FTDI Screws Up, Backs Down

A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.

Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is 2.10.0.0, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to 2.10.0.0 will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.

Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:

ftdi_evil

[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits  differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.

A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.

252 thoughts on “FTDI Screws Up, Backs Down

    1. That’s a very hard question to answer, and it’s likely that most of the devices that they are found in also have some with genuine chips as well. The global electronics supply chain is an opaque tangle, so it’s not easy to say one way or another.

    2. That’s the problem with counterfeits, a consumer has no way to know they’re fake at the time of purchase.

      Just to reiterate, the problem with bricking fakes with a driver is that it punishes the consumer. The supplier of the fakes already got paid.

      1. Yeah, but it will deter people in the future.

        Not to say they should be bricking devices but it would be effective. I wouldn’t buy one of those $5-10 arduino clones if I wasn’t confident they would work.

          1. Your reaction is a bit excessively overwrought. I wonder, are you one of those people selling a product with a super-low price FTDI chip that you bought off ebay ?

          2. @S Ad hominen and strawman arguments are no arguments at all. Trust is something subjective and certaily FTDI has broken that trust for most people after deliverately distributing malware to unsuspecting end users.

            And use your own nick instead of hijacking others already in use in this thread to avoid confussing people.

        1. Deterring the end consumer, causing them to hold suspicion over anything with an FTDI chip in it (it might be a clone), is not, in any way, productive for FTDI. Nor does it stop the problem.

          The producers of counterfeit devices are not deterred. At best, they will be forced to get crafty for a bit looking for a work around. That’s it.

          Sure, honest manufactures who didn’t know they were being swindled will be more careful and vet their sources better next time.

          In the meantime, lots of end consumers get a bad taste everytime they see something with FTDI stamped on it now.

          1. @MRE: “Sure, honest manufactures who didn’t know they were being swindled will be more careful and vet their sources better next time.”

            And this is where Prolific and FTDI have really failed. They have not offered any resources to ‘honest manufacturers’ to enable them to be ‘more careful’ and ‘vet their sources’.

          2. I bought on the bay a controller for 3d printer. the ftdi chip was counterfait chip. Now I bought the original one. I think This is a good way for ftdi to be pi**ed of the market. I am an end user, I bought it on a legitimate shop with a regular invoice. will never never buy again a device made from them.

          1. yep. These days lots of alternative parts to FTDI… could list 3 – 4 brands off the top of my head.. as for support that Rob mentioned (i.e. Prolific) its another problem.. but yeah.. FTDI is going off my list. Even if they bounce back from this.. I tend not to choose to work with people who give me the middle finger. ;)

        2. This kind of behavior deters me from buying real FTDi chips actually, such disgusting shenanigans not only are nasty in itself but who knows what crap they put in the next driver.

          It’s sony v2.0

        3. I certainly have taken notice of this for the future.

          My conclusion is simple: I won’t be knowingly purchasing products that contain FTDI chips and I certainly won’t be designing any that use them. I have used them a few years ago and I had few problems, but I only ordered about 100 chips for a custom expansion on an EPOS system that I acquired rights to maintain. Certainly not going to bother running the risk that my work is going to brick a mission-critical piece of hardware for other small businesses.

          I don’t want my money going to counterfeiters but neither do I want my research projects or consumer products to be potentially bricked by software. When I order chips, even from a valid supplier, is there a 100% guarantee that those chips are legit? Does such a thing even exist?

          I’ll be damned if I let the reputation of my very small company be destroyed when products “stop working”. Ultimately my clients are going to think that it’s my fault, and I think they’re right too. I design and make a device… they have Windows Update enabled… it stops working… is it their fault or mine? It’s mine. That’s MY product and it’s broken. As a designer it’s my responsibility to do all I can to prevent things breaking. If I know there’s a chance that FTDI drivers are going to brick a device then how is it responsible for me to use them? I can’t guarantee they’re real so I can’t guarantee they won’t just stop working in the worst possible way.

          The solution: don’t use FTDI. There are plenty of alternatives. I enjoy learning new things anyway.

          1. Exactly the point, 100% agree, even you can make best effort in making everything right, and you hand over manufacturing data to contract manufacturer, and someone in supply chain at the manufacturer purchase counterfeit part and you’re screwed, your customers are screwed (i don’t want to even think about potential damage that can happen if device is used for some critical functionality on the customer side) and it is not even your fault.
            100% remedy is not designing something with FTDI branded chip, period!
            That is at least something i will do.

        4. Rubbish. If a company does it, it exposes itself to a lawsuit. And wish that ppl that had the issue will go all the way and sew them. Just for the sake of detering co’s of offensive defense.

      2. Really, what is the difference to the consumer if the counterfeit device doesn’t work with the new driver because the device is “bricked” or because the driver refuses to work with it? The difference to FTDI is that the counterfeits no longer work with the older drivers either, so I can understand why they did this. The only people complaining are hobbyists who said “Hmm, that’s funny, it no longer works” and then tried it on Linux and found it no longer worked there, either. FTDI isn’t the only company who make drivers that don’t work with counterfeits; I don’t think they deserve all the bad press over this.

        1. No one is arguing with the idea of a driver that simply refuses to work with a counterfeit chip. Although, a dialog box or some other message indicating the reason would be beneficial to the customer.

          The problem here was that not only did the driver software not explain why there was a problem, but it went ahead and destroyed the chip. Again, with no notice that it had done so, warning, etc.

          1. And.. the nefarious thing about it is that just writing the eeprom, and restoring the original cached copy of the eeprom (which I read in the published reverse-engineered code), is that it might allow the device to work ONCE with the offending device, and only fail-to-work the next time it is plugged in somewhere or the PC is rebooted….

        2. >hobbyists who said “Hmm, that’s funny, it no longer works” and then tried it on Linux and found it no longer worked there, either.

          There’s a patch. The driver that works with that “zeroed” dongle will probably make it into the distros in a week or so and that will give me yet another chance to point out the difference between Free and open source software and “binary blobs” that are “free enough”

        3. I do, I think they need MORE bad press. they have no right to soft brick a device. NONE.
          This is the same as microsoft detecting a pirate install and zero-out the File Allocation table on the hard drive.

      3. Actually, when you see a product that is well below the cost of other products that look like it you ought to know your buying illegal products.

        The fault is not with FTDI, but with the companies that steal their intellectual property and the customers who wish to save money by encouraging companies to steal intellectual property.

        Caveat Emptor. KEEP BRICKING THE FAKES!

        1. At most component retailers I’ve been to in Asia, the fakes are the same price as real chips, look similar to real chips, and are passed off as being real chips by retailers that usually don’t know the difference and have varying knowledge of electronics (but excellent and impressive memory for part numbers).

          If you’re a local, you can check the market rumor mill (some vendors do know their stuff, and word spreads). If you’re a foreigner, good luck.

          I currently live in a region where known defective/fake products from China are often exported. When you buy parts you need to assume they’re fake/defective… so it’s either using fakes, or not building things. Even finished consumer products just explode sometimes.

          If you want you can buy fake parts that come in nice fake boxes, with fake certification, and a vendor that will assure you it’s real. This service costs extra and is available for a surprising number of products from hardware to peaches to pants. I have literally seen Microsoft-certified pants for sale here.

          I didn’t purchase, concerns about security holes, or updates that contain 3rd party drivers that might brick my (possibly?) fake brand shoes making them permanently unwearable.

        2. Fuck that. These serial chips are basically completely API compatible with FTDI drivers, but the implementation details are entirely different. They’re reverse engineered.

          If microsoft didn’t have a monopoly, they’d be able to release these chips under their own name. But because they charge out the nose for driver signing they can’t.

          The problem here is a bunch of big corporations are using exclusive dealing, preventing third parties from getting code onto their platform. Because of that they have to emulate the ID of a known product.

          Make it more reasonable for new players to compete, and you wouldn’t see this kind of problem nearly as much. All these “counterfeit” companies would be releasing the chips under their own name.

        1. Designs of Arduinos are an open but trademarks are not. There are couple “fake” boards with Arduino names, blue resists and all, that actually exist. In software, stances to derivative works differ from OSS author to author but many asks followers to make products distinguishable.

        2. The design is open-source but the board color (and I think the name ‘Arduino’, also) can’t be used by others makers, IIRC. So if you see a blue “clone”, it’s technically a counterfeit product/fake. And there’s many of them, actually, sold as “real Arduinos”, but which are in fact low-quality fakes.

          1. The “Arduino” name is definitely protected although it can be licensed in
            certain circumstances.

            I had know idea about the color…but how can you protect a color?
            It would be almost unenforceable since how do you define “Arduino blue”

    3. You are probably right. The relative expensive FTDI chips are probably in low volume products that the tech crowd uses where the development cost isn’t justified for doing their own microcontroller firmware + windows drivers. They used to used that for really low end old phones and GPS, but those function have been integrated for cost saving reasons.

      Mass consumer electronic items would have their own $0.50 microcontrollers and ASIC.

      1. The USB to Serial bridge chip market is shrinking for end products now that cheep low end micro controllers support native USB.

        Where they still have an advantage is in development modules because you want to reset the micro controller after reprogramming it without having to drop the serial link and then reloading the driver and also have a second serial port for diagnostics or feedback.

        The other advantage is for smaller runs and hacker / hobby stuff where you don’t want to invest in a windows VID / PID.

    4. Arduino clones, USB to serial cables, and cheap/older peripherals (ex. printers). If the device connects over USB and the main chip doesn’t have native USB capability, it probably uses an FTDI, fake FTDI or competing chip.

      Alarmingly, I’ve heard rumor of a medical device that uses an FTDI chip. Don’t know what it is (blood glucose meter?) but supposedly there is some Linux driver for it that references the FT232. Hopefully all those devices use genuine parts, but if they don’t loss of USB connectivity probably won’t kill anyone.

      1. There is small prints on the first page of FT245R that say:
        ” This product or any variant of it is not intended for use in any medical appliance, device which the failure of the product might reasonably be expected to result in personal injury.”

        Even using real FTDI parts in a medical device is not recommended. Lots of manufacturers have similar clauses.

        1. What that really means is that if you intend to use it in a medical device (or aviation or a few other things), you are supposed to get in touch with them and make a deal first. However, that doesn’t mean that always happens… and it doesn’t mean that every unit that goes out the door has authentic FTDI parts in it either.

        2. Very likely that would be for stuff like a debugging port, firmware update, or possibly something so dangerous to the patient as a reporting and monitoring system to the nurse station.

          Those medical warnings just mean that the chip should not be used to administer any form of treatment, or take measurements which if done improperly could cause harm.

          Not really much in that regard for a coms chip. But then, this is why the new “smart, connected medical instruments” really still are not all the smart, nor connected. At least, not as much as they could be.

          1. Actually, I suspect that the warnings have more to do with liability, just like the warnings to not use something in a nuclear plant. The news will report that you got sued for someone’s death, but they’ll completely forget about you by the time you’re found innocent (likely several years later, after a massive drop in sales).

    5. VAG COM clones use them. A real VAG COM cost $350 and uses FTDI chips, where as the fake VAG COM units use fake FTDI chips cost $30. The real VAG COM has 15 years of development, where as the fakes are just cracking the software and making cheap hardware knock offs, no real development involved unless you count the viruses they package up with the item.

      The people buying the fakes know it what they are getting, but some how justify $350 is too much money… and they drive a S6 ($70,000 and up).

    6. My friend have a cheap chinese Vinul-cutter. and it stopped working. After a lot of hunting down, it had a fake FTDI and he was hit by the update. He tried resurrecting the chip, but to no avail, so in the end he just replaced it with a genuine one, and now the machine works again.

  1. The funny thing here is that the only reason why this works is because the counter fitters did not do a good job. If they did, and the chips behaved identically, then they could not know from SW which one to brick.

    I think this is a good outcome. I would also consider that having the driver tell you the chip is fake is a good option, as long as they don’t disable it.

    1. the counter fitters did a sufficiently good job, the chips work in normal operation, but since the implementation is totally different they will not have the same bugs. They cannot tell them apart but they can tell the chip to delete its product id and only the fakes will actually do it

      1. The fake chips are pretty micro controllers programmed to act as a FTDI chip.
        The real chips are more of a ASIC a state machine.
        The cloners only copied documented features necessary to emulate the FTDI chip usually it’s primary use as a USB to RS-232 bridge vs undocumented bugs.
        Some of the clones are good enough at this it really doesn’t matter for something like an Arduino clone or 3d printer if you have a real chip or the fake.
        Some applications though a poorly implemented fakes falls short esp at higher data rates.
        The fakes chips generally run a generic 8bit uC and a simple uart which would have trouble with higher baud rates.

      2. FTDI was founded in 1992, and had a lot of time to refine and optimize their silicon. Without the ability to directly copy the die, cloners have to go it alone.. or at least without any of the experience.

        Related, as to the question of the high price of genuine FTDI parts, remember that for quite a long time, they had the monopoly on easy to use serial-USB devices. There once were NO other players in the market, then there were a few, but difficult to use, but only recently do we find any real direct competition.
        AS an example of such frustrations, from 2010:
        http://www.electro-tech-online.com/threads/alternatives-to-ft232rl.110973/

        1. Any proof to backup your bold claim that the die itself was copied?

          As far as we know all these chips are only cloning the usb VID:PID for a functionally compatible chip to work with the preinstalled FTDI drivers.

          1. S… who are you talking to? Me?

            I never said it was… did you even read what I wrote.. or just skim it?!
            “Without the ability to directly copy the die, cloners have to go it alone.. or at least without any of the experience.”
            That pretty much said “The clones had to find some other way to act like an FTDI part, without directly knowledge of the die.”

        2. There is a huge investment to get an ASIC manufactured (ie the originals). Minimum runs are 100,000 or more. This is a very large part of the base cost that must be covered by sales volume.

          In more recent times low end micro controllers can do the same but much cheaper (ie the fakes). Unlike ASIC’s, micro controllers can be run off in smaller quantities.

          The counterfeiters are not coping the original die as that would be too expensive. They are emulating the behavior of the original die with a micro controller. If that were all they were doing then their actions may well be legal but they are going two steps further.

          They are branding their chips with the original manufacturers brand/logo/trade mark and also using the windows VID PID assigned to the original manufacturer.

          1. “They are branding their chips with the original manufacturers brand/logo/trade mark and also using the windows VID PID assigned to the original manufacturer.”

            Some are copying the FTDI branding. Others are not. The trouble is the FTDI “clone-bricker” driver does not distinguish between the two.

    2. Now those people know how that trick works. In a couple of months, there will be new rev of the fake chips that behaves the same way and possibly smart enough to protect/restore itself too. I’ll bet FTDI would probably have other cards up their sleeves as they designed their chip.

      It is always a cat and mouse game.

      1. The cloners may have already made the needed changes though I don’t expect FTDI to try the bricking move again or something like making the OS BSOD as that would be very foolish.
        I even expect FTDI to later say they reassigned or even fired the people who came up with the soft brick as a scape goat as PR damage control.
        Most likely someone will be loosing their job over this as it was a incredibly stupid move.

      2. A small advantage to cloning FTDI going the microcontroller route; quite easy to stay ahead of any FTDI attempts to shut you down. Modding a few lines of code is quite a bit easier than making a whole new die every time you have to circumvent some anti-clone attack.

    3. Well, the problem is that the chip is not a 1-to-1 clone, the die is completely different. They didn’t make a cheap clone of the original device as is often the case. And it so happened that they have implemented the EEPROM writes differently and FTDI exploited one difference in the undocumented behaviour, that’s all. Basically, if the chip didn’t carry the FTDI logo (and thus infringed the FTDI trademark), it could be a perfectly good and legal serial to USB converter – I am sure that they are being sold like that as well.

      FTDI cannot use their driver EULA (which isn’t even displayed when the drivers are delivered as part of Windows!) to prevent compatible products from interoperating with their drivers – that is actually completely legal, most countries have explicit exceptions in the law for interoperability. One simply cannot abuse the copyright law like that.

      If they decide to not interoperate and make the driver stop working when a non-genuine FTDI device is connected, that’s nasty and again screws the end users – how is the user going to know why is the device refusing to work? They will blame the manufacturer/seller of the product who are most likely unaware of the counterfeit chip as well!. However, the counterfeiters aren’t likely to sue them. That’s why Prolific was able to get away with intentionally causing BSODs when a device with a cloned chip was connected.

      However, intentionally sabotaging hardware is vigilantism and damaging someone else’s property – that’s crossing the line.

          1. Copyright laws? The VID/PID are not covered by those however imho.
            The only thing that could get you in trouble when using the VID from another vendor is putting the USB logo on it – that’s it (as you have no right to use the USB logo if you don’t follow the USB-IF rules.. works just like the GPL).

    4. The irony is that they actually did a better job! They implemented the protocol more accurately, making it more robust. The original chip ignores the command because it’s misaligned.

    5. No the world is telling FTDI “Don’t fucking brick my device”.

      I’m pretty sure that everyone is satisfy with the current state where FTDI driver doesn’t support the counterfeit chips.

    6. >The funny thing here is that the only reason why this works is because the counter fitters(sic) did not do a good job. If they did, and the chips behaved identically, then they could not know from SW which one to brick.

      I guess you didn’t RTFA, otherwise you would have seen this crack:

      >>In a way, the clones actually implement FTDI’s command interface better than FTDI themselves – and FTDI is exploiting this to brick them.

  2. I now associate “FTDI” with “shady and broken” and will avoid their products whenever possible. It’s great that they finally got un-stupid about this, but the people who made this choice can make it again some day.

    I hope vendors will be redesigning parts without FTDI parts in them from now on.

    1. If I was in FTDI’s position I’d fired those responsible for coming up the brick idea just to make it clear it will not be happening again .
      Much like how Microsoft fired Don Mattrick to control damage to the Xbox brand.

  3. Right, so basically the world is telling FTDI “Yea, we ripped you off with these fake chips because we didn’t check our supply chain, but you’re going to have to support them anyway, even though it’s costing you money.”

    Know what happens when you have counterfeit money in the US? It gets taken away, and you’re not recompensed for it. Sorry, but I’m with FTDI on this one. If you got fake-chipped, go back to your vendor and raise hell.

    1. Except the chip is only counterfeit if it sold as an FTDI product. There are plenty of USB serial adaptors out there that contain chips that are simply compatible with the driver.

      1. Technically, it’s counterfeit if uses FTDI’s VID and PID for the device. Does the updated FTDI driver support other vendor’s VIDs? If not, and it only is intended for FTDI’s VID, that means in effect their chips are still counterfeit.

        Has FTDI licensed their devices to another manufacturer who has their own VID, and the driver supports that? If that’s the case, either FTDI is supporting them (good), or bricking them (bad).

        1. [Citation Needed]

          There’s no IP right that protects USB VIDs and PIDs. Using someone else’s is a dirty tactic, but I don’t think it constitutes counterfeiting on its own.

          1. USB-IF saying that doesn’t make it true any more than those internet companies can really sell you naming rights to a star. In fact, USB-IF’s own actions contradict that statement, since they’ve “revoked” VIDs in the past.

          2. AFAIK, about the only legal power USB-IF has is if you use the USB logo on a device that doesn’t comply to their spec. No one is required to comply with their spec, and there’s no consequences for breaking it– so long as you don’t claim compliance anyway and use the logo.

        2. USB VIDs and PIDs are not protected by any law, there is nothing to prevent anyone from using them. Those are just two arbitrary integers, nothing more.

          Is it a good idea? Most likely not and you certainly won’t pass USB certification but it is completely legal. FTDI doesn’t have a leg to stand on here. The USB consortium could potentially threaten the manufacturer for mis-using the USB logo or the USB trademarks if they are using them, but that is all.

          1. No, they can’t – there’s no IP right for them to assert. I can’t simply make up a range of numbers, hand them out to people, then claim I have some right over what they can and can’t do with them.

        3. False! There is no IP interest in VIDs and PIDs. They aren’t patentable (not innovative); they aren’t copyrightable (not creative), and no-one has ever tried to trademark one. The USB rules are the rules of a private trade association and do not apply to anyone who is not a signatory. Even then, they are subordinate to national laws.

    2. you can’t compare that. currency, us dollar is not your own property. the bank notes and coins are property of the federal reserve. in fact if you destroy currency that you happen to have in your possession you are committing a crime.
      your analogy is as stupid as ftdi actions.

      1. At least in the US you are incorrect. You can legally deface or destroy any currency so long as you are not doing to in order to counterfeit or scam people(coin shaving to recover silver/gold)

    3. Nobody is asking for support. The FTDI driver _bricks_ the competing hardware, and it does so on purpose, as mentioned in the article.

      Would it be OK for Intel to brick AMD processors when they are discovered by the Intel compiler suite?
      Would it be OK for GMC to brick aftermarket brake controllers when the ECU discovers them?

      This is malicious, and potentially even criminal behavior by FTDI.

      1. Exactly, FTDI driver doesn’t have any reason to support counterfeits (i.e. disabling driver when counterfeit is detected would be the best solution for them). Intentionally breaking them with your driver that’s another story, that is just what we call malware.

      2. Exactly!
        This is a clear cut case of privilege escalation/Exceeding authority and were they not a company(I’m holding you accountable too MS) they would be prosecuted under the DMCA.
        No one has any right to access my hardware and modify it’s contents without authorization.

        1. Microsoft had no way of knowing. Not even they have time to test every driver or disassemble them to look for malicious code. They simply took an update from a WHQL signed company and pushed it out, they had no reason to think a (once)reputable company like FTDI would just randomly push out malware.

      3. “and potentially even criminal behavior by FTDI.”

        There’s no ‘potentially’ about it.

        Under UK law it can be tried as:-

        Theft in that FTDI “deliberately deprived the owner of his property, or the use of it”.

        Criminal Damage in that FTDI deliberately made a change to the device which affected it’s performance. CPS guidelines specifically note “The damage need not be visible or tangible if it affects the value or performance of the property.”

        And of course the Computer Misuse Act 1990, Section 3 – Unauthorised Acts with Intent to Impair.

        There’s also some stuff in EU law but I’m not as familiar with that.

    4. Yes but when you have counterfeit money, they tell you that it is counterfeit; and there is a law requiring that action be taken. Normally with counterfeit goods, once it is past the point of sale there needs to be prior notification, and something along the lines of a court order.

      This is just my personal understanding of the law, but they were on shaky ground with what they did.

    1. FTDI CEO Fred Dart said, “The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.

      Yeah, sure. Seems that they stil didn’t learn anything and keep the same attitude. The malware drivers were removed from MS Update only after their lawyers had a little talk with FTDI.

      1. Companies are allowed(and should be) to protect their brand against counterfeit and forgery. From that release it sounds like the new driver will just refuse to work with non-FTDI, or at least poorly made chips.
        Not communicating with a device is different from bricking it entirely.
        This not only directly protects their profits but saves them the hassle of dealing with problems they can’t solve due to hardware differences. This also makes consumers/manufacturers less likely to call FTDI and more likely to call their supplier when chips only work with older drivers.
        Industrious individuals will have a new driver for fake chips out eventually that offers the same benefits.

        If they had taken this approach in the first place they might have saved face.

  4. It’s good that they’re repairing their brand, but there’s no question that some damage is permanent. This fiasco made me interested in prototyping alternative products for new designs, and that’s got to be true for a lot of other people too. FTDI was the go-to brand for a lot of people for a long time, and I’m not sure that’s going to be true any more.

    1. But why? If you are a honest person, you will buying from the correct suppliers. Then you have low risk of getting fakes, and in the case of getting some, the suppliers will be responsible and will have to help you sort the mess.

      If someone intends to design with ftdi chips just because they can buy some from the conterfeit factories in China, then the design is wrong in his choices/morals, not ftdi.

      Personally, I would rather design / buy chips made in the USA by USA companies, but there are just a few of that nowadays… Penny pinchers and customers drove the factories away, and that will backfire someday.

      1. You’ve never had something fabricated in China, have you? No matter how legit your supplier, there’s no way to tell that someone at the distributor isn’t making a bit on the side by swapping reels out for convincing fakes.

        1. Had already, once, and decided to stop working with them due to matters of low quality. Even dimensions of parts were not respected. I know, people want the cheap price , and thus will not mind buying from china fakes. But if I discover my distributor had this mixing of fakes in the shipments, as it is to be a responsible distributor, I can complain to them and see to it about refunds and replacements.

          Either way, I got out of mass produced gadgets, because of the people demanding unreasonable low prices at the same time thinking they are entitled to quality. Designing low run, specific use circuits may not be that $$ rewarding, but we can be sure of all parts of the production process.

      2. Because if someone screws with you (and your customers) once, why should you give the chance to do it second time?

        Who do you think would get the blame, support calls and refund demands when a device fails (gets bricked) like that? The gadget’s manufacturer – i.e. you.

        Everything is made in China these days, you can order even completely legit chips but you can never be 100% sure that someone will not swap some at the factory to make a quick buck or source some from a shady source behind your back, because of lead times or whatever. It has happened and will happen again – heck, even the USAF had problems with counterfeit parts getting into their planes. And they have certainly much stricter component sourcing and certification requirements than most consumer electronics manufacturers. Don’t you remember the counterfeit capacitor electrolyte fiasco from about a decade ago? That has affected even the very big players like Sony or Intel and cost an enormous amount of money.

        That’s why idiotic actions like this one are such a big problem. Basically it hurts everyone BUT the counterfeiters. The ensuing returns of your product could ruin your company, even though it was never really your fault. I am sure many engineers will now avoid FTDI products like a plague for their designs, because what if the company decides to pull a fast one like this sometime in the future again?

      3. Why? Just because I am an honest person doesn’t mean I have full control over the entire supply chain. Even orders from legitimate sources can end up with counterfeit chips, although its generally accepted at a much lower chance. When purchasing for work, we make every effort to ensure genuine products, but we still have gotten burned several times (a particular order of several thousand transistors in MT-71 packages with incorrect pin-outs comes to mind).

        I’ve used FTDI chips in several of my personal designs in the past (luckily the sourced chips proved to have been genuine). In addition, if as a hobbiest I chose a compatible clone that did not try to pass itself off as a genuine FTDI chip, but was suitable for my needs at a lower price, it shouldn’t give FTDI the right to disable my hardware.

        In the future I will not be using them in any new designs. They have lost me as a customer with this move.

        1. “a compatible clone that did not try to pass itself off as a genuine FTDI chip,” would not have been affected by this, as it would not be using FTDI´s VID/PID numbers.

          A clone that identifies itself as a FTDI part when it is not is still counterfeit or buggy.

          1. To reiterate, using another product’s VID/PID is not illegal. They’re just numbers. They’re not protected by copyright or trademark law.

            The only situation in which it would be illegal would be if the clone used the USB logo. In that case, the cloners would need to obtain a license from the USB-IF to use their trademark. Part of that license would include an agreement to use only their assigned VID.

      4. That’s not even close to correct. The global supply chain for electronics is, to be blunt, a complete and total clusterfuck. People who are doing their best to make sure they build only with genuine parts accidentally end up incorporating counterfeits ALL THE FUCKING TIME. Fuck, try to learn something about the underlying issues before you say dumb shite in public.

      5. The only way to guarantee you get legit devices is to buy them directly from the manufacturers. In many cases, they won’t even talk to you for quantities under 1000. Fake parts have ended up on Mouser and Digikey before, and they will get there again. There’s just no way to be certain who is _really_ supplying your parts.

        Besides, FTDI destroying people’s private property is unforgivable so I’m not going to give them any of my money.

      1. Wouldn’t it make more sense to have a commit that if it detects one of these FTDI devices connecting with a PID of 0, and confirms it’s a serial adaptor to set it’s PID back to the number it’s supposed to be?

        1. There is already a utility that does just that.
          Automatically changing the VID back would actually be just as intrusive as what ftdi did. It also could cause legal problems, as the kernel would then be infringing on ftdi’s VID.
          It should be apparent by now that drivers shouldn’t be rewriting device roms on their own.

  5. I own several of the fake chips. all the ones I have were recently bought via amazon. I bought from 2 vendors and both of them have chips that fail the ftdi ‘genuine’ test. it would not be realistic to list names; suffice to say, probably ALL the cheap nano clones and ftdi dongles on amazon are fake and 99.999% of the ones on ebay are fake. there are literally hundreds of sellers on amazon and ebay who have these chips.

    I had extended emails with one amazon vendor and he was very apologetic. I returned my one unit to amazon, got an email from him asking why, I explained it all and he sent me 2 new ones. the one I got from him the first time had a 0 pid. the next 2 didn’t – BUT when I tried them on win7, the driver zero’d them out, so they were clearly still fake chips. the vendor has asked me to return one of those to him, but not sure what this accomplishes. I already reset the pid using the linux tool, so I’m back to working again; and I’ve removed and blacklisted the ftdi driver from my win7 boxes.

    if you want to see what a fake one is like, search amazon for an ftdi board (some are blue, some are red) and buy one. dollars to donuts, you’ll get a fake chip and then you can examine it and test it all you want. just be careful inserting into a winblows box…

    1. ” the vendor has asked me to return one of those to him, but not sure what this accomplishes”

      I suspect it was something like:
      “Oh no, I that unit has a fake chip. I’ll give him two using chips from a supplier who’s never failed me. That’ll make things right.”
      *time passes*
      “Oh son of a bitch those were fake too! Really wish I’d written down the serial numbers. :(“

    1. And that is great, for you who I assume is a fairly technical user. The vast majority of people this will affect won’t even know why their stuff stopped working, how to check for it, or know what to do.

      So call it “Effectively Bricked” or “Virtually Bricked” or “Semi-Bricked” but the effect to the consumer is the same as if it were bricked.

      1. if its an INF file change , just open it and change the matching pair.

        the INF only needs to be signed on later versions of windows. changing the vid/pid doesn’t change the signing for the binary. If you need one, test sign it, there is a tool that will do a test sign and but it in test mode if needed.

        also for the all the copyright peeps, vid/pid isn’t the only thing in a USB descriptor, do the clones represent themselves as “FTDI” as well?

        1. I change the pid and set the serial to 00000000 often to allow the devices keep the assigned ports in all cases including when a faulty is replaced.
          After failing the selfsigning procedure the workaround i found is simple:
          The setup i created first install the drivers with my modified inf , obviously the doesn’t work, but after that it reinstall the original unmodified driver that add the right signature.

  6. I have always thought of FTDI as the devil, for poisoning the minds of engineers to think USB to serial converters are a legitimate solution for things that should be USB, and only USB to boot. When USB enabled processors are everywhere engineers don’t have an excuse. I can’t believe I’m going to say this, but: Learn to do things right!

    On top of this, the official FTDI hardware isn’t even that good! I’ve had them go up on me when the knockoffs seem to be more rugged and reliable. I always wished FTDI would just die (no, really, for years)!!!

    1. It is easier to use libusb and talk to USB devices in packets/pipes when most of the error detection/handling has been handled for you. I use custom device with vendor requests. My host interface code looks like a remote function call that get executed by my USB peripheral. On my device side, my code get passed a function call number, an index, size and a chunk of data. It is pretty easy to use. YMMV…

      My last 2 V-USB projects, I didn’t even have/used Async serial ports for debugging. :)

      1. V-USB, LUFA has VID/PID that you can use for you personal devices. Some vendors (e.g. Microchip) would help you out by letting you use their VID if your production volume is low with some restrictions. Once you volume is there, you have to (and you can afford to) get your own.

        Kernel driver isn’t that much of a problem as the open source libusb even has a signed driver for windows and a .inf wizard. Just a few clicks and it would install itself and register your device. If you use HID, you can bypass that step.

        You still need write your application code to talk to your device unless your device is purely HID.

        1. so all in all much more work that just putting an FTDI and call it a day.
          And there are lots of old stuff where getting “real” USB is a major redesign,
          replacing a db9 and an max232 with and FTDI and a USB connector is a minor board change

      2. Well if your device conforms to the CDC Serial class the drivers are built in to most operating systems. So for purely UART applications you don’t really need to develop drivers. It is different (as I understand it) for FTDI’s other features, such as GPIO control.

        Sad thing is FTDI requires a FTDI driver no matter what your use is. I have used and recommended FTDI because of their reputation, but the need for a driver (even if automatically installed) is a bit annoying.

        And it is this need for a custom FTDI driver that allowed them to pull this trick. If it were just a CDC device they couldn’t have done it for pure serial applications. As such I am find myself biased now toward devices that support CDC Serial

    2. What about the bazillion devices that are configured easily through serial connection with a terminal program? Do you suggest that every such device should have a special GUI program written for it and ported to every platform? Similarly for things that have to operate over multiple connection methods, RS422, RS232, USB, TCP/IP etc., do you suggest each one should have a different “native” protocol, instead of simply using a byte stream abstraction?

      Simple serial line is a fine solution for many purposes. Only major trouble with USB-serial is identifying which port is which, something that is easily solved by programming a custom VID/PID.

    3. I have thought about making a generic GUI program for talking to my own devices. The rendering/GUI stuff is done by the host served from device while the devices are feed the values by the scripts on the host side. Think of it as a web browser vs telnet and how that affected they way we use the internet today.

      Most of the complex consumer toys have web GUI for configuring. I think the trend would be to have apps on your mobiles for that if the toy has a wireless connection. They would lose the market shares if they force users to use a text based terminal program. Even when they have to write a GUI, they use that to their advantage by branding it. Not that difficult for them to make an app these days.

  7. Hi, this FTDI anger is ok, but why isn’t anyone more curious about the fact that this is an attack that doesn’t violate the checksum. Does anything else have a chunk of code in it that can be messed with so that a checksum is unchanged, but something more sinister gets activated? I’d like to see if someone can find more examples of that.

    1. i had a quick look at the code and this seems to be one of the varieties of add and change the data so the checksum is valid, these style checksums have many clashes so you can get the same checksum on different data, you just figure out what the data needs to be to make the checksum have the same result

      similar tricks we’re used on things like the amiga boot sector to make the checksum 0 or other such notable number.

  8. Well, too late FTDI, after screwing the same user base that contributed to your own success now the worst for a vendor already happened.

    People have started to look for alternatives and realizing that there are plenty of good and much cheaper options for use in their designs and that don’t need to rely on your products.

    Nobody is going to trust from now on someone that to solve a supply chain issue screws the end users through a third party like MS update. For sure that the little talk that the MS lawyers had with them have helped to understand how stupid this move has been.

  9. In some jurisdictions rendering a device inoperable on purpose is a crime. Plus possible jail time if this results in more property damage, accidents or deaths. FTDI guys DO not pick up the soap

  10. I have a clone arduino Uno and 3 clone arduino Nanos. Because I am just a teen and don’t have alot of money and was able to buy all 4 for the same price as a real arduino.

    I haven’t reprogrammed any of them since before this broken driver was released (thank you hack a day) But I can’t find a FTDI labeled chip on any of them.
    And I can’t find the driver in device manager.

    Anyone know where to locate the driver so I can see my version?
    Thanks

    1. Do a menu / View / Show hidden devices in Device Manager. The FTDI driver would now show up (with a lot of other drivers that are normally hidden).

      The really low end $4 tiny “arduino” is just a 324 breakout board, so there might not even be a FTDI chip on it. Some of the larger board that have a USB connector would be using PL2303 for serial port, so that’s a different fake chip not affect by this particular update.

    1. Yes, you (or anybody else) would be morally wrong too if you killed an identity thief. Perhaps is has not occurred to you yet, but killing people is wrong?
      As for these so called ‘fake’ chips: they are a re-implementation of the protocol that FTDI uses, made to be inter-operable with devices that expect the FTDI chip. Not even their adoption of the FTDI VID/PID pair is illegal, they have no contract with the USB-IF that gives out these numbers. No identity theft there, just some numbers that happen to be the same.

        1. Many of them do, and those are called fakes, which are illegal. However, some of them do not, and they are called clones, which are legal. The problem is that the driver in question will brick either one without asking for permission, or for that matter, notifying the user at all.

  11. I wonder how many of you would be as angry if you were in their shoes trying to do something about the problem, ie if your business is suffering. As near as I can tell they just want to share the pain. If your stuff doesn’t work, your likely to ask the manufacture why their stuff failed, they in turn would be forced to admit the got clones (somehow). This would raise awareness and maybe start to get business checking supply chains better but that’s only one outcome. Clearly the anger and other issues express are all valid but still level the fundamental problem.

    Would you rather have to register your “device” with them with some sort of serial number or worse a dongle. What about an always on internet connection so it can “authorize” the device?

    This question is to everyone, Rather then render the fake hardware dead, and rather then play nice with it. What solutions do you propose that would in fact protect the business investment? Or would you throw in the towel and say o well the cheapskates win? Honestly I don’t see anyone proposing solutions.

    I see an enraged community that is “how do you *#$$ with my shit!”, or “how dare FTDI try to protect their business”.

    I am all fine with rage and anger, but whats a real solution to this issue?

    1. > What solutions do you propose that would in fact protect the business investment?

      You don’t, or at least you do within reasonable time limits, letting patents expire after some time. The current patent system is killing innovation worldwide for small players, which is exactly the reason it was designed that way.

      1. Hear hear!
        FTDI would not have been where they are now without the cheap ‘clones’. That has created a lot of mindshare that equates USB to serial with FTDI. That allowed them to charge an arm and a leg for those skittish to buy anything but he original, while the cheapies help to increase their overall marketshare. A larger market means more companies willing to pay the absurd markup on their product.

    2. A big warning when installing the new drivers that they will no longer work with fake FTDI chips should’ve been sufficient.

      But actively turning the fake chips into dead weight without telling anyone beforehand? Dick move.

  12. Thanks to [marcan] and HAD for reporting this. At work we have some very expensive scientific instruments which use USB-to-serial chips, as they’re produced in low volume and I guess a better solution wasn’t warranted. Good to know where to look should they stop communicating.

  13. I’ve never heard of a so called “counterfeit” chip maker taking similar measures, while there’s plenty of examples of “legit” chip makers doing so. Apple anyone?
    When you happily screw your customers to protect your income, it’s a sign things are going a bit too far.

  14. The damage is already done in my opinion. From the manufacturer standpoint FT232 batches used in production have now to be tested against the chip-killing driver, as nobody wants the problem to appear outside the plant.
    FTDI seemed a nice company. I have reported a bug in their driver once and the support rep suggested driver rollback, then a month later informed me that the new version has that bug fixed (HW flow control used to crash the OS, but only on Windows). With such a steep price margin on those converters I am surprised they crave even more.

  15. What’s the fix for already “bricked” device? I’ve seen an apologist claim it’s easily undone. I asked what the procedure is, and said that if it involves exposing the PCB, then it’s not what I would suggest as easy.

    I sympathize that counterfeit devices are ruining the genuine company, but this is about the worst way to handle it. It seems they could have just rejected the chip, that would still be annoying but not as bad.

    1. this is the fix (as done on my system with an actual ‘bricked’ dongle that I got from amazon):

      ./ft232r_prog –old-pid 0x0000 –new-pid 0x6001

      ft232r_prog: version 1.24, by Mark Lord.
      eeprom_size = 128
      vendor_id = 0x0403
      product_id = 0x0000
      self_powered = 0
      remote_wakeup = 1
      suspend_pull_downs = 0
      max_bus_power = 90 mA
      manufacturer = FTDI
      product = FT232R USB UART
      serialnum = A9QXHFJN
      high_current_io = 0
      load_d2xx_driver = 0
      txd_inverted = 0
      rxd_inverted = 0
      rts_inverted = 0
      cts_inverted = 0
      dtr_inverted = 0
      dsr_inverted = 0
      dcd_inverted = 0
      ri_inverted = 0
      cbus[0] = TxLED
      cbus[1] = RxLED
      cbus[2] = TxDEN
      cbus[3] = PwrEn
      cbus[4] = Sleep
      Rewriting eeprom with new contents.

      search for ft232r_prog and build it from src. not hard at all on linux.

  16. The world allowed the entertainment industry redefine piracy, so I’m unsure if the unauthorized cloned hardware, can be dismissed as not being pirated. Ideally ,as another coment suggested the driver should have at least stopped working or even allowed it to function after requiring an action from the hardware user so they could use their hardware, in either case using a splash screen to explain why Even that would bring charges of screwing over the consumer, consumers who are NOT FTDI’s customers, IMO it should matter if they know that to be the case or not. No matter what FTDI is or would be loosing sales. Yes the result would be the same,the utility of the hardware being affected how else can consumers be made aware there is a larger problem that can affect them in a bad way down the road? This stuff has to be addressed eventually, even if the passive consumer and those profiting from cloned hardware have to be dragged along kicking and screaming.

    Cheapskate consumers, as suggested in a comment are only small percentage of the problem. For here in the USA anyway the major parts of the problem is that the notion that the customer is #1 has been replaced be the notion that that the ever growing earnings no to little value added owners of certificates of stock in a corporation/company are the most important. That notion long with a notion that corporations/companies should never go out of business. These somewhat recently developed notions are contrary the the history of commerce.

    No doubt this decision was ran by staff and other attorneys. While the license terms may not carry any weight with affected consumers, they might in criminal or civil courts. Why I’m mentioning the courts, when your actions that wrecked the world economy doesn’t result in any court cases, non that I’m aware of anyway. This may never end up in the courts, because few are no one stands to make any money if it does, particularly now the function of affected hardware has reads to have been restored After all the bitching cease it would be interesting see ideas how the manufacture of unauthorized clone hardware can be addressed, allowing it continue unabated isn’t in anyone’s best interest, not even that of the cheapskates.

  17. I wonder if the new drivers will also restore the PIDs on all the devices they just bricked?

    I totally empathize with FTDI over the issue of counterfeit chips but their behavior in this whole fiasco has been nothing short of idiotic. The people who’ve had their devices bricked don’t blame the counterfeiters for this, they blame FTDI! And it’s also done very little to address the actual problem, if FTDI lose market share then the counterfeiters will simply start producing more knock-offs of whatever chip is the new standard. No skin off their nose, they’re already sold the chips. Furthermore people like me who order devices in large quantities from overseas manufacturers won’t be grilling them over whether or not their devices contain fake chips, we’ll instead be asking whether or not they’re using FTDI so that this doesn’t happen to our end users ever again.

    1. boot up just about any linux “live” os, and plug in the device. Then type:

      lsusb |grep -v “root hub”

      This should list all your USB devices except your (internal) hubs. There will be ID numbers that look like this:

      Bus 004 Device 003: ID 0403:0000 Future Technology Devices International, Ltd FT232

      the last 4 digits of “ID 0403:0000” are what you are looking for in a “bricked” dongle. (come back next week and it will work in linux anyway.) An unbricked one should say “0403:6001” or something.

      (note: I don’t have a dongle to double check this, but it should be accurate)

    2. Alternatively if you’re a Windows person then run Device Manager, right click on the Arduino and Properties -> Details -> Hardware Ids. If the VID is 0403 and the PID is 0000 then it’s a fake.

      1. I can’t believe instructions haven’t made it into the HaD article. How many people are going to drill down this far?

        >If the VID is 0403 and the PID is 0000 then it’s a fake.

        Or more accurately, it’s a cloned chip that has been bricked by the official malware driver. If it’s not “0000” it could still be counterfeit.

  18. Why can’t they just instead of bricking the counterfits with an invalid USB PID, get a new PID called “Fake FTDI”, assign the fakes to that, and continue allowing the driver to work? Then float a new driver that limits what the fakes can do (performance wise) that ties into the new PID. You get all the benefits similar to bricking the fakes, but much less of the backlash.

  19. Time for “Open USB.” Or maybe it would have to be called “Global Serial Bus” (copyright me). I understand the need, or at least usefulness of VIDs/PIDs, but I thought they were exorbitantly priced for their stated purpose. Too high for a small entrepreneur (and yes I know that some companies “share” theirs.)

  20. So you buy a device which purportedly has an FTDI chip, says FTDI, and it half/ass works, hard to get to recognize the driver slow as donkey doo, and who are you pissed at? FTDI. If their driver bricks the phony, at the least you know it’s a fake. Try putting some counterfeit money into your bank and see what that gets you. Here in Los Angeles, the police regularly arrest vendors who sell fake name brand garments, CD’s, DVD s, and they don’t get their money back from whomever sold them. Bully for FTDI, too bad they backed off.
    If you have a fake FTDI chip, you are illegally in possession of a counterfeit. Quit buying from whomever sold it to you, and demand your money back. Report them.
    If you don’t agree, then go open up a hamburger stand and call it Mc’Donalds and get rich, or find out how long it takes untill they brick you.

    1. Poor analogy, a closer one would be the employees of said brand name companies confiscating counterfeit clothing off people walking down the street. Also in most countries software-compatible FTDI chips are not in fact illegal. It’s only illegal to try to pass them off as the genuine product, something that a driver has no way of ascertaining.

      1. Jeeez, man how old are ya?… Since when datasheet info or marks on the chip itself matters for every medical gear maker in every country, every place in? Or any other gear makers.
        http://tinyurl.com/pdk2gpl
        btw, has ISKRA-1 speed-cam been certified yet, or it is still illegally used by Tuskoland/Kopaczland/Whatever law enforcement to rip taxpayers off? F-16 from uncle Joe still grounded? Well, frankly, that’s not a mystery at all, sir.
        http://tinyurl.com/8ye55gf

        cheers from Euro-kolkhoz-certified country, dude.

  21. I think it’s liegit because FTDI bricks stuff that tries to use THEIR driver unlawfully, FTDI don’t get paid by the user to use the driver.
    But bricking is maybe a little much, a warning sign and software disabling should be enough.

    1. Well I kinda disagree sir. As Travis Goodspeed ones said, ‘Every usb device’s perfectly behaved as 19th century child, it does not speak until spoken to.
      So maybe it’s actually the other way around, THEIR malicious driver unlawfully tries to use/overwrite the silicon they don’t own, in a destructive way. And no, they don’t own the integer either.

      How about that?
      but we’ve seen this movie before. It’s called “Chernobyl”.

  22. More legal and technical hair-splitting.

    This is a simple case of demolition of TRUST. Just like having an employee who “tickles the till”, no matter how justified by their child with cancer, for many of us trust in FTDI as an ethical company is now zero, and “putting the money back” won’t repair that damage. Like Sony and its rootkit they have demonstrated what they are capable of and can’t be trusted not to pull some similar mis-directed stunt in the future.

    As a simple matter of risk management people are bound to avoid any dealings with companies that pull stunts like this.

  23. this is not like sony rootkit. sony : you pay for a original product, it tweaks your pc for some copy protection hidden as … rootkit. ftdi : they paid for usb VID, drivers and windows certification, and, yes, advertising. some thief sell a chip with ftdi brand and product code. if you ever are into product development and marketin, you cannot afford this. every fake chip is a not sell for you, how can you recover your costs? ftdi fault is to brick the fake chips. user fault is the absurd expectation ftdi drivers have to work with fake chips. I think drivers have to work with original products, where does come from you have to test and support others products? there ain’t no such thing as a free lunch.

  24. I actually fully support FTDI’s efforts on this… They’ve been suffering for quite a while with marginal product stamped with their logo that claim to be genuine product, but are not.

    These knockoffs not only reduce their sales numbers, but by hurting their reputation for good technical function and wasting their time with engineering support calls and complaints, they put COST on FTDI.

    I know a lot of people in here don’t know how chip acquisition works, but counterfeit chips appear when people want to cut costs and make more money. So they go to shady, second-rate suppliers and get whatever comes in. If a company building product wanted to ensure genuine product, they would use reliable distributors (Arrow, Digikey, Mouser, Future, THERE ARE PLENTY) or even order them direct from FTDI.

    Don’t be fooled by all the rhetoric about “hurting their reputation”…. they’re nuking products that are stamped with THEIR name, using THEIR driver. If these were purses, customs would seize them at the dock, and both buyer and seller would be SOL– but unfortunately finding counterfeit chips is a lot more difficult than identifying a fake Luis Vuitton.

    An additional thought is that by supporting this counterfeit junk over genuine FTDI parts, you’re saying “Yeah, send those jobs to China. The guys who are really innovating this stuff didn’t need them anyway.” This issue is solely about money and how one group’s desire for it ruins another person’s livelihood.

  25. I have no issues with a company attempting (even poorly) to defend its brand, and product. However, I feel they could have done this differently. Perhaps instead of bricking the clones, have them operate at 10% speed. Buy a genuine FTDI chip, get 100% on your usb to serial connections. buy a clone, it works, just slower. Company of said clone wants it to run faster, they can build their own driver and release it. Maybe I’m being naive

    1. You aren’t being naive at all. There were a great many things they could have done that would have been better than what FTDI ended up doing. The best options, IMHO, would have been things that actually informed and educated the users that they had counterfeit chips, how to report it, and why they are bad.

      Instead they approach they took (and thankfully backed away from) just left consumers confused and assuming their hardware had simply broken. It gave manufacturers no clue what the actual problem was should they attempt to debug it. It was really the worst of all worlds…

  26. In my comment I will refer to any non official FTDI device as “NON-FTDI”, this includes fakes, clones, or any device that uses the FTDI drivers, but are not created by FTDI. I do this to try and remove any distinction between Counterfeits, Clones, or compatible devices because simply, no distinction is needed in this case.

    Ok while I agree that “bricking” the “NON-FTDI” chips was a bit much I do agree that FTDI needs to do something to protect their property, and by that I mean their official chips, and their drivers.

    If companies want to produce their own “FTDI chips” or their own usb to serial chips, then they should create their own drivers! The current topic of debate would never have occurred if the “NON-FTDI” chips used their own drivers or a driver that they have rights / permissions to use.

    FTDI spent their time, and their money to develop their chip and their driver and they got it to a point that others wanted to try and take advantage of their work and mooch on their success. Some just wanted to use these drivers because they already existed and created their own chips that use the FTDI drivers instead of creating their own.

    What right do the “NON-FTDI” devices have to use the official FTDI drivers? Though FTDI did not and does not have a right to brick the “NON-FTDI” drives, they do have a right to limit what devices use their drivers.

    What change is there really going to be if FTDI is able to get their drive to prevent non official devices from using their driver without bricking them? Yes the devices will no longer get bricked but the result is still the same, a device that will not work unless other actions are performed. In this case it would require installation of other drivers, which would mean new drivers would need to be created that these devices can use.

    Though this makes me wonder, if the “NON-FTDI” devices are using the “vid” and “pid” values as the official FTDI devices than the two different drives would have to look for thoes values. Though can there be more than 1 driver for each vid/pid pair? or will the end user have to choose between using the official drivers with the official chips, or use other drivers for the “NON-FTDI” chips. If coexistence isnt possible, that the user will have to choose and will most likely loose functionality one way or another.

    Also, In one of the other comments above someone mentioned that users that didn’t know any better would just buy a replacement device, and yes this is true. Most users would just buy a new device to solve their issue assuming that their current device broke, even I would probably look at a replacement. Though most of those users would also complain that the new device didn’t work when it arrived and would want another replacement and would eventually get fed up and want a refund / the company would have to own up or find out why their product isnt working.

    Sorry for the long comment, its early in the morning and I tend to rant.
    I do mean to start any arguments with this comment, only to express my own personal views.

      1. Because the fakers are just trying to make a fast buck. They do the least they can, label themselves as FTDI, and sell their products nocturnal aviation style (fly by night).

        Now a FTDI Cloner (none exist to my mind) could absolutely do that. They could sell their wares as being functionally identical to the FTDI, and could release their own drivers. But that requires a corporate presence, providing support, and all those other things the fakers/counterfeiters aren’t doing

  27. Its a cool action. I’m buggered to no end by the faking of labeling.

    I understand there is a tradition and a certain cultural pride in couterfeiting since the ming vase, but imitating brandnames, quality and testing marks etc. is not something to be proud of imho. Seems dangerous to me too.. I wonder how many fake UL, VDE certified stuff there is out there.

    And anyway, I’d never use windows voluntarily. So I’m pretty biased :p

  28. lolz
    only the hackers can use them now. lol
    but seriously, maybe the bricked chips can be fixed.
    ditto for the legit customers and inves…
    the ones with “affected” aka HACKED devices.

    damage to property ?
    facilitated by microsoft(update) ?
    unknowing / unwilling victims ?
    perpetrator already working on new batch of non-brickable chips ?

    then again im biased.
    USB is a licenced system and i hate it.

    you have to pay thousands of dollars just to sell one little itty bitty device to one little itty bitty person. those trial ID’s are not for sales, only demo/dev/hobby

    pftt i’d be more likely to build a custom interface board using something else (IDE, SMBUS, IRDA,) and throw it in for free along with my product. why? so i can “use a connector” how i wish, even if that means designing a mounting bracket / faceplate for this new connector.

    could always step it up a notch and give the new usb3 a run for its money.

    so people tell me my analog VGA has a low-speed serial port built-in?
    can the windows XP portion of the problem be hacked to provide generic I2C comms?
    i mean for more then the existing I2C chip in the monitor ?

    or at least the low speed serial-comms channel in DVI ?

    so maybe we can buy DVI monitors with hardware rs232 built in?
    complete with seperate +12 / -12V supplies and signals.
    maybe even boost the current from 5ma to 10ma.

    1. delete the part about boosting the current.
      it might damage certain devices relying on the output resistors andor current limiting…
      (think zener supply without the resistor)

      funny and ironic how it mirrors the article’s issue

  29. Here’s a new photo I just shot of Fake and Genuine FTDI chips. I can now visually tell them apart and that correlates 100% with which ones are Bricked (PID set=0000) by the 2.12.0.0 driver (Sample of 12 bad and 23 good ones).

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.