A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.
Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is 2.10.0.0, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to 2.10.0.0 will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.
Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:
[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.
A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.
The nasty driver 2.12.00 is still latest available for download on theirs site.
So they did not learn anything, they do?
Obviously not.
I’ve stopped buying and using FTDI chips completely. I have lots of USB to serial modules , bought directly from FTDI, but I’m not planning to use them anymore, because FTDI is now on my big black list of assholes to avoid.
Maybe I’ll sell them on ebay.
So what IS the status of this? Reports have surfaced of RECENT automatic windows driver updates causing bricked counterfeits (
http://forum.timescapes.org/phpBB3/viewtopic.php?f=24&t=12395 ), the driver available at FTDI is still the bad version (or has the same version number, anyway), and I haven’t seen any reports on the “next week update” that was supposed to be out several weeks ago…
Bricking drivers still online.
Someone never learn………..
I do wonder if any of these counterfeit FTDI chips have found their way into critical infrastructure such as aircraft, flight control or other critical transport infrastructure?? It would not look good if some communication systems just failed without warning.
Critical Systems, Medical Equipment, Etc all update quite conservatively so I don’t think it is that likely. But I am also not so sure how likely it is any of those systems would be using FTDI chips. It is certainly possible that some are, but even then it would only affect USB connections not the overall functioning of the device.
As a former Boeing test engineer, military/aerospace contract manufacturing engineer and medical/aerospace semiconductor manufacturer test engineer, I would have to disagree.
Boeing used MANY parts directly from Asia, when I was there, and their sourcing was very lax. Any new design that called out for a part, they got. Who knows what was really inside them.
In military project contract manufacturing, I saw a nice $10 connector get re-ordered for production to a $1 part. Really ugly stuff going on in low bid manufacturing.
And I was let go from a semiconductor manufacturer after informing them their use of standard chip dies were failing tests (right at the standard data sheet parameters) after they were repackaging them as mil-spec, hi-rel parts.
I would not guarantee anything as being built well, especially military contract equipment. There is almost no oversight in any manufacturing, in this state.
Yup, got hit with this still. Those blasted Chinese Ebay sellers. Bought one from a vendor with 98.5% positive rating. Had the blasted bad FTDI chip. Tried several things to get it to come up but guess it was already gone. Bad FTDI matched picture above. After replacing IC, and copying image, works!
I still think that bricking the device is the wrong way:
Let’s see same real scenery:
You update the software on your plane, what happen?
1: Your chip is legit, nothing happen
2: The driver say “you’re using a fake chip, you might at risk of crashing your plane”, so you have a way to fix it before the worst happen.
3: The drive brick the chip and your plane crash; i hope is just a toy plane.
Clearly world need open source/open hardware usb to serial chip. It is so common problem hit head to wall with prolific and ftdi problems that only reasonable solution for that is make open hardware design for really cheap chip and hope that chinese manufacturers start using that design instead of closed one.
So after you un-brick your cloned FTDI (which still worked in Linux while ‘bricked’) then what do you do?
Even if I fix the PID via Linux, the Windows driver keeps re-setting it to 0. Is there currently any known way to use the fake FTDI based devices from windows?
You need to get an earlier FTDI driver and install it over the BrickerOne.
They’re at it AGAIN.