The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.
Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.
Because the FTDI USB to UART chip is so incredibly common, the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip.
The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system. There will surely be an automated tool to fix these chips automatically, but until then, take a good look at what Windows Update is installing – it’s very hard to tell if your devices have a fake FTDI chip by just looking at them.
A simple cost-benefit analysis says this is the right move. The devices that were not manufactured or sold by FTDI generate no income to FTDI so they are not hurting their customers. They lose nothing in terms of their existing customer base. Those customers who are affected by the FTDI driver change have the option then of becoming FTDI customers or finding a solution that does not infringe on FTDI’s property rights. Does it suck for a lot of people? Yes. Is it going to cost FTDI anything? Nothing that they have not already lost to counterfeit chips.
I only got through about half the comments here, but what if they had disabled REAL FTDI chips? (For whatever reason, say a rouge developer) Would FTDI not be held accountable since it’s their brand/trademark/IP? Is any company allowed to do this to their products with no repercussions (other than a hit on their reputation)?
Well, I am officially only buying clones. This is malicious, and though it doesn’t affect me because I use them from Linux, I won’t support this company.
So mate – let us know your full name and address and every silicon manufacturer can write a cease and desist letter to you for your blatant IP infringement – YOU are exactly why companies like FTDI have to resort to such actions…
Yes, clearly the lost $5 of profits from a Linux hobbyist is clearly the reason FTDI is a ridiculous company. Clearly.
Why should anyone feel its correct to use counterfeit devices? How do you see this playing out if everyone does this – how do the real product innovators and developers pay for their R&D and what does that ultimately leave the thieves to clone…quite how you think asserting any legal right makes a company ridiculous is nonsense – there is only party being ridiculous in this and that’s you mate
I was able to recover by uninstalling the new fones, and then reinstalling the old ones.
With FT_prog I could then change the pid back to the defaul 6001. Even thou it worked also with pid 0000. Tested with a 5$ arduino.Nano 3.0.
So after some extended hunting around I was able to find a tool to unbrick my bricked FTDI device under Linux using ft232r. I wrote up the steps here: http://www.minipwner.com/index.php/unbrickftdi000
The Microsoft Security Response Center is aware of the issue and investigating. BRB, fetching popcorn.
The answer is simple as can be.
Just ditch Microsoft Windows once and for all.
Its the end of that empire.
They made a huge mistake with Windows 8/8.1
those OS suck
They are already laying off thousands of employees
Go with Linux
Its free
Its open source
and there is no sort of these Shenanigans
Zorin is awesome
The REAL problem here is the USB authority that places an unnecessarily high barrier to small manufacturers to make any USB devices at all. Why do people buy FTDI chips? Because their consumer computers have only USB ports, instead of the old open RS-232 port. With RS-232 ports, I could make my own interface using any old microcontroller. But this option is not available with USB. For a while, FTDI was making the only chip that allowed small makers to connect with USB ports on consumer computers. There were two barriers here – one is the highly-complex USB interface that requires high development costs, and then, even if you DO develop something that can talk to USB, there’s the VID/PID hurdle, which requires high-priced USB group membership (around $10K if I remember correctly). This is collusion at best.
The fact is, you can’t actually build an open-source general-purpose computer today, because you couldn’t legally put interfaces like USB and HDMI on it, and this was the intent of the USB committee when it was formed.
In my own work I am starting to see a decline in the requests for USB ports, and seeing an increase in requests for Bluetooth and/o WiFi instead. While not a complete replacement in all cases I think we are going to see a decline in USB use over the coming years
You can probably put USB ports on it, but not use USB trademark/logos or claim your product is compliant to USB 2.0/3.0 standard. USB host don’t require VIP/PID, only USB devices need them. There are tons of USB serial chip out there at a much cheaper price, so they are good enough for most applications if that’s all you need.
In my case I haven’t bother with serial port for 8-bit uC as it is easier to just use libusb win32 USB packets level API that does a lot of the error detection/handling that writing my own. (There were so many changes in Win32 API call for serial between version that I don’t it it was worht my time to relearn it) If I ever need to write linux code, I am half way there too with libusb.
HDMI is a bit more tricky as it is not quite an open standard and most of its members are lawyer happy and heavily vested in DRM and IP protection.
Thanks – I will look into this option myself.
“Brick”?No. It simply overwrites the erroneous ID numbers.
The chip is completely functional in every way EXCEPT it no longer identifies itself as an FTDI branded device. If the device was not made by FTDI they have no right to post FTDI identification when enumerated.
Now if it removes the ID numbers from genuine FTDI chips, then things are not good. But as far as I can tell they are simply defending their own branding.
In the long run, this makes the FTDI brand more appealing, as the brand name is more likely to be authentic. And those “other” chips will work fine as soon as their manufacturer writes and distributes their own driver, and their own VID and PID numbers, you know, like they should have in the first place.
Looks like FTDI may have pulled the drivers from windows update.
What is your evidence for this? I would love it if this were true, but I would like something definitive.
I guess its gone public now
Indeed it has, though citing your sources is generally a good idea…
Few people here really care about the facts, those that do will find their own sources of reliable information, they don’t need me to let them know.
Holy $#%& 500 comments! I imagined this story would be big, but whoa.
BTW this story has now been featured on the notable tech website arstechnica, and they already have over 600 comments:
http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/
I for one am wondering how far this will snowball. *eats popcorn*
I just set Windows Update to “Download Updates but ask before installing them”. I’ve been thinking of doing this for awhile, but this event was the impetus to do it. I’ll let other people be the guinea pigs for these updates, thank you.
I spent 2 years developing products in China and have first hand experience with how you can do everything right and still get expensive counterfeit problems. We found a manufacturer of UL certified power bricks but they would not sell to us directly because we only wanted about 50K units. They made us buy their product from their approved supplier. Unknown to us the power bricks supplied by their approved supplier were counterfeits and when one was broken open for inspection by US customs the problem was discovered. You may be able to sue suppliers in the USA but the Chinese legal system does not give such protection. We wore a huge loss on that.
As an engineer I manage risk in my product designs. I will no longer use a FTDI part in my designs. FTDI may be within their rights to do what they are doing but I will not take the risk of using their parts as I know that even if I was to buy from an authorised FTDI supplier there is a risk I will get a clone batch and product I make will fail. It is quite simply not worth risking my reputation by using their parts.
They may be standing on the moral high ground but it’s going to hurt their sales.
Well put!
Microsoft released a statement to Ars Technica about this matter: http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/
“Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.”
And let us hope it stays that way
Glad to hear it. How could anyone have thought this was a good idea?
Turn off Windows updates because they can’t be trusted any more.
Better yet, dump windows altogether and go with Linux.
You’ll be happy you did.
Windows died 2014.
R.I.P.
Interesting update: I noticed a simple FTDI rollback from version 2.12 (brick version) to the previous 2.10 (non-brick) version on Windows 7 64-bit with the following steps:
Start the Device manager (Click Start, type: devmgmt.msc [ENTER])
Ports (COM & LPT) USB Serial Port (COM3) > RMB > Properties:
Driver Date: 26-8-2014
Driver Version: 2.12.0 (Be careful with fake FTDI chips!)
Click Uninstall > Check: Delete the driver software for this device.
Reconnect the USB cable. Installing driver…
Device Manager > Ports (COM & LPT) USB Serial Port (COM3) > RMB > Properties:
Driver Date: 27-1-2014
Driver Version: 2.10.0.0 (AFAIK no bricks reported with this version)
Click Update driver: “Windows has determined the driver software for your device is up to date.”
I think Microsoft has reverted this bricked FTDI driver version!
I strongly disagree with this kind of underhand practice, legal or not. We buy plenty of genuine FTDI chips through work but in future I’ll endevour to use cp2102 or similar instead.
Well, I have little skin in the ethics of this game. Counterfeiting is generally a legitimate problem and I feel bad for stolen IP.
But I’m just a lowbie hobbyist. What do I know from a bricked FTDI chip versus a fried ramps or a broken power supply? If my 3D printer stops working, it’s only because I browse this website that I’ll have any idea that this could be the cause.
I have friends who bought arduino’s because they can program and they just wanted to spin some lights on a servo. They’ll never hear about this unless I remember to tell them. When their board stops working (which it hopefully won’t) they’ll just give up. And be sad about it. Which sucks, because they’ve done nothing wrong except not showing due diligence on every single component of the device they bought for learning the basics of introductory ICs.
I have no skin in the ethics of this game, but fuck you FTDI.
I haven’t read every comment but to my mind FTDI had a right to do something, just not this.
What they could quite reasonably have done is detect fake chips and not support them with the driver. That would mean that a “fake” manufacturer would have to produce their own driver. This does no actual damage but has the effect that FTDI are trying to achieve. It brings attention to the issue with users and suppliers and avoids FTDI needing to provide support for knock-off products.
Intentionally disabling other firmware is going too far. Even if these item are counterfeit (and it would have to be every item under the laws of every country) that does not give them the right to destroy the product without a court order. You can’t go to a street-market, pull every pirate DVD off the shelves and have a bonfire there in the street, no matter what IP rights you may have. This is destruction of property. I cannot see how FTDI will avoid going to court for this.
You heard it here first: Watch out for a future Windows update undoing all of this. 30 days max.
Oh – just read above that it has already been undone.
So maybe you didn’t hear it here first, but it was bound to happen.
wrote them a mail yesterday and got this anwer today:
Dear Dirk
Thank you for your recent email regarding our recent driver release – we appreciate your feedback.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honorable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm
If you are concerned that you might have a non-genuine device, our support team would be happy to help out.
Yours Sincerely
Fred Dart – CEO
Congratulations, everybody! I think they heard us, both here and elsewhere.
FTDI has now made a statement to reassure customers http://www.ftdichipblog.com/?p=1053
Coming to a UART near you: Open source drivers.
Wrote a little app that will fix the PID that FTDI screwed up. also included info in the readme of how to fix the driver.
https://github.com/jbagel2/FIX_BROKEN_FTDI_PID
Forgot to add the pre-compiled exe its there now at root in the program folder.
What’s scary about all this is Microsoft or FTDI and other have ability to install malicious code into your devices without your knowledge and effectively shut your devices down.
The implications of this are alarming.
Say for whatever reason they wanted to shut down the internet or prevent the masses from accessing information online during a crisis they have this ability to do so. It could be done quite easily. Sure techies will figure out what happened and issue fixes but after the fact.
Hooray for another round of stuxnet!
Thanks for all the posts – I bought a 3D printer with a control system that did not work and assumed I had fused the FTDI chip until I read this. I am using Windows 7 and the new 2.12 driver from FTDI – it took me about 5 min to hack it to work!
The problem is that FTDI driver expect PID=6001 while their driver have re-written the fake chip to 0000. The solution (for now) is simple – add configuration for 0000 and re-install the driver.
Do NOT change from 6001 to 0000 – add a copy line with 0000 so they both work. In that way they can continue writing 0000 as long as they bother.
You need to unzip the driver and change 2 files:
in ftdibus.inf
[FtdiHw]
%USB\VID_0403&PID_0000.DeviceDesc%=FtdiBus.NT,USB\VID_0403&PID_0000
%USB\VID_0403&PID_6001.DeviceDesc%=FtdiBus.NT,USB\VID_0403&PID_6001
In
[FtdiHw.NTamd64]
%USB\VID_0403&PID_0000.DeviceDesc%=FtdiBus.NTamd64,USB\VID_0403&PID_0000
%USB\VID_0403&PID_6001.DeviceDesc%=FtdiBus.NTamd64,USB\VID_0403&PID_6001
And in
[FtdiHw]
%VID_0403&PID_0000.DeviceDesc%=FtdiPort.NT,FTDIBUS\COMPORT&VID_0403&PID_0000
%VID_0403&PID_6001.DeviceDesc%=FtdiPort.NT,FTDIBUS\COMPORT&VID_0403&PID_6001
[FtdiHw.NTamd64]
%VID_0403&PID_0000.DeviceDesc%=FtdiPort.NTamd64,FTDIBUS\COMPORT&VID_0403&PID_0000
%VID_0403&PID_6001.DeviceDesc%=FtdiPort.NTamd64,FTDIBUS\COMPORT&VID_0403&PID_6001
Find the 6001 lines, copy them and add 0000 (sorry for the line breakup’s in this editor)
Just for the record – I do not support counterfeight chip’s. But, this is a problem for FTDI that they have top take up with the vendor, not make it my problem by destroying my 3D printer!
The 2nd file is ftdiport.inf . After editing the files (I used Notepad) save them back and re-install the driver.
yep it worked for me. simple. *thumbsup*
5 seconds and my cable was back up and running again.
go to device manager click update driver and browse to the files extracted from this zip, do the same for the virtual comport driver.
https://onedrive.live.com/redir?resid=86EF72597602DD78!271164&authkey=!AIWwL-755E4FbwU&ithint=file%2czip
this zip is just a re-signed windows7/8.0/8.1 driver that has PID 0000 in the inf file. simple workaround.. bet FTDI didn’t see that one coming.
What’s going to happen when the code is reverse engineered and hackers work out how to do this with other vendor chips? Does this mean a raft of new exploits are on the way to modify other legitimate USB devices? How long before the next USB firmware virus starts spreading? How are you going to detect (never mind remove) an infected firmware?
What about critical systems – did it even cross their minds that this could be an enormous security issue? The last thing anyone wants is a critical piece of hardware stop working leading to loss of life.
Well done for creating a real demand for a USB firewall! Other than that they just discredited Microsoft as a mere conduit and potentially made every single USB firmware device ever made vulnerable to attack.
Pandora’s box has been opened….
This doesn’t bring up an IMPORTANT ISSUE here.
CHINESE FAKES ARE RAMPANT IN THE PARTS SUPPLY.
I can tell you something from the Vendor side. We have purchased 300 FT232RL chips from a Verified seller. VERIFIED. We even have a custom PID from FTDI! The chips worked wonderfully, until this update where some worked great and some did not and read “0000”. This was interesting because both laptops were running the latest drivers and HP laptop which has an Intel USB controller had no issue. The Lenovo Thinkpad with a different USB control chip on SOME chips would set to “0000”. The ones from a previous batch had no problem.
The batch we had gotten was older FT232RL chipsets and everything looks identical on the Reel for the pick and place.
There seems to be some indication that this update breaks some of the older chipsets as well and is dependent on certain USB controllers (maybe for extra recognition)?
What is the small time vendor supposed to do here? Bought from verified FTDI sellers, already have boards built.
Heck, I would have LOVED an alert about the genuine-ness or compatibility with the chip on connection! Why didn’t they release some kind of tool for genuine chipsets even for their product distributors and such. Its blatant oversight. Even VERIFIED sellers from FTDI are not taking returns or exchanges as FTDI may have broke a few laws even in its own homeland and some of those vendors are contemplating a class action lawsuit. Apparently, FTDI’s supply chain is not such that verified Sellers even are guaranteed genuine product as they receive them in shipments that are usually not even factory direct….
The FTDI serial sales have been going down and this is their cash cow. So, you can see where they may have gotten a bit overzealous.
Linux can now brick your devices, too, with this extra patch: https://lkml.org/lkml/2014/10/23/129
More seriously, the “bricked” devices should soon work again under Linux: http://marc.info/?l=linux-usb&m=141403510729881&w=2
I thought this was quite intelligent of FTDI. How else do you stop people from knocking off your great product? Obviously you’re not going to spend a ton of money hunting them down and going through years of legal battles, when you can simply rewrite the PID to something no computer want to apply a driver to. Outside the box thinking in my eyes. Yes the poor customer who unwittingly has a counterfeit product will be pi$$ed but take that up with the manufacturer of the product? Not the people attempting to protect their intellectual property.
BTW: you can easily script the PID reversal through the FTDI config tool, given the proper template file. So it’s really not a huge undertaking if you know how to download a few files and double click a batch file, as long as someone were to provide these for the masses of course :)
Okay, the new driver over-wrote my Arduino nano clone vendor/device ID, so after a 1/2 hour of messing around reading this thread and figuring it out, I modified the drivers to use the vendor/device ID’s 0x403/0x0000. The drivers are located here to download:
File was uploaded successfuly on TinyUpload.com server.
You can download it from address: http://s000.tinyupload.com/?file_id=08399424547398065162
You need to click “Update your driver” and navigate to the folder that you unzipped this .rar file to, and it will magically work again ! If you need more info Google, “updating a windows driver”
Happy Pi day 31415
… HBO Kid :)
As far as I can tell, no one in this forum has all the real info (except me). The FTDI driver resides solely in the PC. The driver update does NOT download any “firmware” into the chip. What it IS doing, is writing to the chip’s EEPROM and changing the USB PID (product ID) to 0x0. The VID/PID pair is what is used by the PC USB interface to look up the USB driver. The driver does not change the VID (Vendor ID) which remains 0x403 (“FTDI”). I suspect that’s because the VID is not in EEPROM.
So, I repeat, this “soft bricking” is NOT loading firmware of ANY kind into the chip. It is using a “feature” available in FTDI chips to customize the chip for 3-party users (e.g. to create a “dongle” key for some software). But it is effective none the less, since it makes the part “invisible” to the Windows driver installer. Note also that the first time the FTDI USB driver runs, it works until the part is reconnected. It would have been nice for FTDI, in their updated driver, to simply “warn” the user that the part they are using is counterfeit and then allow its use. That would have gotten the message across. However, I suspect their 30-some page EULA (if it’s like everyone else’s) does indeed somewhere state that the driver is only to be used for “genuine” FTDI parts. After all, FTDI is NOT open-source, but it’s still a nasty thing to do to what would otherwise be legitimate customers.
Several dozen commenters have already said this. Did you look beyond the first page of comments?
arduino chip is growing fastest. I saw too many fake arduino chip from China. All of them are bad quality
In addition to performing simple tasks like finding crafting materials or performing archaeology digs,
the bott also autopiloted players through dungeons
and battlegrounds. Another important part of an acne facial is
the massage. Here is how to reset XP administrator password with the XP password reset disk:
.
Make money on autopilot is available for all of us.
If these eight steps seem overwhelming, welcome to the club.
You will also find 30 free tools, and software programs to help you build a successfull Internet Business.
Me reading these comments right now are proof of what happens when your on the internet long enough. #downtherabbitholewego
I have same problem… windows “kill” me the fake FT232R interface.. I try FT_PROG software, but after a time, Windows kill again… thru changing the PID, so, I change drivers for new PID, see
http://nicuflorica.blogspot.ro/2015/05/interfata-usb-uart-cu-ft232r-contrafacut.html and https://github.com/tehniq3/FT232R_PID000
Iknow this is old news but
The full story is that FTDI released drivers that reset the PID to Zero
After a lot of hoo-ha and litigation
They later withdrew the driver and then after a rethink on their stratagy again pushed out a driver 2.12.xxFTDI in 2016.
This Driver doesn’t brick the device it simply sends crap data to it so it cannot function.
Reverting to an earlier driver will make the device work again.
Now before people bang on about fake devices I had this happen and still have this issue with GENUINE FTDI devices.
I know this for a fact as I went directly to FTDI to buy some devices when the issue arose.
The Genuine devices are refused access to the driver and the equipment using the device doesnt work.
The way the driver decides if a device is fake or not ironically exploits the poor design of the FTDI device over the Micro based clone. The FTDI is a ASSiC die and in the design there are timing sync errors the clone is based on a Flashed micro and actually syncs better than the genuine device.
so yes ironicly the fake chip implements the driver better than the original chip.
What it appears FTDI have done is exploit this timng error by sending the malicious code in sync so the only the fake chip recieves it whilst the original device being out of perfect sync ignors the code.
I had much communication with FTDI over this, they released 3 new drivers all within a couple of weeks.
Yes that was me complaining to them.Jan16
Eventually they sent me a clean up patch that they said would clean out old versions as it was a conflict with older version causing the problem!
Bullshit!
The patch removed the old drivers then edited the registry to ban the reinstall of older drivers and the new driver still refused access to the device. Theres a supprize?
I went back and told them what I thought of that devious action!
They said it must be the code that the FTDI is flashed with for the purpose which I am using it for.
So they requested source code of my implementation of the device.
Sent that no reply but another 2 driver releases. that still don’t work.
The only way the equipment can work is by usingFTDI driver 2.10.00 any windows update renders the equipment non responsive and I spend hours each week telling angry customers how to get the equipment thats worth 10s of thousands working again. We are in the process of designing FTDI chips out of our equipment.
So for all of you forthright idiots that think that this only effects dodgy people messing about with dodgy chinese knockoff Arduinos you could not be more wrong!
Simply put I can understand them wanting to revenue protect their business but not at the expense of users of genuine devices.
They have a solution that protects their revenue that they know will disallow some legitimate users with genuine devices.
They have chosen to not correct their drivers to allow the correct funtion of the effected equipment with genuine devices.
They basicly tried to say I was using counterfiet devices despite quoting the invoice number from them and showing them the certificate of compliance from Farnell for the other devices I had.
Simply put they are not interested in the odd user having trouble especially as we only use maybe 200 devices a year.
That is unacceptable and all further designs of our equipment will not feature FTDI devices.
I know its an old thread just had to say it!