports non standard rates. Released under GPLv3, the software is also supplied in hex format. [Sprite_tm] has provided great project in past such as Working with VFDs, Controllable bristlebot, and AVR boost converter. Additional information regarding serial hacking after the break.
Continue reading “Serial hacking with an ATtiny2313″